private String detectAgentUrl( HttpServer pServer, JolokiaServerConfig pConfig, String pContextPath) { serverAddress = pServer.getAddress(); InetAddress realAddress; int port; if (serverAddress != null) { realAddress = serverAddress.getAddress(); if (realAddress.isAnyLocalAddress()) { try { realAddress = NetworkUtil.getLocalAddress(); } catch (IOException e) { try { realAddress = InetAddress.getLocalHost(); } catch (UnknownHostException e1) { // Ok, ok. We take the original one realAddress = serverAddress.getAddress(); } } } port = serverAddress.getPort(); } else { realAddress = pConfig.getAddress(); port = pConfig.getPort(); } return String.format( "%s://%s:%d%s", pConfig.getProtocol(), realAddress.getHostAddress(), port, pContextPath); }
/** * Start this server. If we manage an own HttpServer, then the HttpServer will be started as well. */ public void start() { // URL as configured takes precedence String configUrl = NetworkUtil.replaceExpression(config.getJolokiaConfig().get(ConfigKey.DISCOVERY_AGENT_URL)); jolokiaHttpHandler.start( lazy, configUrl != null ? configUrl : url, config.getAuthenticator() != null); if (httpServer != null) { // Starting our own server in an own thread group with a fixed name // so that the cleanup thread can recognize it. ThreadGroup threadGroup = new ThreadGroup("jolokia"); threadGroup.setDaemon(false); Thread starterThread = new Thread( threadGroup, new Runnable() { @Override public void run() { httpServer.start(); } }); starterThread.start(); cleaner = new CleanupThread(httpServer, threadGroup); cleaner.start(); } }
private void updateKeyStoreFromPEM(KeyStore keystore, JolokiaServerConfig pConfig) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, InvalidKeySpecException, InvalidKeyException, NoSuchProviderException, SignatureException { if (pConfig.getCaCert() != null) { File caCert = getAndValidateFile(pConfig.getCaCert(), "CA cert"); KeyStoreUtil.updateWithCaPem(keystore, caCert); } else if (pConfig.useSslClientAuthentication()) { throw new IllegalArgumentException( "Cannot use client cert authentication if no CA is given with 'caCert'"); } if (pConfig.getServerCert() != null) { // Use the provided server key File serverCert = getAndValidateFile(pConfig.getServerCert(), "server cert"); if (pConfig.getServerKey() == null) { throw new IllegalArgumentException( "Cannot use server cert from " + pConfig.getServerCert() + " without a provided a key given with 'serverKey'"); } File serverKey = getAndValidateFile(pConfig.getServerKey(), "server key"); KeyStoreUtil.updateWithServerPems( keystore, serverCert, serverKey, pConfig.getServerKeyAlgorithm(), pConfig.getKeystorePassword()); } }
// ========================================================================================================= // HTTPS handling private HttpServer createHttpsServer( InetSocketAddress pSocketAddress, JolokiaServerConfig pConfig) { // initialise the HTTPS server try { HttpsServer server = HttpsServer.create(pSocketAddress, pConfig.getBacklog()); SSLContext sslContext = SSLContext.getInstance(pConfig.getSecureSocketProtocol()); // initialise the keystore KeyStore ks = getKeyStore(pConfig); // setup the key manager factory KeyManagerFactory kmf = getKeyManagerFactory(pConfig); kmf.init(ks, pConfig.getKeystorePassword()); // setup the trust manager factory TrustManagerFactory tmf = getTrustManagerFactory(pConfig); tmf.init(ks); // setup the HTTPS context and parameters sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); // Update the config to filter out bad protocols or ciphers pConfig.updateHTTPSSettingsFromContext(sslContext); server.setHttpsConfigurator(new JolokiaHttpsConfigurator(sslContext, pConfig)); return server; } catch (GeneralSecurityException e) { throw new IllegalStateException("Cannot use keystore for https communication: " + e, e); } catch (IOException e) { throw new IllegalStateException("Cannot open keystore for https communication: " + e, e); } }
/** * Initialize this JolokiaServer with the given HttpServer. The calle is responsible for managing * (starting/stopping) the HttpServer. * * @param pServer server to use * @param pConfig configuration * @param pLazy whether the initialization should be done lazy or not */ protected final void init(HttpServer pServer, JolokiaServerConfig pConfig, boolean pLazy) { config = pConfig; lazy = pLazy; // Create proper context along with handler final String contextPath = pConfig.getContextPath(); jolokiaHttpHandler = new JolokiaHttpHandler(pConfig.getJolokiaConfig()); HttpContext context = pServer.createContext(contextPath, jolokiaHttpHandler); // Add authentication if configured final Authenticator authenticator = pConfig.getAuthenticator(); if (authenticator != null) { context.setAuthenticator(authenticator); } url = detectAgentUrl(pServer, pConfig, contextPath); }
private KeyStore getKeyStore(JolokiaServerConfig pConfig) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, InvalidKeySpecException, InvalidKeyException, NoSuchProviderException, SignatureException { char[] password = pConfig.getKeystorePassword(); String keystoreFile = pConfig.getKeystore(); KeyStore keystore = KeyStore.getInstance(pConfig.getKeyStoreType()); if (keystoreFile != null) { // Load everything from a keystore which must include CA (if useClientSslAuthenticatin is // used) and // server cert/key loadKeyStoreFromFile(keystore, keystoreFile, password); } else { // Load keys from PEM files keystore.load(null); updateKeyStoreFromPEM(keystore, pConfig); // If no server cert is configured, then use a self-signed server certificate if (pConfig.getServerCert() == null) { KeyStoreUtil.updateWithSelfSignedServerCertificate(keystore); } } return keystore; }
/** {@inheritDoc} */ public void configure(HttpsParameters params) { // initialise the SSL context SSLEngine engine = context.createSSLEngine(); // get the default parameters SSLParameters defaultSSLParameters = context.getDefaultSSLParameters(); // Cert authentication is delayed later to the ClientCertAuthenticator params.setWantClientAuth(serverConfig.useSslClientAuthentication()); defaultSSLParameters.setWantClientAuth(serverConfig.useSslClientAuthentication()); // Cipher Suites params.setCipherSuites(serverConfig.getSSLCipherSuites()); defaultSSLParameters.setCipherSuites(serverConfig.getSSLCipherSuites()); // Protocols params.setProtocols(serverConfig.getSSLProtocols()); defaultSSLParameters.setProtocols(serverConfig.getSSLProtocols()); params.setSSLParameters(defaultSSLParameters); }
/** * Create the HttpServer to use. Can be overridden if a custom or already existing HttpServer * should be used * * @return HttpServer to use * @throws IOException if something fails during the initialisation */ private HttpServer createHttpServer(JolokiaServerConfig pConfig) throws IOException { int port = pConfig.getPort(); InetAddress address = pConfig.getAddress(); InetSocketAddress socketAddress = new InetSocketAddress(address, port); HttpServer server = pConfig.useHttps() ? createHttpsServer(socketAddress, pConfig) : HttpServer.create(socketAddress, pConfig.getBacklog()); // Prepare executor pool Executor executor; String mode = pConfig.getExecutor(); if ("fixed".equalsIgnoreCase(mode)) { executor = Executors.newFixedThreadPool(pConfig.getThreadNr(), daemonThreadFactory); } else if ("cached".equalsIgnoreCase(mode)) { executor = Executors.newCachedThreadPool(daemonThreadFactory); } else { executor = Executors.newSingleThreadExecutor(daemonThreadFactory); } server.setExecutor(executor); return server; }
private KeyManagerFactory getKeyManagerFactory(JolokiaServerConfig pConfig) throws NoSuchAlgorithmException { String algo = pConfig.getKeyManagerAlgorithm(); return KeyManagerFactory.getInstance( algo != null ? algo : KeyManagerFactory.getDefaultAlgorithm()); }