/* note - use currently running jre if match, otherwise use first match */
private static void matchJRE(
JREDesc jd,
String[] versions,
ConfigProperties.JREInformation[] selectedJRE,
JREDesc[] selectedJREDesc) {
URL location = jd.getHref();
VersionString vs; // Make sure to use passed in versions
ConfigProperties cp = ConfigProperties.getInstance();
ArrayList al = cp.getJREInformationList();
if (al == null) return;
for (int j = 0; j < versions.length; j++) {
vs = new VersionString(versions[j]);
for (int i = 0; i < al.size(); i++) {
ConfigProperties.JREInformation je = (ConfigProperties.JREInformation) al.get(i);
// first check if JRE osName and osArch matches
// (only if osName and osArch exist)
if (je.isOsInfoMatch(Globals.osName, Globals.osArch)) {
if (je.isEnabled()) {
boolean jreMatch =
(location == null && je.isPlatformMatch(vs))
|| (location != null && je.isProductMatch(location, vs));
boolean pathMatch = je.isCurrentRunningJRE();
boolean heapMatch = JnlpxArgs.isCurrentRunningJREHeap(jd.getMinHeap(), jd.getMaxHeap());
if (jreMatch && pathMatch && heapMatch) {
if (Globals.TraceStartup) {
Debug.println("LaunchSelection: findJRE: Match on current JRE");
}
// Match on current JRE!
selectedJRE[0] = je;
selectedJREDesc[0] = jd;
return; // We are done
} else if (jreMatch && (selectedJRE[0] == null)) {
// Match, but not on current. Remember the first match ,
// and keep scanning to see if we get a
// match on current running JRE
if (Globals.TraceStartup) {
Debug.print("LaunchSelection: findJRE: No match on current JRE because ");
if (!jreMatch) Debug.print("versions dont match, ");
if (!pathMatch) Debug.print("paths dont match, ");
if (!heapMatch) Debug.print("heap sizes dont match");
Debug.println("");
}
selectedJRE[0] = je;
selectedJREDesc[0] = jd;
}
}
}
}
}
// Always remember the first one
if (selectedJREDesc[0] == null) selectedJREDesc[0] = jd;
}
/**
* Add the query keys found in the configuration properties to the Dataset "keys" used bei the
* cFIND method.
*
* @param cfg the configuration properties for this class.
* @throws ParseException if a given properties for the keys was not found.
*/
private void addQueryKeys(ConfigProperties cfg) throws ParseException {
// Add/replace keys found in the configuration file. Syntax key.<element name> = <element value>
for (Enumeration it = cfg.keys(); it.hasMoreElements(); ) {
String key = (String) it.nextElement();
if (key.startsWith("key.")) {
try {
keys.putXX(Tags.forName(key.substring(4)), cfg.getProperty(key));
} catch (Exception e) {
throw new ParseException(
"Illegal entry in configuration filr: " + key + "=" + cfg.getProperty(key), 0);
}
}
}
}
/**
* Constructor for the StorageSCUServiceClass object. Initializes everything.
*
* <p>Details of how to run the server is given in another configuration property file. A sample
* may be found at "./resources/StorageSCUServiceClass.cfg".
*
* @param cfg the configuration properties for this class.
* @param url the DcmURL of the communication partner.
* @throws ParseException
*/
public CDimseService(ConfigProperties cfg, DcmURL url) throws ParseException {
this.url = url;
this.priority = Integer.parseInt(cfg.getProperty("prior", "0"));
this.packPDVs = "true".equalsIgnoreCase(cfg.getProperty("pack-pdvs", "false"));
initAssocParam(cfg, url);
// initEchoAssocParam(cfg, url);
initTLS(cfg);
// Only used by C-FIND
initKeys(cfg);
// Only used by C-MOVE
this.dest = cfg.getProperty("dest");
}
static {
conf = HBaseConfiguration.create();
conf.set(
ConfigProperties.CONFIG_NAME_HBASE_MASTER,
config.getProperty(ConfigProperties.CONFIG_NAME_HBASE_MASTER));
conf.set(
ConfigProperties.CONFIG_NAME_HBASE_ZOOKEEPER_PROPRERTY_CLIENTPORT,
config.getProperty(ConfigProperties.CONFIG_NAME_HBASE_ZOOKEEPER_PROPRERTY_CLIENTPORT));
conf.set(
ConfigProperties.CONFIG_NAME_HBASE_ZOOKEEPER_QUORUM,
config.getProperty(ConfigProperties.CONFIG_NAME_HBASE_ZOOKEEPER_QUORUM));
try {
master = new HMaster(conf);
watcher = master.getZooKeeperWatcher();
} catch (Exception e) {
e.printStackTrace();
}
}
public static synchronized void init() {
// 已经初始化,则直接返回
if (CommonConfigProvider.prop != null && CommonConfigProvider.prop.size() > 0) {
return;
}
logger.info("init CommonConfigProvider.prop.");
Properties properties = ConfigProperties.getProperties();
if (properties != null && properties.size() > 0) {
CommonConfigProvider.prop = properties;
logger.info("find properties from ConfigProperties");
} else {
String configPath = System.getProperty(Constants.CONFIG_PATH);
if (configPath == null) {
logger.info("can't load config from:System.getProperty(Constants.CONFIG_PATH)");
configPath = System.getenv(Constants.CONFIG_PATH);
logger.info("can't load config from:System.getenv(Constants.CONFIG_PATH)");
if (configPath == null) {
logger.error(
"config.path is null,now we use default config.if the environment is not dev,please check you startup param: -Dconfig.path=xxx");
configPath = DEFAULT_CONFIG_PATH;
}
}
logger.info("config.path:{}", configPath);
Properties configs = new Properties();
FileInputStream fileInputStream = null;
InputStream inputStream = null;
try {
if (configPath.startsWith(FILE_PREFIX)) {
configPath = configPath.substring(FILE_PREFIX.length());
fileInputStream = new FileInputStream(new File(configPath));
configs.load(fileInputStream);
} else if (configPath.startsWith(CLASSPATH_PREFIX)) {
configPath = configPath.substring(CLASSPATH_PREFIX.length());
inputStream = CommonConfigProvider.class.getResourceAsStream(configPath);
configs.load(inputStream);
}
CommonConfigProvider.prop = configs;
} catch (FileNotFoundException e) {
logger.error("", e);
} catch (IOException e) {
logger.error("", e);
} finally {
IOUtils.closeQuietly(fileInputStream);
IOUtils.closeQuietly(inputStream);
}
}
logger.info(
"CommonConfigProvider.prop ={},size:{}",
CommonConfigProvider.prop,
CommonConfigProvider.prop.size());
}
/**
* Initializes Association related parameters.
*
* @param cfg the configuration properties for this class.
* @param url the DcmURL of the communication partner.
*/
private final void initAssocParam(ConfigProperties cfg, DcmURL url) {
String callingAET = null;
// >>>> Get data for filling the Association object for establishing an
// >>>> active association from configuration file
acTimeout = Integer.parseInt(cfg.getProperty("ac-timeout", "5000"));
dimseTimeout = Integer.parseInt(cfg.getProperty("dimse-timeout", "0"));
soCloseDelay = Integer.parseInt(cfg.getProperty("so-close-delay", "500"));
// >>>> Fill the Association Request package (A-ASSOCIATE-RQ)
// Identifying the communication partner by an AET (Application Entity Title)
assocRQ.setCalledAET(url.getCalledAET());
// Identifying ourselves by an AET (Application Entity Title)
if (url.getCallingAET() != null) {
callingAET = url.getCallingAET();
} else {
callingAET = DEFAULT_CALLING_AET;
}
assocRQ.setCallingAET(callingAET);
// Maximum size of one PDU (Protocol Data Unit)
assocRQ.setMaxPDULength(Integer.parseInt(cfg.getProperty("max-pdu-len", "16352")));
// Defines possibilities for asynchron DIMSE communication. Noramly synchron DIMSE communication
// is used.
// API doc: AssociationFactory.newAsyncOpsWindow(int maxOpsInvoked, int maxOpsPerfomed)
// PS 3.7 - Annex D.3.3.3 ASYNCHRONOUS OPERATIONS WINDOW NEGOTIATION
// maxOpsInvoked: This field shall contain the Maximum-number-operationsinvoked as defined for
// the Association-requester
// maxOpsPerfomed: This field shall contain the Maximum-number-operationsperformed as defined
// for the Association-requester
assocRQ.setAsyncOpsWindow(
aFact.newAsyncOpsWindow(Integer.parseInt(cfg.getProperty("max-op-invoked", "0")), 1));
for (Enumeration it = cfg.keys(); it.hasMoreElements(); ) {
String key = (String) it.nextElement();
// Setup available transfer syntaces for storage SOP classes
// PS 3.4 - Annex B STORAGE SERVICE CLASS
// PS 3.4 - B.5 STANDARD SOP CLASSES
if (key.startsWith("pc.")) {
initPresContext(
Integer.parseInt(key.substring(3)),
cfg.tokenize(cfg.getProperty(key), new LinkedList()));
}
}
}
/** Given the name of a file decide whether its a proper properties file and if so load it */
public int inspect() {
int cf = 0;
String[] flist = cdir.list();
// scoping trouble?
ArrayList<ConfigProperties> review = new ArrayList<ConfigProperties>();
for (int i = 0; i < flist.length; i++) {
String pfn = cdir.getAbsolutePath() + "/" + flist[i];
if (ConfigProperties.validatePropFileName(pfn)) {
ConfigProperties cp = new ConfigProperties(pfn);
review.add(cp);
}
}
// rely on collection compareto using element hashcodes
cf = cprops.hashCode() - review.hashCode();
if (cf != 0) cprops = review;
return cf;
}
public String readVaultToken(ConfigProperties configProperties) {
if (configProperties.getTokenSource() == null) {
throw new IllegalArgumentException("tokenSource not set");
}
switch (configProperties.getTokenSource()) {
case "login":
return readTokenFromLogin(
configProperties.getBaseUrl(),
configProperties.getAppId(),
configProperties.getUserId());
case "file":
String fileToken = configProperties.getFileToken();
if (StringUtils.isEmpty(fileToken)) {
fileToken = configProperties.getDefaultVaultTokenFileName();
}
return readTokenFromFile(fileToken);
case "environment":
return readTokenFromEnv(configProperties.getEnvironmentToken());
default:
throw new IllegalArgumentException("tokenSource is undefined");
}
}
/**
* Initializes TLS (Transport Layer Security, predecessor of SSL, Secure Sockets Layer) connection
* related parameters. TLS expects RSA (Ron Rivest, Adi Shamir and Len Adleman) encoded keys and
* certificates.
*
* <p>Keys and certificates may be stored in PKCS #12 (Public Key Cryptography Standards) or JKS
* (Java Keystore) containers.
*
* <p>TSL is used to encrypt data during transmission, which is accomplished when the connection
* between the two partners A (normally the client) and B (normally the server) is established. If
* A asks B to send TSL encrypted data, both partners exchange some handshake information. In a
* first step B tries to authentify itself against A (server authentification, optional in TSL but
* implementet in this way in dcm4che). For that B presents its public key for A to accept or
* deny. If the authentification is accepted, A tries to authentify itself against B (client
* authentification, optional in TSL but implementet in this way in dcm4che).If B accepts the
* authentification A and B agree on a hash (symmetric key, which is independent of the
* private/public keys used for authentification) for the duration of their conversation, which is
* used to encrypt the data.
*
* <p>To be able to establish a TSL connection B needs a privat/public key pair, which identifies
* B unambiguously. For that the private key is generated first; than the root-public key is
* derived from that private key. To bind the root-public key with the identity of B a Certificate
* Authority (CA) is used: The root-public key is send to CA, which returns a certified-public
* key, which includes information about the CA as well as the root-public key. Optionally this
* process can be repeated several times so that the certified-public key contains a chain of
* certificates of different CA's.
*
* <p>The certified-public key of B is presented to A during server authentification. Partner A
* should accept this key, if it can match the last certificate in the chain with a
* root-certificat found in its local list of root-certificates of CA's. That means, that A does
* not check the identity of B, but "trusts" B because it was certified by an authority. The same
* happens for client authentification. Handling of authentification of the identity of the
* communication partner is subject of PS 3.15 - Security and System Management Profiles.
*
* <p>In the configuration files of this method the certified-public key is stored in the property
* "tls-key" and the root-certificates of the known CA's in "tls-cacerts".
*
* <p>Usually the certified-public keys of A and B are different, but they also may be the same.
* In this case the root-certificates are also the same.
*
* <p>It is possible to establish a TLS connection without using a CA: In this case both partners
* creates a individual container holding their private and root-public key. These containers
* could be used for certifying also, because the length of the certifying chain is one and
* therefore the root-public key is also the last certified-public key. Therefore the root-public
* key works in this scenario also as the root-certificate of the "certifying authoroty".
*
* <p>If no keystores are specified in the configuration properties, the not-certified
* default-keystore "resources/identityJava.jks" is used for "tls-key" and "tls-cacerts" when
* establishing the connection.
*
* @param cfg the configuration properties for this class.
* @throws ParseException
*/
private void initTLS(ConfigProperties cfg) throws ParseException {
char[] keystorepasswd;
char[] keypasswd;
char[] cacertspasswd;
URL keyURL;
URL cacertURL;
String value;
try {
// Cipher suites for protokoll:
// dicom = null
// dicom-tls = SSL_RSA_WITH_NULL_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
// SSL_RSA_WITH_3DES_EDE_CBC_SHA
// dicom-tls.3des = SSL_RSA_WITH_3DES_EDE_CBC_SHA
// dicom-tls.aes = TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA
// dicom-tls.nodes = SSL_RSA_WITH_NULL_SHA
cipherSuites = url.getCipherSuites();
if (cipherSuites == null) {
return;
}
// Get a new TLS context
tls = SSLContextAdapter.getInstance();
// >>>> Managing the keystore file containing the privat key and
// >>>> certified-public key to establish the communication
// Password of the keystore [default: secret]
keystorepasswd = cfg.getProperty("tls-keystore-passwd", "secret").toCharArray();
// Password of the private key [default: secret]
keypasswd = cfg.getProperty("tls-key-passwd", "secret").toCharArray();
// URL of the file containing the default-keystore
keyURL = CDimseService.class.getResource("/resources/identityJava.jks");
// If availabel, replace URL with the one specified in the configuration file
if ((value = cfg.getProperty("tls-key")) != null) {
try {
// Property specified, try to set to specified value
keyURL = ConfigProperties.fileRefToURL(CDimseService.class.getResource(""), value);
} catch (Exception e) {
log.warn("Wrong value for tls-key: " + value + ". tls-key was set to default value.");
}
}
// log.info("Key URL: " + keyURL.toString());
// Sets the key attribute of the SSLContextAdapter object
// API doc: SSLContextAdapter.loadKeyStore(java.net.URL url, char[] password)
// API doc: SSLContextAdapter.setKey(java.security.KeyStore key, char[] password)
tls.setKey(tls.loadKeyStore(keyURL, keystorepasswd), keypasswd);
// >>>> Managing the keystore containing the root-certificates of the Ceritifying Authorities
// >>>> used for signing the public key
// Password of the keystore [default: secret]
cacertspasswd = cfg.getProperty("tls-cacerts-passwd", "secret").toCharArray();
// URL of the file containing the default-keystore
cacertURL = CDimseService.class.getResource("/resources/identityJava.jks");
// If availabel, replace URL with the one specified in the configuration file
if ((value = cfg.getProperty("tls-cacerts")) != null) {
try {
// Property specified, try to set to specified value
cacertURL = ConfigProperties.fileRefToURL(CDimseService.class.getResource(""), value);
} catch (Exception e) {
log.warn(
"Wrong value for tls-cacerts: " + value + ". tls-cacerts was set to default value.");
}
}
// log.info("Root-certificat of CA URL: " + cacertURL.toString());
// Sets the trust attribute of the SSLContextAdapter object
// API doc: SSLContextAdapter.loadKeyStore(java.net.URL url, char[] password)
// API doc: SSLContextAdapter.setTrust(java.security.KeyStore cacerts)
tls.setTrust(tls.loadKeyStore(cacertURL, cacertspasswd));
// Init TLS context adapter
tls.init();
} catch (Exception ex) {
throw new ParseException("Could not initalize TLS configuration.", 0);
}
}
