private String detectAgentUrl(
HttpServer pServer, JolokiaServerConfig pConfig, String pContextPath) {
serverAddress = pServer.getAddress();
InetAddress realAddress;
int port;
if (serverAddress != null) {
realAddress = serverAddress.getAddress();
if (realAddress.isAnyLocalAddress()) {
try {
realAddress = NetworkUtil.getLocalAddress();
} catch (IOException e) {
try {
realAddress = InetAddress.getLocalHost();
} catch (UnknownHostException e1) {
// Ok, ok. We take the original one
realAddress = serverAddress.getAddress();
}
}
}
port = serverAddress.getPort();
} else {
realAddress = pConfig.getAddress();
port = pConfig.getPort();
}
return String.format(
"%s://%s:%d%s", pConfig.getProtocol(), realAddress.getHostAddress(), port, pContextPath);
}
/**
* Start this server. If we manage an own HttpServer, then the HttpServer will be started as well.
*/
public void start() {
// URL as configured takes precedence
String configUrl =
NetworkUtil.replaceExpression(config.getJolokiaConfig().get(ConfigKey.DISCOVERY_AGENT_URL));
jolokiaHttpHandler.start(
lazy, configUrl != null ? configUrl : url, config.getAuthenticator() != null);
if (httpServer != null) {
// Starting our own server in an own thread group with a fixed name
// so that the cleanup thread can recognize it.
ThreadGroup threadGroup = new ThreadGroup("jolokia");
threadGroup.setDaemon(false);
Thread starterThread =
new Thread(
threadGroup,
new Runnable() {
@Override
public void run() {
httpServer.start();
}
});
starterThread.start();
cleaner = new CleanupThread(httpServer, threadGroup);
cleaner.start();
}
}
private void updateKeyStoreFromPEM(KeyStore keystore, JolokiaServerConfig pConfig)
throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException,
InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
SignatureException {
if (pConfig.getCaCert() != null) {
File caCert = getAndValidateFile(pConfig.getCaCert(), "CA cert");
KeyStoreUtil.updateWithCaPem(keystore, caCert);
} else if (pConfig.useSslClientAuthentication()) {
throw new IllegalArgumentException(
"Cannot use client cert authentication if no CA is given with 'caCert'");
}
if (pConfig.getServerCert() != null) {
// Use the provided server key
File serverCert = getAndValidateFile(pConfig.getServerCert(), "server cert");
if (pConfig.getServerKey() == null) {
throw new IllegalArgumentException(
"Cannot use server cert from "
+ pConfig.getServerCert()
+ " without a provided a key given with 'serverKey'");
}
File serverKey = getAndValidateFile(pConfig.getServerKey(), "server key");
KeyStoreUtil.updateWithServerPems(
keystore,
serverCert,
serverKey,
pConfig.getServerKeyAlgorithm(),
pConfig.getKeystorePassword());
}
}
// =========================================================================================================
// HTTPS handling
private HttpServer createHttpsServer(
InetSocketAddress pSocketAddress, JolokiaServerConfig pConfig) {
// initialise the HTTPS server
try {
HttpsServer server = HttpsServer.create(pSocketAddress, pConfig.getBacklog());
SSLContext sslContext = SSLContext.getInstance(pConfig.getSecureSocketProtocol());
// initialise the keystore
KeyStore ks = getKeyStore(pConfig);
// setup the key manager factory
KeyManagerFactory kmf = getKeyManagerFactory(pConfig);
kmf.init(ks, pConfig.getKeystorePassword());
// setup the trust manager factory
TrustManagerFactory tmf = getTrustManagerFactory(pConfig);
tmf.init(ks);
// setup the HTTPS context and parameters
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
// Update the config to filter out bad protocols or ciphers
pConfig.updateHTTPSSettingsFromContext(sslContext);
server.setHttpsConfigurator(new JolokiaHttpsConfigurator(sslContext, pConfig));
return server;
} catch (GeneralSecurityException e) {
throw new IllegalStateException("Cannot use keystore for https communication: " + e, e);
} catch (IOException e) {
throw new IllegalStateException("Cannot open keystore for https communication: " + e, e);
}
}
/**
* Initialize this JolokiaServer with the given HttpServer. The calle is responsible for managing
* (starting/stopping) the HttpServer.
*
* @param pServer server to use
* @param pConfig configuration
* @param pLazy whether the initialization should be done lazy or not
*/
protected final void init(HttpServer pServer, JolokiaServerConfig pConfig, boolean pLazy) {
config = pConfig;
lazy = pLazy;
// Create proper context along with handler
final String contextPath = pConfig.getContextPath();
jolokiaHttpHandler = new JolokiaHttpHandler(pConfig.getJolokiaConfig());
HttpContext context = pServer.createContext(contextPath, jolokiaHttpHandler);
// Add authentication if configured
final Authenticator authenticator = pConfig.getAuthenticator();
if (authenticator != null) {
context.setAuthenticator(authenticator);
}
url = detectAgentUrl(pServer, pConfig, contextPath);
}
private KeyStore getKeyStore(JolokiaServerConfig pConfig)
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
SignatureException {
char[] password = pConfig.getKeystorePassword();
String keystoreFile = pConfig.getKeystore();
KeyStore keystore = KeyStore.getInstance(pConfig.getKeyStoreType());
if (keystoreFile != null) {
// Load everything from a keystore which must include CA (if useClientSslAuthenticatin is
// used) and
// server cert/key
loadKeyStoreFromFile(keystore, keystoreFile, password);
} else {
// Load keys from PEM files
keystore.load(null);
updateKeyStoreFromPEM(keystore, pConfig);
// If no server cert is configured, then use a self-signed server certificate
if (pConfig.getServerCert() == null) {
KeyStoreUtil.updateWithSelfSignedServerCertificate(keystore);
}
}
return keystore;
}
/** {@inheritDoc} */
public void configure(HttpsParameters params) {
// initialise the SSL context
SSLEngine engine = context.createSSLEngine();
// get the default parameters
SSLParameters defaultSSLParameters = context.getDefaultSSLParameters();
// Cert authentication is delayed later to the ClientCertAuthenticator
params.setWantClientAuth(serverConfig.useSslClientAuthentication());
defaultSSLParameters.setWantClientAuth(serverConfig.useSslClientAuthentication());
// Cipher Suites
params.setCipherSuites(serverConfig.getSSLCipherSuites());
defaultSSLParameters.setCipherSuites(serverConfig.getSSLCipherSuites());
// Protocols
params.setProtocols(serverConfig.getSSLProtocols());
defaultSSLParameters.setProtocols(serverConfig.getSSLProtocols());
params.setSSLParameters(defaultSSLParameters);
}
/**
* Create the HttpServer to use. Can be overridden if a custom or already existing HttpServer
* should be used
*
* @return HttpServer to use
* @throws IOException if something fails during the initialisation
*/
private HttpServer createHttpServer(JolokiaServerConfig pConfig) throws IOException {
int port = pConfig.getPort();
InetAddress address = pConfig.getAddress();
InetSocketAddress socketAddress = new InetSocketAddress(address, port);
HttpServer server =
pConfig.useHttps()
? createHttpsServer(socketAddress, pConfig)
: HttpServer.create(socketAddress, pConfig.getBacklog());
// Prepare executor pool
Executor executor;
String mode = pConfig.getExecutor();
if ("fixed".equalsIgnoreCase(mode)) {
executor = Executors.newFixedThreadPool(pConfig.getThreadNr(), daemonThreadFactory);
} else if ("cached".equalsIgnoreCase(mode)) {
executor = Executors.newCachedThreadPool(daemonThreadFactory);
} else {
executor = Executors.newSingleThreadExecutor(daemonThreadFactory);
}
server.setExecutor(executor);
return server;
}
private KeyManagerFactory getKeyManagerFactory(JolokiaServerConfig pConfig)
throws NoSuchAlgorithmException {
String algo = pConfig.getKeyManagerAlgorithm();
return KeyManagerFactory.getInstance(
algo != null ? algo : KeyManagerFactory.getDefaultAlgorithm());
}
