Пример #1
1
  private String detectAgentUrl(
      HttpServer pServer, JolokiaServerConfig pConfig, String pContextPath) {
    serverAddress = pServer.getAddress();
    InetAddress realAddress;
    int port;
    if (serverAddress != null) {
      realAddress = serverAddress.getAddress();
      if (realAddress.isAnyLocalAddress()) {
        try {
          realAddress = NetworkUtil.getLocalAddress();
        } catch (IOException e) {
          try {
            realAddress = InetAddress.getLocalHost();
          } catch (UnknownHostException e1) {
            // Ok, ok. We take the original one
            realAddress = serverAddress.getAddress();
          }
        }
      }
      port = serverAddress.getPort();
    } else {
      realAddress = pConfig.getAddress();
      port = pConfig.getPort();
    }

    return String.format(
        "%s://%s:%d%s", pConfig.getProtocol(), realAddress.getHostAddress(), port, pContextPath);
  }
Пример #2
1
  /**
   * Start this server. If we manage an own HttpServer, then the HttpServer will be started as well.
   */
  public void start() {
    // URL as configured takes precedence
    String configUrl =
        NetworkUtil.replaceExpression(config.getJolokiaConfig().get(ConfigKey.DISCOVERY_AGENT_URL));
    jolokiaHttpHandler.start(
        lazy, configUrl != null ? configUrl : url, config.getAuthenticator() != null);

    if (httpServer != null) {
      // Starting our own server in an own thread group with a fixed name
      // so that the cleanup thread can recognize it.
      ThreadGroup threadGroup = new ThreadGroup("jolokia");
      threadGroup.setDaemon(false);

      Thread starterThread =
          new Thread(
              threadGroup,
              new Runnable() {
                @Override
                public void run() {
                  httpServer.start();
                }
              });
      starterThread.start();
      cleaner = new CleanupThread(httpServer, threadGroup);
      cleaner.start();
    }
  }
Пример #3
0
  private void updateKeyStoreFromPEM(KeyStore keystore, JolokiaServerConfig pConfig)
      throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException,
          InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
          SignatureException {

    if (pConfig.getCaCert() != null) {
      File caCert = getAndValidateFile(pConfig.getCaCert(), "CA cert");
      KeyStoreUtil.updateWithCaPem(keystore, caCert);
    } else if (pConfig.useSslClientAuthentication()) {
      throw new IllegalArgumentException(
          "Cannot use client cert authentication if no CA is given with 'caCert'");
    }

    if (pConfig.getServerCert() != null) {
      // Use the provided server key
      File serverCert = getAndValidateFile(pConfig.getServerCert(), "server cert");
      if (pConfig.getServerKey() == null) {
        throw new IllegalArgumentException(
            "Cannot use server cert from "
                + pConfig.getServerCert()
                + " without a provided a key given with 'serverKey'");
      }
      File serverKey = getAndValidateFile(pConfig.getServerKey(), "server key");
      KeyStoreUtil.updateWithServerPems(
          keystore,
          serverCert,
          serverKey,
          pConfig.getServerKeyAlgorithm(),
          pConfig.getKeystorePassword());
    }
  }
Пример #4
0
  // =========================================================================================================
  // HTTPS handling
  private HttpServer createHttpsServer(
      InetSocketAddress pSocketAddress, JolokiaServerConfig pConfig) {
    // initialise the HTTPS server
    try {
      HttpsServer server = HttpsServer.create(pSocketAddress, pConfig.getBacklog());
      SSLContext sslContext = SSLContext.getInstance(pConfig.getSecureSocketProtocol());

      // initialise the keystore
      KeyStore ks = getKeyStore(pConfig);

      // setup the key manager factory
      KeyManagerFactory kmf = getKeyManagerFactory(pConfig);
      kmf.init(ks, pConfig.getKeystorePassword());

      // setup the trust manager factory
      TrustManagerFactory tmf = getTrustManagerFactory(pConfig);
      tmf.init(ks);

      // setup the HTTPS context and parameters
      sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

      // Update the config to filter out bad protocols or ciphers
      pConfig.updateHTTPSSettingsFromContext(sslContext);

      server.setHttpsConfigurator(new JolokiaHttpsConfigurator(sslContext, pConfig));
      return server;
    } catch (GeneralSecurityException e) {
      throw new IllegalStateException("Cannot use keystore for https communication: " + e, e);
    } catch (IOException e) {
      throw new IllegalStateException("Cannot open keystore for https communication: " + e, e);
    }
  }
Пример #5
0
  /**
   * Initialize this JolokiaServer with the given HttpServer. The calle is responsible for managing
   * (starting/stopping) the HttpServer.
   *
   * @param pServer server to use
   * @param pConfig configuration
   * @param pLazy whether the initialization should be done lazy or not
   */
  protected final void init(HttpServer pServer, JolokiaServerConfig pConfig, boolean pLazy) {
    config = pConfig;
    lazy = pLazy;

    // Create proper context along with handler
    final String contextPath = pConfig.getContextPath();
    jolokiaHttpHandler = new JolokiaHttpHandler(pConfig.getJolokiaConfig());
    HttpContext context = pServer.createContext(contextPath, jolokiaHttpHandler);

    // Add authentication if configured
    final Authenticator authenticator = pConfig.getAuthenticator();
    if (authenticator != null) {
      context.setAuthenticator(authenticator);
    }

    url = detectAgentUrl(pServer, pConfig, contextPath);
  }
Пример #6
0
  private KeyStore getKeyStore(JolokiaServerConfig pConfig)
      throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
          InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
          SignatureException {
    char[] password = pConfig.getKeystorePassword();
    String keystoreFile = pConfig.getKeystore();
    KeyStore keystore = KeyStore.getInstance(pConfig.getKeyStoreType());
    if (keystoreFile != null) {
      // Load everything from a keystore which must include CA (if useClientSslAuthenticatin is
      // used) and
      // server cert/key
      loadKeyStoreFromFile(keystore, keystoreFile, password);
    } else {
      // Load keys from PEM files
      keystore.load(null);
      updateKeyStoreFromPEM(keystore, pConfig);

      // If no server cert is configured, then use a self-signed server certificate
      if (pConfig.getServerCert() == null) {
        KeyStoreUtil.updateWithSelfSignedServerCertificate(keystore);
      }
    }
    return keystore;
  }
Пример #7
0
    /** {@inheritDoc} */
    public void configure(HttpsParameters params) {
      // initialise the SSL context
      SSLEngine engine = context.createSSLEngine();
      // get the default parameters
      SSLParameters defaultSSLParameters = context.getDefaultSSLParameters();

      // Cert authentication is delayed later to the ClientCertAuthenticator
      params.setWantClientAuth(serverConfig.useSslClientAuthentication());
      defaultSSLParameters.setWantClientAuth(serverConfig.useSslClientAuthentication());

      // Cipher Suites
      params.setCipherSuites(serverConfig.getSSLCipherSuites());
      defaultSSLParameters.setCipherSuites(serverConfig.getSSLCipherSuites());

      // Protocols
      params.setProtocols(serverConfig.getSSLProtocols());
      defaultSSLParameters.setProtocols(serverConfig.getSSLProtocols());

      params.setSSLParameters(defaultSSLParameters);
    }
Пример #8
0
  /**
   * Create the HttpServer to use. Can be overridden if a custom or already existing HttpServer
   * should be used
   *
   * @return HttpServer to use
   * @throws IOException if something fails during the initialisation
   */
  private HttpServer createHttpServer(JolokiaServerConfig pConfig) throws IOException {
    int port = pConfig.getPort();
    InetAddress address = pConfig.getAddress();
    InetSocketAddress socketAddress = new InetSocketAddress(address, port);

    HttpServer server =
        pConfig.useHttps()
            ? createHttpsServer(socketAddress, pConfig)
            : HttpServer.create(socketAddress, pConfig.getBacklog());

    // Prepare executor pool
    Executor executor;
    String mode = pConfig.getExecutor();
    if ("fixed".equalsIgnoreCase(mode)) {
      executor = Executors.newFixedThreadPool(pConfig.getThreadNr(), daemonThreadFactory);
    } else if ("cached".equalsIgnoreCase(mode)) {
      executor = Executors.newCachedThreadPool(daemonThreadFactory);
    } else {
      executor = Executors.newSingleThreadExecutor(daemonThreadFactory);
    }
    server.setExecutor(executor);

    return server;
  }
Пример #9
0
 private KeyManagerFactory getKeyManagerFactory(JolokiaServerConfig pConfig)
     throws NoSuchAlgorithmException {
   String algo = pConfig.getKeyManagerAlgorithm();
   return KeyManagerFactory.getInstance(
       algo != null ? algo : KeyManagerFactory.getDefaultAlgorithm());
 }