Examples with SslRMIClientSocketFactory javax.rmi.ssl.SslRMIClientSocketFactory used on opensource projects

Example 11 with SslRMIClientSocketFactory

use of javax.rmi.ssl.SslRMIClientSocketFactory in project cassandra by apache.

the class JMXServerUtils method configureJmxSocketFactories.

private static Map<String, Object> configureJmxSocketFactories(InetAddress serverAddress, boolean localOnly) {
    Map<String, Object> env = new HashMap<>();
    if (Boolean.getBoolean("com.sun.management.jmxremote.ssl")) {
        boolean requireClientAuth = Boolean.getBoolean("com.sun.management.jmxremote.ssl.need.client.auth");
        String[] protocols = null;
        String protocolList = System.getProperty("com.sun.management.jmxremote.ssl.enabled.protocols");
        if (protocolList != null) {
            System.setProperty("javax.rmi.ssl.client.enabledProtocols", protocolList);
            protocols = StringUtils.split(protocolList, ',');
        }
        String[] ciphers = null;
        String cipherList = System.getProperty("com.sun.management.jmxremote.ssl.enabled.cipher.suites");
        if (cipherList != null) {
            System.setProperty("javax.rmi.ssl.client.enabledCipherSuites", cipherList);
            ciphers = StringUtils.split(cipherList, ',');
        }
        SslRMIClientSocketFactory clientFactory = new SslRMIClientSocketFactory();
        SslRMIServerSocketFactory serverFactory = new SslRMIServerSocketFactory(ciphers, protocols, requireClientAuth);
        env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, serverFactory);
        env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, clientFactory);
        env.put("com.sun.jndi.rmi.factory.socket", clientFactory);
        logJmxSslConfig(serverFactory);
    } else if (localOnly) {
        env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, new RMIServerSocketFactoryImpl(serverAddress));
    }
    return env;
}

Example 12 with SslRMIClientSocketFactory

use of javax.rmi.ssl.SslRMIClientSocketFactory in project graphdb by neo4j-attic.

the class HotspotManagementSupport method createServer.

private JMXConnectorServer createServer(int port, boolean useSSL) {
    MBeanServer server = getMBeanServer();
    final JMXServiceURL url;
    try {
        url = new JMXServiceURL("rmi", null, port);
    } catch (MalformedURLException e) {
        log.log(Level.WARNING, "Failed to start JMX Server", e);
        return null;
    }
    Map<String, Object> env = new HashMap<String, Object>();
    if (useSSL) {
        env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, new SslRMIClientSocketFactory());
        env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, new SslRMIServerSocketFactory());
    }
    try {
        return JMXConnectorServerFactory.newJMXConnectorServer(url, env, server);
    } catch (IOException e) {
        log.log(Level.WARNING, "Failed to start JMX Server", e);
        return null;
    }
}

Example 13 with SslRMIClientSocketFactory

use of javax.rmi.ssl.SslRMIClientSocketFactory in project geode by apache.

the class ConnectionNotificationFilterImpl method startRMIConnectorServer.

/**
   * Defines and starts the JMX RMIConnector and service.
   * <p>
   * If {@link AgentConfig#isRmiEnabled} returns false, then this adaptor will not be started.
   */
private void startRMIConnectorServer() {
    if (!this.agentConfig.isRmiEnabled())
        return;
    String rmiBindAddress = this.agentConfig.getRmiBindAddress();
    // Set RMI Stubs to use the given RMI Bind Address
    // Default bindAddress is "", if none is set - ignore if not set
    // If java.rmi.server.hostname property is specified then
    // that override is not changed
    String rmiStubServerNameKey = "java.rmi.server.hostname";
    String overrideHostName = System.getProperty(rmiStubServerNameKey);
    if ((overrideHostName == null || overrideHostName.trim().length() == 0) && (rmiBindAddress != null && rmiBindAddress.trim().length() != 0)) {
        System.setProperty(rmiStubServerNameKey, rmiBindAddress);
        logger.info(LocalizedMessage.create(LocalizedStrings.AgentImpl_SETTING_0, new StringBuilder(rmiStubServerNameKey).append(" = ").append(rmiBindAddress)));
    }
    try {
        createRMIRegistry();
        ObjectName objName = getRMIConnectorServerName();
        // make sure this adaptor is not already registered...
        if (getMBeanServer().isRegistered(objName)) {
            // dunno how we got here...
            logger.info(LocalizedMessage.create(LocalizedStrings.AgentImpl_RMICONNECTORSERVER_ALREADY_REGISTERED_AS__0, objName));
            return;
        }
        /*
       * url defined as: service:jmx:protocol:sap where 1. protocol: rmi 2. sap is:
       * [host[:port]][url-path] where host: rmi-binding-address port: rmi-server-port url-path:
       * /jndi/rmi://<rmi-binding-address>:<rmi-port><JNDI_NAME>
       */
        String urlString = null;
        String connectorServerHost = "";
        int connectorServerPort = this.agentConfig.getRmiServerPort();
        String rmiRegistryHost = "";
        int rmiRegistryPort = this.agentConfig.getRmiPort();
        // RMI stubs would use a default IP if namingHost is left empty
        if (rmiBindAddress == null || rmiBindAddress.trim().length() == 0) {
            connectorServerHost = "localhost";
            rmiRegistryHost = "";
        } else {
            connectorServerHost = applyRFC2732(rmiBindAddress);
            rmiRegistryHost = connectorServerHost;
        }
        urlString = MessageFormat.format(AgentImpl.JMX_SERVICE_URL, connectorServerHost, String.valueOf(connectorServerPort), rmiRegistryHost, String.valueOf(rmiRegistryPort), JNDI_NAME);
        logger.debug("JMX Service URL string is : \"{}\"", urlString);
        // The address of the connector
        JMXServiceURL url = new JMXServiceURL(urlString);
        Map<String, Object> env = new HashMap<String, Object>();
        // env.put(Context.INITIAL_CONTEXT_FACTORY,
        // "com.sun.jndi.rmi.registry.RegistryContextFactory");
        // env.put(Context.PROVIDER_URL, "rmi://localhost:1099");
        RMIServerSocketFactory ssf = new // true,
        MX4JServerSocketFactory(// true,
        this.agentConfig.isAgentSSLEnabled(), // true,
        this.agentConfig.isAgentSSLRequireAuth(), // "any",
        this.agentConfig.getAgentSSLProtocols(), // "any",
        this.agentConfig.getAgentSSLCiphers(), // backlog
        this.agentConfig.getRmiBindAddress(), // backlog
        10, this.agentConfig.getGfSecurityProperties());
        env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, ssf);
        if (this.agentConfig.isAgentSSLEnabled()) {
            RMIClientSocketFactory csf = new SslRMIClientSocketFactory();
            env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, csf);
        }
        // will be set by registering w/ mbeanServer
        MBeanServer mbs = null;
        this.rmiConnector = JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
        // for cleanup
        this.rmiConnector.addNotificationListener(new ConnectionNotificationAdapter(), new ConnectionNotificationFilterImpl(), this);
        // Register the JMXConnectorServer in the MBeanServer
        getMBeanServer().registerMBean(this.rmiConnector, objName);
        // Start the JMXConnectorServer
        this.rmiConnector.start();
    } catch (VirtualMachineError err) {
        SystemFailure.initiateFailure(err);
        // now, so don't let this thread continue.
        throw err;
    } catch (Throwable t) {
        // Whenever you catch Error or Throwable, you must also
        // catch VirtualMachineError (see above). However, there is
        // _still_ a possibility that you are dealing with a cascading
        // error condition, so you also need to check to see if the JVM
        // is still usable:
        SystemFailure.checkFailure();
        logger.error(LocalizedStrings.AgentImpl_FAILED_TO_START_RMICONNECTORSERVER, t);
        throw new StartupException(LocalizedStrings.AgentImpl_FAILED_TO_START_RMI_SERVICE.toLocalizedString(), t);
    }
}

Example 14 with SslRMIClientSocketFactory

use of javax.rmi.ssl.SslRMIClientSocketFactory in project geode by apache.

the class ManagementAgent method configureAndStart.

/**
   * http://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html #gdfvq
   * https://blogs.oracle.com/jmxetc/entry/java_5_premain_rmi_connectors
   * https://blogs.oracle.com/jmxetc/entry/building_a_remotely_stoppable_connector
   * https://blogs.oracle.com/jmxetc/entry/jmx_connecting_through_firewalls_using
   * https://blogs.oracle.com/jmxetc/entry/java_5_premain_rmi_connectors
   */
private void configureAndStart() throws IOException {
    // get the port for RMI Registry and RMI Connector Server
    final int port = this.config.getJmxManagerPort();
    final String hostname;
    final InetAddress bindAddr;
    if (StringUtils.isBlank(this.config.getJmxManagerBindAddress())) {
        hostname = SocketCreator.getLocalHost().getHostName();
        bindAddr = null;
    } else {
        hostname = this.config.getJmxManagerBindAddress();
        bindAddr = InetAddress.getByName(hostname);
    }
    String jmxManagerHostnameForClients = this.config.getJmxManagerHostnameForClients();
    if (StringUtils.isNotBlank(jmxManagerHostnameForClients)) {
        System.setProperty("java.rmi.server.hostname", jmxManagerHostnameForClients);
    }
    final SocketCreator socketCreator = SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX);
    final boolean ssl = socketCreator.useSSL();
    if (logger.isDebugEnabled()) {
        logger.debug("Starting jmx manager agent on port {}{}", port, (bindAddr != null ? (" bound to " + bindAddr) : "") + (ssl ? " using SSL" : ""));
    }
    // RMISocketFactory.getDefaultSocketFactory();
    RMIClientSocketFactory rmiClientSocketFactory = ssl ? new SslRMIClientSocketFactory() : null;
    RMIServerSocketFactory rmiServerSocketFactory = new GemFireRMIServerSocketFactory(socketCreator, bindAddr);
    // Following is done to prevent rmi causing stop the world gcs
    System.setProperty("sun.rmi.dgc.server.gcInterval", Long.toString(Long.MAX_VALUE - 1));
    // Create the RMI Registry using the SSL socket factories above.
    // In order to use a single port, we must use these factories
    // everywhere, or nowhere. Since we want to use them in the JMX
    // RMI Connector server, we must also use them in the RMI Registry.
    // Otherwise, we wouldn't be able to use a single port.
    // Start an RMI registry on port <port>.
    registry = LocateRegistry.createRegistry(port, rmiClientSocketFactory, rmiServerSocketFactory);
    // Retrieve the PlatformMBeanServer.
    MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
    // Environment map. why is this declared as HashMap?
    final HashMap<String, Object> env = new HashMap<String, Object>();
    // Manually creates and binds a JMX RMI Connector Server stub with the
    // registry created above: the port we pass here is the port that can
    // be specified in "service:jmx:rmi://"+hostname+":"+port - where the
    // RMI server stub and connection objects will be exported.
    // Here we choose to use the same port as was specified for the
    // RMI Registry. We can do so because we're using \*the same\* client
    // and server socket factories, for the registry itself \*and\* for this
    // object.
    final RMIServerImpl stub = new RMIJRMPServerImpl(port, rmiClientSocketFactory, rmiServerSocketFactory, env);
    // Create an RMI connector server.
    //
    // As specified in the JMXServiceURL the RMIServer stub will be
    // registered in the RMI registry running in the local host on
    // port <port> with the name "jmxrmi". This is the same name the
    // out-of-the-box management agent uses to register the RMIServer
    // stub too.
    //
    // The port specified in "service:jmx:rmi://"+hostname+":"+port
    // is the second port, where RMI connection objects will be exported.
    // Here we use the same port as that we choose for the RMI registry.
    // The port for the RMI registry is specified in the second part
    // of the URL, in "rmi://"+hostname+":"+port
    //
    // We construct a JMXServiceURL corresponding to what we have done
    // for our stub...
    final JMXServiceURL url = new JMXServiceURL("service:jmx:rmi://" + hostname + ":" + port + "/jndi/rmi://" + hostname + ":" + port + "/jmxrmi");
    // Create an RMI connector server with the JMXServiceURL
    //
    // JDK 1.5 cannot use JMXConnectorServerFactory because of
    // http://bugs.sun.com/view_bug.do?bug_id=5107423
    // but we're using JDK 1.6
    jmxConnectorServer = new RMIConnectorServer(new JMXServiceURL("rmi", hostname, port), env, stub, mbs) {

        @Override
        public JMXServiceURL getAddress() {
            return url;
        }

        @Override
        public synchronized void start() throws IOException {
            try {
                registry.bind("jmxrmi", stub);
            } catch (AlreadyBoundException x) {
                final IOException io = new IOException(x.getMessage());
                io.initCause(x);
                throw io;
            }
            super.start();
        }
    };
    if (securityService.isIntegratedSecurity()) {
        shiroAuthenticator = new JMXShiroAuthenticator();
        env.put(JMXConnectorServer.AUTHENTICATOR, shiroAuthenticator);
        jmxConnectorServer.addNotificationListener(shiroAuthenticator, null, jmxConnectorServer.getAttributes());
        // always going to assume authorization is needed as well, if no custom AccessControl, then
        // the CustomAuthRealm
        // should take care of that
        MBeanServerWrapper mBeanServerWrapper = new MBeanServerWrapper();
        jmxConnectorServer.setMBeanServerForwarder(mBeanServerWrapper);
        registerAccessControlMBean();
    } else {
        /* Disable the old authenticator mechanism */
        String pwFile = this.config.getJmxManagerPasswordFile();
        if (pwFile != null && pwFile.length() > 0) {
            env.put("jmx.remote.x.password.file", pwFile);
        }
        String accessFile = this.config.getJmxManagerAccessFile();
        if (accessFile != null && accessFile.length() > 0) {
            // Lets not use default connector based authorization
            // env.put("jmx.remote.x.access.file", accessFile);
            // Rewire the mbs hierarchy to set accessController
            ReadOpFileAccessController controller = new ReadOpFileAccessController(accessFile);
            controller.setMBeanServer(mbs);
            mbs = controller;
        }
    }
    jmxConnectorServer.start();
    if (logger.isDebugEnabled()) {
        logger.debug("Finished starting jmx manager agent.");
    }
}

Example 15 with SslRMIClientSocketFactory

use of javax.rmi.ssl.SslRMIClientSocketFactory in project jdk8u_jdk by JetBrains.

the class RmiRegistrySslTest method main.

public static void main(String[] args) throws Exception {
    System.out.println("RmiRegistry lookup...");
    String testID = System.getProperty("testID");
    if ("Test1".equals(testID)) {
        try {
            Registry registry = LocateRegistry.getRegistry(4444);
            String[] list = registry.list();
            if ("jmxrmi".equals(list[0])) {
                System.out.println(ok);
            } else {
                System.out.println(ko);
                throw new IllegalArgumentException(ko);
            }
        } catch (Exception e) {
            System.out.println(koException);
            e.printStackTrace(System.out);
            throw e;
        }
    }
    if ("Test2".equals(testID)) {
        try {
            Registry registry = LocateRegistry.getRegistry(4444);
            String[] list = registry.list();
            throw new IllegalArgumentException(ko2);
        } catch (Exception e) {
            System.out.println(okException);
            e.printStackTrace(System.out);
            return;
        }
    }
    if ("Test3".equals(testID)) {
        try {
            Registry registry = LocateRegistry.getRegistry(null, 4444, new SslRMIClientSocketFactory());
            String[] list = registry.list();
            if ("jmxrmi".equals(list[0])) {
                System.out.println(ok);
            } else {
                System.out.println(ko);
                throw new IllegalArgumentException(ko);
            }
        } catch (Exception e) {
            System.out.println(koException);
            e.printStackTrace(System.out);
            throw e;
        }
    }
}