Example 16 with SslRMIClientSocketFactory
use of javax.rmi.ssl.SslRMIClientSocketFactory in project jdk8u_jdk by JetBrains.
the class SecurityTest method setServerSecurityEnv.
/*
* Collects security run params for server side.
*/
private HashMap<String, Object> setServerSecurityEnv(Map<String, Object> map) throws Exception {
// Creates Authentication environment from server side params
HashMap<String, Object> env = new HashMap<>();
// Retrieve and set keystore and truststore config if any
if (map.containsKey("-keystore") && map.get("-keystore") != null) {
setKeyStoreProperties(map);
}
System.out.println("Done keystore properties");
if (map.containsKey("-truststore") && map.get("-truststore") != null) {
setTrustStoreProperties(map);
}
System.out.println("Done truststore properties");
String value = null;
if ((value = (String) map.get("-mapType")) != null) {
// Case of remote password file with all authorized credentials
if (value.contains("x.password.file")) {
String passwordFileStr = buildSourcePath("password.properties");
env.put("jmx.remote.x.password.file", passwordFileStr);
System.out.println("Added " + passwordFileStr + " file as jmx.remote.x.password.file");
}
// Case of dedicated authenticator class : TestJMXAuthenticator
if (value.contains("x.authenticator")) {
env.put("jmx.remote.authenticator", new TestJMXAuthenticator());
System.out.println("Added \"jmx.remote.authenticator\" = TestJMXAuthenticator");
}
// Case of security config file with standard Authentication
if (value.contains("x.login.config.PasswordFileAuthentication")) {
String loginConfig = System.getProperty("login.config.file");
// Override the default JAAS configuration
System.setProperty("java.security.auth.login.config", "file:" + loginConfig);
System.out.println("Overrided default JAAS configuration with " + "\"java.security.auth.login.config\" = \"" + loginConfig + "\"");
env.put("jmx.remote.x.login.config", "PasswordFileAuthentication");
System.out.println("Added \"jmx.remote.x.login.config\" = " + "\"PasswordFileAuthentication\"");
// redirects "password.file" property to file in ${test.src}
String passwordFileStr = buildSourcePath(System.getProperty("password.file"));
System.setProperty("password.file", passwordFileStr);
System.out.println("Redirected \"password.file\" property value to = " + passwordFileStr);
}
// Case of security config file with unexisting athentication config
if (value.contains("x.login.config.UnknownAuthentication")) {
String loginConfig = System.getProperty("login.config.file");
// Override the default JAAS configuration
System.setProperty("java.security.auth.login.config", "file:" + loginConfig);
System.out.println("Overrided default JAAS configuration with " + "\"java.security.auth.login.config\" = \"" + loginConfig + "\"");
env.put("jmx.remote.x.login.config", "UnknownAuthentication");
System.out.println("Added \"jmx.remote.x.login.config\" = " + "\"UnknownAuthentication\"");
// redirects "password.file" property to file in ${test.src}
String passwordFileStr = buildSourcePath(System.getProperty("password.file"));
System.setProperty("password.file", passwordFileStr);
System.out.println("Redirected \"password.file\" property value to = " + passwordFileStr);
}
// Case of security config file with dedicated login module
if (value.contains("x.login.config.SampleLoginModule")) {
String loginConfig = System.getProperty("login.config.file");
// Override the default JAAS configuration
System.setProperty("java.security.auth.login.config", "file:" + loginConfig);
System.out.println("Overrided default JAAS configuration with " + "\"java.security.auth.login.config\" = \"" + loginConfig + "\"");
env.put("jmx.remote.x.login.config", "SampleLoginModule");
System.out.println("Added \"jmx.remote.x.login.config\" = " + "\"SampleLoginModule\"");
}
// Simple rmi ssl authentication
if (value.contains(RMI_CLIENT_SOCKET_FACTORY_SSL)) {
env.put("jmx.remote.rmi.client.socket.factory", new SslRMIClientSocketFactory());
System.out.println("Added \"jmx.remote.rmi.client.socket.factory\"" + " = SslRMIClientSocketFactory");
}
if (value.contains(RMI_SERVER_SOCKET_FACTORY_SSL)) {
if (value.contains("rmi.server.socket.factory.ssl.need.client.authentication")) {
// rmi ssl authentication with client authentication
env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(null, null, true));
System.out.println("Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with client authentication");
} else if (value.contains("rmi.server.socket.factory.ssl.enabled.cipher.suites.md5")) {
// Allows all ciphering and protocols for testing purpose
Security.setProperty("jdk.tls.disabledAlgorithms", "");
env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(new String[] { "SSL_RSA_WITH_RC4_128_MD5" }, null, false));
System.out.println("Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with SSL_RSA_WITH_RC4_128_MD5 cipher suite");
} else if (value.contains("rmi.server.socket.factory.ssl.enabled.cipher.suites.sha")) {
// Allows all ciphering and protocols for testing purpose
Security.setProperty("jdk.tls.disabledAlgorithms", "");
env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(new String[] { "SSL_RSA_WITH_RC4_128_SHA" }, null, false));
System.out.println("Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with SSL_RSA_WITH_RC4_128_SHA cipher suite");
} else if (value.contains("rmi.server.socket.factory.ssl.enabled.protocols.sslv3")) {
// Allows all ciphering and protocols for testing purpose
Security.setProperty("jdk.tls.disabledAlgorithms", "");
env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(null, new String[] { "SSLv3" }, false));
System.out.println("Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with SSLv3 protocol");
} else if (value.contains("rmi.server.socket.factory.ssl.enabled.protocols.tlsv1")) {
// Allows all ciphering and protocols for testing purpose
Security.setProperty("jdk.tls.disabledAlgorithms", "");
env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(null, new String[] { "TLSv1" }, false));
System.out.println("Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with TLSv1 protocol");
} else {
env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory());
System.out.println("Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory");
}
}
}
return env;
}
Also used :
SslRMIClientSocketFactory(javax.rmi.ssl.SslRMIClientSocketFactory)
HashMap(java.util.HashMap)
SslRMIServerSocketFactory(javax.rmi.ssl.SslRMIServerSocketFactory)
Example 17 with SslRMIClientSocketFactory
use of javax.rmi.ssl.SslRMIClientSocketFactory in project jdk8u_jdk by JetBrains.
the class ConnectorBootstrap method exportMBeanServer.
private static JMXConnectorServerData exportMBeanServer(MBeanServer mbs, int port, int rmiPort, boolean useSsl, boolean useRegistrySsl, String sslConfigFileName, String[] enabledCipherSuites, String[] enabledProtocols, boolean sslNeedClientAuth, boolean useAuthentication, String loginConfigName, String passwordFileName, String accessFileName, String bindAddress) throws IOException, MalformedURLException {
/* Make sure we use non-guessable RMI object IDs. Otherwise
* attackers could hijack open connections by guessing their
* IDs. */
System.setProperty("java.rmi.server.randomIDs", "true");
JMXServiceURL url = new JMXServiceURL("rmi", bindAddress, rmiPort);
Map<String, Object> env = new HashMap<>();
PermanentExporter exporter = new PermanentExporter();
env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter);
env.put(EnvHelp.CREDENTIAL_TYPES, new String[] { String[].class.getName(), String.class.getName() });
boolean useSocketFactory = bindAddress != null && !useSsl;
if (useAuthentication) {
if (loginConfigName != null) {
env.put("jmx.remote.x.login.config", loginConfigName);
}
if (passwordFileName != null) {
env.put("jmx.remote.x.password.file", passwordFileName);
}
env.put("jmx.remote.x.access.file", accessFileName);
if (env.get("jmx.remote.x.password.file") != null || env.get("jmx.remote.x.login.config") != null) {
env.put(JMXConnectorServer.AUTHENTICATOR, new AccessFileCheckerAuthenticator(env));
}
}
RMIClientSocketFactory csf = null;
RMIServerSocketFactory ssf = null;
if (useSsl || useRegistrySsl) {
csf = new SslRMIClientSocketFactory();
ssf = createSslRMIServerSocketFactory(sslConfigFileName, enabledCipherSuites, enabledProtocols, sslNeedClientAuth, bindAddress);
}
if (useSsl) {
env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, csf);
env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, ssf);
}
if (useSocketFactory) {
ssf = new HostAwareSocketFactory(bindAddress);
env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, ssf);
}
JMXConnectorServer connServer = null;
try {
connServer = JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
connServer.start();
} catch (IOException e) {
if (connServer == null || connServer.getAddress() == null) {
throw new AgentConfigurationError(CONNECTOR_SERVER_IO_ERROR, e, url.toString());
} else {
throw new AgentConfigurationError(CONNECTOR_SERVER_IO_ERROR, e, connServer.getAddress().toString());
}
}
if (useRegistrySsl) {
registry = new SingleEntryRegistry(port, csf, ssf, "jmxrmi", exporter.firstExported);
} else if (useSocketFactory) {
registry = new SingleEntryRegistry(port, csf, ssf, "jmxrmi", exporter.firstExported);
} else {
registry = new SingleEntryRegistry(port, "jmxrmi", exporter.firstExported);
}
int registryPort = ((UnicastRef) ((RemoteObject) registry).getRef()).getLiveRef().getPort();
String jmxUrlStr = String.format("service:jmx:rmi:///jndi/rmi://%s:%d/jmxrmi", url.getHost(), registryPort);
JMXServiceURL remoteURL = new JMXServiceURL(jmxUrlStr);
return new JMXConnectorServerData(connServer, remoteURL);
}
Also used :
JMXServiceURL(javax.management.remote.JMXServiceURL)
HashMap(java.util.HashMap)
IOException(java.io.IOException)
SslRMIClientSocketFactory(javax.rmi.ssl.SslRMIClientSocketFactory)
RMIClientSocketFactory(java.rmi.server.RMIClientSocketFactory)
JMXConnectorServer(javax.management.remote.JMXConnectorServer)
SslRMIClientSocketFactory(javax.rmi.ssl.SslRMIClientSocketFactory)
UnicastRemoteObject(java.rmi.server.UnicastRemoteObject)
RemoteObject(java.rmi.server.RemoteObject)
SslRMIServerSocketFactory(javax.rmi.ssl.SslRMIServerSocketFactory)
RMIServerSocketFactory(java.rmi.server.RMIServerSocketFactory)
AgentConfigurationError(sun.management.AgentConfigurationError)
UnicastRemoteObject(java.rmi.server.UnicastRemoteObject)
RemoteObject(java.rmi.server.RemoteObject)
Aggregations
SslRMIClientSocketFactory (javax.rmi.ssl.SslRMIClientSocketFactory)17
HashMap (java.util.HashMap)12
JMXServiceURL (javax.management.remote.JMXServiceURL)8
SslRMIServerSocketFactory (javax.rmi.ssl.SslRMIServerSocketFactory)8
IOException (java.io.IOException)7
RMIClientSocketFactory (java.rmi.server.RMIClientSocketFactory)5
RMIServerSocketFactory (java.rmi.server.RMIServerSocketFactory)5
MBeanServer (javax.management.MBeanServer)4
UnicastRemoteObject (java.rmi.server.UnicastRemoteObject)3
MalformedURLException (java.net.MalformedURLException)2
UnknownHostException (java.net.UnknownHostException)2
JMXConnector (javax.management.remote.JMXConnector)2
SSLContext (javax.net.ssl.SSLContext)2
InetAddress (java.net.InetAddress)1
AlreadyBoundException (java.rmi.AlreadyBoundException)1
LocateRegistry (java.rmi.registry.LocateRegistry)1
Registry (java.rmi.registry.Registry)1
RemoteObject (java.rmi.server.RemoteObject)1
AttributeNotFoundException (javax.management.AttributeNotFoundException)1
InstanceNotFoundException (javax.management.InstanceNotFoundException)1
