Search in sources :

Example 6 with SslRMIServerSocketFactory

use of javax.rmi.ssl.SslRMIServerSocketFactory in project graphdb by neo4j-attic.

the class HotspotManagementSupport method createServer.

private JMXConnectorServer createServer(int port, boolean useSSL) {
    MBeanServer server = getMBeanServer();
    final JMXServiceURL url;
    try {
        url = new JMXServiceURL("rmi", null, port);
    } catch (MalformedURLException e) {
        log.log(Level.WARNING, "Failed to start JMX Server", e);
        return null;
    }
    Map<String, Object> env = new HashMap<String, Object>();
    if (useSSL) {
        env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, new SslRMIClientSocketFactory());
        env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, new SslRMIServerSocketFactory());
    }
    try {
        return JMXConnectorServerFactory.newJMXConnectorServer(url, env, server);
    } catch (IOException e) {
        log.log(Level.WARNING, "Failed to start JMX Server", e);
        return null;
    }
}
Also used : JMXServiceURL(javax.management.remote.JMXServiceURL) SslRMIClientSocketFactory(javax.rmi.ssl.SslRMIClientSocketFactory) MalformedURLException(java.net.MalformedURLException) HashMap(java.util.HashMap) SslRMIServerSocketFactory(javax.rmi.ssl.SslRMIServerSocketFactory) IOException(java.io.IOException) MBeanServer(javax.management.MBeanServer)

Example 7 with SslRMIServerSocketFactory

use of javax.rmi.ssl.SslRMIServerSocketFactory in project jdk8u_jdk by JetBrains.

the class SecurityTest method setServerSecurityEnv.

/*
     * Collects security run params for server side.
     */
private HashMap<String, Object> setServerSecurityEnv(Map<String, Object> map) throws Exception {
    // Creates Authentication environment from server side params
    HashMap<String, Object> env = new HashMap<>();
    // Retrieve and set keystore and truststore config if any
    if (map.containsKey("-keystore") && map.get("-keystore") != null) {
        setKeyStoreProperties(map);
    }
    System.out.println("Done keystore properties");
    if (map.containsKey("-truststore") && map.get("-truststore") != null) {
        setTrustStoreProperties(map);
    }
    System.out.println("Done truststore properties");
    String value = null;
    if ((value = (String) map.get("-mapType")) != null) {
        // Case of remote password file with all authorized credentials
        if (value.contains("x.password.file")) {
            String passwordFileStr = buildSourcePath("password.properties");
            env.put("jmx.remote.x.password.file", passwordFileStr);
            System.out.println("Added " + passwordFileStr + " file as jmx.remote.x.password.file");
        }
        // Case of dedicated authenticator class : TestJMXAuthenticator
        if (value.contains("x.authenticator")) {
            env.put("jmx.remote.authenticator", new TestJMXAuthenticator());
            System.out.println("Added \"jmx.remote.authenticator\" = TestJMXAuthenticator");
        }
        // Case of security config file with standard Authentication
        if (value.contains("x.login.config.PasswordFileAuthentication")) {
            String loginConfig = System.getProperty("login.config.file");
            // Override the default JAAS configuration
            System.setProperty("java.security.auth.login.config", "file:" + loginConfig);
            System.out.println("Overrided default JAAS configuration with " + "\"java.security.auth.login.config\" = \"" + loginConfig + "\"");
            env.put("jmx.remote.x.login.config", "PasswordFileAuthentication");
            System.out.println("Added \"jmx.remote.x.login.config\" = " + "\"PasswordFileAuthentication\"");
            // redirects "password.file" property to file in ${test.src}
            String passwordFileStr = buildSourcePath(System.getProperty("password.file"));
            System.setProperty("password.file", passwordFileStr);
            System.out.println("Redirected \"password.file\" property value to = " + passwordFileStr);
        }
        // Case of security config file with unexisting athentication config
        if (value.contains("x.login.config.UnknownAuthentication")) {
            String loginConfig = System.getProperty("login.config.file");
            // Override the default JAAS configuration
            System.setProperty("java.security.auth.login.config", "file:" + loginConfig);
            System.out.println("Overrided default JAAS configuration with " + "\"java.security.auth.login.config\" = \"" + loginConfig + "\"");
            env.put("jmx.remote.x.login.config", "UnknownAuthentication");
            System.out.println("Added \"jmx.remote.x.login.config\" = " + "\"UnknownAuthentication\"");
            // redirects "password.file" property to file in ${test.src}
            String passwordFileStr = buildSourcePath(System.getProperty("password.file"));
            System.setProperty("password.file", passwordFileStr);
            System.out.println("Redirected \"password.file\" property value to = " + passwordFileStr);
        }
        // Case of security config file with dedicated login module
        if (value.contains("x.login.config.SampleLoginModule")) {
            String loginConfig = System.getProperty("login.config.file");
            // Override the default JAAS configuration
            System.setProperty("java.security.auth.login.config", "file:" + loginConfig);
            System.out.println("Overrided default JAAS configuration with " + "\"java.security.auth.login.config\" = \"" + loginConfig + "\"");
            env.put("jmx.remote.x.login.config", "SampleLoginModule");
            System.out.println("Added \"jmx.remote.x.login.config\" = " + "\"SampleLoginModule\"");
        }
        // Simple rmi ssl authentication
        if (value.contains(RMI_CLIENT_SOCKET_FACTORY_SSL)) {
            env.put("jmx.remote.rmi.client.socket.factory", new SslRMIClientSocketFactory());
            System.out.println("Added \"jmx.remote.rmi.client.socket.factory\"" + " = SslRMIClientSocketFactory");
        }
        if (value.contains(RMI_SERVER_SOCKET_FACTORY_SSL)) {
            if (value.contains("rmi.server.socket.factory.ssl.need.client.authentication")) {
                // rmi ssl authentication with client authentication
                env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(null, null, true));
                System.out.println("Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with client authentication");
            } else if (value.contains("rmi.server.socket.factory.ssl.enabled.cipher.suites.md5")) {
                // Allows all ciphering and protocols for testing purpose
                Security.setProperty("jdk.tls.disabledAlgorithms", "");
                env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(new String[] { "SSL_RSA_WITH_RC4_128_MD5" }, null, false));
                System.out.println("Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with SSL_RSA_WITH_RC4_128_MD5 cipher suite");
            } else if (value.contains("rmi.server.socket.factory.ssl.enabled.cipher.suites.sha")) {
                // Allows all ciphering and protocols for testing purpose
                Security.setProperty("jdk.tls.disabledAlgorithms", "");
                env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(new String[] { "SSL_RSA_WITH_RC4_128_SHA" }, null, false));
                System.out.println("Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with SSL_RSA_WITH_RC4_128_SHA cipher suite");
            } else if (value.contains("rmi.server.socket.factory.ssl.enabled.protocols.sslv3")) {
                // Allows all ciphering and protocols for testing purpose
                Security.setProperty("jdk.tls.disabledAlgorithms", "");
                env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(null, new String[] { "SSLv3" }, false));
                System.out.println("Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with SSLv3 protocol");
            } else if (value.contains("rmi.server.socket.factory.ssl.enabled.protocols.tlsv1")) {
                // Allows all ciphering and protocols for testing purpose
                Security.setProperty("jdk.tls.disabledAlgorithms", "");
                env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(null, new String[] { "TLSv1" }, false));
                System.out.println("Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with TLSv1 protocol");
            } else {
                env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory());
                System.out.println("Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory");
            }
        }
    }
    return env;
}
Also used : SslRMIClientSocketFactory(javax.rmi.ssl.SslRMIClientSocketFactory) HashMap(java.util.HashMap) SslRMIServerSocketFactory(javax.rmi.ssl.SslRMIServerSocketFactory)

Aggregations

SslRMIClientSocketFactory (javax.rmi.ssl.SslRMIClientSocketFactory)7 SslRMIServerSocketFactory (javax.rmi.ssl.SslRMIServerSocketFactory)7 HashMap (java.util.HashMap)6 IOException (java.io.IOException)3 MalformedURLException (java.net.MalformedURLException)2 MBeanServer (javax.management.MBeanServer)2 JMXServiceURL (javax.management.remote.JMXServiceURL)2 RMIClientSocketFactory (java.rmi.server.RMIClientSocketFactory)1 RMIServerSocketFactory (java.rmi.server.RMIServerSocketFactory)1 UnicastRemoteObject (java.rmi.server.UnicastRemoteObject)1 SSLContext (javax.net.ssl.SSLContext)1