1 /* |
1 /* |
2 * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
68 import javax.net.ssl.SSLSocketFactory; |
68 import javax.net.ssl.SSLSocketFactory; |
69 import javax.net.ssl.TrustManagerFactory; |
69 import javax.net.ssl.TrustManagerFactory; |
70 import javax.rmi.ssl.SslRMIClientSocketFactory; |
70 import javax.rmi.ssl.SslRMIClientSocketFactory; |
71 import javax.rmi.ssl.SslRMIServerSocketFactory; |
71 import javax.rmi.ssl.SslRMIServerSocketFactory; |
72 import javax.security.auth.Subject; |
72 import javax.security.auth.Subject; |
73 |
|
74 import com.sun.jmx.remote.internal.rmi.RMIExporter; |
73 import com.sun.jmx.remote.internal.rmi.RMIExporter; |
75 import com.sun.jmx.remote.security.JMXPluggableAuthenticator; |
74 import com.sun.jmx.remote.security.JMXPluggableAuthenticator; |
76 |
|
77 import jdk.internal.agent.Agent; |
75 import jdk.internal.agent.Agent; |
78 import jdk.internal.agent.AgentConfigurationError; |
76 import jdk.internal.agent.AgentConfigurationError; |
79 import static jdk.internal.agent.AgentConfigurationError.*; |
77 import static jdk.internal.agent.AgentConfigurationError.*; |
80 import jdk.internal.agent.ConnectorAddressLink; |
78 import jdk.internal.agent.ConnectorAddressLink; |
81 import jdk.internal.agent.FileSystem; |
79 import jdk.internal.agent.FileSystem; |
100 public static final String USE_SSL = "true"; |
98 public static final String USE_SSL = "true"; |
101 public static final String USE_LOCAL_ONLY = "true"; |
99 public static final String USE_LOCAL_ONLY = "true"; |
102 public static final String USE_REGISTRY_SSL = "false"; |
100 public static final String USE_REGISTRY_SSL = "false"; |
103 public static final String USE_AUTHENTICATION = "true"; |
101 public static final String USE_AUTHENTICATION = "true"; |
104 public static final String PASSWORD_FILE_NAME = "jmxremote.password"; |
102 public static final String PASSWORD_FILE_NAME = "jmxremote.password"; |
|
103 public static final String HASH_PASSWORDS = "true"; |
105 public static final String ACCESS_FILE_NAME = "jmxremote.access"; |
104 public static final String ACCESS_FILE_NAME = "jmxremote.access"; |
106 public static final String SSL_NEED_CLIENT_AUTH = "false"; |
105 public static final String SSL_NEED_CLIENT_AUTH = "false"; |
107 } |
106 } |
108 |
107 |
109 /** |
108 /** |
127 "com.sun.management.jmxremote.registry.ssl"; |
126 "com.sun.management.jmxremote.registry.ssl"; |
128 public static final String USE_AUTHENTICATION = |
127 public static final String USE_AUTHENTICATION = |
129 "com.sun.management.jmxremote.authenticate"; |
128 "com.sun.management.jmxremote.authenticate"; |
130 public static final String PASSWORD_FILE_NAME = |
129 public static final String PASSWORD_FILE_NAME = |
131 "com.sun.management.jmxremote.password.file"; |
130 "com.sun.management.jmxremote.password.file"; |
|
131 public static final String HASH_PASSWORDS |
|
132 = "com.sun.management.jmxremote.password.toHashes"; |
132 public static final String ACCESS_FILE_NAME = |
133 public static final String ACCESS_FILE_NAME = |
133 "com.sun.management.jmxremote.access.file"; |
134 "com.sun.management.jmxremote.access.file"; |
134 public static final String LOGIN_CONFIG_NAME = |
135 public static final String LOGIN_CONFIG_NAME = |
135 "com.sun.management.jmxremote.login.config"; |
136 "com.sun.management.jmxremote.login.config"; |
136 public static final String SSL_ENABLED_CIPHER_SUITES = |
137 public static final String SSL_ENABLED_CIPHER_SUITES = |
410 final String sslConfigFileName = |
411 final String sslConfigFileName = |
411 props.getProperty(PropertyNames.SSL_CONFIG_FILE_NAME); |
412 props.getProperty(PropertyNames.SSL_CONFIG_FILE_NAME); |
412 |
413 |
413 String loginConfigName = null; |
414 String loginConfigName = null; |
414 String passwordFileName = null; |
415 String passwordFileName = null; |
|
416 boolean shouldHashPasswords = true; |
415 String accessFileName = null; |
417 String accessFileName = null; |
416 |
418 |
417 // Initialize settings when authentication is active |
419 // Initialize settings when authentication is active |
418 if (useAuthentication) { |
420 if (useAuthentication) { |
419 |
421 |
424 if (loginConfigName == null) { |
426 if (loginConfigName == null) { |
425 // Get password file |
427 // Get password file |
426 passwordFileName = |
428 passwordFileName = |
427 props.getProperty(PropertyNames.PASSWORD_FILE_NAME, |
429 props.getProperty(PropertyNames.PASSWORD_FILE_NAME, |
428 getDefaultFileName(DefaultValues.PASSWORD_FILE_NAME)); |
430 getDefaultFileName(DefaultValues.PASSWORD_FILE_NAME)); |
|
431 String hashPasswords |
|
432 = props.getProperty(PropertyNames.HASH_PASSWORDS, |
|
433 DefaultValues.HASH_PASSWORDS); |
|
434 shouldHashPasswords = Boolean.parseBoolean(hashPasswords); |
|
435 |
429 checkPasswordFile(passwordFileName); |
436 checkPasswordFile(passwordFileName); |
430 } |
437 } |
431 |
438 |
432 // Get access file |
439 // Get access file |
433 accessFileName = props.getProperty(PropertyNames.ACCESS_FILE_NAME, |
440 accessFileName = props.getProperty(PropertyNames.ACCESS_FILE_NAME, |
472 final JMXConnectorServerData data = exportMBeanServer( |
479 final JMXConnectorServerData data = exportMBeanServer( |
473 mbs, port, rmiPort, useSsl, useRegistrySsl, |
480 mbs, port, rmiPort, useSsl, useRegistrySsl, |
474 sslConfigFileName, enabledCipherSuitesList, |
481 sslConfigFileName, enabledCipherSuitesList, |
475 enabledProtocolsList, sslNeedClientAuth, |
482 enabledProtocolsList, sslNeedClientAuth, |
476 useAuthentication, loginConfigName, |
483 useAuthentication, loginConfigName, |
477 passwordFileName, accessFileName, bindAddress, jmxRmiFilter); |
484 passwordFileName, shouldHashPasswords, accessFileName, bindAddress, jmxRmiFilter); |
478 cs = data.jmxConnectorServer; |
485 cs = data.jmxConnectorServer; |
479 url = data.jmxRemoteURL; |
486 url = data.jmxRemoteURL; |
480 config("startRemoteConnectorServer", |
487 config("startRemoteConnectorServer", |
481 Agent.getText("jmxremote.ConnectorBootstrap.ready", |
488 Agent.getText("jmxremote.ConnectorBootstrap.ready", |
482 url.toString())); |
489 url.toString())); |
565 throw new AgentConfigurationError(PASSWORD_FILE_NOT_FOUND, passwordFileName); |
572 throw new AgentConfigurationError(PASSWORD_FILE_NOT_FOUND, passwordFileName); |
566 } |
573 } |
567 |
574 |
568 if (!file.canRead()) { |
575 if (!file.canRead()) { |
569 throw new AgentConfigurationError(PASSWORD_FILE_NOT_READABLE, passwordFileName); |
576 throw new AgentConfigurationError(PASSWORD_FILE_NOT_READABLE, passwordFileName); |
|
577 } |
|
578 |
|
579 if(!file.canWrite() && PropertyNames.HASH_PASSWORDS.equalsIgnoreCase("true")) { |
|
580 logger.log(Level.WARNING, ""); |
570 } |
581 } |
571 |
582 |
572 FileSystem fs = FileSystem.open(); |
583 FileSystem fs = FileSystem.open(); |
573 try { |
584 try { |
574 if (fs.supportsFileSecurity(file)) { |
585 if (fs.supportsFileSecurity(file)) { |
727 String[] enabledProtocols, |
738 String[] enabledProtocols, |
728 boolean sslNeedClientAuth, |
739 boolean sslNeedClientAuth, |
729 boolean useAuthentication, |
740 boolean useAuthentication, |
730 String loginConfigName, |
741 String loginConfigName, |
731 String passwordFileName, |
742 String passwordFileName, |
|
743 boolean shouldHashPasswords, |
732 String accessFileName, |
744 String accessFileName, |
733 String bindAddress, |
745 String bindAddress, |
734 String jmxRmiFilter) |
746 String jmxRmiFilter) |
735 throws IOException, MalformedURLException { |
747 throws IOException, MalformedURLException { |
736 |
748 |
758 if (loginConfigName != null) { |
770 if (loginConfigName != null) { |
759 env.put("jmx.remote.x.login.config", loginConfigName); |
771 env.put("jmx.remote.x.login.config", loginConfigName); |
760 } |
772 } |
761 if (passwordFileName != null) { |
773 if (passwordFileName != null) { |
762 env.put("jmx.remote.x.password.file", passwordFileName); |
774 env.put("jmx.remote.x.password.file", passwordFileName); |
|
775 } |
|
776 if (shouldHashPasswords) { |
|
777 env.put("jmx.remote.x.password.toHashes", "true"); |
763 } |
778 } |
764 |
779 |
765 env.put("jmx.remote.x.access.file", accessFileName); |
780 env.put("jmx.remote.x.access.file", accessFileName); |
766 |
781 |
767 if (env.get("jmx.remote.x.password.file") != null || |
782 if (env.get("jmx.remote.x.password.file") != null || |