232 "Access denied! No matching entries found in " + |
232 "Access denied! No matching entries found in " + |
233 "the access file [" + accessFile + "] as the " + |
233 "the access file [" + accessFile + "] as the " + |
234 "authenticated Subject is null"); |
234 "authenticated Subject is null"); |
235 } |
235 } |
236 final Set<Principal> principals = subject.getPrincipals(); |
236 final Set<Principal> principals = subject.getPrincipals(); |
237 for (Principal p: principals) { |
237 for (Principal p1: principals) { |
238 if (properties.containsKey(p.getName())) { |
238 if (properties.containsKey(p1.getName())) { |
239 return; |
239 return; |
240 } |
240 } |
241 } |
241 } |
242 final Set<String> principalsStr = new HashSet<String>(); |
242 |
243 for (Principal p: principals) { |
243 final Set<String> principalsStr = new HashSet<>(); |
244 principalsStr.add(p.getName()); |
244 for (Principal p2: principals) { |
|
245 principalsStr.add(p2.getName()); |
245 } |
246 } |
246 throw new SecurityException( |
247 throw new SecurityException( |
247 "Access denied! No entries found in the access file [" + |
248 "Access denied! No entries found in the access file [" + |
248 accessFile + "] for any of the authenticated identities " + |
249 accessFile + "] for any of the authenticated identities " + |
249 principalsStr); |
250 principalsStr); |
253 throws IOException { |
254 throws IOException { |
254 Properties p = new Properties(); |
255 Properties p = new Properties(); |
255 if (fname == null) { |
256 if (fname == null) { |
256 return p; |
257 return p; |
257 } |
258 } |
258 FileInputStream fin = new FileInputStream(fname); |
259 try (FileInputStream fin = new FileInputStream(fname)) { |
259 p.load(fin); |
260 p.load(fin); |
260 fin.close(); |
261 } |
261 return p; |
262 return p; |
262 } |
263 } |
263 private final Map<String, Object> environment; |
264 private final Map<String, Object> environment; |
264 private final Properties properties; |
265 private final Properties properties; |
265 private final String accessFile; |
266 private final String accessFile; |
428 throw new AgentConfigurationError(AGENT_EXCEPTION, e, e.toString()); |
429 throw new AgentConfigurationError(AGENT_EXCEPTION, e, e.toString()); |
429 } |
430 } |
430 try { |
431 try { |
431 // Export remote connector address and associated configuration |
432 // Export remote connector address and associated configuration |
432 // properties to the instrumentation buffer. |
433 // properties to the instrumentation buffer. |
433 Map<String, String> properties = new HashMap<String, String>(); |
434 Map<String, String> properties = new HashMap<>(); |
434 properties.put("remoteAddress", url.toString()); |
435 properties.put("remoteAddress", url.toString()); |
435 properties.put("authenticate", useAuthenticationStr); |
436 properties.put("authenticate", useAuthenticationStr); |
436 properties.put("ssl", useSslStr); |
437 properties.put("ssl", useSslStr); |
437 properties.put("sslRegistry", useRegistrySslStr); |
438 properties.put("sslRegistry", useRegistrySslStr); |
438 properties.put("sslNeedClientAuth", sslNeedClientAuthStr); |
439 properties.put("sslNeedClientAuth", sslNeedClientAuthStr); |
454 // Ensure cryptographically strong random number generater used |
455 // Ensure cryptographically strong random number generater used |
455 // to choose the object number - see java.rmi.server.ObjID |
456 // to choose the object number - see java.rmi.server.ObjID |
456 System.setProperty("java.rmi.server.randomIDs", "true"); |
457 System.setProperty("java.rmi.server.randomIDs", "true"); |
457 |
458 |
458 // This RMI server should not keep the VM alive |
459 // This RMI server should not keep the VM alive |
459 Map<String, Object> env = new HashMap<String, Object>(); |
460 Map<String, Object> env = new HashMap<>(); |
460 env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter()); |
461 env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter()); |
461 |
462 |
462 // The local connector server need only be available via the |
463 // The local connector server need only be available via the |
463 // loopback connection. |
464 // loopback connection. |
464 String localhost = "localhost"; |
465 String localhost = "localhost"; |
597 } else { |
598 } else { |
598 checkRestrictedFile(sslConfigFileName); |
599 checkRestrictedFile(sslConfigFileName); |
599 try { |
600 try { |
600 // Load the SSL keystore properties from the config file |
601 // Load the SSL keystore properties from the config file |
601 Properties p = new Properties(); |
602 Properties p = new Properties(); |
602 InputStream in = new FileInputStream(sslConfigFileName); |
603 try (InputStream in = new FileInputStream(sslConfigFileName)) { |
603 try { |
|
604 BufferedInputStream bin = new BufferedInputStream(in); |
604 BufferedInputStream bin = new BufferedInputStream(in); |
605 p.load(bin); |
605 p.load(bin); |
606 } finally { |
|
607 in.close(); |
|
608 } |
606 } |
609 String keyStore = |
607 String keyStore = |
610 p.getProperty("javax.net.ssl.keyStore"); |
608 p.getProperty("javax.net.ssl.keyStore"); |
611 String keyStorePassword = |
609 String keyStorePassword = |
612 p.getProperty("javax.net.ssl.keyStorePassword", ""); |
610 p.getProperty("javax.net.ssl.keyStorePassword", ""); |
626 } |
624 } |
627 |
625 |
628 KeyStore ks = null; |
626 KeyStore ks = null; |
629 if (keyStore != null) { |
627 if (keyStore != null) { |
630 ks = KeyStore.getInstance(KeyStore.getDefaultType()); |
628 ks = KeyStore.getInstance(KeyStore.getDefaultType()); |
631 FileInputStream ksfis = new FileInputStream(keyStore); |
629 try (FileInputStream ksfis = new FileInputStream(keyStore)) { |
632 try { |
|
633 ks.load(ksfis, keyStorePasswd); |
630 ks.load(ksfis, keyStorePasswd); |
634 } finally { |
|
635 ksfis.close(); |
|
636 } |
631 } |
637 } |
632 } |
638 KeyManagerFactory kmf = KeyManagerFactory.getInstance( |
633 KeyManagerFactory kmf = KeyManagerFactory.getInstance( |
639 KeyManagerFactory.getDefaultAlgorithm()); |
634 KeyManagerFactory.getDefaultAlgorithm()); |
640 kmf.init(ks, keyStorePasswd); |
635 kmf.init(ks, keyStorePasswd); |
641 |
636 |
642 KeyStore ts = null; |
637 KeyStore ts = null; |
643 if (trustStore != null) { |
638 if (trustStore != null) { |
644 ts = KeyStore.getInstance(KeyStore.getDefaultType()); |
639 ts = KeyStore.getInstance(KeyStore.getDefaultType()); |
645 FileInputStream tsfis = new FileInputStream(trustStore); |
640 try (FileInputStream tsfis = new FileInputStream(trustStore)) { |
646 try { |
|
647 ts.load(tsfis, trustStorePasswd); |
641 ts.load(tsfis, trustStorePasswd); |
648 } finally { |
|
649 tsfis.close(); |
|
650 } |
642 } |
651 } |
643 } |
652 TrustManagerFactory tmf = TrustManagerFactory.getInstance( |
644 TrustManagerFactory tmf = TrustManagerFactory.getInstance( |
653 TrustManagerFactory.getDefaultAlgorithm()); |
645 TrustManagerFactory.getDefaultAlgorithm()); |
654 tmf.init(ts); |
646 tmf.init(ts); |
687 * IDs. */ |
679 * IDs. */ |
688 System.setProperty("java.rmi.server.randomIDs", "true"); |
680 System.setProperty("java.rmi.server.randomIDs", "true"); |
689 |
681 |
690 JMXServiceURL url = new JMXServiceURL("rmi", null, 0); |
682 JMXServiceURL url = new JMXServiceURL("rmi", null, 0); |
691 |
683 |
692 Map<String, Object> env = new HashMap<String, Object>(); |
684 Map<String, Object> env = new HashMap<>(); |
693 |
685 |
694 PermanentExporter exporter = new PermanentExporter(); |
686 PermanentExporter exporter = new PermanentExporter(); |
695 |
687 |
696 env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter); |
688 env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter); |
697 |
689 |