|
1 /* |
|
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 package jdk.internal.management.remote.rest; |
|
27 |
|
28 import jdk.internal.management.remote.rest.http.MBeanServerCollectionResource; |
|
29 import jdk.internal.management.remote.rest.http.MBeanServerResource; |
|
30 import com.sun.net.httpserver.HttpServer; |
|
31 import com.sun.net.httpserver.HttpsConfigurator; |
|
32 import com.sun.net.httpserver.HttpsServer; |
|
33 |
|
34 import javax.management.*; |
|
35 import javax.net.ssl.KeyManagerFactory; |
|
36 import javax.net.ssl.SSLContext; |
|
37 import javax.net.ssl.TrustManagerFactory; |
|
38 import java.io.BufferedInputStream; |
|
39 import java.io.FileInputStream; |
|
40 import java.io.IOException; |
|
41 import java.lang.management.ManagementFactory; |
|
42 import java.net.InetAddress; |
|
43 import java.net.InetSocketAddress; |
|
44 import java.net.UnknownHostException; |
|
45 import java.security.KeyStore; |
|
46 import java.util.HashMap; |
|
47 import java.util.List; |
|
48 import java.util.Map; |
|
49 import java.util.Properties; |
|
50 import java.util.concurrent.*; |
|
51 import java.util.concurrent.atomic.AtomicInteger; |
|
52 |
|
53 /** |
|
54 * This is the root class that initializes the HTTPServer and |
|
55 * REST adapter for platform mBeanServer. |
|
56 * |
|
57 * @since 11 |
|
58 */ |
|
59 public final class PlatformRestAdapter { |
|
60 |
|
61 /* |
|
62 * Initializes HTTPServer with settings from config file |
|
63 * acts as container for platform rest adapter |
|
64 */ |
|
65 private static HttpServer httpServer = null; |
|
66 |
|
67 // Save configuration to be used for other MBeanServers |
|
68 private static Map<String, Object> env; |
|
69 private static List<MBeanServerResource> restAdapters = new CopyOnWriteArrayList<>(); |
|
70 private static final int maxThreadCount = 5; |
|
71 |
|
72 private PlatformRestAdapter() { |
|
73 } |
|
74 |
|
75 private static class HttpThreadFactory implements ThreadFactory { |
|
76 private final ThreadGroup group; |
|
77 private final AtomicInteger threadNumber = new AtomicInteger(1); |
|
78 private final String namePrefix = "http-thread-"; |
|
79 |
|
80 HttpThreadFactory() { |
|
81 SecurityManager s = System.getSecurityManager(); |
|
82 group = (s != null) ? s.getThreadGroup() : |
|
83 Thread.currentThread().getThreadGroup(); |
|
84 } |
|
85 |
|
86 public Thread newThread(Runnable r) { |
|
87 Thread t = new Thread(group, r, |
|
88 namePrefix + threadNumber.getAndIncrement(), |
|
89 0); |
|
90 if (t.isDaemon()) |
|
91 t.setDaemon(false); |
|
92 if (t.getPriority() != Thread.NORM_PRIORITY) |
|
93 t.setPriority(Thread.NORM_PRIORITY); |
|
94 return t; |
|
95 } |
|
96 } |
|
97 |
|
98 /** |
|
99 * Starts the HTTP server with the input configuration properties |
|
100 * The configuration properties are Interface name/IP, port and SSL configuration |
|
101 * By default the server binds to address '0.0.0.0' and port '0'. SSL is off by default. [TODO]The |
|
102 * keyStore will be created one if not configured and the private key and a public certificate will |
|
103 * be generated[/TODO]. |
|
104 * Below properties are used to configure the HTTP server. |
|
105 * com.sun.management.jmxremote.rest.port |
|
106 * com.sun.management.jmxremote.rest.host |
|
107 * com.sun.management.jmxremote.ssl |
|
108 * com.sun.management.jmxremote.ssl.config.file |
|
109 * javax.net.ssl.keyStore |
|
110 * javax.net.ssl.trustStore |
|
111 * javax.net.ssl.keyStorePassword |
|
112 * javax.net.ssl.trustStorePassword |
|
113 * |
|
114 * @param properties Config properties for the HTTP server. |
|
115 * If null or if any of the properties is not specified, default values will be assumed. |
|
116 * @throws IOException If the server could not be created |
|
117 */ |
|
118 public static synchronized void init(Properties properties) throws IOException { |
|
119 if (httpServer == null) { |
|
120 if (properties == null || properties.isEmpty()) { |
|
121 properties = new Properties(); |
|
122 properties.setProperty("com.sun.management.jmxremote.ssl", "false"); |
|
123 properties.setProperty("com.sun.management.jmxremote.authenticate", "false"); |
|
124 properties.setProperty("com.sun.management.jmxremote.rest.port", "0"); |
|
125 } |
|
126 final int port; |
|
127 try { |
|
128 port = Integer.parseInt(properties.getProperty(PropertyNames.PORT, DefaultValues.PORT)); |
|
129 } catch (NumberFormatException x) { |
|
130 throw new IllegalArgumentException("Invalid string for port"); |
|
131 } |
|
132 if (port < 0) { |
|
133 throw new IllegalArgumentException("Invalid string for port"); |
|
134 } |
|
135 |
|
136 String host = properties.getProperty(PropertyNames.HOST, DefaultValues.HOST); |
|
137 |
|
138 boolean useSSL = Boolean.parseBoolean(properties.getProperty( |
|
139 PropertyNames.USE_SSL, DefaultValues.USE_SSL)); |
|
140 if (useSSL) { |
|
141 final String sslConfigFileName |
|
142 = properties.getProperty(PropertyNames.SSL_CONFIG_FILE_NAME); |
|
143 SSLContext ctx = getSSlContext(sslConfigFileName); |
|
144 if (ctx != null) { |
|
145 HttpsServer server = HttpsServer.create(new InetSocketAddress(host, port), 0); |
|
146 server.setHttpsConfigurator(new HttpsConfigurator(ctx)); |
|
147 httpServer = server; |
|
148 } else { |
|
149 httpServer = HttpServer.create(new InetSocketAddress(host, port), 0); |
|
150 } |
|
151 } else { |
|
152 httpServer = HttpServer.create(new InetSocketAddress(host, port), 0); |
|
153 } |
|
154 |
|
155 new MBeanServerCollectionResource(restAdapters, httpServer); |
|
156 httpServer.setExecutor(Executors.newFixedThreadPool(maxThreadCount, new HttpThreadFactory())); |
|
157 httpServer.start(); |
|
158 startDefaultRestAdapter(properties); |
|
159 } |
|
160 } |
|
161 |
|
162 public static boolean isStarted() { |
|
163 return httpServer!=null; |
|
164 } |
|
165 |
|
166 private static void startDefaultRestAdapter(Properties properties) { |
|
167 env = new HashMap<>(); |
|
168 // Do we use authentication? |
|
169 final String useAuthenticationStr |
|
170 = properties.getProperty(PropertyNames.USE_AUTHENTICATION, |
|
171 DefaultValues.USE_AUTHENTICATION); |
|
172 final boolean useAuthentication |
|
173 = Boolean.valueOf(useAuthenticationStr); |
|
174 |
|
175 String loginConfigName; |
|
176 String passwordFileName; |
|
177 |
|
178 if (useAuthentication) { |
|
179 env.put("jmx.remote.x.authentication", Boolean.TRUE); |
|
180 // Get non-default login configuration |
|
181 loginConfigName |
|
182 = properties.getProperty(PropertyNames.LOGIN_CONFIG_NAME); |
|
183 env.put("jmx.remote.x.login.config", loginConfigName); |
|
184 |
|
185 if (loginConfigName == null) { |
|
186 // Get password file |
|
187 passwordFileName |
|
188 = properties.getProperty(PropertyNames.PASSWORD_FILE_NAME); |
|
189 env.put("jmx.remote.x.password.file", passwordFileName); |
|
190 } |
|
191 } |
|
192 MBeanServerResource adapter = new MBeanServerResource(httpServer, ManagementFactory.getPlatformMBeanServer(), "platform", env); |
|
193 adapter.start(); |
|
194 restAdapters.add(adapter); |
|
195 } |
|
196 |
|
197 /** |
|
198 * Wraps the mbeanServer in a REST adapter. The mBeanServer will be accessible over REST APIs |
|
199 * at supplied context. env parameter configures authentication parameters for the MBeanServer. |
|
200 * |
|
201 * @param mbeanServer The MBeanServer to be wrapped in REST adapter |
|
202 * @param context The context in HTTP server under which this MBeanServer will be available over REST |
|
203 * If it is null or empty, a context will be generated |
|
204 * @param env configures authemtication parameters for accessing the MBeanServer over this adapter |
|
205 * If null, configuration from default rest adapter will be used. |
|
206 * Below is the list of properties. |
|
207 * <p> |
|
208 * jmx.remote.x.authentication : enable/disable user authentication |
|
209 * jmx.remote.authenticator : Instance of a JMXAuthenticator |
|
210 * jmx.remote.x.login.config : JAAS login conguration |
|
211 * jmx.remote.x.password.file : file name for default JAAS login configuration |
|
212 * @return an Instance of REST adapter that allows to start/stop the adapter |
|
213 */ |
|
214 public static synchronized JmxRestAdapter newRestAdapter(MBeanServer mbeanServer, String context, Map<String, ?> env) { |
|
215 if (httpServer == null) { |
|
216 throw new IllegalStateException("Platform Adapter not initialized"); |
|
217 } |
|
218 |
|
219 MBeanServerResource server = restAdapters.stream() |
|
220 .filter(s -> areMBeanServersEqual(s.getMBeanServer(), mbeanServer)) |
|
221 .findFirst() |
|
222 .get(); |
|
223 if (server == null) { |
|
224 MBeanServerResource adapter = new MBeanServerResource(httpServer, mbeanServer, context, env); |
|
225 adapter.start(); |
|
226 restAdapters.add(adapter); |
|
227 return adapter; |
|
228 } else { |
|
229 throw new IllegalArgumentException("MBeanServer already registered at " + server.getUrl()); |
|
230 } |
|
231 } |
|
232 |
|
233 private static boolean areMBeanServersEqual(MBeanServer server1, MBeanServer server2) { |
|
234 MBeanServerDelegateMBean bean1 = JMX.newMBeanProxy(server1, MBeanServerDelegate.DELEGATE_NAME, MBeanServerDelegateMBean.class); |
|
235 MBeanServerDelegateMBean bean2 = JMX.newMBeanProxy(server2, MBeanServerDelegate.DELEGATE_NAME, MBeanServerDelegateMBean.class); |
|
236 return bean1.getMBeanServerId().equalsIgnoreCase(bean2.getMBeanServerId()); |
|
237 } |
|
238 |
|
239 public synchronized static void stop() { |
|
240 restAdapters.forEach(r -> r.stop()); |
|
241 restAdapters.clear(); |
|
242 if (httpServer != null) { |
|
243 ExecutorService executor = (ExecutorService) httpServer.getExecutor(); |
|
244 executor.shutdownNow(); |
|
245 try { |
|
246 executor.awaitTermination(30, TimeUnit.SECONDS); |
|
247 } catch (InterruptedException e) { |
|
248 } |
|
249 httpServer.stop(0); |
|
250 httpServer = null; |
|
251 } |
|
252 } |
|
253 |
|
254 public static synchronized String getDomain() { |
|
255 if (httpServer == null) { |
|
256 throw new IllegalStateException("Platform rest adapter not initialized"); |
|
257 } |
|
258 try { |
|
259 if (httpServer instanceof HttpsServer) { |
|
260 return "https://" + InetAddress.getLocalHost().getCanonicalHostName() + ":" + httpServer.getAddress().getPort(); |
|
261 } |
|
262 return "http://" + InetAddress.getLocalHost().getCanonicalHostName() + ":" + httpServer.getAddress().getPort(); |
|
263 } catch (UnknownHostException ex) { |
|
264 return "http://localhost" + ":" + httpServer.getAddress().getPort(); |
|
265 } |
|
266 } |
|
267 |
|
268 public static synchronized String getBaseURL() { |
|
269 return getDomain() + "/jmx/servers"; |
|
270 } |
|
271 |
|
272 private static SSLContext getSSlContext(String sslConfigFileName) { |
|
273 final String keyStore, keyStorePassword, trustStore, trustStorePassword; |
|
274 |
|
275 try { |
|
276 if (sslConfigFileName == null || sslConfigFileName.isEmpty()) { |
|
277 keyStore = System.getProperty(PropertyNames.SSL_KEYSTORE_FILE); |
|
278 keyStorePassword = System.getProperty(PropertyNames.SSL_KEYSTORE_PASSWORD); |
|
279 trustStore = System.getProperty(PropertyNames.SSL_TRUSTSTORE_FILE); |
|
280 trustStorePassword = System.getProperty(PropertyNames.SSL_TRUSTSTORE_PASSWORD); |
|
281 } else { |
|
282 Properties p = new Properties(); |
|
283 BufferedInputStream bin = new BufferedInputStream(new FileInputStream(sslConfigFileName)); |
|
284 p.load(bin); |
|
285 keyStore = p.getProperty(PropertyNames.SSL_KEYSTORE_FILE); |
|
286 keyStorePassword = p.getProperty(PropertyNames.SSL_KEYSTORE_PASSWORD); |
|
287 trustStore = p.getProperty(PropertyNames.SSL_TRUSTSTORE_FILE); |
|
288 trustStorePassword = p.getProperty(PropertyNames.SSL_TRUSTSTORE_PASSWORD); |
|
289 } |
|
290 |
|
291 char[] keyStorePasswd = null; |
|
292 if (keyStorePassword.length() != 0) { |
|
293 keyStorePasswd = keyStorePassword.toCharArray(); |
|
294 } |
|
295 |
|
296 char[] trustStorePasswd = null; |
|
297 if (trustStorePassword.length() != 0) { |
|
298 trustStorePasswd = trustStorePassword.toCharArray(); |
|
299 } |
|
300 |
|
301 KeyStore ks = null; |
|
302 if (keyStore != null) { |
|
303 ks = KeyStore.getInstance(KeyStore.getDefaultType()); |
|
304 FileInputStream ksfis = new FileInputStream(keyStore); |
|
305 ks.load(ksfis, keyStorePasswd); |
|
306 |
|
307 } |
|
308 KeyManagerFactory kmf = KeyManagerFactory.getInstance( |
|
309 KeyManagerFactory.getDefaultAlgorithm()); |
|
310 kmf.init(ks, keyStorePasswd); |
|
311 |
|
312 KeyStore ts = null; |
|
313 if (trustStore != null) { |
|
314 ts = KeyStore.getInstance(KeyStore.getDefaultType()); |
|
315 FileInputStream tsfis = new FileInputStream(trustStore); |
|
316 ts.load(tsfis, trustStorePasswd); |
|
317 } |
|
318 TrustManagerFactory tmf = TrustManagerFactory.getInstance( |
|
319 TrustManagerFactory.getDefaultAlgorithm()); |
|
320 tmf.init(ts); |
|
321 |
|
322 SSLContext ctx = SSLContext.getInstance("SSL"); |
|
323 ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
|
324 return ctx; |
|
325 } catch (Exception ex) { |
|
326 } |
|
327 return null; |
|
328 } |
|
329 |
|
330 /** |
|
331 * Default values for JMX configuration properties. |
|
332 */ |
|
333 static interface DefaultValues { |
|
334 |
|
335 public static final String PORT = "0"; |
|
336 public static final String HOST = "0.0.0.0"; |
|
337 public static final String USE_SSL = "false"; |
|
338 public static final String USE_AUTHENTICATION = "false"; |
|
339 public static final String PASSWORD_FILE_NAME = "jmxremote.password"; |
|
340 } |
|
341 |
|
342 /** |
|
343 * Names of JMX configuration properties. |
|
344 */ |
|
345 public static interface PropertyNames { |
|
346 |
|
347 public static final String PORT |
|
348 = "com.sun.management.jmxremote.rest.port"; |
|
349 public static final String HOST |
|
350 = "com.sun.management.jmxremote.host"; |
|
351 public static final String USE_SSL |
|
352 = "com.sun.management.jmxremote.ssl"; |
|
353 public static final String SSL_CONFIG_FILE_NAME |
|
354 = "com.sun.management.jmxremote.ssl.config.file"; |
|
355 public static final String SSL_KEYSTORE_FILE |
|
356 = "javax.net.ssl.keyStore"; |
|
357 public static final String SSL_TRUSTSTORE_FILE |
|
358 = "javax.net.ssl.trustStore"; |
|
359 public static final String SSL_KEYSTORE_PASSWORD |
|
360 = "javax.net.ssl.keyStorePassword"; |
|
361 public static final String SSL_TRUSTSTORE_PASSWORD |
|
362 = "javax.net.ssl.trustStorePassword"; |
|
363 public static final String USE_AUTHENTICATION |
|
364 = "com.sun.management.jmxremote.authenticate"; |
|
365 public static final String PASSWORD_FILE_NAME |
|
366 = "com.sun.management.jmxremote.password.file"; |
|
367 public static final String LOGIN_CONFIG_NAME |
|
368 = "com.sun.management.jmxremote.login.config"; |
|
369 } |
|
370 } |