Skip to content

Commit

Permalink
#164: Refactored encryption handling
Browse files Browse the repository at this point in the history 
* Added documentation
* Switched from an option '--encrypt' to a dedicated agent commad "encrypt"
* Switched markers from "{ ... } " to "[[ .... ]]" for consistency with jmx4perl encryption markers
* Simplified cypher which is sufficient for our needs (especially the salt generation)
  • Loading branch information
@rhuss
rhuss committed Jan 18, 2016
1 parent 9fb54f9 commit 5da7d52
Show file tree
Hide file tree
Showing 18 changed files with 330 additions and 462 deletions.
77 changes: 23 additions & 54 deletions agent/core/src/main/java/org/jolokia/restrictor/RestrictorFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,11 @@
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.net.URL;

import org.jolokia.config.ConfigKey;
import org.jolokia.config.Configuration;
import org.jolokia.util.ClassUtil;
import org.jolokia.util.LogHandler;
import org.jolokia.util.NetworkUtil;
import org.jolokia.util.*;

/*
* Copyright 2009-2013 Roland Huss
Expand Down Expand Up @@ -43,23 +40,23 @@ public static Restrictor createRestrictor(Configuration pConfig, LogHandler logH

Restrictor customRestrictor = createCustomRestrictor(pConfig);
if (customRestrictor != null) {
logHandler.info("Using custom restrictor " + customRestrictor.getClass().getCanonicalName());
logHandler.info("Using restrictor " + customRestrictor.getClass().getCanonicalName());
return customRestrictor;
}

String location = NetworkUtil.replaceExpression(pConfig.get(ConfigKey.POLICY_LOCATION));
try {
Restrictor ret = RestrictorFactory.lookupPolicyRestrictor(location);
if (ret != null) {
logHandler.info("Using access restrictor " + location);
logHandler.info("Using policy access restrictor " + location);
return ret;
} else {
logHandler.info("No access restrictor found, access to all MBean is allowed");
logHandler.info("No access restrictor found, access to any MBean is allowed");
return new AllowAllRestrictor();
}
} catch (IOException e) {
logHandler.error("Error while accessing access restrictor at " + location +
". Denying all access to MBeans for security reasons. Exception: " + e, e);
". Denying all access to MBeans for security reasons. Exception: " + e, e);
return new DenyAllRestrictor();
}
}
Expand All @@ -69,61 +66,33 @@ private static Restrictor createCustomRestrictor(Configuration pConfig) {
if (restrictorClassName == null) {
return null;
}

Class restrictorClass;
try {
restrictorClass = Class.forName(restrictorClassName);
if(!Restrictor.class.isAssignableFrom(restrictorClass)){
throw new IllegalArgumentException("Provided restrictor class [" + restrictorClassName +
"] is not a subclass of Restrictor");
}
} catch (ClassNotFoundException e) {
throw new IllegalArgumentException("Cannot find restrictor class", e);
Class restrictorClass = ClassUtil.classForName(restrictorClassName);
if (restrictorClass == null) {
throw new IllegalArgumentException("No custom restrictor class " + restrictorClassName + " found");
}


return lookupRestrictor(pConfig, restrictorClass);

}

private static Restrictor lookupRestrictor(Configuration pConfig, Class restrictorClass) {
// prefer constructor that takes configuration
try {
Constructor constructorThatTakesConfiguration = restrictorClass.getConstructor(Configuration.class);
return (Restrictor) constructorThatTakesConfiguration.newInstance(pConfig);
} catch (NoSuchMethodException ignore) {
return lookupRestrictorWithDefaultConstructor(restrictorClass, ignore);
} catch (InvocationTargetException e) {
throw new IllegalArgumentException("Cannot create an instance of custom restrictor class", e);
} catch (InstantiationException e) {
throw new IllegalArgumentException("Cannot create an instance of custom restrictor class", e);
} catch (IllegalAccessException e) {
throw new IllegalArgumentException("Cannot create an instance of custom restrictor class", e);
}
}

private static Restrictor lookupRestrictorWithDefaultConstructor(Class restrictorClass, NoSuchMethodException ignore) {
// fallback to default constructor
try {
Constructor defaultConstructor = restrictorClass.getConstructor();
return (Restrictor) defaultConstructor.newInstance();
} catch (InvocationTargetException e) {
e.initCause(ignore);
throw new IllegalArgumentException("Cannot create an instance of custom restrictor class", e);
} catch (NoSuchMethodException e) {
e.initCause(ignore);
throw new IllegalArgumentException("Cannot create an instance of custom restrictor class", e);
} catch (InstantiationException e) {
e.initCause(ignore);
throw new IllegalArgumentException("Cannot create an instance of custom restrictor class", e);
} catch (IllegalAccessException e) {
e.initCause(ignore);
throw new IllegalArgumentException("Cannot create an instance of custom restrictor class", e);
try {
// Prefer constructor that takes configuration
Constructor ctr = restrictorClass.getConstructor(Configuration.class);
return (Restrictor) ctr.newInstance(pConfig);
} catch (NoSuchMethodException exp) {
// Fallback to default constructor
Constructor defaultConstructor = restrictorClass.getConstructor();
return (Restrictor) defaultConstructor.newInstance();
}
} catch (NoSuchMethodException exp) {
throw new IllegalArgumentException("Cannot create custom restrictor for class " + restrictorClass + " " +
"because neither a constructor with 'Configuration' as only element " +
"nor a default constructor is available");
} catch (ReflectiveOperationException e) {
throw new IllegalArgumentException("Cannot create an instance of custom restrictor class " + restrictorClass, e);
}
}



/**
* Lookup a restrictor based on an URL
*
Expand Down
45 changes: 22 additions & 23 deletions agent/core/src/main/java/org/jolokia/util/ClassUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,7 @@
* limitations under the License.
*/

import java.io.IOException;
import java.io.InputStream;
import java.io.*;
import java.lang.reflect.*;
import java.net.URL;
import java.util.*;
Expand Down Expand Up @@ -87,27 +86,6 @@ private static List<ClassLoader> findClassLoaders(ClassLoader... pClassLoaders)
return ret;
}

/**
* Get the given path as an input stream or return <code>null</code> if not found
*
* @param pPath path to lookup
* @return input stream or null if not found.
*/
public static InputStream getResourceAsStream(String pPath) {
for (ClassLoader loader : new ClassLoader[] {
Thread.currentThread().getContextClassLoader(),
ClassUtil.class.getClassLoader()
} ) {
if (loader != null) {
InputStream is = loader.getResourceAsStream(pPath);
if (is != null) {
return is;
}
}
}
return null;
}

/**
* Check for the existence of a given class
*
Expand Down Expand Up @@ -286,4 +264,25 @@ private static boolean checkForPrimitive(Class argClass, Class paramClass) {
PRIMITIVE_TO_OBJECT_MAP.put("void", Void.TYPE);
PRIMITIVE_TO_OBJECT_MAP.put("short", Short.TYPE);
}

/**
* Get the given path as an input stream or return <code>null</code> if not found
*
* @param pPath path to lookup
* @return input stream or null if not found.
*/
public static InputStream getResourceAsStream(String pPath) {
for (ClassLoader loader : new ClassLoader[] {
Thread.currentThread().getContextClassLoader(),
ClassUtil.class.getClassLoader()
} ) {
if (loader != null) {
InputStream is = loader.getResourceAsStream(pPath);
if (is != null) {
return is;
}
}
}
return null;
}
}

0 comments on commit 5da7d52

Please sign in to comment.