update

cryostatio · Nov 27, 2023 · f830ff5 · f830ff5
1 parent 2c47482
commit f830ff5
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 41 deletions.
diff --git a/src/main/java/io/cryostat/agent/WebServer.java b/src/main/java/io/cryostat/agent/WebServer.java
@@ -20,7 +20,9 @@
 import java.net.InetSocketAddress;
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -108,7 +110,7 @@ class WebServer {
         this.compressionFilter = new CompressionFilter();
     }
 
-    void start() throws IOException, NoSuchAlgorithmException {
+    void start() {
         if (this.https != null) {
             stop();
         }
@@ -119,63 +121,75 @@ void start() throws IOException, NoSuchAlgorithmException {
             SSLContext sslContext = SSLContext.getInstance("TLS");
 
             // initialize keystore
-            FileInputStream passwordFis = new FileInputStream("keystore.pass");
-            char[] password = new String(passwordFis.readAllBytes()).toCharArray();
-            passwordFis.close();
+            String content =
+                    new String(
+                            Files.readAllBytes((Paths.get("keystore.pass"))),
+                            StandardCharsets.UTF_8);
+            char[] password = content.toCharArray();
             KeyStore ks = KeyStore.getInstance("JKS");
-            FileInputStream keystoreFis = new FileInputStream("cryostat-keystore.p12");
+            FileInputStream keystoreFis = new FileInputStream("../certs/cryostat-keystore.p12");
             ks.load(keystoreFis, password);
+            keystoreFis.close();
 
             // set up certificate factory
-            FileInputStream certFis = new FileInputStream("server.cer");
+            FileInputStream certFis = new FileInputStream("../certs/server.cer");
             CertificateFactory cf = CertificateFactory.getInstance("X.509");
             Certificate cert = cf.generateCertificate(certFis);
             ks.setCertificateEntry("serverCert", cert);
+            certFis.close();
 
             // set up key manager factory
-            KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+            KeyManagerFactory kmf =
+                    KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
             kmf.init(ks, password);
-            
+
             // set up trust manager factory
-            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            TrustManagerFactory tmf =
+                    TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
             tmf.init(ks);
 
             // set up HTTPS context
             sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
-            this.https.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
-                public void configure(HttpsParameters params) {
-                    try {
-                        SSLContext context = getSSLContext();
-                        SSLEngine engine = context.createSSLEngine();
-                        params.setNeedClientAuth(false);
-                        params.setCipherSuites(engine.getEnabledCipherSuites());
-                        params.setProtocols((engine.getEnabledProtocols()));
-                        params.setSSLParameters(context.getDefaultSSLParameters());
-                    } catch (Exception e) {
-                        log.error("Failed to configure the HTTPS parameters", e);
-                    }
-                }
-            });
-        } catch (KeyStoreException 
-                | CertificateException 
-                | UnrecoverableKeyException 
-                | KeyManagementException e) {
+            this.https.setHttpsConfigurator(
+                    new HttpsConfigurator(sslContext) {
+                        public void configure(HttpsParameters params) {
+                            try {
+                                SSLContext context = getSSLContext();
+                                SSLEngine engine = context.createSSLEngine();
+                                params.setNeedClientAuth(false);
+                                params.setCipherSuites(engine.getEnabledCipherSuites());
+                                params.setProtocols((engine.getEnabledProtocols()));
+                                params.setSSLParameters(context.getDefaultSSLParameters());
+                            } catch (Exception e) {
+                                log.error(
+                                        "Failed to configure the HTTPS context and parameters", e);
+                            }
+                        }
+                    });
+
+            Set<RemoteContext> mergedContexts = new HashSet<>(remoteContexts.get());
+            mergedContexts.add(new PingContext(registration));
+            mergedContexts.stream()
+                    .filter(RemoteContext::available)
+                    .forEach(
+                            rc -> {
+                                HttpContext ctx =
+                                        this.https.createContext(rc.path(), wrap(rc::handle));
+                                ctx.setAuthenticator(agentAuthenticator);
+                                ctx.getFilters().add(requestLoggingFilter);
+                                ctx.getFilters().add(compressionFilter);
+                            });
+            this.https.setExecutor(executor);
+            this.https.start();
+
+        } catch (KeyStoreException
+                | CertificateException
+                | UnrecoverableKeyException
+                | KeyManagementException
+                | IOException
+                | NoSuchAlgorithmException e) {
             log.error("Failed to set up HTTPS server", e);
         }
-
-        Set<RemoteContext> mergedContexts = new HashSet<>(remoteContexts.get());
-        mergedContexts.add(new PingContext(registration));
-        mergedContexts.stream()
-                .filter(RemoteContext::available)
-                .forEach(
-                        rc -> {
-                            HttpContext ctx = this.https.createContext(rc.path(), wrap(rc::handle));
-                            ctx.setAuthenticator(agentAuthenticator);
-                            ctx.getFilters().add(requestLoggingFilter);
-                            ctx.getFilters().add(compressionFilter);
-                        });
-        this.https.setExecutor(executor);
-        this.https.start();
     }
 
     Path discoverCertPath() {

diff --git a/certs/cryostat-keystore.p12 → ...ryostat/agent/certs/cryostat-keystore.p12 b/certs/cryostat-keystore.p12 → ...ryostat/agent/certs/cryostat-keystore.p12
diff --git a/certs/generate-dev-certs.sh → ...ryostat/agent/certs/generate-dev-certs.sh b/certs/generate-dev-certs.sh → ...ryostat/agent/certs/generate-dev-certs.sh
diff --git a/certs/keystore.pass → ...ava/io/cryostat/agent/certs/keystore.pass b/certs/keystore.pass → ...ava/io/cryostat/agent/certs/keystore.pass
diff --git a/certs/server.cer → ...n/java/io/cryostat/agent/certs/server.cer b/certs/server.cer → ...n/java/io/cryostat/agent/certs/server.cer