add TLS support

Author: willardgibbs

src/main/java/ru/cinimex/exporter/Config.java

@@ -68,7 +68,8 @@ public Config(String path) {
         this.usePCFWildcards = (boolean) pcfParameters.get("usePCFWildcards");
         this.scrapeInterval = (Integer) pcfParameters.get("scrapeInterval");
         boolean useTLS = (boolean) qmgrConnectionParams.get("useTLS");
-        if (useTLS)
+        if (useTLS) {
+            logger.info("secured connection to queue manager will be used");
             mqSecurityProperties = new MQSecurityProperties(
                     useTLS,
                     (String) qmgrConnectionParams.get("keystorePath"),
@@ -78,6 +79,9 @@ public Config(String path) {
                     (String) qmgrConnectionParams.get("sslProtocol"),
                     (String) qmgrConnectionParams.get("cipherSuite")
             );
+        } else {
+            logger.info("unsecured connection to queue manager will be used");
+        }
         logger.info("Successfully parsed configuration file!");
     }
 

src/main/java/ru/cinimex/exporter/mq/MQConnection.java

@@ -24,7 +24,6 @@
 import java.util.HashMap;
 import java.util.Hashtable;
 import java.util.Map;
-import java.util.Optional;
 
 /**
  * Class represents MQ connection.
@@ -36,7 +35,7 @@ public class MQConnection {
     /**
      * Method creates connection properties Hashtable from connection parameters.
      *
-     * @param config     - config.
+     * @param config     - object containing different properties.
      * @return - returns prepared structure with all parameters transformed into queue manager's format.
      */
     public static Map<String, Object> createMQConnectionParams(Config config) {
@@ -52,30 +51,36 @@ public static Map<String, Object> createMQConnectionParams(Config config) {
         }
         MQSecurityProperties mqSecurityProperties = config.getMqSecurityProperties();
         if (mqSecurityProperties != null && mqSecurityProperties.isUseTLS()) {
-            KeyStore keyStore = getStore(mqSecurityProperties.getKeystorePath(), mqSecurityProperties.getKeystorePassword());
-            KeyStore trustStore = getStore(mqSecurityProperties.getTruststorePath(), mqSecurityProperties.getTruststorePassword());
-
-            SSLContext sslContext = null;
-            try {
-                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-                trustManagerFactory.init(trustStore);
-                keyManagerFactory.init(keyStore, mqSecurityProperties.getKeystorePassword().toCharArray());
-                sslContext = SSLContext.getInstance(mqSecurityProperties.getSslProtocol());
-                sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
-            } catch (KeyStoreException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyManagementException e1) {
-                logger.error("Failed!", e1);
-            }
-
-            SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
-
             properties.put(MQConstants.SSL_CIPHER_SUITE_PROPERTY, mqSecurityProperties.getCipherSuite());
-            properties.put(MQConstants.SSL_SOCKET_FACTORY_PROPERTY, sslSocketFactory);
+            properties.put(MQConstants.SSL_SOCKET_FACTORY_PROPERTY, getSslSocketFactory(mqSecurityProperties));
             System.setProperty("com.ibm.mq.cfg.useIBMCipherMappings", "false");
         }
         return properties;
     }
 
+    /**
+     * Method creates SSLSocketFactory from connection parameters.
+     *
+     * @param mqSecurityProperties     - object containing security properties.
+     * @return - returns prepared SSLSocketFactory.
+     */
+    private static SSLSocketFactory getSslSocketFactory(MQSecurityProperties mqSecurityProperties) {
+        KeyStore keyStore = getStore(mqSecurityProperties.getKeystorePath(), mqSecurityProperties.getKeystorePassword());
+        KeyStore trustStore = getStore(mqSecurityProperties.getTruststorePath(), mqSecurityProperties.getTruststorePassword());
+        SSLContext sslContext = null;
+        try {
+            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+            trustManagerFactory.init(trustStore);
+            keyManagerFactory.init(keyStore, mqSecurityProperties.getKeystorePassword().toCharArray());
+            sslContext = SSLContext.getInstance(mqSecurityProperties.getSslProtocol());
+            sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
+        } catch (KeyStoreException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyManagementException e1) {
+            logger.error("Failed!", e1);
+        }
+        return sslContext.getSocketFactory();
+    }
+
     private static KeyStore getStore(String storePath, String storePassword) {
         KeyStore keyStore = null;
         try (FileInputStream keyStoreInput = new FileInputStream(storePath)) {
@@ -91,7 +96,7 @@ private static KeyStore getStore(String storePath, String storePassword) {
      * Method establishes connection with queue manager.
      *
      * @param qmNqme               - queue manager's name.
-     * @param connectionProperties - prepared structure with all parameters transformed into queue manager's format. See {@link #createMQConnectionParams(String, int, String, String, String, boolean)} for more info.
+     * @param connectionProperties - prepared structure with all parameters transformed into queue manager's format. See {@link #createMQConnectionParams(Config config)} for more info.
      */
     public void establish(String qmNqme, Map<String, Object> connectionProperties) throws MQException {
         queueManager = new MQQueueManager(qmNqme, new Hashtable<>(connectionProperties));

src/main/java/ru/cinimex/exporter/mq/MQSubscriberManager.java

@@ -24,7 +24,7 @@ public class MQSubscriberManager {
     /**
      * Constructor sets params for connecting to target queue manager.
      *
-     * @param config     - config.
+     * @param config     - object containing different properties
      */
     public MQSubscriberManager(Config config) {
         connectionProperties = MQConnection.createMQConnectionParams(config);
@@ -154,12 +154,12 @@ private void addPCFSubscribers(Map<MQObject.MQType, ArrayList<MQObject>> objects
      */
     private void addPCFSubscribers(List<MQObject> objects, int interval) {
         int corePoolSize = objects.size();
-        ScheduledExecutorService executor = Executors.newScheduledThreadPool(corePoolSize);
+        ScheduledExecutorService scheduledExecutorService = Executors.newScheduledThreadPool(corePoolSize);
         for (MQObject object : objects) {
             MQPCFSubscriber subscriber = new MQPCFSubscriber(queueManagerName, new Hashtable<>(connectionProperties), object);
             subscribers.add(subscriber);
             logger.debug("Starting subscriber for sending direct PCF commands to retrieve statistics about object with type {} and name {}.", object.getType().name(), object.getName());
-            executor.scheduleAtFixedRate(subscriber, 0, interval, TimeUnit.SECONDS);
+            scheduledExecutorService.scheduleAtFixedRate(subscriber, 0, interval, TimeUnit.SECONDS);
             logger.debug("Subscriber for sending direct PCF commands to retrieve statistics about object with type {} and name {} successfully started.", object.getType().name(), object.getName());
         }
     }

src/main/java/ru/cinimex/exporter/mq/MQTopicSubscriber.java

@@ -84,6 +84,7 @@ public void stopProcessing() {
     /**
      * Starts subscriber.
      */
+    @Override
     public void run() {
         try {
             topic = connection.createTopic(element.getTopicString());

src/main/resources/exporter_config.yaml

@@ -19,19 +19,19 @@ qmgrConnectionParams:
 # How long to wait until metrics are published by queue manager (milliseconds).
 # Value must be at least 10000 (periodicity with which metrics are published by MQ).
   connTimeout: 12000
-#
+# Use TLS connection to queue manager?
   useTLS: true
-#
-  keystorePath: /path
-#
-  keystorePassword: qweqwe
-#
-  truststorePath: /path
-#
-  truststorePassword: qweqwe
-#
+# Path to keystore file
+  keystorePath: /opt/mq_exporter/keystores/keystore.jks
+# keystore password
+  keystorePassword: testpass2
+# path to truststore file
+  truststorePath: /opt/mq_exporter/keystores/truststore.jks
+# truststore password
+  truststorePassword: testpass2
+# SSL protocol
   sslProtocol: TLSv1.2
-# or SSL_RSA_WITH_AES_256_CBC_SHA256?
+# cipherSuite
   cipherSuite: TLS_RSA_WITH_AES_256_CBC_SHA256
 
 # Prometheus connection information -------------------------------