prometheus
diff --git a/‎collector/pom.xml‎
Lines changed: 5 additions & 0 deletions b/‎collector/pom.xml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎collector/src/main/java/io/prometheus/jmx/JmxCollector.java‎
Lines changed: 82 additions & 4 deletions b/‎collector/src/main/java/io/prometheus/jmx/JmxCollector.java‎
Lines changed: 82 additions & 4 deletions
diff --git a/‎collector/src/main/java/io/prometheus/jmx/JmxScraper.java‎
Lines changed: 57 additions & 13 deletions b/‎collector/src/main/java/io/prometheus/jmx/JmxScraper.java‎
Lines changed: 57 additions & 13 deletions
diff --git a/‎collector/src/main/java/io/prometheus/jmx/ssl/EnhanceableSslRMIClientSocketFactory.java‎
Lines changed: 36 additions & 0 deletions b/‎collector/src/main/java/io/prometheus/jmx/ssl/EnhanceableSslRMIClientSocketFactory.java‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎integration_test_suite/integration_tests/src/main/java/io/prometheus/jmx/test/support/http/HttpClient.java‎
Lines changed: 6 additions & 4 deletions b/‎integration_test_suite/integration_tests/src/main/java/io/prometheus/jmx/test/support/http/HttpClient.java‎
Lines changed: 6 additions & 4 deletions
@@ -59,6 +59,11 @@
             <artifactId>snakeyaml</artifactId>
             <version>2.5</version>
         </dependency>
+        <dependency>
+            <groupId>io.github.hakky54</groupId>
+            <artifactId>ayza</artifactId>
+            <version>10.0.1</version>
+        </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>
 
@@ -34,16 +34,22 @@
 import java.io.InputStream;
 import java.io.PrintWriter;
 import java.io.StringWriter;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.TreeMap;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
 import javax.management.MalformedObjectNameException;
 import javax.management.ObjectName;
 import org.yaml.snakeyaml.Yaml;
@@ -85,6 +91,34 @@ static class Rule {
         ArrayList<String> labelValues;
     }
 
+    static class SslProperties {
+        boolean enabled = false;
+        KeyStoreProperties keyStoreProperties;
+        KeyStoreProperties trustStoreProperties;
+        List<String> protocols = Collections.emptyList();
+        List<String> ciphers = Collections.emptyList();
+
+        public SslProperties() {}
+
+        public SslProperties(boolean enabled) {
+            this.enabled = enabled;
+        }
+
+        public Optional<KeyStoreProperties> getKeyStoreProperties() {
+            return Optional.ofNullable(keyStoreProperties);
+        }
+
+        public Optional<KeyStoreProperties> getTrustStoreProperties() {
+            return Optional.ofNullable(trustStoreProperties);
+        }
+    }
+
+    static class KeyStoreProperties {
+        Path path;
+        String type;
+        String password;
+    }
+
     /** Class to implement MetricCustomizer */
     public static class MetricCustomizer {
         MBeanFilter mbeanFilter;
@@ -114,7 +148,7 @@ private static class Config {
         String jmxUrl = "";
         String username = "";
         String password = "";
-        boolean ssl = false;
+        SslProperties sslProperties = new SslProperties();
         boolean lowercaseOutputName;
         boolean lowercaseOutputLabelNames;
         boolean inferCounterTypeFromName;
@@ -317,8 +351,38 @@ private Config loadConfig(Map<String, Object> yamlConfig) throws MalformedObject
             cfg.password = VariableResolver.resolveVariable(password);
         }
 
-        if (yamlConfig.containsKey("ssl")) {
-            cfg.ssl = (Boolean) yamlConfig.get("ssl");
+        if (yamlConfig.containsKey("ssl") && yamlConfig.get("ssl") instanceof Map) {
+            Map<String, Object> configSsl = (Map<String, Object>) yamlConfig.get("ssl");
+
+            if (configSsl.containsKey("enabled")) {
+                cfg.sslProperties.enabled = (Boolean) configSsl.get("enabled");
+            }
+
+            if (configSsl.containsKey("keyStore")) {
+                Map<String, Object> configKeyStore =
+                        (Map<String, Object>) configSsl.get("keyStore");
+                cfg.sslProperties.keyStoreProperties = getKeyStoreProperties(configKeyStore);
+            }
+
+            if (configSsl.containsKey("trustStore")) {
+                Map<String, Object> configKeyStore =
+                        (Map<String, Object>) configSsl.get("trustStore");
+                cfg.sslProperties.trustStoreProperties = getKeyStoreProperties(configKeyStore);
+            }
+
+            if (configSsl.containsKey("protocols")) {
+                cfg.sslProperties.protocols =
+                        Stream.of(((String) configSsl.get("protocols")).split(","))
+                                .map(String::trim)
+                                .collect(Collectors.toList());
+            }
+
+            if (configSsl.containsKey("ciphers")) {
+                cfg.sslProperties.ciphers =
+                        Stream.of(((String) configSsl.get("ciphers")).split(","))
+                                .map(String::trim)
+                                .collect(Collectors.toList());
+            }
         }
 
         if (yamlConfig.containsKey("lowercaseOutputName")) {
@@ -527,6 +591,20 @@ private Config loadConfig(Map<String, Object> yamlConfig) throws MalformedObject
         return cfg;
     }
 
+    private KeyStoreProperties getKeyStoreProperties(Map<String, Object> configKeyStore) {
+        KeyStoreProperties keyStoreProperties = new KeyStoreProperties();
+        if (configKeyStore.containsKey("filename")) {
+            keyStoreProperties.path = Paths.get((String) configKeyStore.get("filename"));
+        }
+        if (configKeyStore.containsKey("type")) {
+            keyStoreProperties.type = (String) configKeyStore.get("type");
+        }
+        if (configKeyStore.containsKey("password")) {
+            keyStoreProperties.password = (String) configKeyStore.get("password");
+        }
+        return keyStoreProperties;
+    }
+
     /**
      * Convert name to snake case and lower case.
      *
@@ -929,7 +1007,7 @@ public MetricSnapshots collect() {
                         config.jmxUrl,
                         config.username,
                         config.password,
-                        config.ssl,
+                        config.sslProperties,
                         config.includeObjectNames,
                         config.excludeObjectNames,
                         config.objectNameAttributeFilter,
 
@@ -16,10 +16,13 @@
 
 package io.prometheus.jmx;
 
+import io.prometheus.jmx.JmxCollector.SslProperties;
 import io.prometheus.jmx.logger.Logger;
 import io.prometheus.jmx.logger.LoggerFactory;
+import io.prometheus.jmx.ssl.EnhanceableSslRMIClientSocketFactory;
 import java.io.IOException;
 import java.lang.management.ManagementFactory;
+import java.rmi.server.RMIClientSocketFactory;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -49,6 +52,7 @@
 import javax.management.remote.rmi.RMIConnectorServer;
 import javax.naming.Context;
 import javax.rmi.ssl.SslRMIClientSocketFactory;
+import nl.altindag.ssl.SSLFactory;
 
 /** Class to implement JmxScraper */
 class JmxScraper {
@@ -84,7 +88,7 @@ void recordBean(
     private final String jmxUrl;
     private final String username;
     private final String password;
-    private final boolean ssl;
+    private final SslProperties sslProperties;
     private final List<ObjectName> includeObjectNames, excludeObjectNames;
     private final List<JmxCollector.MetricCustomizer> metricCustomizers;
     private final ObjectNameAttributeFilter objectNameAttributeFilter;
@@ -96,7 +100,7 @@ void recordBean(
      * @param jmxUrl jmxUrl
      * @param username username
      * @param password password
-     * @param ssl ssl
+     * @param sslProperties sslProperties
      * @param includeObjectNames includeObjectNames
      * @param excludeObjectNames excludeObjectNames
      * @param objectNameAttributeFilter objectNameAttributeFilter
@@ -107,7 +111,7 @@ public JmxScraper(
             String jmxUrl,
             String username,
             String password,
-            boolean ssl,
+            SslProperties sslProperties,
             List<ObjectName> includeObjectNames,
             List<ObjectName> excludeObjectNames,
             ObjectNameAttributeFilter objectNameAttributeFilter,
@@ -118,7 +122,7 @@ public JmxScraper(
         this.receiver = receiver;
         this.username = username;
         this.password = password;
-        this.ssl = ssl;
+        this.sslProperties = sslProperties;
         this.includeObjectNames = includeObjectNames;
         this.excludeObjectNames = excludeObjectNames;
         this.metricCustomizers = metricCustomizers;
@@ -145,15 +149,13 @@ public void doScrape() throws Exception {
                 String[] credent = new String[] {username, password};
                 environment.put(javax.management.remote.JMXConnector.CREDENTIALS, credent);
             }
-            if (ssl) {
+            if (sslProperties.enabled) {
                 environment.put(Context.SECURITY_PROTOCOL, "ssl");
-                SslRMIClientSocketFactory clientSocketFactory = new SslRMIClientSocketFactory();
+                RMIClientSocketFactory socketFactory = createSecureRMIClient();
                 environment.put(
-                        RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE,
-                        clientSocketFactory);
-
+                        RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, socketFactory);
                 if (!"true".equalsIgnoreCase(System.getenv("RMI_REGISTRY_SSL_DISABLED"))) {
-                    environment.put("com.sun.jndi.rmi.factory.socket", clientSocketFactory);
+                    environment.put("com.sun.jndi.rmi.factory.socket", socketFactory);
                 }
             }
 
@@ -192,6 +194,46 @@ public void doScrape() throws Exception {
         }
     }
 
+    private RMIClientSocketFactory createSecureRMIClient() {
+        if (!sslProperties.getKeyStoreProperties().isPresent()
+                || !sslProperties.getTrustStoreProperties().isPresent()) {
+            return new SslRMIClientSocketFactory();
+        }
+
+        SSLFactory.Builder sslFactoryBuilder = SSLFactory.builder();
+        sslProperties
+                .getKeyStoreProperties()
+                .ifPresent(
+                        props ->
+                                sslFactoryBuilder.withIdentityMaterial(
+                                        props.path, props.password.toCharArray(), props.type));
+        sslProperties
+                .getTrustStoreProperties()
+                .ifPresent(
+                        props ->
+                                sslFactoryBuilder.withTrustMaterial(
+                                        props.path, props.password.toCharArray(), props.type));
+        if (!sslProperties.protocols.isEmpty()) {
+            sslFactoryBuilder.withProtocols(sslProperties.protocols.toArray(new String[0]));
+        }
+        if (!sslProperties.ciphers.isEmpty()) {
+            sslFactoryBuilder.withCiphers(sslProperties.ciphers.toArray(new String[0]));
+        }
+
+        try {
+            sslFactoryBuilder.withSystemPropertyDerivedIdentityMaterial();
+        } catch (Exception ignored) {
+        }
+
+        try {
+            sslFactoryBuilder.withSystemPropertyDerivedTrustMaterial();
+        } catch (Exception ignored) {
+        }
+
+        SSLFactory sslFactory = sslFactoryBuilder.build();
+        return new EnhanceableSslRMIClientSocketFactory(sslFactory);
+    }
+
     private void scrapeBean(MBeanServerConnection beanConn, ObjectName mBeanName) {
         MBeanInfo mBeanInfo;
 
@@ -574,7 +616,9 @@ public static void main(String[] args) throws Exception {
                             args[0],
                             args[1],
                             args[2],
-                            (args.length > 3 && "ssl".equalsIgnoreCase(args[3])),
+                            (args.length > 3 && "ssl".equalsIgnoreCase(args[3]))
+                                    ? new SslProperties(true)
+                                    : new SslProperties(false),
                             objectNames,
                             new LinkedList<>(),
                             objectNameAttributeFilter,
@@ -587,7 +631,7 @@ public static void main(String[] args) throws Exception {
                             args[0],
                             "",
                             "",
-                            false,
+                            new SslProperties(false),
                             objectNames,
                             new LinkedList<>(),
                             objectNameAttributeFilter,
@@ -600,7 +644,7 @@ public static void main(String[] args) throws Exception {
                             "",
                             "",
                             "",
-                            false,
+                            new SslProperties(false),
                             objectNames,
                             new LinkedList<>(),
                             objectNameAttributeFilter,
 
@@ -0,0 +1,36 @@
+package io.prometheus.jmx.ssl;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.net.Socket;
+import java.rmi.server.RMIClientSocketFactory;
+import nl.altindag.ssl.SSLFactory;
+
+public final class EnhanceableSslRMIClientSocketFactory
+        implements RMIClientSocketFactory, Serializable {
+
+    private static final long serialVersionUID = 7523870139487859635L;
+
+    private final SSLFactory sslFactory;
+
+    public EnhanceableSslRMIClientSocketFactory(SSLFactory sslFactory) {
+        this.sslFactory = sslFactory;
+    }
+
+    @Override
+    public Socket createSocket(String host, int port) throws IOException {
+        return sslFactory.getSslSocketFactory().createSocket(host, port);
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (obj == null) return false;
+        if (obj == this) return true;
+        return this.getClass().equals(obj.getClass());
+    }
+
+    @Override
+    public int hashCode() {
+        return this.getClass().hashCode();
+    }
+}
@@ -233,11 +233,13 @@ private static byte[] readBytes(InputStream inputStream) throws IOException {
 
     private static CloseableHttpClient getHttpClient(
             int connectTimeout, int readTimeout, SSLContext sslContext) {
-        if (connectTimeout != CONNECT_TIMEOUT || readTimeout != READ_TIMEOUT || sslContext != null) {
+        if (connectTimeout != CONNECT_TIMEOUT
+                || readTimeout != READ_TIMEOUT
+                || sslContext != null) {
             return createHttpClient(
-                            connectTimeout,
-                            readTimeout,
-                            sslContext != null ? sslContext : UNSAFE_SSLCONTEXT);
+                    connectTimeout,
+                    readTimeout,
+                    sslContext != null ? sslContext : UNSAFE_SSLCONTEXT);
         }
         return defaultHttpClient;
     }