package de.bwlehrpool.bwlp_guac; import; import; import; import; import; import; import; import; import; import; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashSet; import java.util.Iterator; import java.util.LinkedHashMap; import java.util.concurrent.ConcurrentLinkedQueue; import; import; import; import; import; import; import; import org.apache.guacamole.form.Field; import; import; import org.apache.guacamole.language.TranslatableGuacamoleCredentialsException; import org.apache.guacamole.language.TranslatableGuacamoleInsufficientCredentialsException; import com.fasterxml.jackson.databind.ObjectMapper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * Broker for all clients available. * Keeps track of which clients are online, offline, assigned to a user etc. */ public class ConnectionManager { private static final Logger LOGGER = LoggerFactory.getLogger(ConnectionManager.class); private static final String SOURCE_URL = SlxConfig.clientListUrl(); /** * synchronize on clientPool when accessing */ private static final LinkedHashMap clientPool = new LinkedHashMap(); /** * synchronize on clientPool when accessing */ private static final LinkedHashMap groupPool = new LinkedHashMap(); private static final Thread listUpdater; static { listUpdater = new Thread() { @Override public void run() { for (;;) { try { Thread.sleep(120000); updateList(); } catch (InterruptedException e) {"Stopping list fetch thread"); return; } } } }; listUpdater.setDaemon(true); listUpdater.start(); } public static JsonGroup getGroup(int id) { synchronized (clientPool) { return groupPool.get(id); } } public static Collection getGroupList() { synchronized (clientPool) { return new ArrayList<>(groupPool.values()); } } public static WrappedConnection getExistingConnection(String user) { AvailableClient freeClient = null; synchronized (clientPool) { for (AvailableClient ac : clientPool.values()) { LOGGER.debug("Looking for existing mapping: Checking client " + ac); if (ac.isInUseBy(user)) {"Client " + ac + " is in use by " + user); freeClient = ac; break; } } } if (freeClient != null && freeClient.checkConnection(1)) {"Existing mapping for user " + user + " to " + freeClient); return freeClient.getConnection(user); } return null; } /** * Pass plain user name, get existing connection (if any), or a fresh one * @param user (LDAP) user name */ public static WrappedConnection getForUser(String user, int groupid) throws GuacamoleCredentialsException { if (SOURCE_URL == null) { LOGGER.warn("Don't have a source URL for client machines!"); return null; } try { updateList(); // Find existing/free client AvailableClient freeClient; for (; ; ) { freeClient = null; synchronized (clientPool) { Collection clients; if (groupid == 0) { clients = new HashSet(); for (JsonGroup group : groupPool.values()) { if (!group.hasPassword()) clients.addAll(group.clientList); } } else { JsonGroup group = groupPool.get(groupid); if (group == null) { // Request the user to select a group throw new TranslatableGuacamoleInsufficientCredentialsException( "GROUP_SELECTION.TITLE", "GROUP_SELECTION.TITLE", new CredentialsInfo( Collections.singletonList(new GroupField()) )); } clients = group.clientList; } for (AvailableClient ac : clients) { LOGGER.debug("Looking for existing mapping: Checking client " + ac); if (ac.isInUseBy(user)) {"Client " + ac + " is in use by " + user); freeClient = ac; break; } } if (freeClient == null) { for (AvailableClient ac : clients) {"Looking for free client: Checking client " + ac); if (ac.claim(user)) {"Claiming client " + ac + " for " + user); freeClient = ac; break; } } } } if (freeClient == null) { // Request the user to select another Group throw new TranslatableGuacamoleCredentialsException( "GROUP_SELECTION.NO_FREE_ERROR", "GROUP_SELECTION.NO_FREE_ERROR", new CredentialsInfo( Collections.singletonList(new GroupField()) )); } // Found free or existing client, check if connection is (still) possible if (freeClient.checkConnection(0)) {"Establishing mapping for user " + user + " to " + freeClient); return freeClient.getConnection(user); } else {"Failed to establish mapping for user " + user + " to " + freeClient + ". Trying to find a new one."); } // Connection check failed - release and loop again freeClient.releaseConnection(user); } } catch (GuacamoleCredentialsException e) { throw e; } catch (Exception e) { LOGGER.warn("KACKE AM DAMPFEN", e); return null; } } private static long lastUpdate = 0; /** * Fetch fresh client list from satellite server. * Cache for 15 seconds. */ public static synchronized void updateList() { long now = System.currentTimeMillis(); if (now < lastUpdate) { lastUpdate = now; } if (now - lastUpdate < 15000) return; // OK GO lastUpdate = now; ByteArrayOutputStream baos = new ByteArrayOutputStream(3000); HttpURLConnection con; try { con = (HttpURLConnection) new URL(SOURCE_URL).openConnection(); } catch (MalformedURLException e1) { LOGGER.warn("Bad Connection Pool URL", e1); return; } catch (IOException e1) { LOGGER.warn("Cannot connect to Connection Pool URL", e1); return; } if (con instanceof HttpsURLConnection) { ((HttpsURLConnection) con).setHostnameVerifier(ignorer); ((HttpsURLConnection) con).setSSLSocketFactory(sockFac); } con.setRequestProperty("Bwlp-Plugin-Build-Revision", BwlpAuthenticationProvider.MANIFEST.getProperty("Build-Revision")); con.setRequestProperty("Bwlp-Plugin-Build-Timestamp", BwlpAuthenticationProvider.MANIFEST.getProperty("Build-Revision-Timestamp")); try (BufferedInputStream in = new BufferedInputStream(con.getInputStream())) { byte dataBuffer[] = new byte[2048]; int bytesRead; while ((bytesRead =, 0, dataBuffer.length)) != -1) { baos.write(dataBuffer, 0, bytesRead); } } catch (IOException e) { LOGGER.warn("Error while reading reply of Connection Pool", e); return; } populateList(baos.toByteArray()); } private static void populateList(byte[] data) { ObjectMapper mapper = new ObjectMapper(); JsonRoot root; try { root = mapper.readValue(data, JsonRoot.class); } catch (Exception e) { LOGGER.warn("Could not deserialize JSON from Connection Pool", e); LOGGER.warn("Not updating local list"); return; } if (root.locations == null) {"META DATA ERROR: Group list null"); return; } if (root.clients == null) {"META DATA ERROR: Client list null"); return; } synchronized (clientPool) { HashSet processedGroups = new HashSet(); HashSet redoClientMapping = new HashSet(); for (JsonGroup gnew : root.locations) { if (gnew.locationids == null) continue; JsonGroup existing = groupPool.get(; if (existing == null) { groupPool.put(, gnew); existing = gnew; redoClientMapping.add(existing);"Group " + + " with pw " + gnew.password); } else { if (!Arrays.equals(existing.locationids, gnew.locationids)) { redoClientMapping.add(existing); existing.locationids = gnew.locationids; } =; existing.password = gnew.password; } processedGroups.add(existing); } for (Iterator it = groupPool.values().iterator(); it.hasNext();) { JsonGroup g =; if (!processedGroups.contains(g)) { it.remove(); } } for (JsonClient cnew : root.clients) { if (cnew.password == null || cnew.clientip == null) continue; // Invalid AvailableClient existing = clientPool.get(cnew.clientip); if (existing == null) { // New client existing = new AvailableClient(cnew); clientPool.put(cnew.clientip, existing); for (JsonGroup group : groupPool.values()) { for (int id : group.locationids) { if (id == cnew.locationid) { group.clientList.add(existing); break; } } }"New client " + cnew.clientip); } else { if (existing.getLocationid() != cnew.locationid) { for (JsonGroup group : groupPool.values()) { for (int id : group.locationids) { if (id == existing.getLocationid()) { group.clientList.remove(existing); } if (id == cnew.locationid) { group.clientList.add(existing); } } } } existing.update(cnew); } } // Finally, re-assign clients to their groups, for groups where the locationids // have changed since the last update for (JsonGroup existing : redoClientMapping) { existing.clientList = new ConcurrentLinkedQueue(); for (AvailableClient client : clientPool.values()) { int locationid = client.getLocationid(); for (int id : existing.locationids) { if (id == locationid) { existing.clientList.add(client); break; } } } } final long NOW = System.currentTimeMillis(); for (Iterator it = clientPool.values().iterator(); it.hasNext();) { AvailableClient c =; if (c.isTimeout(NOW)) {"Removing client " + c + " from list"); for (JsonGroup group : groupPool.values()) { group.clientList.remove(c); } it.remove(); } }"List updated. " + clientPool.size() + " clients."); } } /* * Make SSL insecure */ static { SSLContext ctx = null; try { ctx = SSLContext.getInstance("TLSv1.2"); } catch (NoSuchAlgorithmException e) { LOGGER.warn("Could not get TLSv1.2 context, SSL will be insecure :-(", e); } if (ctx != null) { try { ctx.init(null, new TrustManager[] { new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return null; } } }, null); } catch (KeyManagementException e) { LOGGER.warn("Could not initialize TLSv1.2 SSL context", e); ctx = null; } } if (ctx == null) { sockFac = null; } else { sockFac = ctx.getSocketFactory(); } } private static final SSLSocketFactory sockFac; private static final HostnameVerifier ignorer = new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }; }