Java Code Examples for org.eclipse.jetty.util.ssl.SslContextFactory#setCertAlias()
The following examples show how to use
org.eclipse.jetty.util.ssl.SslContextFactory#setCertAlias() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: HttpConfig.java From api-layer with Eclipse Public License 2.0 | 6 votes |
|
@Bean
public SslContextFactory jettySslContextFactory() {
SslContextFactory sslContextFactory = new SslContextFactory(SecurityUtils.replaceFourSlashes(keyStore));
sslContextFactory.setProtocol(protocol);
sslContextFactory.setKeyStorePassword(keyStorePassword);
sslContextFactory.setKeyStoreType(keyStoreType);
sslContextFactory.setCertAlias(keyAlias);
if (trustStore != null) {
sslContextFactory.setTrustStorePath(SecurityUtils.replaceFourSlashes(trustStore));
sslContextFactory.setTrustStoreType(trustStoreType);
sslContextFactory.setTrustStorePassword(trustStorePassword);
}
log.debug("jettySslContextFactory: {}", sslContextFactory.dump());
if (!verifySslCertificatesOfServices) {
sslContextFactory.setTrustAll(true);
}
return sslContextFactory;
}
Example 2
| Source File: JettyHttpsServer.java From sumk with Apache License 2.0 | 5 votes |
|
@Override
protected ConnectionFactory[] getConnectionFactorys() throws URISyntaxException {
@SuppressWarnings("deprecation")
SslContextFactory sslContextFactory = new SslContextFactory();
String path = get(HttpPlugin.KEY_STORE_PATH);
File keystoreFile = FileUtil.file(path);
if (!keystoreFile.exists()) {
String msg = path + " is not exist";
Logs.http().error(msg);
SumkException.throwException(-2345345, msg);
}
sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
sslContextFactory.setKeyStorePassword(get("sumk.jetty.ssl.storePassword"));
sslContextFactory.setKeyManagerPassword(get("sumk.jetty.ssl.managerPassword"));
sslContextFactory.setCertAlias(get("sumk.jetty.ssl.alias"));
String v = AppInfo.get("sumk.jetty.ssl.storeType", null);
if (v != null) {
sslContextFactory.setKeyStoreType(v);
}
sslContextFactory.setTrustAll(AppInfo.getBoolean("sumk.jetty.ssl.trustAll", false));
Logs.http().info("using https");
return new ConnectionFactory[] { new SslConnectionFactory(sslContextFactory, "http/1.1"),
new HttpConnectionFactory() };
}
Example 3
| Source File: SSLUtils.java From warp10-platform with Apache License 2.0 | 5 votes |
|
public static ServerConnector getConnector(Server server, String prefix) {
int sslAcceptors = Integer.parseInt(WarpConfig.getProperty(prefix + Configuration._SSL_ACCEPTORS, DEFAULT_SSL_ACCEPTORS));
int sslSelectors = Integer.parseInt(WarpConfig.getProperty(prefix + Configuration._SSL_SELECTORS, DEFAULT_SSL_SELECTORS));
int sslPort = Integer.parseInt(WarpConfig.getProperty(prefix + Configuration._SSL_PORT));
String sslHost = WarpConfig.getProperty(prefix + Configuration._SSL_HOST);
int sslTcpBacklog = Integer.parseInt(WarpConfig.getProperty(prefix + Configuration._SSL_TCP_BACKLOG, "0"));
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(WarpConfig.getProperty(prefix + Configuration._SSL_KEYSTORE_PATH));
sslContextFactory.setCertAlias(WarpConfig.getProperty(prefix + Configuration._SSL_CERT_ALIAS));
if (null != WarpConfig.getProperty(prefix + Configuration._SSL_KEYSTORE_PASSWORD)) {
sslContextFactory.setKeyStorePassword(WarpConfig.getProperty(prefix + Configuration._SSL_KEYSTORE_PASSWORD));
}
if (null != WarpConfig.getProperty(prefix + Configuration._SSL_KEYMANAGER_PASSWORD)) {
sslContextFactory.setKeyManagerPassword(WarpConfig.getProperty(prefix + Configuration._SSL_KEYMANAGER_PASSWORD));
}
ServerConnector connector = new ServerConnector(server, sslAcceptors, sslSelectors, sslContextFactory);
connector.setPort(sslPort);
connector.setAcceptQueueSize(sslTcpBacklog);
if (null != sslHost) {
connector.setHost(sslHost);
}
String idle = WarpConfig.getProperty(prefix + Configuration._SSL_IDLE_TIMEOUT);
if (null != idle) {
connector.setIdleTimeout(Long.parseLong(idle));
}
return connector;
}
Example 4
| Source File: WebSocketServerEcho.java From quarks with Apache License 2.0 | 5 votes |
|
private Server createServer(URI endpointURI, boolean needClientAuth) {
if ("ws".equals(endpointURI.getScheme())) {
return new Server(endpointURI.getPort());
}
else if ("wss".equals(endpointURI.getScheme())) {
// see http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/ManyConnectors.java
// http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java
Server server = new Server();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(getStorePath("serverKeyStore.jks"));
sslContextFactory.setKeyStorePassword("passw0rd");
sslContextFactory.setKeyManagerPassword("passw0rd");
sslContextFactory.setCertAlias("default");
sslContextFactory.setNeedClientAuth(needClientAuth);
sslContextFactory.setTrustStorePath(getStorePath("serverTrustStore.jks"));
sslContextFactory.setTrustStorePassword("passw0rd");
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector https= new ServerConnector(server,
new SslConnectionFactory(sslContextFactory,
HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfig));
https.setPort(endpointURI.getPort());
server.addConnector(https);
return server;
}
else
throw new IllegalArgumentException("unrecognized uri: "+endpointURI);
}
Example 5
| Source File: JettyHTTPServerEngine.java From cxf with Apache License 2.0 | 5 votes |
|
/**
* This method sets the security properties for the CXF extension
* of the JettySslConnector.
*/
private void decorateCXFJettySslSocketConnector(
SslContextFactory con
) {
setClientAuthentication(con,
tlsServerParameters.getClientAuthentication());
con.setCertAlias(tlsServerParameters.getCertAlias());
// TODO Once we switch to use SslContextFactory.Server instead, we can get rid of this line
con.setEndpointIdentificationAlgorithm(null);
}
Example 6
| Source File: FakeGoServer.java From gocd with Apache License 2.0 | 5 votes |
|
private void start() throws Exception {
server = new Server();
ServerConnector connector = new ServerConnector(server);
server.addConnector(connector);
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setCertAlias("cruise");
sslContextFactory.setKeyStoreResource(Resource.newClassPathResource("testdata/fake-server-keystore"));
sslContextFactory.setKeyStorePassword("serverKeystorepa55w0rd");
ServerConnector secureConnnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(new HttpConfiguration())
);
server.addConnector(secureConnnector);
WebAppContext wac = new WebAppContext(".", "/go");
ServletHolder holder = new ServletHolder();
holder.setServlet(new HttpServlet() {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
resp.getOutputStream().println("Hello");
}
});
wac.addServlet(holder, "/hello");
addFakeAgentBinaryServlet(wac, "/admin/agent", TEST_AGENT, this);
addFakeAgentBinaryServlet(wac, "/admin/agent-launcher.jar", TEST_AGENT_LAUNCHER, this);
addFakeAgentBinaryServlet(wac, "/admin/agent-plugins.zip", TEST_AGENT_PLUGINS, this);
addFakeAgentBinaryServlet(wac, "/admin/tfs-impl.jar", TEST_TFS_IMPL, this);
addlatestAgentStatusCall(wac);
addDefaultServlet(wac);
server.setHandler(wac);
server.setStopAtShutdown(true);
server.start();
port = connector.getLocalPort();
securePort = secureConnnector.getLocalPort();
}
Example 7
| Source File: QuarksSslContainerProviderImpl.java From quarks with Apache License 2.0 | 4 votes |
|
@Override
public WebSocketContainer getSslContainer(Properties config) {
// With jetty, can't directly use ContainerProvider.getWebSocketContainer()
// as it's "too late" to inject SslContextFactory into the mix.
String trustStore = config.getProperty("ws.trustStore",
System.getProperty("javax.net.ssl.trustStore"));
String trustStorePassword = config.getProperty("ws.trustStorePassword",
System.getProperty("javax.net.ssl.trustStorePassword"));
String keyStore = config.getProperty("ws.keyStore",
System.getProperty("javax.net.ssl.keyStore"));
String keyStorePassword = config.getProperty("ws.keyStorePassword",
System.getProperty("javax.net.ssl.keyStorePassword"));
String keyPassword = config.getProperty("ws.keyPassword", keyStorePassword);
String certAlias = config.getProperty("ws.keyCertificateAlias", "default");
// create ClientContainer as usual
ClientContainer container = new ClientContainer();
// tweak before starting it
SslContextFactory scf = container.getClient().getSslContextFactory();
if (trustStore != null) {
// System.out.println("setting " + trustStore);
scf.setTrustStorePath(trustStore);
scf.setTrustStorePassword(trustStorePassword);
}
if (keyStore != null) {
// System.out.println("setting " + keyStore);
scf.setKeyStorePath(keyStore);
scf.setKeyStorePassword(keyStorePassword);
scf.setKeyManagerPassword(keyPassword);
scf.setCertAlias(certAlias);
}
// start as usual
try {
container.start();
return container;
}
catch (Exception e)
{
throw new RuntimeException("Unable to start Client Container", e);
}
}
Example 8
| Source File: BrooklynWebServer.java From brooklyn-server with Apache License 2.0 | 4 votes |
|
private SslContextFactory createContextFactory() throws KeyStoreException {
SslContextFactory sslContextFactory = new SslContextFactory();
// allow webconsole keystore & related properties to be set in brooklyn.properties
String ksUrl = getKeystoreUrl();
String ksPassword = getConfig(keystorePassword, BrooklynWebConfig.KEYSTORE_PASSWORD);
String ksCertAlias = getConfig(keystoreCertAlias, BrooklynWebConfig.KEYSTORE_CERTIFICATE_ALIAS);
String trProtos = getConfig(transportProtocols, BrooklynWebConfig.TRANSPORT_PROTOCOLS);
String trCiphers = getConfig(transportCiphers, BrooklynWebConfig.TRANSPORT_CIPHERS);
if (ksUrl!=null) {
sslContextFactory.setKeyStorePath(getLocalKeyStorePath(ksUrl));
if (Strings.isEmpty(ksPassword))
throw new IllegalArgumentException("Keystore password is required and non-empty if keystore is specified.");
sslContextFactory.setKeyStorePassword(ksPassword);
if (Strings.isNonEmpty(ksCertAlias))
sslContextFactory.setCertAlias(ksCertAlias);
} else {
log.info("No keystore specified but https enabled; creating a default keystore");
if (Strings.isEmpty(ksCertAlias))
ksCertAlias = "web-console";
// if password is blank the process will block and read from stdin !
if (Strings.isEmpty(ksPassword)) {
ksPassword = Identifiers.makeRandomId(8);
log.debug("created random password "+ksPassword+" for ad hoc internal keystore");
}
KeyStore ks = SecureKeys.newKeyStore();
KeyPair key = SecureKeys.newKeyPair();
X509Certificate cert = new FluentKeySigner("brooklyn").newCertificateFor("web-console", key);
ks.setKeyEntry(ksCertAlias, key.getPrivate(), ksPassword.toCharArray(),
new Certificate[] { cert });
sslContextFactory.setKeyStore(ks);
sslContextFactory.setKeyStorePassword(ksPassword);
sslContextFactory.setCertAlias(ksCertAlias);
}
if (!Strings.isEmpty(truststorePath)) {
sslContextFactory.setTrustStorePath(checkFileExists(truststorePath, "truststore"));
sslContextFactory.setTrustStorePassword(trustStorePassword);
}
if (Strings.isNonBlank(trProtos)) {
sslContextFactory.setIncludeProtocols(parseArray(trProtos));
}
if (Strings.isNonBlank(trCiphers)) {
sslContextFactory.setIncludeCipherSuites(parseArray(trCiphers));
}
return sslContextFactory;
}
Example 9
| Source File: JettyServerWrapper.java From cougar with Apache License 2.0 | 4 votes |
|
public void initialiseConnectors() throws Exception {
threadPool = new QueuedThreadPool();
threadPool.setMaxThreads(maxThreads);
threadPool.setMinThreads(minThreads);
threadPool.setName("JettyThread");
jettyServer = new Server(threadPool);
jettyServer.setStopAtShutdown(true);
MBeanContainer container = new MBeanContainer(mbeanServer);
jettyServer.addBean(container);
LowResourceMonitor lowResourcesMonitor = new LowResourceMonitor(jettyServer);
lowResourcesMonitor.setPeriod(lowResourcesPeriod);
lowResourcesMonitor.setLowResourcesIdleTimeout(lowResourcesIdleTime);
lowResourcesMonitor.setMonitorThreads(lowResourcesMonitorThreads);
lowResourcesMonitor.setMaxConnections(lowResourcesMaxConnections);
lowResourcesMonitor.setMaxMemory(lowResourcesMaxMemory);
lowResourcesMonitor.setMaxLowResourcesTime(lowResourcesMaxTime);
jettyServer.addBean(lowResourcesMonitor);
// US24803 - Needed for preventing Hashtable key collision DoS CVE-2012-2739
jettyServer.setAttribute("org.eclipse.jetty.server.Request.maxFormContentSize", maxFormContentSize);
List<Connector> connectors = new ArrayList<Connector>();
if (httpPort != -1) {
httpConfiguration = createHttpConfiguration();
setBufferSizes(httpConfiguration);
if (httpForwarded) {
httpConfiguration.addCustomizer(new ForwardedRequestCustomizer());
}
httpConnector = createHttpConnector(jettyServer, httpConfiguration, httpAcceptors, httpSelectors);
httpConnector.setPort(httpPort);
httpConnector.setReuseAddress(httpReuseAddress);
httpConnector.setIdleTimeout(httpMaxIdle);
httpConnector.setAcceptQueueSize(httpAcceptQueueSize);
httpConnector.addBean(new ConnectorStatistics());
connectors.add(httpConnector);
}
if (httpsPort != -1) {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(httpsKeystore.getFile().getCanonicalPath());
sslContextFactory.setKeyStoreType(httpsKeystoreType);
sslContextFactory.setKeyStorePassword(httpsKeyPassword);
if (StringUtils.isNotBlank(httpsCertAlias)) {
sslContextFactory.setCertAlias(httpsCertAlias);
}
sslContextFactory.setKeyManagerPassword(httpsKeyPassword);
// if you need it then you defo want it
sslContextFactory.setWantClientAuth(httpsNeedClientAuth || httpsWantClientAuth);
sslContextFactory.setNeedClientAuth(httpsNeedClientAuth);
sslContextFactory.setRenegotiationAllowed(httpsAllowRenegotiate);
httpsConfiguration = createHttpConfiguration();
setBufferSizes(httpsConfiguration);
if (httpsForwarded) {
httpsConfiguration.addCustomizer(new ForwardedRequestCustomizer());
}
httpsConnector = createHttpsConnector(jettyServer, httpsConfiguration, httpsAcceptors, httpsSelectors, sslContextFactory);
httpsConnector.setPort(httpsPort);
httpsConnector.setReuseAddress(httpsReuseAddress);
httpsConnector.setIdleTimeout(httpsMaxIdle);
httpsConnector.setAcceptQueueSize(httpsAcceptQueueSize);
httpsConnector.addBean(new ConnectorStatistics());
mbeanServer.registerMBean(getKeystoreCertificateChains(), new ObjectName("CoUGAR.https:name=keyStore"));
// truststore is not required if we don't want client auth
if (httpsWantClientAuth) {
sslContextFactory.setTrustStorePath(httpsTruststore.getFile().getCanonicalPath());
sslContextFactory.setTrustStoreType(httpsTruststoreType);
sslContextFactory.setTrustStorePassword(httpsTrustPassword);
mbeanServer.registerMBean(getTruststoreCertificateChains(), new ObjectName("CoUGAR.https:name=trustStore"));
}
connectors.add(httpsConnector);
}
if (connectors.size() == 0) {
throw new IllegalStateException("HTTP transport requires at least one port enabled to function correctly.");
}
jettyServer.setConnectors(connectors.toArray(new Connector[connectors.size()]));
}
Example 10
| Source File: HttpdForTests.java From buck with Apache License 2.0 | 4 votes |
|
/**
* Creates an HTTPS server that requires client authentication (though doesn't validate the chain)
*
* @param caPath The path to a CA certificate to put in the keystore.
* @param certificatePath The path to a pem encoded x509 certificate
* @param keyPath The path to a pem encoded PKCS#8 certificate
* @throws IOException Any of the keys could not be read
* @throws KeyStoreException There's a problem writing the key into the keystore
* @throws CertificateException The certificate was not valid
* @throws NoSuchAlgorithmException The algorithm used by the certificate/key are invalid
*/
public HttpdForTests(Path caPath, Path certificatePath, Path keyPath)
throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
// Configure the logging for jetty. Which uses a singleton. Ho hum.
Log.setLog(new JavaUtilLog());
server = new Server();
String password = "super_sekret";
ImmutableList<X509Certificate> caCerts =
ClientCertificateHandler.parseCertificates(Optional.of(caPath), true);
ClientCertificateHandler.CertificateInfo certInfo =
ClientCertificateHandler.parseCertificateChain(Optional.of(certificatePath), true).get();
PrivateKey privateKey =
ClientCertificateHandler.parsePrivateKey(
Optional.of(keyPath), certInfo.getPrimaryCert(), true)
.get();
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, password.toCharArray());
for (int i = 0; i < caCerts.size(); i++) {
ks.setCertificateEntry(String.format("ca%d", i), caCerts.get(i));
}
ks.setKeyEntry(
"private",
privateKey,
password.toCharArray(),
new Certificate[] {certInfo.getPrimaryCert()});
SslContextFactory sslFactory = new SslContextFactory();
sslFactory.setKeyStore(ks);
sslFactory.setKeyStorePassword(password);
sslFactory.setCertAlias("private");
sslFactory.setTrustStore(ks);
sslFactory.setTrustStorePassword(password);
// *Require* a client cert, but don't validate it (getting TLS auth working properly was a
// bit of a pain). We'll store peers' certs in the handler, and validate the certs manually
// in our tests.
sslFactory.setNeedClientAuth(true);
sslFactory.setTrustAll(true);
HttpConfiguration https_config = new HttpConfiguration();
https_config.setSecurePort(0);
https_config.setSecureScheme("https");
https_config.addCustomizer(new SecureRequestCustomizer());
ServerConnector sslConnector =
new ServerConnector(
server,
new SslConnectionFactory(sslFactory, HttpVersion.HTTP_1_1.toString()),
new HttpConnectionFactory(https_config));
server.addConnector(sslConnector);
handlerList = new HandlerList();
localhost = getLocalhostAddress(false).getHostAddress();
}
Example 11
| Source File: PHttpServer.java From jphp with Apache License 2.0 | 4 votes |
|
@Signature
public void listen(Memory value, ArrayMemory sslSettings) {
ServerConnector connector;
if (sslSettings != null) {
SslContextFactory contextFactory = new SslContextFactory();
// key store
if (sslSettings.containsKey("keyStorePath"))
contextFactory.setKeyStorePath(sslSettings.valueOfIndex("keyStorePath").toString());
if (sslSettings.containsKey("keyStorePassword"))
contextFactory.setKeyStoreType(sslSettings.valueOfIndex("keyStorePassword").toString());
if (sslSettings.containsKey("keyStoreType"))
contextFactory.setKeyStoreType(sslSettings.valueOfIndex("keyStoreType").toString());
if (sslSettings.containsKey("keyStoreProvider"))
contextFactory.setKeyStoreProvider(sslSettings.valueOfIndex("keyStoreProvider").toString());
// trust store
if (sslSettings.containsKey("trustStorePath"))
contextFactory.setTrustStorePath(sslSettings.valueOfIndex("trustStorePath").toString());
if (sslSettings.containsKey("trustStorePassword"))
contextFactory.setTrustStoreType(sslSettings.valueOfIndex("trustStorePassword").toString());
if (sslSettings.containsKey("trustStoreType"))
contextFactory.setTrustStoreType(sslSettings.valueOfIndex("trustStoreType").toString());
if (sslSettings.containsKey("trustStoreProvider"))
contextFactory.setTrustStoreProvider(sslSettings.valueOfIndex("trustStoreProvider").toString());
if (sslSettings.containsKey("trustAll"))
contextFactory.setTrustAll(sslSettings.valueOfIndex("trustAll").toBoolean());
if (sslSettings.containsKey("trustManagerFactoryAlgorithm"))
contextFactory.setTrustManagerFactoryAlgorithm(sslSettings.valueOfIndex("trustManagerFactoryAlgorithm").toString());
// key manager
if (sslSettings.containsKey("keyManagerFactoryAlgorithm"))
contextFactory.setKeyManagerFactoryAlgorithm(sslSettings.valueOfIndex("keyManagerFactoryAlgorithm").toString());
if (sslSettings.containsKey("keyManagerPassword"))
contextFactory.setKeyManagerPassword(sslSettings.valueOfIndex("keyManagerPassword").toString());
// other
if (sslSettings.containsKey("certAlias"))
contextFactory.setCertAlias(sslSettings.valueOfIndex("certAlias").toString());
if (sslSettings.containsKey("protocol"))
contextFactory.setProtocol(sslSettings.valueOfIndex("protocol").toString());
if (sslSettings.containsKey("provider"))
contextFactory.setProvider(sslSettings.valueOfIndex("provider").toString());
if (sslSettings.containsKey("validateCerts"))
contextFactory.setValidateCerts(sslSettings.valueOfIndex("validateCerts").toBoolean());
connector = new ServerConnector(server, contextFactory);
} else {
connector = new ServerConnector(server);
}
if (value.isNumber()) {
connector.setName("0.0.0.0:" + value.toInteger());
connector.setPort(value.toInteger());
} else {
String[] strings = value.toString().split("\\:");
if (strings.length < 2) {
throw new IllegalArgumentException("Invalid listen value: " + value);
}
connector.setHost(strings[0]);
connector.setPort(Integer.parseInt(strings[1]));
connector.setName(strings[0] + ":" + strings[1]);
}
server.addConnector(connector);
}
