Java Code Examples for org.eclipse.jetty.util.ssl.SslContextFactory#start()
The following examples show how to use
org.eclipse.jetty.util.ssl.SslContextFactory#start() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AggregatorApplication.java From ambari-metrics with Apache License 2.0 | 6 votes |
|
protected HttpServer createHttpServer() throws Exception {
ResourceConfig resourceConfig = new PackagesResourceConfig("org.apache.hadoop.metrics2.host.aggregator");
HashMap<String, Object> params = new HashMap();
params.put("com.sun.jersey.api.json.POJOMappingFeature", "true");
resourceConfig.setPropertiesAndFeatures(params);
HttpServer server = HttpServerFactory.create(getURI(), resourceConfig);
if (webServerProtocol.equalsIgnoreCase("https")) {
HttpsServer httpsServer = (HttpsServer) server;
SslContextFactory sslContextFactory = new SslContextFactory();
String keyStorePath = configuration.get("ssl.server.keystore.location");
String keyStorePassword = configuration.get("ssl.server.keystore.password");
String keyManagerPassword = configuration.get("ssl.server.keystore.keypassword");
String trustStorePath = configuration.get("ssl.server.truststore.location");
String trustStorePassword = configuration.get("ssl.server.truststore.password");
sslContextFactory.setKeyStorePath(keyStorePath);
sslContextFactory.setKeyStorePassword(keyStorePassword);
sslContextFactory.setKeyManagerPassword(keyManagerPassword);
sslContextFactory.setTrustStorePath(trustStorePath);
sslContextFactory.setTrustStorePassword(trustStorePassword);
sslContextFactory.start();
SSLContext sslContext = sslContextFactory.getSslContext();
sslContextFactory.stop();
HttpsConfigurator httpsConfigurator = new HttpsConfigurator(sslContext);
httpsServer.setHttpsConfigurator(httpsConfigurator);
server = httpsServer;
}
return server;
}
Example 2
| Source File: C2Properties.java From nifi-minifi with Apache License 2.0 | 6 votes |
|
public SslContextFactory getSslContextFactory() throws GeneralSecurityException, IOException {
SslContextFactory sslContextFactory = new SslContextFactory();
KeyStore keyStore = KeyStore.getInstance(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE_TYPE));
Path keyStorePath = Paths.get(C2_SERVER_HOME).resolve(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE)).toAbsolutePath();
logger.debug("keystore path: " + keyStorePath);
try (InputStream inputStream = Files.newInputStream(keyStorePath)) {
keyStore.load(inputStream, properties.getProperty(MINIFI_C2_SERVER_KEYSTORE_PASSWD).toCharArray());
}
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyManagerPassword(properties.getProperty(MINIFI_C2_SERVER_KEY_PASSWD));
sslContextFactory.setWantClientAuth(true);
String trustStorePath = Paths.get(C2_SERVER_HOME).resolve(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE)).toAbsolutePath().toFile().getAbsolutePath();
logger.debug("truststore path: " + trustStorePath);
sslContextFactory.setTrustStorePath(trustStorePath);
sslContextFactory.setTrustStoreType(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE_TYPE));
sslContextFactory.setTrustStorePassword(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE_PASSWD));
try {
sslContextFactory.start();
} catch (Exception e) {
throw new IOException(e);
}
return sslContextFactory;
}
Example 3
| Source File: SSLUtils.java From kop with Apache License 2.0 | 5 votes |
|
/**
* Create SSL engine used in KafkaChannelInitializer.
*/
public static SSLEngine createSslEngine(SslContextFactory sslContextFactory) throws Exception {
sslContextFactory.start();
SSLEngine engine = sslContextFactory.newSSLEngine();
engine.setUseClientMode(false);
return engine;
}
Example 4
| Source File: JettySSLServiceTest.java From knox with Apache License 2.0 | 5 votes |
|
@Test(expected = UnrecoverableKeyException.class)
public void TestBuildSslContextFactoryOnlyIdentityKeystoreNullKeyPassword() throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
String identityKeystoreType = "jks";
String identityKeyAlias = "server";
Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
String truststoreType = "jks";
String truststorePasswordAlias = "trust_store_password";
GatewayConfig config = createGatewayConfig(false, false, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);
AliasService aliasService = createMock(AliasService.class);
expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(null).atLeastOnce();
expect(aliasService.getGatewayIdentityPassphrase()).andReturn(null).atLeastOnce();
KeystoreService keystoreService = createMock(KeystoreService.class);
replay(config, aliasService, keystoreService);
JettySSLService sslService = new JettySSLService();
sslService.setAliasService(aliasService);
sslService.setKeystoreService(keystoreService);
Object result = sslService.buildSslContextFactory(config);
assertNotNull(result);
assertTrue(result instanceof SslContextFactory);
SslContextFactory sslContextFactory = (SslContextFactory) result;
sslContextFactory.start();
fail("UnrecoverableKeyException should have been thrown");
}
Example 5
| Source File: JettySSLServiceTest.java From knox with Apache License 2.0 | 5 votes |
|
@Test(expected = UnrecoverableKeyException.class)
public void TestBuildSslContextFactoryExplicitTrustStoreNullPasswords() throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
String identityKeystoreType = "jks";
String identityKeyAlias = "server";
Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
String truststoreType = "jks";
String truststorePasswordAlias = "trust_store_password";
GatewayConfig config = createGatewayConfig(true, true, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);
AliasService aliasService = createMock(AliasService.class);
expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(null).atLeastOnce();
expect(aliasService.getGatewayIdentityPassphrase()).andReturn(null).atLeastOnce();
expect(aliasService.getPasswordFromAliasForGateway(eq(truststorePasswordAlias))).andReturn(null).atLeastOnce();
KeystoreService keystoreService = createMock(KeystoreService.class);
replay(config, aliasService, keystoreService);
JettySSLService sslService = new JettySSLService();
sslService.setAliasService(aliasService);
sslService.setKeystoreService(keystoreService);
Object result = sslService.buildSslContextFactory(config);
assertNotNull(result);
assertTrue(result instanceof SslContextFactory);
SslContextFactory sslContextFactory = (SslContextFactory) result;
sslContextFactory.start();
fail("UnrecoverableKeyException should have been thrown");
}
Example 6
| Source File: JettySSLServiceTest.java From knox with Apache License 2.0 | 4 votes |
|
@Test
public void TestBuildSslContextFactoryOnlyIdentityKeystore() throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
String identityKeystoreType = "jks";
char[] identityKeystorePassword = "horton".toCharArray();
char[] identityKeyPassphrase = "horton".toCharArray();
String identityKeyAlias = "server";
Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
String truststoreType = "jks";
String truststorePasswordAlias = "trust_store_password";
GatewayConfig config = createGatewayConfig(false, false, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);
AliasService aliasService = createMock(AliasService.class);
expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(identityKeystorePassword).atLeastOnce();
expect(aliasService.getGatewayIdentityPassphrase()).andReturn(identityKeyPassphrase).atLeastOnce();
KeystoreService keystoreService = createMock(KeystoreService.class);
replay(config, aliasService, keystoreService);
JettySSLService sslService = new JettySSLService();
sslService.setAliasService(aliasService);
sslService.setKeystoreService(keystoreService);
Object result = sslService.buildSslContextFactory(config);
assertNotNull(result);
assertTrue(result instanceof SslContextFactory);
SslContextFactory sslContextFactory = (SslContextFactory) result;
sslContextFactory.start();
assertEquals(identityKeystorePath.toUri().toString(), sslContextFactory.getKeyStorePath());
assertEquals(identityKeystoreType, sslContextFactory.getKeyStoreType());
assertNotNull(sslContextFactory.getKeyStore());
assertNull(sslContextFactory.getTrustStorePath());
assertNull(sslContextFactory.getTrustStoreType());
// If the truststore is not set, by default the identity keystore is used by Jetty.
assertEquals(sslContextFactory.getKeyStore().size(), sslContextFactory.getTrustStore().size());
assertTrue(sslContextFactory.getTrustStore().containsAlias(identityKeyAlias));
verify(config, aliasService, keystoreService);
}
Example 7
| Source File: JettySSLServiceTest.java From knox with Apache License 2.0 | 4 votes |
|
@Test
public void TestBuildSslContextFactoryOnlyIdentityKeystoreNullKeystorePassword() throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
String identityKeystoreType = "jks";
char[] identityKeyPassphrase = "horton".toCharArray();
String identityKeyAlias = "server";
Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
String truststoreType = "jks";
String truststorePasswordAlias = "trust_store_password";
GatewayConfig config = createGatewayConfig(false, false, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);
AliasService aliasService = createMock(AliasService.class);
expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(null).atLeastOnce();
expect(aliasService.getGatewayIdentityPassphrase()).andReturn(identityKeyPassphrase).atLeastOnce();
KeystoreService keystoreService = createMock(KeystoreService.class);
replay(config, aliasService, keystoreService);
JettySSLService sslService = new JettySSLService();
sslService.setAliasService(aliasService);
sslService.setKeystoreService(keystoreService);
Object result = sslService.buildSslContextFactory(config);
assertNotNull(result);
assertTrue(result instanceof SslContextFactory);
SslContextFactory sslContextFactory = (SslContextFactory) result;
sslContextFactory.start();
assertEquals(identityKeystorePath.toUri().toString(), sslContextFactory.getKeyStorePath());
assertEquals(identityKeystoreType, sslContextFactory.getKeyStoreType());
assertNotNull(sslContextFactory.getKeyStore());
assertNull(sslContextFactory.getTrustStorePath());
assertNull(sslContextFactory.getTrustStoreType());
// If the truststore is not set, by default the identity keystore is used by Jetty.
assertEquals(sslContextFactory.getKeyStore().size(), sslContextFactory.getTrustStore().size());
assertTrue(sslContextFactory.getTrustStore().containsAlias(identityKeyAlias));
verify(config, aliasService, keystoreService);
// Note: The key password is used if the keystore password is not set; and vice versa
}
Example 8
| Source File: JettySSLServiceTest.java From knox with Apache License 2.0 | 4 votes |
|
@Test
public void TestBuildSslContextFactoryImplicitTrustStore() throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
String identityKeystoreType = "jks";
char[] identityKeystorePassword = "horton".toCharArray();
char[] identityKeyPassphrase = "horton".toCharArray();
String identityKeyAlias = "server";
Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
String truststoreType = "jks";
String truststorePasswordAlias = "trust_store_password";
GatewayConfig config = createGatewayConfig(true, false, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);
AliasService aliasService = createMock(AliasService.class);
expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(identityKeystorePassword).atLeastOnce();
expect(aliasService.getGatewayIdentityPassphrase()).andReturn(identityKeyPassphrase).atLeastOnce();
KeystoreService keystoreService = createMock(KeystoreService.class);
replay(config, aliasService, keystoreService);
JettySSLService sslService = new JettySSLService();
sslService.setAliasService(aliasService);
sslService.setKeystoreService(keystoreService);
Object result = sslService.buildSslContextFactory(config);
assertNotNull(result);
assertTrue(result instanceof SslContextFactory);
SslContextFactory sslContextFactory = (SslContextFactory) result;
sslContextFactory.start();
assertEquals(identityKeystorePath.toUri().toString(), sslContextFactory.getKeyStorePath());
assertEquals(identityKeystoreType, sslContextFactory.getKeyStoreType());
assertNotNull(sslContextFactory.getKeyStore());
assertEquals(identityKeystorePath.toUri().toString(), sslContextFactory.getTrustStorePath());
assertEquals(identityKeystoreType, sslContextFactory.getTrustStoreType());
// The truststore is expected to be the same as the identity keystore
assertEquals(sslContextFactory.getKeyStore().size(), sslContextFactory.getTrustStore().size());
assertTrue(sslContextFactory.getTrustStore().containsAlias(identityKeyAlias));
verify(config, aliasService, keystoreService);
}
Example 9
| Source File: JettySSLServiceTest.java From knox with Apache License 2.0 | 4 votes |
|
@Test
public void TestBuildSslContextFactoryExplicitTrustStore() throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
String identityKeystoreType = "jks";
char[] identityKeystorePassword = "horton".toCharArray();
char[] identityKeyPassphrase = "horton".toCharArray();
String identityKeyAlias = "server";
Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
String truststoreType = "jks";
char[] truststorePassword = "horton".toCharArray();
String truststorePasswordAlias = "trust_store_password";
GatewayConfig config = createGatewayConfig(true, true, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);
AliasService aliasService = createMock(AliasService.class);
expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(identityKeystorePassword).atLeastOnce();
expect(aliasService.getGatewayIdentityPassphrase()).andReturn(identityKeyPassphrase).atLeastOnce();
expect(aliasService.getPasswordFromAliasForGateway(eq(truststorePasswordAlias))).andReturn(truststorePassword).atLeastOnce();
KeystoreService keystoreService = createMock(KeystoreService.class);
replay(config, aliasService, keystoreService);
JettySSLService sslService = new JettySSLService();
sslService.setAliasService(aliasService);
sslService.setKeystoreService(keystoreService);
Object result = sslService.buildSslContextFactory(config);
assertNotNull(result);
assertTrue(result instanceof SslContextFactory);
SslContextFactory sslContextFactory = (SslContextFactory) result;
sslContextFactory.start();
assertEquals(identityKeystorePath.toUri().toString(), sslContextFactory.getKeyStorePath());
assertEquals(identityKeystoreType, sslContextFactory.getKeyStoreType());
assertNotNull(sslContextFactory.getKeyStore());
assertEquals(truststorePath.toUri().toString(), sslContextFactory.getTrustStorePath());
assertEquals(truststoreType, sslContextFactory.getTrustStoreType());
assertNotNull(sslContextFactory.getTrustStore());
// The truststore is expected to be different than the identity keystore
assertTrue(sslContextFactory.getKeyStore().containsAlias(identityKeyAlias));
assertFalse(sslContextFactory.getTrustStore().containsAlias(identityKeyAlias));
verify(config, aliasService, keystoreService);
}
Example 10
| Source File: JettySSLServiceTest.java From knox with Apache License 2.0 | 4 votes |
|
@Test
public void TestBuildSslContextFactoryExplicitTrustStoreNullPassword() throws Exception {
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
String identityKeystoreType = "jks";
char[] identityKeystorePassword = "horton".toCharArray();
char[] identityKeyPassphrase = "horton".toCharArray();
String identityKeyAlias = "server";
Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
String truststoreType = "jks";
String truststorePasswordAlias = "trust_store_password";
GatewayConfig config = createGatewayConfig(true, true, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);
AliasService aliasService = createMock(AliasService.class);
expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(identityKeystorePassword).atLeastOnce();
expect(aliasService.getGatewayIdentityPassphrase()).andReturn(identityKeyPassphrase).atLeastOnce();
expect(aliasService.getPasswordFromAliasForGateway(eq(truststorePasswordAlias))).andReturn(null).atLeastOnce();
KeystoreService keystoreService = createMock(KeystoreService.class);
replay(config, aliasService, keystoreService);
JettySSLService sslService = new JettySSLService();
sslService.setAliasService(aliasService);
sslService.setKeystoreService(keystoreService);
Object result = sslService.buildSslContextFactory(config);
assertNotNull(result);
assertTrue(result instanceof SslContextFactory);
SslContextFactory sslContextFactory = (SslContextFactory) result;
sslContextFactory.start();
assertEquals(identityKeystorePath.toUri().toString(), sslContextFactory.getKeyStorePath());
assertEquals(identityKeystoreType, sslContextFactory.getKeyStoreType());
assertNotNull(sslContextFactory.getKeyStore());
assertEquals(truststorePath.toUri().toString(), sslContextFactory.getTrustStorePath());
assertEquals(truststoreType, sslContextFactory.getTrustStoreType());
assertNotNull(sslContextFactory.getTrustStore());
// The truststore is expected to be different than the identity keystore
assertTrue(sslContextFactory.getKeyStore().containsAlias(identityKeyAlias));
assertFalse(sslContextFactory.getTrustStore().containsAlias(identityKeyAlias));
verify(config, aliasService, keystoreService);
// Note: The keystore password is used if the truststore password is not set
}
