org.eclipse.jetty.server.SslConnectionFactory Java Examples

protected static void addHttpsConnector(Server server, Integer port) throws Exception {
	SslContextFactory sslContextFactory = new SslContextFactory();
	sslContextFactory.setKeyStorePath(Config.sslKeyStore().getAbsolutePath());
	sslContextFactory.setKeyStorePassword(Config.token().getSslKeyStorePassword());
	sslContextFactory.setKeyManagerPassword(Config.token().getSslKeyManagerPassword());
	sslContextFactory.setTrustAll(true);
	HttpConfiguration config = new HttpConfiguration();
	config.setSecureScheme("https");
	config.setOutputBufferSize(32768);
	config.setRequestHeaderSize(8192 * 2);
	config.setResponseHeaderSize(8192 * 2);
	config.setSendServerVersion(true);
	config.setSendDateHeader(false);
	ServerConnector sslConnector = new ServerConnector(server,
			new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
			new HttpConnectionFactory(config));
	sslConnector.setPort(port);
	server.addConnector(sslConnector);
}
 

@BeforeClass
public static void startHttpsServer() throws Exception {
    skipIfHeadlessEnvironment();
    server = new Server();

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(ErrorCases.class.getResource("keystore").getPath());
    sslContextFactory.setKeyStorePassword("activeeon");

    HttpConfiguration httpConfig = new HttpConfiguration();
    HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
    httpsConfig.addCustomizer(new SecureRequestCustomizer());

    ServerConnector sslConnector = new ServerConnector(server,
                                                       new ConnectionFactory[] { new SslConnectionFactory(sslContextFactory,
                                                                                                          HttpVersion.HTTP_1_1.asString()),
                                                                                 new HttpConnectionFactory(httpsConfig) });

    server.addConnector(sslConnector);
    server.start();
    serverUrl = "https://localhost:" + sslConnector.getLocalPort() + "/rest";
}
 

@Test
public void testCreateHttpServerUsingHttpsAndRedirection() {
    createHttpsContextProperties();

    server = jettyStarter.createHttpServer(8080, 8443, true, true);

    Connector[] connectors = server.getConnectors();

    assertThat(connectors).hasLength(2);
    assertThat(connectors[0].getName()).isEqualTo(JettyStarter.HTTP_CONNECTOR_NAME);
    assertThat(connectors[0].getConnectionFactory(HttpConnectionFactory.class)).isNotNull();
    assertThat(connectors[1].getName()).isEqualTo(JettyStarter.HTTPS_CONNECTOR_NAME.toLowerCase());
    assertThat(connectors[1].getConnectionFactory(HttpConnectionFactory.class)).isNotNull();
    assertThat(connectors[1].getConnectionFactory(SslConnectionFactory.class)).isNotNull();

    unsetHttpsContextProperties();
}
 

/**
 * Create ssl connector if https is used
 * @return
 */
private ServerConnector sslConnector() {
	HttpConfiguration http_config = new HttpConfiguration();
	http_config.setSecureScheme("https");
	http_config.setSecurePort(this.getPort());
	
	HttpConfiguration https_config = new HttpConfiguration(http_config);
	https_config.addCustomizer(new SecureRequestCustomizer());
	
	SslContextFactory sslContextFactory = new SslContextFactory(this.getCertKeyStorePath());
	sslContextFactory.setKeyStorePassword(this.getCertKeyStorePassword());
	//exclude weak ciphers
	sslContextFactory.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
	//only support tlsv1.2
	sslContextFactory.addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1");
	
	ServerConnector connector = new ServerConnector(jettyServer, 
			new SslConnectionFactory(sslContextFactory, "http/1.1"),
			new HttpConnectionFactory(https_config));
	connector.setPort(this.getPort());
	connector.setIdleTimeout(50000);
	return connector;
}
 

public PrometheusServer(int addr, SSLContextService sslContextService, ComponentLog logger, boolean needClientAuth, boolean wantClientAuth) throws Exception {
    PrometheusServer.logger = logger;
    this.server = new Server();
    this.handler = new ServletContextHandler(server, "/metrics");
    this.handler.addServlet(new ServletHolder(new MetricsServlet()), "/");

    SslContextFactory sslFactory = createSslFactory(sslContextService, needClientAuth, wantClientAuth);
    HttpConfiguration httpsConfiguration = new HttpConfiguration();
    httpsConfiguration.setSecureScheme("https");
    httpsConfiguration.setSecurePort(addr);
    httpsConfiguration.addCustomizer(new SecureRequestCustomizer());

    ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslFactory, "http/1.1"),
            new HttpConnectionFactory(httpsConfiguration));
    https.setPort(addr);
    this.server.setConnectors(new Connector[]{https});
    this.server.start();

}
 

protected Server createServer(int port, boolean serverSsl, boolean clientSsl) {
  Server server = new Server();
  if (!serverSsl) {
    InetSocketAddress addr = new InetSocketAddress("localhost", port);
    ServerConnector connector = new ServerConnector(server);
    connector.setHost(addr.getHostName());
    connector.setPort(addr.getPort());
    server.setConnectors(new Connector[]{connector});
  } else {
    SslContextFactory sslContextFactory = createSslContextFactory(clientSsl);
    ServerConnector httpsConnector = new ServerConnector(server,
        new SslConnectionFactory(sslContextFactory, "http/1.1"),
        new HttpConnectionFactory()
    );
    httpsConnector.setPort(port);
    httpsConnector.setHost("localhost");
    server.setConnectors(new Connector[]{httpsConnector});
  }
  return server;
}
 

private SslConnectionFactory getSSLConnectionFactory() {
    Resource keyStoreResource = null;
    try {
        keyStoreResource = Resource.newClassPathResource("localhost");
        System.out.println(keyStoreResource);
    } catch (Exception ex) {
        Logger.getLogger(EventServer.class.getName()).log(Level.SEVERE, null, ex);
    }

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStoreResource(keyStoreResource);
    String secret = readresource();
    sslContextFactory.setKeyStorePassword(Encrypt.getInstance().decrypt(secret));
    sslContextFactory.setKeyManagerPassword(Encrypt.getInstance().decrypt(secret));
    return new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString());
}
 

private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception {
    Server server = new Server();

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setIncludeProtocols(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
    sslContextFactory.setKeyStore(keyStore);
    sslContextFactory.setKeyManagerPassword(keyPassword);

    // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
    // not a client.  Server does not need to perform hostname verification on the client.
    // Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
    sslContextFactory.setEndpointIdentificationAlgorithm(null);

    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());

    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(port);

    server.addConnector(sslConnector);
    server.setHandler(handler);

    return server;
}
 

private ServerConnector createSSLConnector() {
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(m_keystore);
    sslContextFactory.setKeyStorePassword(m_keystorepassword);
    sslContextFactory.setTrustStorePath(m_truststore);
    sslContextFactory.setTrustStorePassword(m_truststorepassword);
    sslContextFactory.setNeedClientAuth(m_clientauthentication);
    sslContextFactory.setIncludeCipherSuites(m_tls_cipher_suites);

    HttpConfiguration http_config = new HttpConfiguration();
    http_config.setSecureScheme("https");
    HttpConfiguration https_config = new HttpConfiguration(http_config);
    https_config.addCustomizer(new SecureRequestCustomizer());
    SslConnectionFactory sslConnFactory = new SslConnectionFactory(sslContextFactory, "http/1.1");
    HttpConnectionFactory httpConnFactory = new HttpConnectionFactory(https_config);
    ServerConnector sslConnector = new ServerConnector(m_jettyServer, sslConnFactory, httpConnFactory);
    return sslConnector;
}
 

private void createHttpsConnector(final HttpConfiguration httpConfig) {
    // Configure SSL
    if (httpsEnable && !Strings.isNullOrEmpty(keystoreFile) && new File(keystoreFile).exists()) {
        // SSL Context
        final SslContextFactory sslContextFactory = new SslContextFactory();

        // Define keystore path and passwords
        sslContextFactory.setKeyStorePath(keystoreFile);
        sslContextFactory.setKeyStorePassword(keystorePassword);
        sslContextFactory.setKeyManagerPassword(keystorePassword);

        // HTTPS config
        final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
        httpsConfig.addCustomizer(new SecureRequestCustomizer());

        // HTTPS Connector
        final ServerConnector sslConnector = new ServerConnector(server,
                new SslConnectionFactory(sslContextFactory, "http/1.1"),
                new HttpConnectionFactory(httpsConfig));
        sslConnector.setPort(httpsPort);
        sslConnector.setHost(bindInterface);
        server.addConnector(sslConnector);
    }
}
 

private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception {
    Server server = new Server();

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setIncludeProtocols("TLSv1.2");
    sslContextFactory.setKeyStore(keyStore);
    sslContextFactory.setKeyManagerPassword(keyPassword);

    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());

    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(port);

    server.addConnector(sslConnector);
    server.setHandler(handler);

    return server;
}
 

public void setupSslServer(int port, SslContextFactory sslContextFactory) {
  if (_server != null && port > 0) {
    try {
      HttpConfiguration https = new HttpConfiguration();
      https.addCustomizer(new SecureRequestCustomizer());
      ServerConnector sslConnector = new ServerConnector(
          _server,
          new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
          new HttpConnectionFactory(https));
      sslConnector.setPort(port);

      _server.addConnector(sslConnector);

      LOG.info("Helix SSL rest server is ready to start.");
    } catch (Exception ex) {
      LOG.error("Failed to setup Helix SSL rest server, " + ex);
    }
  }
}
 

@Override
public void startSSL(String keyStoreLocation, String keyStorePassword) throws Exception {
    Server server = new Server();

    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(keyStoreLocation);
    sslContextFactory.setKeyStorePassword(keyStorePassword);
    ServerConnector https = new ServerConnector(server,
            new SslConnectionFactory(sslContextFactory, "http/1.1"),
            new HttpConnectionFactory(httpsConfig));
    https.setHost(host);
    https.setPort(port);
    server.setConnectors(new Connector[]{https});

    configureContextHandler(server);
    startServer(server);
}
 

private ServerConnector getConnector() {
  if ( sslConfig != null ) {
    log.logBasic( BaseMessages.getString( PKG, "WebServer.Log.SslModeUsing" ) );
    SslConnectionFactory connector = new SslConnectionFactory();

    SslContextFactory contextFactory = new SslContextFactory();
    contextFactory.setKeyStoreResource( new PathResource( new File( sslConfig.getKeyStore() ) ) );
    contextFactory.setKeyStorePassword( sslConfig.getKeyStorePassword() );
    contextFactory.setKeyManagerPassword( sslConfig.getKeyPassword() );
    contextFactory.setKeyStoreType( sslConfig.getKeyStoreType() );
    return new ServerConnector( server, connector );
  } else {
    return new ServerConnector( server );
  }

}
 

private ServerConnector getServerConnector() {
    SslConnectionFactory sslConnectionFactory = getSSLConnectionFactory();
    HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(new HttpConfiguration());
    ServerConnector connector = new ServerConnector(server, sslConnectionFactory, httpConnectionFactory);
    connector.setPort(port);
    return connector;
}
 

private void setupSSL() {
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setSslContext(TLSUtils.initializeTLS());
    ServerConnector connector = new ServerConnector(server);
    connector.setPort(configuration.getBindHttpPort());
    HttpConfiguration https = new HttpConfiguration();
    ServerConnector sslConnector = new ServerConnector(server,
            new SslConnectionFactory(sslContextFactory, "http/1.1"),
            new HttpConnectionFactory(https));
    sslConnector.setPort(configuration.getBindHttpsPort());
    server.setConnectors(new Connector[] { connector, sslConnector });
}
 

private ServerConnector createUnconfiguredSslServerConnector(Server server, HttpConfiguration httpConfiguration) {
    // add some secure config
    final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
    httpsConfiguration.setSecureScheme("https");
    httpsConfiguration.setSecurePort(props.getSslPort());
    httpsConfiguration.addCustomizer(new SecureRequestCustomizer());

    // build the connector
    return new ServerConnector(server,
            new SslConnectionFactory(createSslContextFactory(), "http/1.1"),
            new HttpConnectionFactory(httpsConfiguration));
}
 

public ConsoleProxyNoVNCServer(byte[] ksBits, String ksPassword) {
    this.server = new Server();
    ConsoleProxyNoVNCHandler handler = new ConsoleProxyNoVNCHandler();
    this.server.setHandler(handler);

    try {
        final HttpConfiguration httpConfig = new HttpConfiguration();
        httpConfig.setSecureScheme("https");
        httpConfig.setSecurePort(wsPort);

        final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
        httpsConfig.addCustomizer(new SecureRequestCustomizer());

        final SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
        char[] passphrase = ksPassword != null ? ksPassword.toCharArray() : null;
        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(new ByteArrayInputStream(ksBits), passphrase);
        sslContextFactory.setKeyStore(ks);
        sslContextFactory.setKeyStorePassword(ksPassword);
        sslContextFactory.setKeyManagerPassword(ksPassword);

        final ServerConnector sslConnector = new ServerConnector(server,
            new SslConnectionFactory(sslContextFactory, "http/1.1"),
            new HttpConnectionFactory(httpsConfig));
        sslConnector.setPort(wsPort);
        server.addConnector(sslConnector);
    } catch (Exception e) {
        s_logger.error("Unable to secure server due to exception ", e);
    }
}
 

@Override
public void start() {
  HttpConfiguration httpConfig = new HttpConfiguration();
  httpConfig.setSecureScheme("https");
  httpConfig.setSecurePort(securePort);

  ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
  http.setPort(port);
  http.setIdleTimeout(500000);

  Path keystore = getKeyStore();
  if (!Files.exists(keystore)) {
    throw new RuntimeException(
        "Cannot find keystore for SSL cert: " + keystore.toAbsolutePath());
  }

  SslContextFactory sslContextFactory = new SslContextFactory();
  sslContextFactory.setKeyStorePath(keystore.toAbsolutePath().toString());
  sslContextFactory.setKeyStorePassword("password");
  sslContextFactory.setKeyManagerPassword("password");

  HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
  httpsConfig.addCustomizer(new SecureRequestCustomizer());

  ServerConnector https = new ServerConnector(
      server,
      new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
      new HttpConnectionFactory(httpsConfig));
  https.setPort(securePort);
  https.setIdleTimeout(500000);

  server.setConnectors(new Connector[]{http, https});

  try {
    server.start();
  } catch (Exception e) {
    throw new RuntimeException(e);
  }
}
 

private ServerConnector createUnconfiguredSslServerConnector(Server server, HttpConfiguration httpConfiguration, int port) {
    // add some secure config
    final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
    httpsConfiguration.setSecureScheme("https");
    httpsConfiguration.setSecurePort(port);
    httpsConfiguration.setSendServerVersion(props.shouldSendServerVersion());
    httpsConfiguration.addCustomizer(new SecureRequestCustomizer());

    // build the connector
    return new ServerConnector(server,
            new SslConnectionFactory(createSslContextFactory(), "http/1.1"),
            new HttpConnectionFactory(httpsConfiguration));
}
 

@Override
public ConnectionFactory setup(final HttpConfiguration config) {
    final SslContextFactory context = new SslContextFactory();
    keyStorePath.ifPresent(context::setKeyStorePath);
    keyStorePassword.ifPresent(context::setKeyStorePassword);
    keyManagerPassword.ifPresent(context::setKeyManagerPassword);
    trustAll.ifPresent(context::setTrustAll);
    return new SslConnectionFactory(context, nextProtocol);
}
 

private void logEffectiveSslConfiguration() {
    if (!server.isStarted()) throw new IllegalStateException();
    for (Connector connector : server.getConnectors()) {
        ServerConnector serverConnector = (ServerConnector) connector;
        int localPort = serverConnector.getLocalPort();
        var sslConnectionFactory = serverConnector.getConnectionFactory(SslConnectionFactory.class);
        if (sslConnectionFactory != null) {
            var sslContextFactory = sslConnectionFactory.getSslContextFactory();
            log.info(String.format("Enabled SSL cipher suites for port '%d': %s",
                                   localPort, Arrays.toString(sslContextFactory.getSelectedCipherSuites())));
            log.info(String.format("Enabled SSL protocols for port '%d': %s",
                                   localPort, Arrays.toString(sslContextFactory.getSelectedProtocols())));
        }
    }
}
 

@Test
public void testCreateHttpServerUsingHttps() {
    createHttpsContextProperties();

    server = jettyStarter.createHttpServer(8080, 8443, true, false);

    Connector[] connectors = server.getConnectors();

    assertThat(connectors).hasLength(1);
    assertThat(connectors[0].getName()).isEqualTo(JettyStarter.HTTPS_CONNECTOR_NAME);
    assertThat(connectors[0].getConnectionFactory(HttpConnectionFactory.class)).isNotNull();
    assertThat(connectors[0].getConnectionFactory(SslConnectionFactory.class)).isNotNull();

    unsetHttpsContextProperties();
}
 

private ServerConnector createHttpsChannelConnector(
    Server server, HttpConfiguration httpConfig) {
  httpConfig.setSecureScheme(HTTPS_SCHEME);
  httpConfig.addCustomizer(new SecureRequestCustomizer());
  ServerConnector conn = createHttpChannelConnector(server, httpConfig);

  SslContextFactory.Server sslContextFactory =
      new SslContextFactory.Server();
  sslContextFactory.setNeedClientAuth(needsClientAuth);
  if (keyPassword != null) {
    sslContextFactory.setKeyManagerPassword(keyPassword);
  }
  if (keyStore != null) {
    sslContextFactory.setKeyStorePath(keyStore);
    sslContextFactory.setKeyStoreType(keyStoreType);
    if (keyStorePassword != null) {
      sslContextFactory.setKeyStorePassword(keyStorePassword);
    }
  }
  if (trustStore != null) {
    sslContextFactory.setTrustStorePath(trustStore);
    sslContextFactory.setTrustStoreType(trustStoreType);
    if (trustStorePassword != null) {
      sslContextFactory.setTrustStorePassword(trustStorePassword);
    }
  }
  if (null != excludeCiphers && !excludeCiphers.isEmpty()) {
    sslContextFactory.setExcludeCipherSuites(
        StringUtils.getTrimmedStrings(excludeCiphers));
    LOG.info("Excluded Cipher List: {}", excludeCiphers);
  }

  conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory,
      HttpVersion.HTTP_1_1.asString()));

  return conn;
}
 

@Override
protected ServerConnector buildConnector( Server server, HttpConfiguration httpConfig )
{
    SslConnectionFactory sslConnFactory = new SslConnectionFactory();
    configureSsl( sslConnFactory, configuration.get() );
    return new ServerConnector( server, sslConnFactory, new HttpConnectionFactory( httpConfig ) );
}
 

private void setSSLContext() {
  for (Connector connector : server.getConnectors()) {
    for (ConnectionFactory connectionFactory : connector.getConnectionFactories()) {
      if (connectionFactory instanceof SslConnectionFactory) {
        runtimeInfo.setSSLContext(((SslConnectionFactory) connectionFactory).getSslContextFactory().getSslContext());
      }
    }
  }
  if (runtimeInfo.getSSLContext() == null) {
    throw new IllegalStateException("Unexpected error, SSLContext is not set for https enabled server");
  }
}
 

private Connector createSSLConnector( final Server httpBindServer ) {
    final int securePort = getHttpBindSecurePort();
    try {
        final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( ConnectionType.BOSH_C2S );

        if (securePort > 0 && identityStore.getStore().aliases().hasMoreElements() ) {
            if ( !identityStore.containsDomainCertificate( ) ) {
                Log.warn("HTTP binding: Using certificates but they are not valid for the hosted domain");
            }

            final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());
            final ConnectionConfiguration configuration = connectionManager.getListener( ConnectionType.BOSH_C2S, true ).generateConnectionConfiguration();
            final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory();

            final HttpConfiguration httpsConfig = new HttpConfiguration();
            httpsConfig.setSecureScheme("https");
            httpsConfig.setSecurePort(securePort);
            configureProxiedConnector(httpsConfig);
            httpsConfig.addCustomizer(new SecureRequestCustomizer());
            httpsConfig.setSendServerVersion( false );

            final ServerConnector sslConnector = new ServerConnector(httpBindServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig));
            sslConnector.setHost(getBindInterface());
            sslConnector.setPort(securePort);
            return sslConnector;
        }
    }
    catch (Exception e) {
        Log.error("Error creating SSL connector for Http bind", e);
    }

    return null;
}
 

private ServerConnector createHttpsChannelConnector(
    Server server, HttpConfiguration httpConfig) {
  httpConfig.setSecureScheme(HTTPS_SCHEME);
  httpConfig.addCustomizer(new SecureRequestCustomizer());
  ServerConnector conn = createHttpChannelConnector(server, httpConfig);

  SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
  sslContextFactory.setNeedClientAuth(needsClientAuth);
  sslContextFactory.setKeyManagerPassword(keyPassword);
  if (keyStore != null) {
    sslContextFactory.setKeyStorePath(keyStore);
    sslContextFactory.setKeyStoreType(keyStoreType);
    sslContextFactory.setKeyStorePassword(keyStorePassword);
  }
  if (trustStore != null) {
    sslContextFactory.setTrustStorePath(trustStore);
    sslContextFactory.setTrustStoreType(trustStoreType);
    sslContextFactory.setTrustStorePassword(trustStorePassword);
  }
  if(null != excludeCiphers && !excludeCiphers.isEmpty()) {
    sslContextFactory.setExcludeCipherSuites(
        StringUtils.getTrimmedStrings(excludeCiphers));
    LOG.info("Excluded Cipher List:" + excludeCiphers);
  }

  conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory,
      HttpVersion.HTTP_1_1.asString()));

  return conn;
}
 

private ServerConnector createHttpsChannelConnector(
    Server server, HttpConfiguration httpConfig) {
  httpConfig.setSecureScheme(HTTPS_SCHEME);
  httpConfig.addCustomizer(new SecureRequestCustomizer());
  ServerConnector conn = createHttpChannelConnector(server, httpConfig);

  SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
  sslContextFactory.setNeedClientAuth(needsClientAuth);
  sslContextFactory.setKeyManagerPassword(keyPassword);
  if (keyStore != null) {
    sslContextFactory.setKeyStorePath(keyStore);
    sslContextFactory.setKeyStoreType(keyStoreType);
    sslContextFactory.setKeyStorePassword(keyStorePassword);
  }
  if (trustStore != null) {
    sslContextFactory.setTrustStorePath(trustStore);
    sslContextFactory.setTrustStoreType(trustStoreType);
    sslContextFactory.setTrustStorePassword(trustStorePassword);
  }
  if(null != excludeCiphers && !excludeCiphers.isEmpty()) {
    sslContextFactory.setExcludeCipherSuites(
        StringUtils.getTrimmedStrings(excludeCiphers));
    LOG.info("Excluded Cipher List:" + excludeCiphers);
  }

  conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory,
      HttpVersion.HTTP_1_1.asString()));

  return conn;
}
 

AbstractConnector createConnectorJetty(SslContextFactory sslcf, String hosto, int porto, int major, int minor) {
    AbstractConnector result = null;
    try {
        HttpConfiguration httpConfig = new HttpConfiguration();
        httpConfig.setSendServerVersion(getSendServerVersion());
        HttpConnectionFactory httpFactory = new HttpConnectionFactory(httpConfig);

        Collection<ConnectionFactory> connectionFactories = new ArrayList<>();

        result = new org.eclipse.jetty.server.ServerConnector(server);

        if (tlsServerParameters != null) {
            httpConfig.addCustomizer(new org.eclipse.jetty.server.SecureRequestCustomizer());
            SslConnectionFactory scf = new SslConnectionFactory(sslcf, "HTTP/1.1");
            connectionFactories.add(scf);
            String proto = (major > 9 || (major == 9 && minor >= 3)) ? "SSL" : "SSL-HTTP/1.1";
            result.setDefaultProtocol(proto);
        }
        connectionFactories.add(httpFactory);
        result.setConnectionFactories(connectionFactories);

        if (getMaxIdleTime() > 0) {
            result.setIdleTimeout(Long.valueOf(getMaxIdleTime()));
        }

    } catch (RuntimeException rex) {
        throw rex;
    } catch (Exception ex) {
        throw new RuntimeException(ex);
    }
    return result;
}