Java Code Examples for org.eclipse.jetty.util.ssl.SslContextFactory#setTrustManagerFactoryAlgorithm()

The following examples show how to use org.eclipse.jetty.util.ssl.SslContextFactory#setTrustManagerFactoryAlgorithm() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SSLUtils.java    From kop with Apache License 2.0 5 votes vote down vote up
/**
 * Configures Protocol, Algorithm and Provider related settings in SslContextFactory.
 */
protected static void configureSslContextFactoryAlgorithms(SslContextFactory ssl,
                                                           Map<String, Object> sslConfigValues) {
    Set<String> sslEnabledProtocols =
        (Set<String>) getOrDefault(
            sslConfigValues,
            SslConfigs.SSL_ENABLED_PROTOCOLS_CONFIG,
            Arrays.asList(SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS.split("\\s*,\\s*")));
    ssl.setIncludeProtocols(sslEnabledProtocols.toArray(new String[sslEnabledProtocols.size()]));

    String sslProvider = (String) sslConfigValues.get(SslConfigs.SSL_PROVIDER_CONFIG);
    if (sslProvider != null) {
        ssl.setProvider(sslProvider);
    }

    ssl.setProtocol(
        (String) getOrDefault(sslConfigValues, SslConfigs.SSL_PROTOCOL_CONFIG, SslConfigs.DEFAULT_SSL_PROTOCOL));

    Set<String> sslCipherSuites = (Set<String>) sslConfigValues.get(SslConfigs.SSL_CIPHER_SUITES_CONFIG);
    if (sslCipherSuites != null) {
        ssl.setIncludeCipherSuites(sslCipherSuites.toArray(new String[sslCipherSuites.size()]));
    }

    ssl.setKeyManagerFactoryAlgorithm((String) getOrDefault(
        sslConfigValues,
        SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG,
        SslConfigs.DEFAULT_SSL_KEYMANGER_ALGORITHM));

    String sslSecureRandomImpl = (String) sslConfigValues.get(SslConfigs.SSL_SECURE_RANDOM_IMPLEMENTATION_CONFIG);
    if (sslSecureRandomImpl != null) {
        ssl.setSecureRandomAlgorithm(sslSecureRandomImpl);
    }

    ssl.setTrustManagerFactoryAlgorithm((String) getOrDefault(
        sslConfigValues,
        SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG,
        SslConfigs.DEFAULT_SSL_TRUSTMANAGER_ALGORITHM));
}
 
Example 2
Source File: HttpServerExtension.java    From kareldb with Apache License 2.0 4 votes vote down vote up
private static SslContextFactory createSslContextFactory(KarelDbConfig config) {
    SslContextFactory sslContextFactory = new SslContextFactory();
    if (!config.getString(KarelDbConfig.SSL_KEYSTORE_LOCATION_CONFIG).isEmpty()) {
        sslContextFactory.setKeyStorePath(
            config.getString(KarelDbConfig.SSL_KEYSTORE_LOCATION_CONFIG)
        );
        sslContextFactory.setKeyStorePassword(
            config.getPassword(KarelDbConfig.SSL_KEYSTORE_PASSWORD_CONFIG).value()
        );
        sslContextFactory.setKeyManagerPassword(
            config.getPassword(KarelDbConfig.SSL_KEY_PASSWORD_CONFIG).value()
        );
        sslContextFactory.setKeyStoreType(
            config.getString(KarelDbConfig.SSL_KEYSTORE_TYPE_CONFIG)
        );

        if (!config.getString(KarelDbConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG).isEmpty()) {
            sslContextFactory.setKeyManagerFactoryAlgorithm(
                config.getString(KarelDbConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG));
        }
    }

    configureClientAuth(config, sslContextFactory);

    List<String> enabledProtocols = config.getList(KarelDbConfig.SSL_ENABLED_PROTOCOLS_CONFIG);
    if (!enabledProtocols.isEmpty()) {
        sslContextFactory.setIncludeProtocols(enabledProtocols.toArray(new String[0]));
    }

    List<String> cipherSuites = config.getList(KarelDbConfig.SSL_CIPHER_SUITES_CONFIG);
    if (!cipherSuites.isEmpty()) {
        sslContextFactory.setIncludeCipherSuites(cipherSuites.toArray(new String[0]));
    }

    sslContextFactory.setEndpointIdentificationAlgorithm(
        config.getString(KarelDbConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG));

    if (!config.getString(KarelDbConfig.SSL_TRUSTSTORE_LOCATION_CONFIG).isEmpty()) {
        sslContextFactory.setTrustStorePath(
            config.getString(KarelDbConfig.SSL_TRUSTSTORE_LOCATION_CONFIG)
        );
        sslContextFactory.setTrustStorePassword(
            config.getPassword(KarelDbConfig.SSL_TRUSTSTORE_PASSWORD_CONFIG).value()
        );
        sslContextFactory.setTrustStoreType(
            config.getString(KarelDbConfig.SSL_TRUSTSTORE_TYPE_CONFIG)
        );

        if (!config.getString(KarelDbConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG).isEmpty()) {
            sslContextFactory.setTrustManagerFactoryAlgorithm(
                config.getString(KarelDbConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG)
            );
        }
    }

    sslContextFactory.setProtocol(config.getString(KarelDbConfig.SSL_PROTOCOL_CONFIG));
    if (!config.getString(KarelDbConfig.SSL_PROVIDER_CONFIG).isEmpty()) {
        sslContextFactory.setProtocol(config.getString(KarelDbConfig.SSL_PROVIDER_CONFIG));
    }

    sslContextFactory.setRenegotiationAllowed(false);

    return sslContextFactory;
}
 
Example 3
Source File: ApplicationServer.java    From rest-utils with Apache License 2.0 4 votes vote down vote up
private SslContextFactory createSslContextFactory(RestConfig config) {
  SslContextFactory sslContextFactory = new SslContextFactory.Server();
  if (!config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG).isEmpty()) {
    sslContextFactory.setKeyStorePath(
            config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG)
    );
    sslContextFactory.setKeyStorePassword(
            config.getPassword(RestConfig.SSL_KEYSTORE_PASSWORD_CONFIG).value()
    );
    sslContextFactory.setKeyManagerPassword(
            config.getPassword(RestConfig.SSL_KEY_PASSWORD_CONFIG).value()
    );
    sslContextFactory.setKeyStoreType(
            config.getString(RestConfig.SSL_KEYSTORE_TYPE_CONFIG)
    );

    if (!config.getString(RestConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG).isEmpty()) {
      sslContextFactory.setKeyManagerFactoryAlgorithm(
              config.getString(RestConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG));
    }

    if (config.getBoolean(RestConfig.SSL_KEYSTORE_RELOAD_CONFIG)) {
      Path watchLocation = getWatchLocation(config);
      try {
        FileWatcher.onFileChange(watchLocation, () -> {
              // Need to reset the key store path for symbolic link case
              sslContextFactory.setKeyStorePath(
                  config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG)
              );
              sslContextFactory.reload(scf -> log.info("Reloaded SSL cert"));
            }
        );
        log.info("Enabled SSL cert auto reload for: " + watchLocation);
      } catch (java.io.IOException e) {
        log.error("Can not enabled SSL cert auto reload", e);
      }
    }
  }

  configureClientAuth(sslContextFactory, config);

  List<String> enabledProtocols = config.getList(RestConfig.SSL_ENABLED_PROTOCOLS_CONFIG);
  if (!enabledProtocols.isEmpty()) {
    sslContextFactory.setIncludeProtocols(enabledProtocols.toArray(new String[0]));
  }

  List<String> cipherSuites = config.getList(RestConfig.SSL_CIPHER_SUITES_CONFIG);
  if (!cipherSuites.isEmpty()) {
    sslContextFactory.setIncludeCipherSuites(cipherSuites.toArray(new String[0]));
  }

  sslContextFactory.setEndpointIdentificationAlgorithm(
          config.getString(RestConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG));

  if (!config.getString(RestConfig.SSL_TRUSTSTORE_LOCATION_CONFIG).isEmpty()) {
    sslContextFactory.setTrustStorePath(
            config.getString(RestConfig.SSL_TRUSTSTORE_LOCATION_CONFIG)
    );
    sslContextFactory.setTrustStorePassword(
            config.getPassword(RestConfig.SSL_TRUSTSTORE_PASSWORD_CONFIG).value()
    );
    sslContextFactory.setTrustStoreType(
            config.getString(RestConfig.SSL_TRUSTSTORE_TYPE_CONFIG)
    );

    if (!config.getString(RestConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG).isEmpty()) {
      sslContextFactory.setTrustManagerFactoryAlgorithm(
              config.getString(RestConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG)
      );
    }
  }

  sslContextFactory.setProtocol(config.getString(RestConfig.SSL_PROTOCOL_CONFIG));
  if (!config.getString(RestConfig.SSL_PROVIDER_CONFIG).isEmpty()) {
    sslContextFactory.setProtocol(config.getString(RestConfig.SSL_PROVIDER_CONFIG));
  }

  sslContextFactory.setRenegotiationAllowed(false);

  return sslContextFactory;
}
 
Example 4
Source File: PHttpServer.java    From jphp with Apache License 2.0 4 votes vote down vote up
@Signature
public void listen(Memory value, ArrayMemory sslSettings) {
    ServerConnector connector;

    if (sslSettings != null) {
        SslContextFactory contextFactory = new SslContextFactory();

        // key store
        if (sslSettings.containsKey("keyStorePath"))
            contextFactory.setKeyStorePath(sslSettings.valueOfIndex("keyStorePath").toString());

        if (sslSettings.containsKey("keyStorePassword"))
            contextFactory.setKeyStoreType(sslSettings.valueOfIndex("keyStorePassword").toString());

        if (sslSettings.containsKey("keyStoreType"))
            contextFactory.setKeyStoreType(sslSettings.valueOfIndex("keyStoreType").toString());

        if (sslSettings.containsKey("keyStoreProvider"))
            contextFactory.setKeyStoreProvider(sslSettings.valueOfIndex("keyStoreProvider").toString());

        // trust store
        if (sslSettings.containsKey("trustStorePath"))
            contextFactory.setTrustStorePath(sslSettings.valueOfIndex("trustStorePath").toString());

        if (sslSettings.containsKey("trustStorePassword"))
            contextFactory.setTrustStoreType(sslSettings.valueOfIndex("trustStorePassword").toString());

        if (sslSettings.containsKey("trustStoreType"))
            contextFactory.setTrustStoreType(sslSettings.valueOfIndex("trustStoreType").toString());

        if (sslSettings.containsKey("trustStoreProvider"))
            contextFactory.setTrustStoreProvider(sslSettings.valueOfIndex("trustStoreProvider").toString());

        if (sslSettings.containsKey("trustAll"))
            contextFactory.setTrustAll(sslSettings.valueOfIndex("trustAll").toBoolean());

        if (sslSettings.containsKey("trustManagerFactoryAlgorithm"))
            contextFactory.setTrustManagerFactoryAlgorithm(sslSettings.valueOfIndex("trustManagerFactoryAlgorithm").toString());

        // key manager
        if (sslSettings.containsKey("keyManagerFactoryAlgorithm"))
            contextFactory.setKeyManagerFactoryAlgorithm(sslSettings.valueOfIndex("keyManagerFactoryAlgorithm").toString());

        if (sslSettings.containsKey("keyManagerPassword"))
            contextFactory.setKeyManagerPassword(sslSettings.valueOfIndex("keyManagerPassword").toString());

        // other
        if (sslSettings.containsKey("certAlias"))
            contextFactory.setCertAlias(sslSettings.valueOfIndex("certAlias").toString());

        if (sslSettings.containsKey("protocol"))
            contextFactory.setProtocol(sslSettings.valueOfIndex("protocol").toString());

        if (sslSettings.containsKey("provider"))
            contextFactory.setProvider(sslSettings.valueOfIndex("provider").toString());

        if (sslSettings.containsKey("validateCerts"))
            contextFactory.setValidateCerts(sslSettings.valueOfIndex("validateCerts").toBoolean());

        connector = new ServerConnector(server, contextFactory);
    } else {
        connector = new ServerConnector(server);
    }

    if (value.isNumber()) {
        connector.setName("0.0.0.0:" + value.toInteger());
        connector.setPort(value.toInteger());
    } else {
        String[] strings = value.toString().split("\\:");

        if (strings.length < 2) {
            throw new IllegalArgumentException("Invalid listen value: " + value);
        }

        connector.setHost(strings[0]);
        connector.setPort(Integer.parseInt(strings[1]));
        connector.setName(strings[0] + ":" + strings[1]);
    }

    server.addConnector(connector);
}