Java Code Examples for org.eclipse.jetty.util.ssl.SslContextFactory#setKeyStoreType()
The following examples show how to use
org.eclipse.jetty.util.ssl.SslContextFactory#setKeyStoreType() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SSLUtils.java From kop with Apache License 2.0 | 6 votes |
/** * Configures KeyStore related settings in SslContextFactory. */ protected static void configureSslContextFactoryKeyStore(SslContextFactory ssl, Map<String, Object> sslConfigValues) { ssl.setKeyStoreType((String) getOrDefault(sslConfigValues, SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, SslConfigs.DEFAULT_SSL_KEYSTORE_TYPE)); String sslKeystoreLocation = (String) sslConfigValues.get(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG); if (sslKeystoreLocation != null) { ssl.setKeyStorePath(sslKeystoreLocation); } Password sslKeystorePassword = new Password((String) sslConfigValues.get(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG)); if (sslKeystorePassword != null) { ssl.setKeyStorePassword(sslKeystorePassword.value()); } Password sslKeyPassword = new Password((String) sslConfigValues.get(SslConfigs.SSL_KEY_PASSWORD_CONFIG)); if (sslKeyPassword != null) { ssl.setKeyManagerPassword(sslKeyPassword.value()); } }
Example 2
Source File: WebServer.java From hop with Apache License 2.0 | 6 votes |
private ServerConnector getConnector() { if ( sslConfig != null ) { log.logBasic( BaseMessages.getString( PKG, "WebServer.Log.SslModeUsing" ) ); SslConnectionFactory connector = new SslConnectionFactory(); SslContextFactory contextFactory = new SslContextFactory(); contextFactory.setKeyStoreResource( new PathResource( new File( sslConfig.getKeyStore() ) ) ); contextFactory.setKeyStorePassword( sslConfig.getKeyStorePassword() ); contextFactory.setKeyManagerPassword( sslConfig.getKeyPassword() ); contextFactory.setKeyStoreType( sslConfig.getKeyStoreType() ); return new ServerConnector( server, connector ); } else { return new ServerConnector( server ); } }
Example 3
Source File: AbstractJettyWebSocketService.java From nifi with Apache License 2.0 | 6 votes |
protected SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth, final String endpointIdentificationAlgorithm) { final SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); // Need to set SslContextFactory's endpointIdentificationAlgorithm. // For clients, hostname verification should be enabled. // For servers, hostname verification should be disabled. // Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS". sslFactory.setEndpointIdentificationAlgorithm(endpointIdentificationAlgorithm); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
Example 4
Source File: PrometheusServer.java From nifi with Apache License 2.0 | 6 votes |
private SslContextFactory createSslFactory(final SSLContextService sslService, boolean needClientAuth, boolean wantClientAuth) { SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); sslFactory.setProtocol(sslService.getSslAlgorithm()); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
Example 5
Source File: AbstractJettyWebSocketService.java From localization_nifi with Apache License 2.0 | 6 votes |
protected SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) { final SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
Example 6
Source File: HandleHttpRequest.java From localization_nifi with Apache License 2.0 | 6 votes |
private SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) { final SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
Example 7
Source File: HttpConfig.java From api-layer with Eclipse Public License 2.0 | 6 votes |
@Bean public SslContextFactory jettySslContextFactory() { SslContextFactory sslContextFactory = new SslContextFactory(SecurityUtils.replaceFourSlashes(keyStore)); sslContextFactory.setProtocol(protocol); sslContextFactory.setKeyStorePassword(keyStorePassword); sslContextFactory.setKeyStoreType(keyStoreType); sslContextFactory.setCertAlias(keyAlias); if (trustStore != null) { sslContextFactory.setTrustStorePath(SecurityUtils.replaceFourSlashes(trustStore)); sslContextFactory.setTrustStoreType(trustStoreType); sslContextFactory.setTrustStorePassword(trustStorePassword); } log.debug("jettySslContextFactory: {}", sslContextFactory.dump()); if (!verifySslCertificatesOfServices) { sslContextFactory.setTrustAll(true); } return sslContextFactory; }
Example 8
Source File: TestServer.java From localization_nifi with Apache License 2.0 | 5 votes |
private void createSecureConnector(final Map<String, String> sslProperties) { SslContextFactory ssl = new SslContextFactory(); if (sslProperties.get(StandardSSLContextService.KEYSTORE.getName()) != null) { ssl.setKeyStorePath(sslProperties.get(StandardSSLContextService.KEYSTORE.getName())); ssl.setKeyStorePassword(sslProperties.get(StandardSSLContextService.KEYSTORE_PASSWORD.getName())); ssl.setKeyStoreType(sslProperties.get(StandardSSLContextService.KEYSTORE_TYPE.getName())); } if (sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName()) != null) { ssl.setTrustStorePath(sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName())); ssl.setTrustStorePassword(sslProperties.get(StandardSSLContextService.TRUSTSTORE_PASSWORD.getName())); ssl.setTrustStoreType(sslProperties.get(StandardSSLContextService.TRUSTSTORE_TYPE.getName())); } final String clientAuth = sslProperties.get(NEED_CLIENT_AUTH); if (clientAuth == null) { ssl.setNeedClientAuth(true); } else { ssl.setNeedClientAuth(Boolean.parseBoolean(clientAuth)); } // build the connector final ServerConnector https = new ServerConnector(jetty, ssl); // set host and port https.setPort(0); // Severely taxed environments may have significant delays when executing. https.setIdleTimeout(30000L); // add the connector jetty.addConnector(https); // mark secure as enabled secure = true; }
Example 9
Source File: HandleHttpRequest.java From nifi with Apache License 2.0 | 5 votes |
private SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) { final SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); sslFactory.setProtocol(sslService.getSslAlgorithm()); // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server, // not a client. Server does not need to perform hostname verification on the client. // Previous to Jetty 9.4.15.v20190215, this defaulted to null. sslFactory.setEndpointIdentificationAlgorithm(null); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
Example 10
Source File: JettyHttpsServer.java From sumk with Apache License 2.0 | 5 votes |
@Override protected ConnectionFactory[] getConnectionFactorys() throws URISyntaxException { @SuppressWarnings("deprecation") SslContextFactory sslContextFactory = new SslContextFactory(); String path = get(HttpPlugin.KEY_STORE_PATH); File keystoreFile = FileUtil.file(path); if (!keystoreFile.exists()) { String msg = path + " is not exist"; Logs.http().error(msg); SumkException.throwException(-2345345, msg); } sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath()); sslContextFactory.setKeyStorePassword(get("sumk.jetty.ssl.storePassword")); sslContextFactory.setKeyManagerPassword(get("sumk.jetty.ssl.managerPassword")); sslContextFactory.setCertAlias(get("sumk.jetty.ssl.alias")); String v = AppInfo.get("sumk.jetty.ssl.storeType", null); if (v != null) { sslContextFactory.setKeyStoreType(v); } sslContextFactory.setTrustAll(AppInfo.getBoolean("sumk.jetty.ssl.trustAll", false)); Logs.http().info("using https"); return new ConnectionFactory[] { new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory() }; }
Example 11
Source File: RestChangeIngestor.java From nifi-minifi with Apache License 2.0 | 5 votes |
private void createSecureConnector(Properties properties) { SslContextFactory ssl = new SslContextFactory(); if (properties.getProperty(KEYSTORE_LOCATION_KEY) != null) { ssl.setKeyStorePath(properties.getProperty(KEYSTORE_LOCATION_KEY)); ssl.setKeyStorePassword(properties.getProperty(KEYSTORE_PASSWORD_KEY)); ssl.setKeyStoreType(properties.getProperty(KEYSTORE_TYPE_KEY)); } if (properties.getProperty(TRUSTSTORE_LOCATION_KEY) != null) { ssl.setTrustStorePath(properties.getProperty(TRUSTSTORE_LOCATION_KEY)); ssl.setTrustStorePassword(properties.getProperty(TRUSTSTORE_PASSWORD_KEY)); ssl.setTrustStoreType(properties.getProperty(TRUSTSTORE_TYPE_KEY)); ssl.setNeedClientAuth(Boolean.parseBoolean(properties.getProperty(NEED_CLIENT_AUTH_KEY, "true"))); } // build the connector final ServerConnector https = new ServerConnector(jetty, ssl); // set host and port https.setPort(Integer.parseInt(properties.getProperty(PORT_KEY, "0"))); https.setHost(properties.getProperty(HOST_KEY, "localhost")); // Severely taxed environments may have significant delays when executing. https.setIdleTimeout(30000L); // add the connector jetty.addConnector(https); logger.info("Added an https connector on the host '{}' and port '{}'", new Object[]{https.getHost(), https.getPort()}); }
Example 12
Source File: TestServer.java From localization_nifi with Apache License 2.0 | 5 votes |
private void createSecureConnector(final Map<String, String> sslProperties) { SslContextFactory ssl = new SslContextFactory(); if (sslProperties.get(StandardSSLContextService.KEYSTORE.getName()) != null) { ssl.setKeyStorePath(sslProperties.get(StandardSSLContextService.KEYSTORE.getName())); ssl.setKeyStorePassword(sslProperties.get(StandardSSLContextService.KEYSTORE_PASSWORD.getName())); ssl.setKeyStoreType(sslProperties.get(StandardSSLContextService.KEYSTORE_TYPE.getName())); } if (sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName()) != null) { ssl.setTrustStorePath(sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName())); ssl.setTrustStorePassword(sslProperties.get(StandardSSLContextService.TRUSTSTORE_PASSWORD.getName())); ssl.setTrustStoreType(sslProperties.get(StandardSSLContextService.TRUSTSTORE_TYPE.getName())); } final String clientAuth = sslProperties.get(NEED_CLIENT_AUTH); if (clientAuth == null) { ssl.setNeedClientAuth(true); } else { ssl.setNeedClientAuth(Boolean.parseBoolean(clientAuth)); } // build the connector final ServerConnector https = new ServerConnector(jetty, ssl); // set host and port https.setPort(0); // Severely taxed environments may have significant delays when executing. https.setIdleTimeout(30000L); // add the connector jetty.addConnector(https); // mark secure as enabled secure = true; }
Example 13
Source File: JettyServer.java From localization_nifi with Apache License 2.0 | 4 votes |
protected static void configureSslContextFactory(SslContextFactory contextFactory, NiFiProperties props) { // require client auth when not supporting login, Kerberos service, or anonymous access if (props.isClientAuthRequiredForRestApi()) { contextFactory.setNeedClientAuth(true); } else { contextFactory.setWantClientAuth(true); } /* below code sets JSSE system properties when values are provided */ // keystore properties if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_KEYSTORE))) { contextFactory.setKeyStorePath(props.getProperty(NiFiProperties.SECURITY_KEYSTORE)); } String keyStoreType = props.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE); if (StringUtils.isNotBlank(keyStoreType)) { contextFactory.setKeyStoreType(keyStoreType); String keyStoreProvider = KeyStoreUtils.getKeyStoreProvider(keyStoreType); if (StringUtils.isNoneEmpty(keyStoreProvider)) { contextFactory.setKeyStoreProvider(keyStoreProvider); } } final String keystorePassword = props.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD); final String keyPassword = props.getProperty(NiFiProperties.SECURITY_KEY_PASSWD); if (StringUtils.isNotBlank(keystorePassword)) { // if no key password was provided, then assume the keystore password is the same as the key password. final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword; contextFactory.setKeyStorePassword(keystorePassword); contextFactory.setKeyManagerPassword(defaultKeyPassword); } else if (StringUtils.isNotBlank(keyPassword)) { // since no keystore password was provided, there will be no keystore integrity check contextFactory.setKeyManagerPassword(keyPassword); } // truststore properties if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE))) { contextFactory.setTrustStorePath(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE)); } String trustStoreType = props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE); if (StringUtils.isNotBlank(trustStoreType)) { contextFactory.setTrustStoreType(trustStoreType); String trustStoreProvider = KeyStoreUtils.getKeyStoreProvider(trustStoreType); if (StringUtils.isNoneEmpty(trustStoreProvider)) { contextFactory.setTrustStoreProvider(trustStoreProvider); } } if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD))) { contextFactory.setTrustStorePassword(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD)); } }
Example 14
Source File: JettyServer.java From nifi with Apache License 2.0 | 4 votes |
protected static void configureSslContextFactory(SslContextFactory contextFactory, NiFiProperties props) { // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server, // not a client. Server does not need to perform hostname verification on the client. // Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS". contextFactory.setEndpointIdentificationAlgorithm(null); // Explicitly exclude legacy TLS protocol versions // contextFactory.setProtocol(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion()); contextFactory.setIncludeProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions()); contextFactory.setExcludeProtocols("TLS", "TLSv1", "TLSv1.1", "SSL", "SSLv2", "SSLv2Hello", "SSLv3"); // require client auth when not supporting login, Kerberos service, or anonymous access if (props.isClientAuthRequiredForRestApi()) { contextFactory.setNeedClientAuth(true); } else { contextFactory.setWantClientAuth(true); } /* below code sets JSSE system properties when values are provided */ // keystore properties if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_KEYSTORE))) { contextFactory.setKeyStorePath(props.getProperty(NiFiProperties.SECURITY_KEYSTORE)); } String keyStoreType = props.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE); if (StringUtils.isNotBlank(keyStoreType)) { contextFactory.setKeyStoreType(keyStoreType); String keyStoreProvider = KeyStoreUtils.getKeyStoreProvider(keyStoreType); if (StringUtils.isNoneEmpty(keyStoreProvider)) { contextFactory.setKeyStoreProvider(keyStoreProvider); } } final String keystorePassword = props.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD); final String keyPassword = props.getProperty(NiFiProperties.SECURITY_KEY_PASSWD); if (StringUtils.isNotBlank(keystorePassword)) { // if no key password was provided, then assume the keystore password is the same as the key password. final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword; contextFactory.setKeyStorePassword(keystorePassword); contextFactory.setKeyManagerPassword(defaultKeyPassword); } else if (StringUtils.isNotBlank(keyPassword)) { // since no keystore password was provided, there will be no keystore integrity check contextFactory.setKeyManagerPassword(keyPassword); } // truststore properties if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE))) { contextFactory.setTrustStorePath(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE)); } String trustStoreType = props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE); if (StringUtils.isNotBlank(trustStoreType)) { contextFactory.setTrustStoreType(trustStoreType); String trustStoreProvider = KeyStoreUtils.getKeyStoreProvider(trustStoreType); if (StringUtils.isNoneEmpty(trustStoreProvider)) { contextFactory.setTrustStoreProvider(trustStoreProvider); } } if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD))) { contextFactory.setTrustStorePassword(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD)); } }
Example 15
Source File: ApplicationServer.java From rest-utils with Apache License 2.0 | 4 votes |
private SslContextFactory createSslContextFactory(RestConfig config) { SslContextFactory sslContextFactory = new SslContextFactory.Server(); if (!config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG).isEmpty()) { sslContextFactory.setKeyStorePath( config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG) ); sslContextFactory.setKeyStorePassword( config.getPassword(RestConfig.SSL_KEYSTORE_PASSWORD_CONFIG).value() ); sslContextFactory.setKeyManagerPassword( config.getPassword(RestConfig.SSL_KEY_PASSWORD_CONFIG).value() ); sslContextFactory.setKeyStoreType( config.getString(RestConfig.SSL_KEYSTORE_TYPE_CONFIG) ); if (!config.getString(RestConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG).isEmpty()) { sslContextFactory.setKeyManagerFactoryAlgorithm( config.getString(RestConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG)); } if (config.getBoolean(RestConfig.SSL_KEYSTORE_RELOAD_CONFIG)) { Path watchLocation = getWatchLocation(config); try { FileWatcher.onFileChange(watchLocation, () -> { // Need to reset the key store path for symbolic link case sslContextFactory.setKeyStorePath( config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG) ); sslContextFactory.reload(scf -> log.info("Reloaded SSL cert")); } ); log.info("Enabled SSL cert auto reload for: " + watchLocation); } catch (java.io.IOException e) { log.error("Can not enabled SSL cert auto reload", e); } } } configureClientAuth(sslContextFactory, config); List<String> enabledProtocols = config.getList(RestConfig.SSL_ENABLED_PROTOCOLS_CONFIG); if (!enabledProtocols.isEmpty()) { sslContextFactory.setIncludeProtocols(enabledProtocols.toArray(new String[0])); } List<String> cipherSuites = config.getList(RestConfig.SSL_CIPHER_SUITES_CONFIG); if (!cipherSuites.isEmpty()) { sslContextFactory.setIncludeCipherSuites(cipherSuites.toArray(new String[0])); } sslContextFactory.setEndpointIdentificationAlgorithm( config.getString(RestConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG)); if (!config.getString(RestConfig.SSL_TRUSTSTORE_LOCATION_CONFIG).isEmpty()) { sslContextFactory.setTrustStorePath( config.getString(RestConfig.SSL_TRUSTSTORE_LOCATION_CONFIG) ); sslContextFactory.setTrustStorePassword( config.getPassword(RestConfig.SSL_TRUSTSTORE_PASSWORD_CONFIG).value() ); sslContextFactory.setTrustStoreType( config.getString(RestConfig.SSL_TRUSTSTORE_TYPE_CONFIG) ); if (!config.getString(RestConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG).isEmpty()) { sslContextFactory.setTrustManagerFactoryAlgorithm( config.getString(RestConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG) ); } } sslContextFactory.setProtocol(config.getString(RestConfig.SSL_PROTOCOL_CONFIG)); if (!config.getString(RestConfig.SSL_PROVIDER_CONFIG).isEmpty()) { sslContextFactory.setProtocol(config.getString(RestConfig.SSL_PROVIDER_CONFIG)); } sslContextFactory.setRenegotiationAllowed(false); return sslContextFactory; }
Example 16
Source File: SSLUtilsTest.java From athenz with Apache License 2.0 | 4 votes |
private static JettyServer createHttpsJettyServer(boolean clientAuth) throws IOException { Server server = new Server(); HttpConfiguration https_config = new HttpConfiguration(); https_config.setSecureScheme("https"); int port; try (ServerSocket socket = new ServerSocket(0)) { port = socket.getLocalPort(); } https_config.setSecurePort(port); https_config.setOutputBufferSize(32768); SslContextFactory sslContextFactory = new SslContextFactory(); File keystoreFile = new File(DEFAULT_SERVER_KEY_STORE); if (!keystoreFile.exists()) { throw new FileNotFoundException(); } String trustStorePath = DEFAULT_CA_TRUST_STORE; File trustStoreFile = new File(trustStorePath); if (!trustStoreFile.exists()) { throw new FileNotFoundException(); } sslContextFactory.setEndpointIdentificationAlgorithm(null); sslContextFactory.setTrustStorePath(trustStorePath); sslContextFactory.setTrustStoreType(DEFAULT_SSL_STORE_TYPE); sslContextFactory.setTrustStorePassword(DEFAULT_CERT_PWD); sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath()); sslContextFactory.setKeyStoreType(DEFAULT_SSL_STORE_TYPE); sslContextFactory.setKeyStorePassword(DEFAULT_CERT_PWD); sslContextFactory.setProtocol(DEFAULT_SSL_PROTOCOL); sslContextFactory.setNeedClientAuth(clientAuth); ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config)); https.setPort(port); https.setIdleTimeout(500000); server.setConnectors(new Connector[] { https }); HandlerList handlers = new HandlerList(); ResourceHandler resourceHandler = new ResourceHandler(); resourceHandler.setBaseResource(Resource.newResource(".")); handlers.setHandlers(new Handler[] { resourceHandler, new DefaultHandler() }); server.setHandler(handlers); return new JettyServer(server, port); }
Example 17
Source File: PHttpServer.java From jphp with Apache License 2.0 | 4 votes |
@Signature public void listen(Memory value, ArrayMemory sslSettings) { ServerConnector connector; if (sslSettings != null) { SslContextFactory contextFactory = new SslContextFactory(); // key store if (sslSettings.containsKey("keyStorePath")) contextFactory.setKeyStorePath(sslSettings.valueOfIndex("keyStorePath").toString()); if (sslSettings.containsKey("keyStorePassword")) contextFactory.setKeyStoreType(sslSettings.valueOfIndex("keyStorePassword").toString()); if (sslSettings.containsKey("keyStoreType")) contextFactory.setKeyStoreType(sslSettings.valueOfIndex("keyStoreType").toString()); if (sslSettings.containsKey("keyStoreProvider")) contextFactory.setKeyStoreProvider(sslSettings.valueOfIndex("keyStoreProvider").toString()); // trust store if (sslSettings.containsKey("trustStorePath")) contextFactory.setTrustStorePath(sslSettings.valueOfIndex("trustStorePath").toString()); if (sslSettings.containsKey("trustStorePassword")) contextFactory.setTrustStoreType(sslSettings.valueOfIndex("trustStorePassword").toString()); if (sslSettings.containsKey("trustStoreType")) contextFactory.setTrustStoreType(sslSettings.valueOfIndex("trustStoreType").toString()); if (sslSettings.containsKey("trustStoreProvider")) contextFactory.setTrustStoreProvider(sslSettings.valueOfIndex("trustStoreProvider").toString()); if (sslSettings.containsKey("trustAll")) contextFactory.setTrustAll(sslSettings.valueOfIndex("trustAll").toBoolean()); if (sslSettings.containsKey("trustManagerFactoryAlgorithm")) contextFactory.setTrustManagerFactoryAlgorithm(sslSettings.valueOfIndex("trustManagerFactoryAlgorithm").toString()); // key manager if (sslSettings.containsKey("keyManagerFactoryAlgorithm")) contextFactory.setKeyManagerFactoryAlgorithm(sslSettings.valueOfIndex("keyManagerFactoryAlgorithm").toString()); if (sslSettings.containsKey("keyManagerPassword")) contextFactory.setKeyManagerPassword(sslSettings.valueOfIndex("keyManagerPassword").toString()); // other if (sslSettings.containsKey("certAlias")) contextFactory.setCertAlias(sslSettings.valueOfIndex("certAlias").toString()); if (sslSettings.containsKey("protocol")) contextFactory.setProtocol(sslSettings.valueOfIndex("protocol").toString()); if (sslSettings.containsKey("provider")) contextFactory.setProvider(sslSettings.valueOfIndex("provider").toString()); if (sslSettings.containsKey("validateCerts")) contextFactory.setValidateCerts(sslSettings.valueOfIndex("validateCerts").toBoolean()); connector = new ServerConnector(server, contextFactory); } else { connector = new ServerConnector(server); } if (value.isNumber()) { connector.setName("0.0.0.0:" + value.toInteger()); connector.setPort(value.toInteger()); } else { String[] strings = value.toString().split("\\:"); if (strings.length < 2) { throw new IllegalArgumentException("Invalid listen value: " + value); } connector.setHost(strings[0]); connector.setPort(Integer.parseInt(strings[1])); connector.setName(strings[0] + ":" + strings[1]); } server.addConnector(connector); }
Example 18
Source File: TestServer.java From nifi with Apache License 2.0 | 4 votes |
private void createSecureConnector(final Map<String, String> sslProperties) { SslContextFactory ssl = new SslContextFactory(); if (sslProperties.get(StandardSSLContextService.KEYSTORE.getName()) != null) { ssl.setKeyStorePath(sslProperties.get(StandardSSLContextService.KEYSTORE.getName())); ssl.setKeyStorePassword(sslProperties.get(StandardSSLContextService.KEYSTORE_PASSWORD.getName())); ssl.setKeyStoreType(sslProperties.get(StandardSSLContextService.KEYSTORE_TYPE.getName())); } if (sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName()) != null) { ssl.setTrustStorePath(sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName())); ssl.setTrustStorePassword(sslProperties.get(StandardSSLContextService.TRUSTSTORE_PASSWORD.getName())); ssl.setTrustStoreType(sslProperties.get(StandardSSLContextService.TRUSTSTORE_TYPE.getName())); } final String clientAuth = sslProperties.get(NEED_CLIENT_AUTH); if (clientAuth == null) { ssl.setNeedClientAuth(true); } else { ssl.setNeedClientAuth(Boolean.parseBoolean(clientAuth)); } // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server, // not a client. Server does not need to perform hostname verification on the client. // Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS". ssl.setEndpointIdentificationAlgorithm(null); // build the connector final ServerConnector https = new ServerConnector(jetty, ssl); // set host and port https.setPort(0); // Severely taxed environments may have significant delays when executing. https.setIdleTimeout(30000L); // add the connector jetty.addConnector(https); // mark secure as enabled secure = true; }
Example 19
Source File: HttpServerExtension.java From kareldb with Apache License 2.0 | 4 votes |
private static SslContextFactory createSslContextFactory(KarelDbConfig config) { SslContextFactory sslContextFactory = new SslContextFactory(); if (!config.getString(KarelDbConfig.SSL_KEYSTORE_LOCATION_CONFIG).isEmpty()) { sslContextFactory.setKeyStorePath( config.getString(KarelDbConfig.SSL_KEYSTORE_LOCATION_CONFIG) ); sslContextFactory.setKeyStorePassword( config.getPassword(KarelDbConfig.SSL_KEYSTORE_PASSWORD_CONFIG).value() ); sslContextFactory.setKeyManagerPassword( config.getPassword(KarelDbConfig.SSL_KEY_PASSWORD_CONFIG).value() ); sslContextFactory.setKeyStoreType( config.getString(KarelDbConfig.SSL_KEYSTORE_TYPE_CONFIG) ); if (!config.getString(KarelDbConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG).isEmpty()) { sslContextFactory.setKeyManagerFactoryAlgorithm( config.getString(KarelDbConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG)); } } configureClientAuth(config, sslContextFactory); List<String> enabledProtocols = config.getList(KarelDbConfig.SSL_ENABLED_PROTOCOLS_CONFIG); if (!enabledProtocols.isEmpty()) { sslContextFactory.setIncludeProtocols(enabledProtocols.toArray(new String[0])); } List<String> cipherSuites = config.getList(KarelDbConfig.SSL_CIPHER_SUITES_CONFIG); if (!cipherSuites.isEmpty()) { sslContextFactory.setIncludeCipherSuites(cipherSuites.toArray(new String[0])); } sslContextFactory.setEndpointIdentificationAlgorithm( config.getString(KarelDbConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG)); if (!config.getString(KarelDbConfig.SSL_TRUSTSTORE_LOCATION_CONFIG).isEmpty()) { sslContextFactory.setTrustStorePath( config.getString(KarelDbConfig.SSL_TRUSTSTORE_LOCATION_CONFIG) ); sslContextFactory.setTrustStorePassword( config.getPassword(KarelDbConfig.SSL_TRUSTSTORE_PASSWORD_CONFIG).value() ); sslContextFactory.setTrustStoreType( config.getString(KarelDbConfig.SSL_TRUSTSTORE_TYPE_CONFIG) ); if (!config.getString(KarelDbConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG).isEmpty()) { sslContextFactory.setTrustManagerFactoryAlgorithm( config.getString(KarelDbConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG) ); } } sslContextFactory.setProtocol(config.getString(KarelDbConfig.SSL_PROTOCOL_CONFIG)); if (!config.getString(KarelDbConfig.SSL_PROVIDER_CONFIG).isEmpty()) { sslContextFactory.setProtocol(config.getString(KarelDbConfig.SSL_PROVIDER_CONFIG)); } sslContextFactory.setRenegotiationAllowed(false); return sslContextFactory; }
Example 20
Source File: WebSocketServerExample.java From nifi with Apache License 2.0 | 2 votes |
@BeforeClass public static void setup() throws Exception { server = new Server(0); final ContextHandlerCollection handlerCollection = new ContextHandlerCollection(); final ServletContextHandler contextHandler = new ServletContextHandler(); servletHandler = new ServletHandler(); contextHandler.insertHandler(servletHandler); handlerCollection.setHandlers(new Handler[]{contextHandler}); server.setHandler(handlerCollection); httpConnector = new ServerConnector(server); httpConnector.setPort(50010); final SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath("src/test/resources/certs/keystore.jks"); sslContextFactory.setKeyStorePassword("passwordpassword"); sslContextFactory.setKeyStoreType("JKS"); // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server, // not a client. Server does not need to perform hostname verification on the client. // Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS". sslContextFactory.setEndpointIdentificationAlgorithm(null); final HttpConfiguration https = new HttpConfiguration(); https.addCustomizer(new SecureRequestCustomizer()); sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https)); sslConnector.setPort(50011); server.setConnectors(new Connector[]{httpConnector, sslConnector}); servletHolder = servletHandler.addServletWithMapping(WSServlet.class, "/test"); servletHolder = servletHandler.addServletWithMapping(ConnectionCheckServlet.class, "/check"); server.start(); logger.info("Starting server on port {} for HTTP, and {} for HTTPS", httpConnector.getLocalPort(), sslConnector.getLocalPort()); }