Java Code Examples for org.eclipse.jetty.util.ssl.SslContextFactory#setTrustStorePath()
The following examples show how to use
org.eclipse.jetty.util.ssl.SslContextFactory#setTrustStorePath() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PrometheusServer.java From nifi with Apache License 2.0 | 6 votes |
private SslContextFactory createSslFactory(final SSLContextService sslService, boolean needClientAuth, boolean wantClientAuth) { SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); sslFactory.setProtocol(sslService.getSslAlgorithm()); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
Example 2
Source File: SSLUtils.java From kop with Apache License 2.0 | 6 votes |
/** * Configures TrustStore related settings in SslContextFactory. */ protected static void configureSslContextFactoryTrustStore(SslContextFactory ssl, Map<String, Object> sslConfigValues) { ssl.setTrustStoreType( (String) getOrDefault( sslConfigValues, SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, SslConfigs.DEFAULT_SSL_TRUSTSTORE_TYPE)); String sslTruststoreLocation = (String) sslConfigValues.get(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG); if (sslTruststoreLocation != null) { ssl.setTrustStorePath(sslTruststoreLocation); } Password sslTruststorePassword = new Password((String) sslConfigValues.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG)); if (sslTruststorePassword != null) { ssl.setTrustStorePassword(sslTruststorePassword.value()); } }
Example 3
Source File: AggregatorApplication.java From ambari-metrics with Apache License 2.0 | 6 votes |
protected HttpServer createHttpServer() throws Exception { ResourceConfig resourceConfig = new PackagesResourceConfig("org.apache.hadoop.metrics2.host.aggregator"); HashMap<String, Object> params = new HashMap(); params.put("com.sun.jersey.api.json.POJOMappingFeature", "true"); resourceConfig.setPropertiesAndFeatures(params); HttpServer server = HttpServerFactory.create(getURI(), resourceConfig); if (webServerProtocol.equalsIgnoreCase("https")) { HttpsServer httpsServer = (HttpsServer) server; SslContextFactory sslContextFactory = new SslContextFactory(); String keyStorePath = configuration.get("ssl.server.keystore.location"); String keyStorePassword = configuration.get("ssl.server.keystore.password"); String keyManagerPassword = configuration.get("ssl.server.keystore.keypassword"); String trustStorePath = configuration.get("ssl.server.truststore.location"); String trustStorePassword = configuration.get("ssl.server.truststore.password"); sslContextFactory.setKeyStorePath(keyStorePath); sslContextFactory.setKeyStorePassword(keyStorePassword); sslContextFactory.setKeyManagerPassword(keyManagerPassword); sslContextFactory.setTrustStorePath(trustStorePath); sslContextFactory.setTrustStorePassword(trustStorePassword); sslContextFactory.start(); SSLContext sslContext = sslContextFactory.getSslContext(); sslContextFactory.stop(); HttpsConfigurator httpsConfigurator = new HttpsConfigurator(sslContext); httpsServer.setHttpsConfigurator(httpsConfigurator); server = httpsServer; } return server; }
Example 4
Source File: JettyServer.java From pippo with Apache License 2.0 | 6 votes |
protected ServerConnector createServerConnector(Server server) { String keyStoreFile = getSettings().getKeystoreFile(); if (keyStoreFile == null) { return new ServerConnector(server); } SslContextFactory sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setKeyStorePath(asJettyFriendlyPath(keyStoreFile, "Keystore file")); if (getSettings().getKeystorePassword() != null) { sslContextFactory.setKeyStorePassword(getSettings().getKeystorePassword()); } String truststoreFile = getSettings().getTruststoreFile(); if (truststoreFile != null) { sslContextFactory.setTrustStorePath(asJettyFriendlyPath(truststoreFile, "Truststore file")); } if (getSettings().getTruststorePassword() != null) { sslContextFactory.setTrustStorePassword(getSettings().getTruststorePassword()); } return new ServerConnector(server, sslContextFactory); }
Example 5
Source File: AbstractJettyWebSocketService.java From localization_nifi with Apache License 2.0 | 6 votes |
protected SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) { final SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
Example 6
Source File: HandleHttpRequest.java From localization_nifi with Apache License 2.0 | 6 votes |
private SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) { final SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
Example 7
Source File: SubmarineServer.java From submarine with Apache License 2.0 | 6 votes |
private static SslContextFactory getSslContextFactory(SubmarineConfiguration conf) { SslContextFactory sslContextFactory = new SslContextFactory(); // Set keystore sslContextFactory.setKeyStorePath(conf.getKeyStorePath()); sslContextFactory.setKeyStoreType(conf.getKeyStoreType()); sslContextFactory.setKeyStorePassword(conf.getKeyStorePassword()); sslContextFactory.setKeyManagerPassword(conf.getKeyManagerPassword()); if (conf.useClientAuth()) { sslContextFactory.setNeedClientAuth(conf.useClientAuth()); // Set truststore sslContextFactory.setTrustStorePath(conf.getTrustStorePath()); sslContextFactory.setTrustStoreType(conf.getTrustStoreType()); sslContextFactory.setTrustStorePassword(conf.getTrustStorePassword()); } return sslContextFactory; }
Example 8
Source File: JettyWebServer.java From Doradus with Apache License 2.0 | 6 votes |
private ServerConnector createSSLConnector() { SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(m_keystore); sslContextFactory.setKeyStorePassword(m_keystorepassword); sslContextFactory.setTrustStorePath(m_truststore); sslContextFactory.setTrustStorePassword(m_truststorepassword); sslContextFactory.setNeedClientAuth(m_clientauthentication); sslContextFactory.setIncludeCipherSuites(m_tls_cipher_suites); HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); SslConnectionFactory sslConnFactory = new SslConnectionFactory(sslContextFactory, "http/1.1"); HttpConnectionFactory httpConnFactory = new HttpConnectionFactory(https_config); ServerConnector sslConnector = new ServerConnector(m_jettyServer, sslConnFactory, httpConnFactory); return sslConnector; }
Example 9
Source File: HttpConfig.java From api-layer with Eclipse Public License 2.0 | 6 votes |
@Bean public SslContextFactory jettySslContextFactory() { SslContextFactory sslContextFactory = new SslContextFactory(SecurityUtils.replaceFourSlashes(keyStore)); sslContextFactory.setProtocol(protocol); sslContextFactory.setKeyStorePassword(keyStorePassword); sslContextFactory.setKeyStoreType(keyStoreType); sslContextFactory.setCertAlias(keyAlias); if (trustStore != null) { sslContextFactory.setTrustStorePath(SecurityUtils.replaceFourSlashes(trustStore)); sslContextFactory.setTrustStoreType(trustStoreType); sslContextFactory.setTrustStorePassword(trustStorePassword); } log.debug("jettySslContextFactory: {}", sslContextFactory.dump()); if (!verifySslCertificatesOfServices) { sslContextFactory.setTrustAll(true); } return sslContextFactory; }
Example 10
Source File: C2Properties.java From nifi-minifi with Apache License 2.0 | 6 votes |
public SslContextFactory getSslContextFactory() throws GeneralSecurityException, IOException { SslContextFactory sslContextFactory = new SslContextFactory(); KeyStore keyStore = KeyStore.getInstance(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE_TYPE)); Path keyStorePath = Paths.get(C2_SERVER_HOME).resolve(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE)).toAbsolutePath(); logger.debug("keystore path: " + keyStorePath); try (InputStream inputStream = Files.newInputStream(keyStorePath)) { keyStore.load(inputStream, properties.getProperty(MINIFI_C2_SERVER_KEYSTORE_PASSWD).toCharArray()); } sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyManagerPassword(properties.getProperty(MINIFI_C2_SERVER_KEY_PASSWD)); sslContextFactory.setWantClientAuth(true); String trustStorePath = Paths.get(C2_SERVER_HOME).resolve(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE)).toAbsolutePath().toFile().getAbsolutePath(); logger.debug("truststore path: " + trustStorePath); sslContextFactory.setTrustStorePath(trustStorePath); sslContextFactory.setTrustStoreType(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE_TYPE)); sslContextFactory.setTrustStorePassword(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE_PASSWD)); try { sslContextFactory.start(); } catch (Exception e) { throw new IOException(e); } return sslContextFactory; }
Example 11
Source File: ResourcesHttpsConnectorFactory.java From keywhiz with Apache License 2.0 | 5 votes |
@Override protected SslContextFactory configureSslContextFactory(SslContextFactory factory) { factory = super.configureSslContextFactory(factory); factory.setKeyStorePath(resolveResource(super.getKeyStorePath())); factory.setTrustStorePath(resolveResource(super.getTrustStorePath())); factory.setCrlPath(resolveResource(getCrlPath().getName())); return factory; }
Example 12
Source File: TestServer.java From localization_nifi with Apache License 2.0 | 5 votes |
private void createSecureConnector(final Map<String, String> sslProperties) { SslContextFactory ssl = new SslContextFactory(); if (sslProperties.get(StandardSSLContextService.KEYSTORE.getName()) != null) { ssl.setKeyStorePath(sslProperties.get(StandardSSLContextService.KEYSTORE.getName())); ssl.setKeyStorePassword(sslProperties.get(StandardSSLContextService.KEYSTORE_PASSWORD.getName())); ssl.setKeyStoreType(sslProperties.get(StandardSSLContextService.KEYSTORE_TYPE.getName())); } if (sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName()) != null) { ssl.setTrustStorePath(sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName())); ssl.setTrustStorePassword(sslProperties.get(StandardSSLContextService.TRUSTSTORE_PASSWORD.getName())); ssl.setTrustStoreType(sslProperties.get(StandardSSLContextService.TRUSTSTORE_TYPE.getName())); } final String clientAuth = sslProperties.get(NEED_CLIENT_AUTH); if (clientAuth == null) { ssl.setNeedClientAuth(true); } else { ssl.setNeedClientAuth(Boolean.parseBoolean(clientAuth)); } // build the connector final ServerConnector https = new ServerConnector(jetty, ssl); // set host and port https.setPort(0); // Severely taxed environments may have significant delays when executing. https.setIdleTimeout(30000L); // add the connector jetty.addConnector(https); // mark secure as enabled secure = true; }
Example 13
Source File: SslConfigurer.java From ambari-logsearch with Apache License 2.0 | 5 votes |
public SslContextFactory getSslContextFactory() { SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(getKeyStoreLocation()); sslContextFactory.setKeyStorePassword(getKeyStorePassword()); sslContextFactory.setKeyStoreType(getKeyStoreType()); if (isTrustStoreSpecified()) { sslContextFactory.setTrustStorePath(getTrustStoreLocation()); sslContextFactory.setTrustStorePassword(getTrustStorePassword()); sslContextFactory.setTrustStoreType(getTrustStoreType()); } return sslContextFactory; }
Example 14
Source File: HandleHttpRequest.java From nifi with Apache License 2.0 | 5 votes |
private SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) { final SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); sslFactory.setProtocol(sslService.getSslAlgorithm()); // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server, // not a client. Server does not need to perform hostname verification on the client. // Previous to Jetty 9.4.15.v20190215, this defaulted to null. sslFactory.setEndpointIdentificationAlgorithm(null); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
Example 15
Source File: CipherAndProtocolSelectionTest.java From apiman with Apache License 2.0 | 4 votes |
@Before public void setupJetty() throws Exception { server = new Server(); server.setStopAtShutdown(true); http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); jettySslContextFactory = new SslContextFactory(); jettySslContextFactory.setTrustStorePath(getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks")); jettySslContextFactory.setTrustStorePassword("password"); jettySslContextFactory.setKeyStorePath(getResourcePath("2waytest/mutual_trust_via_ca/service_ks.jks")); jettySslContextFactory.setKeyStorePassword("password"); jettySslContextFactory.setKeyManagerPassword("password"); // Use default trust store // No client auth jettySslContextFactory.setNeedClientAuth(false); jettySslContextFactory.setWantClientAuth(false); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(jettySslContextFactory,"http/1.1"), new HttpConnectionFactory(https_config)); sslConnector.setPort(8008); server.addConnector(sslConnector); // Thanks to Jetty getting started guide. server.setHandler(new AbstractHandler() { @Override public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { jettyRequestAttributes = new HashMap<>(); Enumeration<String> requestAttrNames = request.getAttributeNames(); while (requestAttrNames.hasMoreElements()) { String elem = requestAttrNames.nextElement(); jettyRequestAttributes.put(elem, request.getAttribute(elem).toString()); System.out.println(elem + " - " + request.getAttribute(elem).toString()); } response.setStatus(HttpServletResponse.SC_OK); baseRequest.setHandled(true); response.getWriter().println("apiman"); } }); }
Example 16
Source File: QuarksSslContainerProviderImpl.java From quarks with Apache License 2.0 | 4 votes |
@Override public WebSocketContainer getSslContainer(Properties config) { // With jetty, can't directly use ContainerProvider.getWebSocketContainer() // as it's "too late" to inject SslContextFactory into the mix. String trustStore = config.getProperty("ws.trustStore", System.getProperty("javax.net.ssl.trustStore")); String trustStorePassword = config.getProperty("ws.trustStorePassword", System.getProperty("javax.net.ssl.trustStorePassword")); String keyStore = config.getProperty("ws.keyStore", System.getProperty("javax.net.ssl.keyStore")); String keyStorePassword = config.getProperty("ws.keyStorePassword", System.getProperty("javax.net.ssl.keyStorePassword")); String keyPassword = config.getProperty("ws.keyPassword", keyStorePassword); String certAlias = config.getProperty("ws.keyCertificateAlias", "default"); // create ClientContainer as usual ClientContainer container = new ClientContainer(); // tweak before starting it SslContextFactory scf = container.getClient().getSslContextFactory(); if (trustStore != null) { // System.out.println("setting " + trustStore); scf.setTrustStorePath(trustStore); scf.setTrustStorePassword(trustStorePassword); } if (keyStore != null) { // System.out.println("setting " + keyStore); scf.setKeyStorePath(keyStore); scf.setKeyStorePassword(keyStorePassword); scf.setKeyManagerPassword(keyPassword); scf.setCertAlias(certAlias); } // start as usual try { container.start(); return container; } catch (Exception e) { throw new RuntimeException("Unable to start Client Container", e); } }
Example 17
Source File: StandardTLSTest.java From apiman with Apache License 2.0 | 4 votes |
@Before public void setupJetty() throws Exception { server = new Server(); server.setStopAtShutdown(true); http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setTrustStorePath(getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks")); sslContextFactory.setTrustStorePassword("password"); sslContextFactory.setKeyStorePath(getResourcePath("2waytest/mutual_trust_via_ca/service_ks.jks")); sslContextFactory.setKeyStorePassword("password"); sslContextFactory.setKeyManagerPassword("password"); // Use default trust store // No client auth sslContextFactory.setNeedClientAuth(false); sslContextFactory.setWantClientAuth(false); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory,"http/1.1"), new HttpConnectionFactory(https_config)); sslConnector.setPort(8008); server.addConnector(sslConnector); // Thanks to Jetty getting started guide. server.setHandler(new AbstractHandler() { @Override public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { Enumeration<String> z = request.getAttributeNames(); while (z.hasMoreElements()) { String elem = z.nextElement(); System.out.println(elem + " - " + request.getAttribute(elem)); } response.setStatus(HttpServletResponse.SC_OK); baseRequest.setHandled(true); response.getWriter().println("apiman"); } }); server.start(); }
Example 18
Source File: BrooklynWebServer.java From brooklyn-server with Apache License 2.0 | 4 votes |
private SslContextFactory createContextFactory() throws KeyStoreException { SslContextFactory sslContextFactory = new SslContextFactory(); // allow webconsole keystore & related properties to be set in brooklyn.properties String ksUrl = getKeystoreUrl(); String ksPassword = getConfig(keystorePassword, BrooklynWebConfig.KEYSTORE_PASSWORD); String ksCertAlias = getConfig(keystoreCertAlias, BrooklynWebConfig.KEYSTORE_CERTIFICATE_ALIAS); String trProtos = getConfig(transportProtocols, BrooklynWebConfig.TRANSPORT_PROTOCOLS); String trCiphers = getConfig(transportCiphers, BrooklynWebConfig.TRANSPORT_CIPHERS); if (ksUrl!=null) { sslContextFactory.setKeyStorePath(getLocalKeyStorePath(ksUrl)); if (Strings.isEmpty(ksPassword)) throw new IllegalArgumentException("Keystore password is required and non-empty if keystore is specified."); sslContextFactory.setKeyStorePassword(ksPassword); if (Strings.isNonEmpty(ksCertAlias)) sslContextFactory.setCertAlias(ksCertAlias); } else { log.info("No keystore specified but https enabled; creating a default keystore"); if (Strings.isEmpty(ksCertAlias)) ksCertAlias = "web-console"; // if password is blank the process will block and read from stdin ! if (Strings.isEmpty(ksPassword)) { ksPassword = Identifiers.makeRandomId(8); log.debug("created random password "+ksPassword+" for ad hoc internal keystore"); } KeyStore ks = SecureKeys.newKeyStore(); KeyPair key = SecureKeys.newKeyPair(); X509Certificate cert = new FluentKeySigner("brooklyn").newCertificateFor("web-console", key); ks.setKeyEntry(ksCertAlias, key.getPrivate(), ksPassword.toCharArray(), new Certificate[] { cert }); sslContextFactory.setKeyStore(ks); sslContextFactory.setKeyStorePassword(ksPassword); sslContextFactory.setCertAlias(ksCertAlias); } if (!Strings.isEmpty(truststorePath)) { sslContextFactory.setTrustStorePath(checkFileExists(truststorePath, "truststore")); sslContextFactory.setTrustStorePassword(trustStorePassword); } if (Strings.isNonBlank(trProtos)) { sslContextFactory.setIncludeProtocols(parseArray(trProtos)); } if (Strings.isNonBlank(trCiphers)) { sslContextFactory.setIncludeCipherSuites(parseArray(trCiphers)); } return sslContextFactory; }
Example 19
Source File: JettyServer.java From localization_nifi with Apache License 2.0 | 4 votes |
protected static void configureSslContextFactory(SslContextFactory contextFactory, NiFiProperties props) { // require client auth when not supporting login, Kerberos service, or anonymous access if (props.isClientAuthRequiredForRestApi()) { contextFactory.setNeedClientAuth(true); } else { contextFactory.setWantClientAuth(true); } /* below code sets JSSE system properties when values are provided */ // keystore properties if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_KEYSTORE))) { contextFactory.setKeyStorePath(props.getProperty(NiFiProperties.SECURITY_KEYSTORE)); } String keyStoreType = props.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE); if (StringUtils.isNotBlank(keyStoreType)) { contextFactory.setKeyStoreType(keyStoreType); String keyStoreProvider = KeyStoreUtils.getKeyStoreProvider(keyStoreType); if (StringUtils.isNoneEmpty(keyStoreProvider)) { contextFactory.setKeyStoreProvider(keyStoreProvider); } } final String keystorePassword = props.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD); final String keyPassword = props.getProperty(NiFiProperties.SECURITY_KEY_PASSWD); if (StringUtils.isNotBlank(keystorePassword)) { // if no key password was provided, then assume the keystore password is the same as the key password. final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword; contextFactory.setKeyStorePassword(keystorePassword); contextFactory.setKeyManagerPassword(defaultKeyPassword); } else if (StringUtils.isNotBlank(keyPassword)) { // since no keystore password was provided, there will be no keystore integrity check contextFactory.setKeyManagerPassword(keyPassword); } // truststore properties if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE))) { contextFactory.setTrustStorePath(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE)); } String trustStoreType = props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE); if (StringUtils.isNotBlank(trustStoreType)) { contextFactory.setTrustStoreType(trustStoreType); String trustStoreProvider = KeyStoreUtils.getKeyStoreProvider(trustStoreType); if (StringUtils.isNoneEmpty(trustStoreProvider)) { contextFactory.setTrustStoreProvider(trustStoreProvider); } } if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD))) { contextFactory.setTrustStorePassword(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD)); } }
Example 20
Source File: JettyServerWrapper.java From cougar with Apache License 2.0 | 4 votes |
public void initialiseConnectors() throws Exception { threadPool = new QueuedThreadPool(); threadPool.setMaxThreads(maxThreads); threadPool.setMinThreads(minThreads); threadPool.setName("JettyThread"); jettyServer = new Server(threadPool); jettyServer.setStopAtShutdown(true); MBeanContainer container = new MBeanContainer(mbeanServer); jettyServer.addBean(container); LowResourceMonitor lowResourcesMonitor = new LowResourceMonitor(jettyServer); lowResourcesMonitor.setPeriod(lowResourcesPeriod); lowResourcesMonitor.setLowResourcesIdleTimeout(lowResourcesIdleTime); lowResourcesMonitor.setMonitorThreads(lowResourcesMonitorThreads); lowResourcesMonitor.setMaxConnections(lowResourcesMaxConnections); lowResourcesMonitor.setMaxMemory(lowResourcesMaxMemory); lowResourcesMonitor.setMaxLowResourcesTime(lowResourcesMaxTime); jettyServer.addBean(lowResourcesMonitor); // US24803 - Needed for preventing Hashtable key collision DoS CVE-2012-2739 jettyServer.setAttribute("org.eclipse.jetty.server.Request.maxFormContentSize", maxFormContentSize); List<Connector> connectors = new ArrayList<Connector>(); if (httpPort != -1) { httpConfiguration = createHttpConfiguration(); setBufferSizes(httpConfiguration); if (httpForwarded) { httpConfiguration.addCustomizer(new ForwardedRequestCustomizer()); } httpConnector = createHttpConnector(jettyServer, httpConfiguration, httpAcceptors, httpSelectors); httpConnector.setPort(httpPort); httpConnector.setReuseAddress(httpReuseAddress); httpConnector.setIdleTimeout(httpMaxIdle); httpConnector.setAcceptQueueSize(httpAcceptQueueSize); httpConnector.addBean(new ConnectorStatistics()); connectors.add(httpConnector); } if (httpsPort != -1) { SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(httpsKeystore.getFile().getCanonicalPath()); sslContextFactory.setKeyStoreType(httpsKeystoreType); sslContextFactory.setKeyStorePassword(httpsKeyPassword); if (StringUtils.isNotBlank(httpsCertAlias)) { sslContextFactory.setCertAlias(httpsCertAlias); } sslContextFactory.setKeyManagerPassword(httpsKeyPassword); // if you need it then you defo want it sslContextFactory.setWantClientAuth(httpsNeedClientAuth || httpsWantClientAuth); sslContextFactory.setNeedClientAuth(httpsNeedClientAuth); sslContextFactory.setRenegotiationAllowed(httpsAllowRenegotiate); httpsConfiguration = createHttpConfiguration(); setBufferSizes(httpsConfiguration); if (httpsForwarded) { httpsConfiguration.addCustomizer(new ForwardedRequestCustomizer()); } httpsConnector = createHttpsConnector(jettyServer, httpsConfiguration, httpsAcceptors, httpsSelectors, sslContextFactory); httpsConnector.setPort(httpsPort); httpsConnector.setReuseAddress(httpsReuseAddress); httpsConnector.setIdleTimeout(httpsMaxIdle); httpsConnector.setAcceptQueueSize(httpsAcceptQueueSize); httpsConnector.addBean(new ConnectorStatistics()); mbeanServer.registerMBean(getKeystoreCertificateChains(), new ObjectName("CoUGAR.https:name=keyStore")); // truststore is not required if we don't want client auth if (httpsWantClientAuth) { sslContextFactory.setTrustStorePath(httpsTruststore.getFile().getCanonicalPath()); sslContextFactory.setTrustStoreType(httpsTruststoreType); sslContextFactory.setTrustStorePassword(httpsTrustPassword); mbeanServer.registerMBean(getTruststoreCertificateChains(), new ObjectName("CoUGAR.https:name=trustStore")); } connectors.add(httpsConnector); } if (connectors.size() == 0) { throw new IllegalStateException("HTTP transport requires at least one port enabled to function correctly."); } jettyServer.setConnectors(connectors.toArray(new Connector[connectors.size()])); }