Java Code Examples for org.eclipse.jetty.util.ssl.SslContextFactory#start()

The following examples show how to use org.eclipse.jetty.util.ssl.SslContextFactory#start() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AggregatorApplication.java    From ambari-metrics with Apache License 2.0 6 votes vote down vote up
protected HttpServer createHttpServer() throws Exception {
  ResourceConfig resourceConfig = new PackagesResourceConfig("org.apache.hadoop.metrics2.host.aggregator");
  HashMap<String, Object> params = new HashMap();
  params.put("com.sun.jersey.api.json.POJOMappingFeature", "true");
  resourceConfig.setPropertiesAndFeatures(params);
  HttpServer server = HttpServerFactory.create(getURI(), resourceConfig);

  if (webServerProtocol.equalsIgnoreCase("https")) {
    HttpsServer httpsServer = (HttpsServer) server;
    SslContextFactory sslContextFactory = new SslContextFactory();
    String keyStorePath = configuration.get("ssl.server.keystore.location");
    String keyStorePassword = configuration.get("ssl.server.keystore.password");
    String keyManagerPassword = configuration.get("ssl.server.keystore.keypassword");
    String trustStorePath = configuration.get("ssl.server.truststore.location");
    String trustStorePassword = configuration.get("ssl.server.truststore.password");

    sslContextFactory.setKeyStorePath(keyStorePath);
    sslContextFactory.setKeyStorePassword(keyStorePassword);
    sslContextFactory.setKeyManagerPassword(keyManagerPassword);
    sslContextFactory.setTrustStorePath(trustStorePath);
    sslContextFactory.setTrustStorePassword(trustStorePassword);

    sslContextFactory.start();
    SSLContext sslContext = sslContextFactory.getSslContext();
    sslContextFactory.stop();
    HttpsConfigurator httpsConfigurator = new HttpsConfigurator(sslContext);
    httpsServer.setHttpsConfigurator(httpsConfigurator);
    server = httpsServer;
  }
  return server;
}
 
Example 2
Source File: C2Properties.java    From nifi-minifi with Apache License 2.0 6 votes vote down vote up
public SslContextFactory getSslContextFactory() throws GeneralSecurityException, IOException {
    SslContextFactory sslContextFactory = new SslContextFactory();
    KeyStore keyStore = KeyStore.getInstance(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE_TYPE));
    Path keyStorePath = Paths.get(C2_SERVER_HOME).resolve(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE)).toAbsolutePath();
    logger.debug("keystore path: " + keyStorePath);
    try (InputStream inputStream = Files.newInputStream(keyStorePath)) {
        keyStore.load(inputStream, properties.getProperty(MINIFI_C2_SERVER_KEYSTORE_PASSWD).toCharArray());
    }
    sslContextFactory.setKeyStore(keyStore);
    sslContextFactory.setKeyManagerPassword(properties.getProperty(MINIFI_C2_SERVER_KEY_PASSWD));
    sslContextFactory.setWantClientAuth(true);

    String trustStorePath = Paths.get(C2_SERVER_HOME).resolve(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE)).toAbsolutePath().toFile().getAbsolutePath();
    logger.debug("truststore path: " + trustStorePath);
    sslContextFactory.setTrustStorePath(trustStorePath);
    sslContextFactory.setTrustStoreType(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE_TYPE));
    sslContextFactory.setTrustStorePassword(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE_PASSWD));
    try {
        sslContextFactory.start();
    } catch (Exception e) {
        throw new IOException(e);
    }
    return sslContextFactory;
}
 
Example 3
Source File: SSLUtils.java    From kop with Apache License 2.0 5 votes vote down vote up
/**
 * Create SSL engine used in KafkaChannelInitializer.
 */
public static SSLEngine createSslEngine(SslContextFactory sslContextFactory) throws Exception {
    sslContextFactory.start();
    SSLEngine engine  = sslContextFactory.newSSLEngine();
    engine.setUseClientMode(false);

    return engine;
}
 
Example 4
Source File: JettySSLServiceTest.java    From knox with Apache License 2.0 5 votes vote down vote up
@Test(expected = UnrecoverableKeyException.class)
public void TestBuildSslContextFactoryOnlyIdentityKeystoreNullKeyPassword() throws Exception {
  String basedir = System.getProperty("basedir");
  if (basedir == null) {
    basedir = new File(".").getCanonicalPath();
  }

  Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
  String identityKeystoreType = "jks";
  String identityKeyAlias = "server";
  Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
  String truststoreType = "jks";
  String truststorePasswordAlias = "trust_store_password";

  GatewayConfig config = createGatewayConfig(false, false, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);

  AliasService aliasService = createMock(AliasService.class);
  expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(null).atLeastOnce();
  expect(aliasService.getGatewayIdentityPassphrase()).andReturn(null).atLeastOnce();

  KeystoreService keystoreService = createMock(KeystoreService.class);

  replay(config, aliasService, keystoreService);

  JettySSLService sslService = new JettySSLService();
  sslService.setAliasService(aliasService);
  sslService.setKeystoreService(keystoreService);

  Object result = sslService.buildSslContextFactory(config);
  assertNotNull(result);
  assertTrue(result instanceof SslContextFactory);

  SslContextFactory sslContextFactory = (SslContextFactory) result;
  sslContextFactory.start();

  fail("UnrecoverableKeyException should have been thrown");
}
 
Example 5
Source File: JettySSLServiceTest.java    From knox with Apache License 2.0 5 votes vote down vote up
@Test(expected = UnrecoverableKeyException.class)
public void TestBuildSslContextFactoryExplicitTrustStoreNullPasswords() throws Exception {
  String basedir = System.getProperty("basedir");
  if (basedir == null) {
    basedir = new File(".").getCanonicalPath();
  }

  Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
  String identityKeystoreType = "jks";
  String identityKeyAlias = "server";
  Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
  String truststoreType = "jks";
  String truststorePasswordAlias = "trust_store_password";

  GatewayConfig config = createGatewayConfig(true, true, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);

  AliasService aliasService = createMock(AliasService.class);
  expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(null).atLeastOnce();
  expect(aliasService.getGatewayIdentityPassphrase()).andReturn(null).atLeastOnce();
  expect(aliasService.getPasswordFromAliasForGateway(eq(truststorePasswordAlias))).andReturn(null).atLeastOnce();

  KeystoreService keystoreService = createMock(KeystoreService.class);

  replay(config, aliasService, keystoreService);

  JettySSLService sslService = new JettySSLService();
  sslService.setAliasService(aliasService);
  sslService.setKeystoreService(keystoreService);

  Object result = sslService.buildSslContextFactory(config);
  assertNotNull(result);
  assertTrue(result instanceof SslContextFactory);

  SslContextFactory sslContextFactory = (SslContextFactory) result;
  sslContextFactory.start();

  fail("UnrecoverableKeyException should have been thrown");
}
 
Example 6
Source File: JettySSLServiceTest.java    From knox with Apache License 2.0 4 votes vote down vote up
@Test
public void TestBuildSslContextFactoryOnlyIdentityKeystore() throws Exception {
  String basedir = System.getProperty("basedir");
  if (basedir == null) {
    basedir = new File(".").getCanonicalPath();
  }

  Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
  String identityKeystoreType = "jks";
  char[] identityKeystorePassword = "horton".toCharArray();
  char[] identityKeyPassphrase = "horton".toCharArray();
  String identityKeyAlias = "server";
  Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
  String truststoreType = "jks";
  String truststorePasswordAlias = "trust_store_password";

  GatewayConfig config = createGatewayConfig(false, false, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);

  AliasService aliasService = createMock(AliasService.class);
  expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(identityKeystorePassword).atLeastOnce();
  expect(aliasService.getGatewayIdentityPassphrase()).andReturn(identityKeyPassphrase).atLeastOnce();

  KeystoreService keystoreService = createMock(KeystoreService.class);

  replay(config, aliasService, keystoreService);

  JettySSLService sslService = new JettySSLService();
  sslService.setAliasService(aliasService);
  sslService.setKeystoreService(keystoreService);

  Object result = sslService.buildSslContextFactory(config);
  assertNotNull(result);
  assertTrue(result instanceof SslContextFactory);

  SslContextFactory sslContextFactory = (SslContextFactory) result;
  sslContextFactory.start();

  assertEquals(identityKeystorePath.toUri().toString(), sslContextFactory.getKeyStorePath());
  assertEquals(identityKeystoreType, sslContextFactory.getKeyStoreType());
  assertNotNull(sslContextFactory.getKeyStore());

  assertNull(sslContextFactory.getTrustStorePath());
  assertNull(sslContextFactory.getTrustStoreType());

  // If the truststore is not set, by default the identity keystore is used by Jetty.
  assertEquals(sslContextFactory.getKeyStore().size(), sslContextFactory.getTrustStore().size());
  assertTrue(sslContextFactory.getTrustStore().containsAlias(identityKeyAlias));

  verify(config, aliasService, keystoreService);
}
 
Example 7
Source File: JettySSLServiceTest.java    From knox with Apache License 2.0 4 votes vote down vote up
@Test
public void TestBuildSslContextFactoryOnlyIdentityKeystoreNullKeystorePassword() throws Exception {
  String basedir = System.getProperty("basedir");
  if (basedir == null) {
    basedir = new File(".").getCanonicalPath();
  }

  Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
  String identityKeystoreType = "jks";
  char[] identityKeyPassphrase = "horton".toCharArray();
  String identityKeyAlias = "server";
  Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
  String truststoreType = "jks";
  String truststorePasswordAlias = "trust_store_password";

  GatewayConfig config = createGatewayConfig(false, false, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);

  AliasService aliasService = createMock(AliasService.class);
  expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(null).atLeastOnce();
  expect(aliasService.getGatewayIdentityPassphrase()).andReturn(identityKeyPassphrase).atLeastOnce();

  KeystoreService keystoreService = createMock(KeystoreService.class);

  replay(config, aliasService, keystoreService);

  JettySSLService sslService = new JettySSLService();
  sslService.setAliasService(aliasService);
  sslService.setKeystoreService(keystoreService);

  Object result = sslService.buildSslContextFactory(config);
  assertNotNull(result);
  assertTrue(result instanceof SslContextFactory);

  SslContextFactory sslContextFactory = (SslContextFactory) result;
  sslContextFactory.start();

  assertEquals(identityKeystorePath.toUri().toString(), sslContextFactory.getKeyStorePath());
  assertEquals(identityKeystoreType, sslContextFactory.getKeyStoreType());
  assertNotNull(sslContextFactory.getKeyStore());

  assertNull(sslContextFactory.getTrustStorePath());
  assertNull(sslContextFactory.getTrustStoreType());

  // If the truststore is not set, by default the identity keystore is used by Jetty.
  assertEquals(sslContextFactory.getKeyStore().size(), sslContextFactory.getTrustStore().size());
  assertTrue(sslContextFactory.getTrustStore().containsAlias(identityKeyAlias));

  verify(config, aliasService, keystoreService);

  // Note: The key password is used if the keystore password is not set; and vice versa
}
 
Example 8
Source File: JettySSLServiceTest.java    From knox with Apache License 2.0 4 votes vote down vote up
@Test
public void TestBuildSslContextFactoryImplicitTrustStore() throws Exception {
  String basedir = System.getProperty("basedir");
  if (basedir == null) {
    basedir = new File(".").getCanonicalPath();
  }

  Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
  String identityKeystoreType = "jks";
  char[] identityKeystorePassword = "horton".toCharArray();
  char[] identityKeyPassphrase = "horton".toCharArray();
  String identityKeyAlias = "server";
  Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
  String truststoreType = "jks";
  String truststorePasswordAlias = "trust_store_password";

  GatewayConfig config = createGatewayConfig(true, false, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);

  AliasService aliasService = createMock(AliasService.class);
  expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(identityKeystorePassword).atLeastOnce();
  expect(aliasService.getGatewayIdentityPassphrase()).andReturn(identityKeyPassphrase).atLeastOnce();

  KeystoreService keystoreService = createMock(KeystoreService.class);

  replay(config, aliasService, keystoreService);

  JettySSLService sslService = new JettySSLService();
  sslService.setAliasService(aliasService);
  sslService.setKeystoreService(keystoreService);

  Object result = sslService.buildSslContextFactory(config);
  assertNotNull(result);
  assertTrue(result instanceof SslContextFactory);

  SslContextFactory sslContextFactory = (SslContextFactory) result;
  sslContextFactory.start();

  assertEquals(identityKeystorePath.toUri().toString(), sslContextFactory.getKeyStorePath());
  assertEquals(identityKeystoreType, sslContextFactory.getKeyStoreType());
  assertNotNull(sslContextFactory.getKeyStore());

  assertEquals(identityKeystorePath.toUri().toString(), sslContextFactory.getTrustStorePath());
  assertEquals(identityKeystoreType, sslContextFactory.getTrustStoreType());

  // The truststore is expected to be the same as the identity keystore
  assertEquals(sslContextFactory.getKeyStore().size(), sslContextFactory.getTrustStore().size());
  assertTrue(sslContextFactory.getTrustStore().containsAlias(identityKeyAlias));

  verify(config, aliasService, keystoreService);
}
 
Example 9
Source File: JettySSLServiceTest.java    From knox with Apache License 2.0 4 votes vote down vote up
@Test
public void TestBuildSslContextFactoryExplicitTrustStore() throws Exception {
  String basedir = System.getProperty("basedir");
  if (basedir == null) {
    basedir = new File(".").getCanonicalPath();
  }

  Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
  String identityKeystoreType = "jks";
  char[] identityKeystorePassword = "horton".toCharArray();
  char[] identityKeyPassphrase = "horton".toCharArray();
  String identityKeyAlias = "server";
  Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
  String truststoreType = "jks";
  char[] truststorePassword = "horton".toCharArray();
  String truststorePasswordAlias = "trust_store_password";

  GatewayConfig config = createGatewayConfig(true, true, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);

  AliasService aliasService = createMock(AliasService.class);
  expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(identityKeystorePassword).atLeastOnce();
  expect(aliasService.getGatewayIdentityPassphrase()).andReturn(identityKeyPassphrase).atLeastOnce();
  expect(aliasService.getPasswordFromAliasForGateway(eq(truststorePasswordAlias))).andReturn(truststorePassword).atLeastOnce();

  KeystoreService keystoreService = createMock(KeystoreService.class);

  replay(config, aliasService, keystoreService);

  JettySSLService sslService = new JettySSLService();
  sslService.setAliasService(aliasService);
  sslService.setKeystoreService(keystoreService);

  Object result = sslService.buildSslContextFactory(config);
  assertNotNull(result);
  assertTrue(result instanceof SslContextFactory);

  SslContextFactory sslContextFactory = (SslContextFactory) result;
  sslContextFactory.start();

  assertEquals(identityKeystorePath.toUri().toString(), sslContextFactory.getKeyStorePath());
  assertEquals(identityKeystoreType, sslContextFactory.getKeyStoreType());
  assertNotNull(sslContextFactory.getKeyStore());

  assertEquals(truststorePath.toUri().toString(), sslContextFactory.getTrustStorePath());
  assertEquals(truststoreType, sslContextFactory.getTrustStoreType());
  assertNotNull(sslContextFactory.getTrustStore());

  // The truststore is expected to be different than the identity keystore
  assertTrue(sslContextFactory.getKeyStore().containsAlias(identityKeyAlias));
  assertFalse(sslContextFactory.getTrustStore().containsAlias(identityKeyAlias));

  verify(config, aliasService, keystoreService);
}
 
Example 10
Source File: JettySSLServiceTest.java    From knox with Apache License 2.0 4 votes vote down vote up
@Test
public void TestBuildSslContextFactoryExplicitTrustStoreNullPassword() throws Exception {
  String basedir = System.getProperty("basedir");
  if (basedir == null) {
    basedir = new File(".").getCanonicalPath();
  }

  Path identityKeystorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-keystore.jks");
  String identityKeystoreType = "jks";
  char[] identityKeystorePassword = "horton".toCharArray();
  char[] identityKeyPassphrase = "horton".toCharArray();
  String identityKeyAlias = "server";
  Path truststorePath = Paths.get(basedir, "target", "test-classes", "keystores", "server-truststore.jks");
  String truststoreType = "jks";
  String truststorePasswordAlias = "trust_store_password";

  GatewayConfig config = createGatewayConfig(true, true, identityKeystorePath, identityKeystoreType, identityKeyAlias, truststorePath, truststoreType, truststorePasswordAlias);

  AliasService aliasService = createMock(AliasService.class);
  expect(aliasService.getGatewayIdentityKeystorePassword()).andReturn(identityKeystorePassword).atLeastOnce();
  expect(aliasService.getGatewayIdentityPassphrase()).andReturn(identityKeyPassphrase).atLeastOnce();
  expect(aliasService.getPasswordFromAliasForGateway(eq(truststorePasswordAlias))).andReturn(null).atLeastOnce();

  KeystoreService keystoreService = createMock(KeystoreService.class);

  replay(config, aliasService, keystoreService);

  JettySSLService sslService = new JettySSLService();
  sslService.setAliasService(aliasService);
  sslService.setKeystoreService(keystoreService);

  Object result = sslService.buildSslContextFactory(config);
  assertNotNull(result);
  assertTrue(result instanceof SslContextFactory);

  SslContextFactory sslContextFactory = (SslContextFactory) result;
  sslContextFactory.start();

  assertEquals(identityKeystorePath.toUri().toString(), sslContextFactory.getKeyStorePath());
  assertEquals(identityKeystoreType, sslContextFactory.getKeyStoreType());
  assertNotNull(sslContextFactory.getKeyStore());

  assertEquals(truststorePath.toUri().toString(), sslContextFactory.getTrustStorePath());
  assertEquals(truststoreType, sslContextFactory.getTrustStoreType());
  assertNotNull(sslContextFactory.getTrustStore());

  // The truststore is expected to be different than the identity keystore
  assertTrue(sslContextFactory.getKeyStore().containsAlias(identityKeyAlias));
  assertFalse(sslContextFactory.getTrustStore().containsAlias(identityKeyAlias));

  verify(config, aliasService, keystoreService);

  // Note: The keystore password is used if the truststore password is not set
}