use of org.apache.storm.daemon.common.ReloadableSslContextFactory in project storm by apache.
the class UIHelpers method mkSslConnector.
private static ServerConnector mkSslConnector(Server server, Integer port, String ksPath, String ksPassword, String ksType, String keyPassword, String tsPath, String tsPassword, String tsType, Boolean needClientAuth, Boolean wantClientAuth, Integer headerBufferSize, boolean enableSslReload) {
SslContextFactory factory = new ReloadableSslContextFactory(enableSslReload);
factory.setExcludeCipherSuites("SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_SHA");
factory.setExcludeProtocols("SSLv3");
factory.setRenegotiationAllowed(false);
factory.setKeyStorePath(ksPath);
factory.setKeyStoreType(ksType);
factory.setKeyStorePassword(ksPassword);
factory.setKeyManagerPassword(keyPassword);
if (tsPath != null && tsPassword != null && tsType != null) {
factory.setTrustStorePath(tsPath);
factory.setTrustStoreType(tsType);
factory.setTrustStorePassword(tsPassword);
}
if (needClientAuth != null && needClientAuth) {
factory.setNeedClientAuth(true);
} else if (wantClientAuth != null && wantClientAuth) {
factory.setWantClientAuth(true);
}
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
if (null != headerBufferSize) {
httpsConfig.setRequestHeaderSize(headerBufferSize);
}
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(factory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(port);
return sslConnector;
}
Aggregations