use of org.eclipse.jetty.server.HttpConnectionFactory in project drill by apache.
the class WebServer method createHttpsConnector.
/**
* Create an HTTPS connector for given jetty server instance. If the admin has specified keystore/truststore settings
* they will be used else a self-signed certificate is generated and used.
*
* @return Initialized {@link ServerConnector} for HTTPS connectios.
* @throws Exception
*/
private ServerConnector createHttpsConnector() throws Exception {
logger.info("Setting up HTTPS connector for web server");
final SslContextFactory sslContextFactory = new SslContextFactory();
if (config.hasPath(ExecConstants.HTTP_KEYSTORE_PATH) && !Strings.isNullOrEmpty(config.getString(ExecConstants.HTTP_KEYSTORE_PATH))) {
logger.info("Using configured SSL settings for web server");
sslContextFactory.setKeyStorePath(config.getString(ExecConstants.HTTP_KEYSTORE_PATH));
sslContextFactory.setKeyStorePassword(config.getString(ExecConstants.HTTP_KEYSTORE_PASSWORD));
// TrustStore and TrustStore password are optional
if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PATH)) {
sslContextFactory.setTrustStorePath(config.getString(ExecConstants.HTTP_TRUSTSTORE_PATH));
if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PASSWORD)) {
sslContextFactory.setTrustStorePassword(config.getString(ExecConstants.HTTP_TRUSTSTORE_PASSWORD));
}
}
} else {
logger.info("Using generated self-signed SSL settings for web server");
final SecureRandom random = new SecureRandom();
// Generate a private-public key pair
final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024, random);
final KeyPair keyPair = keyPairGenerator.generateKeyPair();
final DateTime now = DateTime.now();
// Create builder for certificate attributes
final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, workManager.getContext().getEndpoint().getAddress());
final Date notBefore = now.minusMinutes(1).toDate();
final Date notAfter = now.plusYears(5).toDate();
final BigInteger serialNumber = new BigInteger(128, random);
// Create a certificate valid for 5years from now.
final X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(// attributes
nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic());
// Sign the certificate using the private key
final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
// Check the validity
certificate.checkValidity(now.toDate());
// Make sure the certificate is self-signed.
certificate.verify(certificate.getPublicKey());
// Generate a random password for keystore protection
final String keyStorePasswd = RandomStringUtils.random(20);
final KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
keyStore.setKeyEntry("DrillAutoGeneratedCert", keyPair.getPrivate(), keyStorePasswd.toCharArray(), new java.security.cert.Certificate[] { certificate });
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyStorePassword(keyStorePasswd);
}
final HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
final ServerConnector sslConnector = new ServerConnector(embeddedJetty, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(config.getInt(ExecConstants.HTTP_PORT));
return sslConnector;
}
use of org.eclipse.jetty.server.HttpConnectionFactory in project drill by apache.
the class WebServer method createHttpConnector.
/**
* Create HTTP connector.
* @return Initialized {@link ServerConnector} instance for HTTP connections.
* @throws Exception
*/
private ServerConnector createHttpConnector() throws Exception {
logger.info("Setting up HTTP connector for web server");
final HttpConfiguration httpConfig = new HttpConfiguration();
final ServerConnector httpConnector = new ServerConnector(embeddedJetty, new HttpConnectionFactory(httpConfig));
httpConnector.setPort(config.getInt(ExecConstants.HTTP_PORT));
return httpConnector;
}
use of org.eclipse.jetty.server.HttpConnectionFactory in project geode by apache.
the class JettyHelper method initJetty.
public static Server initJetty(final String bindAddress, final int port, SSLConfig sslConfig) {
final Server jettyServer = new Server();
// Add a handler collection here, so that each new context adds itself
// to this collection.
jettyServer.setHandler(new HandlerCollection());
ServerConnector connector = null;
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme(HTTPS);
httpConfig.setSecurePort(port);
if (sslConfig.isEnabled()) {
SslContextFactory sslContextFactory = new SslContextFactory();
if (StringUtils.isNotBlank(sslConfig.getAlias())) {
sslContextFactory.setCertAlias(sslConfig.getAlias());
}
sslContextFactory.setNeedClientAuth(sslConfig.isRequireAuth());
if (StringUtils.isNotBlank(sslConfig.getCiphers()) && !"any".equalsIgnoreCase(sslConfig.getCiphers())) {
// If use has mentioned "any" let the SSL layer decide on the ciphers
sslContextFactory.setIncludeCipherSuites(SSLUtil.readArray(sslConfig.getCiphers()));
}
String protocol = SSLUtil.getSSLAlgo(SSLUtil.readArray(sslConfig.getProtocols()));
if (protocol != null) {
sslContextFactory.setProtocol(protocol);
} else {
logger.warn(ManagementStrings.SSL_PROTOCOAL_COULD_NOT_BE_DETERMINED);
}
if (StringUtils.isBlank(sslConfig.getKeystore())) {
throw new GemFireConfigException("Key store can't be empty if SSL is enabled for HttpService");
}
sslContextFactory.setKeyStorePath(sslConfig.getKeystore());
if (StringUtils.isNotBlank(sslConfig.getKeystoreType())) {
sslContextFactory.setKeyStoreType(sslConfig.getKeystoreType());
}
if (StringUtils.isNotBlank(sslConfig.getKeystorePassword())) {
sslContextFactory.setKeyStorePassword(sslConfig.getKeystorePassword());
}
if (StringUtils.isNotBlank(sslConfig.getTruststore())) {
sslContextFactory.setTrustStorePath(sslConfig.getTruststore());
}
if (StringUtils.isNotBlank(sslConfig.getTruststorePassword())) {
sslContextFactory.setTrustStorePassword(sslConfig.getTruststorePassword());
}
httpConfig.addCustomizer(new SecureRequestCustomizer());
// Somehow With HTTP_2.0 Jetty throwing NPE. Need to investigate further whether all GemFire
// web application(Pulse, REST) can do with HTTP_1.1
connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfig));
connector.setPort(port);
} else {
connector = new ServerConnector(jettyServer, new HttpConnectionFactory(httpConfig));
connector.setPort(port);
}
jettyServer.setConnectors(new Connector[] { connector });
if (StringUtils.isNotBlank(bindAddress)) {
connector.setHost(bindAddress);
}
if (bindAddress != null && !bindAddress.isEmpty()) {
JettyHelper.bindAddress = bindAddress;
}
JettyHelper.port = port;
return jettyServer;
}
use of org.eclipse.jetty.server.HttpConnectionFactory in project incubator-atlas by apache.
the class SecureEmbeddedServer method getConnector.
protected Connector getConnector(int port) throws IOException {
org.apache.commons.configuration.Configuration config = getConfiguration();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(config.getString(KEYSTORE_FILE_KEY, System.getProperty(KEYSTORE_FILE_KEY, DEFAULT_KEYSTORE_FILE_LOCATION)));
sslContextFactory.setKeyStorePassword(getPassword(config, KEYSTORE_PASSWORD_KEY));
sslContextFactory.setKeyManagerPassword(getPassword(config, SERVER_CERT_PASSWORD_KEY));
sslContextFactory.setTrustStorePath(config.getString(TRUSTSTORE_FILE_KEY, System.getProperty(TRUSTSTORE_FILE_KEY, DEFATULT_TRUSTORE_FILE_LOCATION)));
sslContextFactory.setTrustStorePassword(getPassword(config, TRUSTSTORE_PASSWORD_KEY));
sslContextFactory.setWantClientAuth(config.getBoolean(CLIENT_AUTH_KEY, Boolean.getBoolean(CLIENT_AUTH_KEY)));
List<Object> cipherList = config.getList(ATLAS_SSL_EXCLUDE_CIPHER_SUITES, DEFAULT_CIPHER_SUITES);
sslContextFactory.setExcludeCipherSuites(cipherList.toArray(new String[cipherList.size()]));
sslContextFactory.setRenegotiationAllowed(false);
String[] excludedProtocols = config.containsKey(ATLAS_SSL_EXCLUDE_PROTOCOLS) ? config.getStringArray(ATLAS_SSL_EXCLUDE_PROTOCOLS) : DEFAULT_EXCLUDE_PROTOCOLS;
if (excludedProtocols != null && excludedProtocols.length > 0) {
sslContextFactory.addExcludeProtocols(excludedProtocols);
}
// SSL HTTP Configuration
// HTTP Configuration
HttpConfiguration http_config = new HttpConfiguration();
http_config.setSecureScheme("https");
final int bufferSize = AtlasConfiguration.WEBSERVER_REQUEST_BUFFER_SIZE.getInt();
http_config.setSecurePort(port);
http_config.setRequestHeaderSize(bufferSize);
http_config.setResponseHeaderSize(bufferSize);
http_config.setSendServerVersion(true);
http_config.setSendDateHeader(false);
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config));
sslConnector.setPort(port);
server.addConnector(sslConnector);
return sslConnector;
}
use of org.eclipse.jetty.server.HttpConnectionFactory in project incubator-atlas by apache.
the class EmbeddedServer method getConnector.
protected Connector getConnector(int port) throws IOException {
HttpConfiguration http_config = new HttpConfiguration();
// this is to enable large header sizes when Kerberos is enabled with AD
final int bufferSize = AtlasConfiguration.WEBSERVER_REQUEST_BUFFER_SIZE.getInt();
;
http_config.setResponseHeaderSize(bufferSize);
http_config.setRequestHeaderSize(bufferSize);
ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(http_config));
connector.setPort(port);
connector.setHost("0.0.0.0");
return connector;
}
Aggregations