Search in sources :

Example 56 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project gocd by gocd.

the class FakeGoServer method sslConnector.

public Connector sslConnector(File keystore, File truststore, int sslPort) {
    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.setOutputBufferSize(RESPONSE_BUFFER_SIZE);
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
    sslContextFactory.setKeyStorePassword(PASSWORD);
    sslContextFactory.setKeyManagerPassword(PASSWORD);
    sslContextFactory.setTrustStorePath(truststore.getAbsolutePath());
    sslContextFactory.setTrustStorePassword(PASSWORD);
    sslContextFactory.setWantClientAuth(true);
    ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig));
    https.setPort(sslPort);
    https.setIdleTimeout(MAX_IDLE_TIME);
    return https;
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)

Example 57 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project spring-boot by spring-projects.

the class JettyServletWebServerFactory method createSslConnector.

private AbstractConnector createSslConnector(Server server, SslContextFactory sslContextFactory, int port) {
    HttpConfiguration config = new HttpConfiguration();
    config.setSendServerVersion(false);
    config.addCustomizer(new SecureRequestCustomizer());
    HttpConnectionFactory connectionFactory = new HttpConnectionFactory(config);
    SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString());
    ServerConnector serverConnector = new ServerConnector(server, sslConnectionFactory, connectionFactory);
    serverConnector.setPort(port);
    return serverConnector;
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)

Example 58 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project voltdb by VoltDB.

the class HTTPAdminListener method getSSLServerConnector.

private ServerConnector getSSLServerConnector(SslContextFactory sslContextFactory, String intf, int port) throws IOException {
    // SSL HTTP Configuration
    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.setSecureScheme("ssl");
    httpsConfig.setSecurePort(port);
    //Add this customizer to indicate we are in ssl land
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    HttpConnectionFactory factory = new HttpConnectionFactory(httpsConfig);
    // SSL Connector
    ServerConnector connector = new ServerConnector(m_server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), factory);
    if (intf != null && !intf.trim().isEmpty()) {
        connector.setHost(intf);
    }
    connector.setPort(port);
    connector.setName("VoltDB-HTTPS");
    connector.open();
    return connector;
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)

Example 59 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project drill by apache.

the class WebServer method createHttpsConnector.

/**
   * Create an HTTPS connector for given jetty server instance. If the admin has specified keystore/truststore settings
   * they will be used else a self-signed certificate is generated and used.
   *
   * @return Initialized {@link ServerConnector} for HTTPS connectios.
   * @throws Exception
   */
private ServerConnector createHttpsConnector() throws Exception {
    logger.info("Setting up HTTPS connector for web server");
    final SslContextFactory sslContextFactory = new SslContextFactory();
    if (config.hasPath(ExecConstants.HTTP_KEYSTORE_PATH) && !Strings.isNullOrEmpty(config.getString(ExecConstants.HTTP_KEYSTORE_PATH))) {
        logger.info("Using configured SSL settings for web server");
        sslContextFactory.setKeyStorePath(config.getString(ExecConstants.HTTP_KEYSTORE_PATH));
        sslContextFactory.setKeyStorePassword(config.getString(ExecConstants.HTTP_KEYSTORE_PASSWORD));
        // TrustStore and TrustStore password are optional
        if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PATH)) {
            sslContextFactory.setTrustStorePath(config.getString(ExecConstants.HTTP_TRUSTSTORE_PATH));
            if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PASSWORD)) {
                sslContextFactory.setTrustStorePassword(config.getString(ExecConstants.HTTP_TRUSTSTORE_PASSWORD));
            }
        }
    } else {
        logger.info("Using generated self-signed SSL settings for web server");
        final SecureRandom random = new SecureRandom();
        // Generate a private-public key pair
        final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024, random);
        final KeyPair keyPair = keyPairGenerator.generateKeyPair();
        final DateTime now = DateTime.now();
        // Create builder for certificate attributes
        final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, workManager.getContext().getEndpoint().getAddress());
        final Date notBefore = now.minusMinutes(1).toDate();
        final Date notAfter = now.plusYears(5).toDate();
        final BigInteger serialNumber = new BigInteger(128, random);
        // Create a certificate valid for 5years from now.
        final X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(// attributes
        nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic());
        // Sign the certificate using the private key
        final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
        final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
        // Check the validity
        certificate.checkValidity(now.toDate());
        // Make sure the certificate is self-signed.
        certificate.verify(certificate.getPublicKey());
        // Generate a random password for keystore protection
        final String keyStorePasswd = RandomStringUtils.random(20);
        final KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        keyStore.setKeyEntry("DrillAutoGeneratedCert", keyPair.getPrivate(), keyStorePasswd.toCharArray(), new java.security.cert.Certificate[] { certificate });
        sslContextFactory.setKeyStore(keyStore);
        sslContextFactory.setKeyStorePassword(keyStorePasswd);
    }
    final HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    // SSL Connector
    final ServerConnector sslConnector = new ServerConnector(embeddedJetty, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(config.getInt(ExecConstants.HTTP_PORT));
    return sslConnector;
}
Also used : KeyPair(java.security.KeyPair) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) SecureRandom(java.security.SecureRandom) KeyPairGenerator(java.security.KeyPairGenerator) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) KeyStore(java.security.KeyStore) DateTime(org.joda.time.DateTime) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger)

Example 60 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project geode by apache.

the class JettyHelper method initJetty.

public static Server initJetty(final String bindAddress, final int port, SSLConfig sslConfig) {
    final Server jettyServer = new Server();
    // Add a handler collection here, so that each new context adds itself
    // to this collection.
    jettyServer.setHandler(new HandlerCollection());
    ServerConnector connector = null;
    HttpConfiguration httpConfig = new HttpConfiguration();
    httpConfig.setSecureScheme(HTTPS);
    httpConfig.setSecurePort(port);
    if (sslConfig.isEnabled()) {
        SslContextFactory sslContextFactory = new SslContextFactory();
        if (StringUtils.isNotBlank(sslConfig.getAlias())) {
            sslContextFactory.setCertAlias(sslConfig.getAlias());
        }
        sslContextFactory.setNeedClientAuth(sslConfig.isRequireAuth());
        if (StringUtils.isNotBlank(sslConfig.getCiphers()) && !"any".equalsIgnoreCase(sslConfig.getCiphers())) {
            // If use has mentioned "any" let the SSL layer decide on the ciphers
            sslContextFactory.setIncludeCipherSuites(SSLUtil.readArray(sslConfig.getCiphers()));
        }
        String protocol = SSLUtil.getSSLAlgo(SSLUtil.readArray(sslConfig.getProtocols()));
        if (protocol != null) {
            sslContextFactory.setProtocol(protocol);
        } else {
            logger.warn(ManagementStrings.SSL_PROTOCOAL_COULD_NOT_BE_DETERMINED);
        }
        if (StringUtils.isBlank(sslConfig.getKeystore())) {
            throw new GemFireConfigException("Key store can't be empty if SSL is enabled for HttpService");
        }
        sslContextFactory.setKeyStorePath(sslConfig.getKeystore());
        if (StringUtils.isNotBlank(sslConfig.getKeystoreType())) {
            sslContextFactory.setKeyStoreType(sslConfig.getKeystoreType());
        }
        if (StringUtils.isNotBlank(sslConfig.getKeystorePassword())) {
            sslContextFactory.setKeyStorePassword(sslConfig.getKeystorePassword());
        }
        if (StringUtils.isNotBlank(sslConfig.getTruststore())) {
            sslContextFactory.setTrustStorePath(sslConfig.getTruststore());
        }
        if (StringUtils.isNotBlank(sslConfig.getTruststorePassword())) {
            sslContextFactory.setTrustStorePassword(sslConfig.getTruststorePassword());
        }
        httpConfig.addCustomizer(new SecureRequestCustomizer());
        // Somehow With HTTP_2.0 Jetty throwing NPE. Need to investigate further whether all GemFire
        // web application(Pulse, REST) can do with HTTP_1.1
        connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfig));
        connector.setPort(port);
    } else {
        connector = new ServerConnector(jettyServer, new HttpConnectionFactory(httpConfig));
        connector.setPort(port);
    }
    jettyServer.setConnectors(new Connector[] { connector });
    if (StringUtils.isNotBlank(bindAddress)) {
        connector.setHost(bindAddress);
    }
    if (bindAddress != null && !bindAddress.isEmpty()) {
        JettyHelper.bindAddress = bindAddress;
    }
    JettyHelper.port = port;
    return jettyServer;
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) Server(org.eclipse.jetty.server.Server) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) GemFireConfigException(org.apache.geode.GemFireConfigException) HandlerCollection(org.eclipse.jetty.server.handler.HandlerCollection) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)

Aggregations

SecureRequestCustomizer (org.eclipse.jetty.server.SecureRequestCustomizer)91 HttpConfiguration (org.eclipse.jetty.server.HttpConfiguration)89 ServerConnector (org.eclipse.jetty.server.ServerConnector)87 HttpConnectionFactory (org.eclipse.jetty.server.HttpConnectionFactory)85 SslConnectionFactory (org.eclipse.jetty.server.SslConnectionFactory)82 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)74 Server (org.eclipse.jetty.server.Server)50 ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)16 QueuedThreadPool (org.eclipse.jetty.util.thread.QueuedThreadPool)16 ServletHolder (org.eclipse.jetty.servlet.ServletHolder)13 File (java.io.File)12 IOException (java.io.IOException)12 MBeanContainer (org.eclipse.jetty.jmx.MBeanContainer)10 Connector (org.eclipse.jetty.server.Connector)10 WebAppContext (org.eclipse.jetty.webapp.WebAppContext)10 ServletException (javax.servlet.ServletException)9 HTTP2ServerConnectionFactory (org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory)8 ContextHandlerCollection (org.eclipse.jetty.server.handler.ContextHandlerCollection)8 DefaultHandler (org.eclipse.jetty.server.handler.DefaultHandler)8 HttpServletRequest (javax.servlet.http.HttpServletRequest)6