use of org.eclipse.jetty.server.SslConnectionFactory in project async-http-client by AsyncHttpClient.
the class TestUtils method addHttpsConnector.
public static ServerConnector addHttpsConnector(Server server) throws IOException, URISyntaxException {
String keyStoreFile = resourceAsFile("ssltest-keystore.jks").getAbsolutePath();
SslContextFactory sslContextFactory = new SslContextFactory(keyStoreFile);
sslContextFactory.setKeyStorePassword("changeit");
String trustStoreFile = resourceAsFile("ssltest-cacerts.jks").getAbsolutePath();
sslContextFactory.setTrustStorePath(trustStoreFile);
sslContextFactory.setTrustStorePassword("changeit");
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.setSecureScheme("https");
httpsConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig));
server.addConnector(connector);
return connector;
}
use of org.eclipse.jetty.server.SslConnectionFactory in project spark by perwendel.
the class SocketConnectorFactoryTest method testCreateSecureSocketConnector.
@Test
@PrepareForTest({ ServerConnector.class })
public void testCreateSecureSocketConnector() throws Exception {
final String host = "localhost";
final int port = 8888;
final String keystoreFile = "keystoreFile.jks";
final String keystorePassword = "keystorePassword";
final String truststoreFile = "truststoreFile.jks";
final String trustStorePassword = "trustStorePassword";
SslStores sslStores = SslStores.create(keystoreFile, keystorePassword, truststoreFile, trustStorePassword);
Server server = new Server();
ServerConnector serverConnector = SocketConnectorFactory.createSecureSocketConnector(server, host, port, sslStores);
String internalHost = Whitebox.getInternalState(serverConnector, "_host");
int internalPort = Whitebox.getInternalState(serverConnector, "_port");
assertEquals("Server Connector Host should be set to the specified server", host, internalHost);
assertEquals("Server Connector Port should be set to the specified port", port, internalPort);
Map<String, ConnectionFactory> factories = Whitebox.getInternalState(serverConnector, "_factories");
assertTrue("Should return true because factory for SSL should have been set", factories.containsKey("ssl") && factories.get("ssl") != null);
SslConnectionFactory sslConnectionFactory = (SslConnectionFactory) factories.get("ssl");
SslContextFactory sslContextFactory = sslConnectionFactory.getSslContextFactory();
assertEquals("Should return the Keystore file specified", keystoreFile, sslContextFactory.getKeyStoreResource().getFile().getName());
assertEquals("Should return the Truststore file specified", truststoreFile, sslContextFactory.getTrustStoreResource().getFile().getName());
}
use of org.eclipse.jetty.server.SslConnectionFactory in project voltdb by VoltDB.
the class HTTPAdminListener method getSSLServerConnector.
private ServerConnector getSSLServerConnector(SslContextFactory sslContextFactory, String intf, int port) throws IOException {
// SSL HTTP Configuration
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.setSecureScheme("ssl");
httpsConfig.setSecurePort(port);
//Add this customizer to indicate we are in ssl land
httpsConfig.addCustomizer(new SecureRequestCustomizer());
HttpConnectionFactory factory = new HttpConnectionFactory(httpsConfig);
// SSL Connector
ServerConnector connector = new ServerConnector(m_server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), factory);
if (intf != null && !intf.trim().isEmpty()) {
connector.setHost(intf);
}
connector.setPort(port);
connector.setName("VoltDB-HTTPS");
connector.open();
return connector;
}
use of org.eclipse.jetty.server.SslConnectionFactory in project drill by apache.
the class WebServer method createHttpsConnector.
/**
* Create an HTTPS connector for given jetty server instance. If the admin has specified keystore/truststore settings
* they will be used else a self-signed certificate is generated and used.
*
* @return Initialized {@link ServerConnector} for HTTPS connectios.
* @throws Exception
*/
private ServerConnector createHttpsConnector() throws Exception {
logger.info("Setting up HTTPS connector for web server");
final SslContextFactory sslContextFactory = new SslContextFactory();
if (config.hasPath(ExecConstants.HTTP_KEYSTORE_PATH) && !Strings.isNullOrEmpty(config.getString(ExecConstants.HTTP_KEYSTORE_PATH))) {
logger.info("Using configured SSL settings for web server");
sslContextFactory.setKeyStorePath(config.getString(ExecConstants.HTTP_KEYSTORE_PATH));
sslContextFactory.setKeyStorePassword(config.getString(ExecConstants.HTTP_KEYSTORE_PASSWORD));
// TrustStore and TrustStore password are optional
if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PATH)) {
sslContextFactory.setTrustStorePath(config.getString(ExecConstants.HTTP_TRUSTSTORE_PATH));
if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PASSWORD)) {
sslContextFactory.setTrustStorePassword(config.getString(ExecConstants.HTTP_TRUSTSTORE_PASSWORD));
}
}
} else {
logger.info("Using generated self-signed SSL settings for web server");
final SecureRandom random = new SecureRandom();
// Generate a private-public key pair
final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024, random);
final KeyPair keyPair = keyPairGenerator.generateKeyPair();
final DateTime now = DateTime.now();
// Create builder for certificate attributes
final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, workManager.getContext().getEndpoint().getAddress());
final Date notBefore = now.minusMinutes(1).toDate();
final Date notAfter = now.plusYears(5).toDate();
final BigInteger serialNumber = new BigInteger(128, random);
// Create a certificate valid for 5years from now.
final X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(// attributes
nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic());
// Sign the certificate using the private key
final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
// Check the validity
certificate.checkValidity(now.toDate());
// Make sure the certificate is self-signed.
certificate.verify(certificate.getPublicKey());
// Generate a random password for keystore protection
final String keyStorePasswd = RandomStringUtils.random(20);
final KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
keyStore.setKeyEntry("DrillAutoGeneratedCert", keyPair.getPrivate(), keyStorePasswd.toCharArray(), new java.security.cert.Certificate[] { certificate });
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyStorePassword(keyStorePasswd);
}
final HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
final ServerConnector sslConnector = new ServerConnector(embeddedJetty, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(config.getInt(ExecConstants.HTTP_PORT));
return sslConnector;
}
use of org.eclipse.jetty.server.SslConnectionFactory in project geode by apache.
the class JettyHelper method initJetty.
public static Server initJetty(final String bindAddress, final int port, SSLConfig sslConfig) {
final Server jettyServer = new Server();
// Add a handler collection here, so that each new context adds itself
// to this collection.
jettyServer.setHandler(new HandlerCollection());
ServerConnector connector = null;
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme(HTTPS);
httpConfig.setSecurePort(port);
if (sslConfig.isEnabled()) {
SslContextFactory sslContextFactory = new SslContextFactory();
if (StringUtils.isNotBlank(sslConfig.getAlias())) {
sslContextFactory.setCertAlias(sslConfig.getAlias());
}
sslContextFactory.setNeedClientAuth(sslConfig.isRequireAuth());
if (StringUtils.isNotBlank(sslConfig.getCiphers()) && !"any".equalsIgnoreCase(sslConfig.getCiphers())) {
// If use has mentioned "any" let the SSL layer decide on the ciphers
sslContextFactory.setIncludeCipherSuites(SSLUtil.readArray(sslConfig.getCiphers()));
}
String protocol = SSLUtil.getSSLAlgo(SSLUtil.readArray(sslConfig.getProtocols()));
if (protocol != null) {
sslContextFactory.setProtocol(protocol);
} else {
logger.warn(ManagementStrings.SSL_PROTOCOAL_COULD_NOT_BE_DETERMINED);
}
if (StringUtils.isBlank(sslConfig.getKeystore())) {
throw new GemFireConfigException("Key store can't be empty if SSL is enabled for HttpService");
}
sslContextFactory.setKeyStorePath(sslConfig.getKeystore());
if (StringUtils.isNotBlank(sslConfig.getKeystoreType())) {
sslContextFactory.setKeyStoreType(sslConfig.getKeystoreType());
}
if (StringUtils.isNotBlank(sslConfig.getKeystorePassword())) {
sslContextFactory.setKeyStorePassword(sslConfig.getKeystorePassword());
}
if (StringUtils.isNotBlank(sslConfig.getTruststore())) {
sslContextFactory.setTrustStorePath(sslConfig.getTruststore());
}
if (StringUtils.isNotBlank(sslConfig.getTruststorePassword())) {
sslContextFactory.setTrustStorePassword(sslConfig.getTruststorePassword());
}
httpConfig.addCustomizer(new SecureRequestCustomizer());
// Somehow With HTTP_2.0 Jetty throwing NPE. Need to investigate further whether all GemFire
// web application(Pulse, REST) can do with HTTP_1.1
connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfig));
connector.setPort(port);
} else {
connector = new ServerConnector(jettyServer, new HttpConnectionFactory(httpConfig));
connector.setPort(port);
}
jettyServer.setConnectors(new Connector[] { connector });
if (StringUtils.isNotBlank(bindAddress)) {
connector.setHost(bindAddress);
}
if (bindAddress != null && !bindAddress.isEmpty()) {
JettyHelper.bindAddress = bindAddress;
}
JettyHelper.port = port;
return jettyServer;
}
Aggregations