Search in sources :

Example 61 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project async-http-client by AsyncHttpClient.

the class TestUtils method addHttpsConnector.

public static ServerConnector addHttpsConnector(Server server) throws IOException, URISyntaxException {
    String keyStoreFile = resourceAsFile("ssltest-keystore.jks").getAbsolutePath();
    SslContextFactory sslContextFactory = new SslContextFactory(keyStoreFile);
    sslContextFactory.setKeyStorePassword("changeit");
    String trustStoreFile = resourceAsFile("ssltest-cacerts.jks").getAbsolutePath();
    sslContextFactory.setTrustStorePath(trustStoreFile);
    sslContextFactory.setTrustStorePassword("changeit");
    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.setSecureScheme("https");
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig));
    server.addConnector(connector);
    return connector;
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)

Example 62 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project spark by perwendel.

the class SocketConnectorFactoryTest method testCreateSecureSocketConnector.

@Test
@PrepareForTest({ ServerConnector.class })
public void testCreateSecureSocketConnector() throws Exception {
    final String host = "localhost";
    final int port = 8888;
    final String keystoreFile = "keystoreFile.jks";
    final String keystorePassword = "keystorePassword";
    final String truststoreFile = "truststoreFile.jks";
    final String trustStorePassword = "trustStorePassword";
    SslStores sslStores = SslStores.create(keystoreFile, keystorePassword, truststoreFile, trustStorePassword);
    Server server = new Server();
    ServerConnector serverConnector = SocketConnectorFactory.createSecureSocketConnector(server, host, port, sslStores);
    String internalHost = Whitebox.getInternalState(serverConnector, "_host");
    int internalPort = Whitebox.getInternalState(serverConnector, "_port");
    assertEquals("Server Connector Host should be set to the specified server", host, internalHost);
    assertEquals("Server Connector Port should be set to the specified port", port, internalPort);
    Map<String, ConnectionFactory> factories = Whitebox.getInternalState(serverConnector, "_factories");
    assertTrue("Should return true because factory for SSL should have been set", factories.containsKey("ssl") && factories.get("ssl") != null);
    SslConnectionFactory sslConnectionFactory = (SslConnectionFactory) factories.get("ssl");
    SslContextFactory sslContextFactory = sslConnectionFactory.getSslContextFactory();
    assertEquals("Should return the Keystore file specified", keystoreFile, sslContextFactory.getKeyStoreResource().getFile().getName());
    assertEquals("Should return the Truststore file specified", truststoreFile, sslContextFactory.getTrustStoreResource().getFile().getName());
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) ConnectionFactory(org.eclipse.jetty.server.ConnectionFactory) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) Server(org.eclipse.jetty.server.Server) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) SslStores(spark.ssl.SslStores) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 63 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project voltdb by VoltDB.

the class HTTPAdminListener method getSSLServerConnector.

private ServerConnector getSSLServerConnector(SslContextFactory sslContextFactory, String intf, int port) throws IOException {
    // SSL HTTP Configuration
    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.setSecureScheme("ssl");
    httpsConfig.setSecurePort(port);
    //Add this customizer to indicate we are in ssl land
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    HttpConnectionFactory factory = new HttpConnectionFactory(httpsConfig);
    // SSL Connector
    ServerConnector connector = new ServerConnector(m_server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), factory);
    if (intf != null && !intf.trim().isEmpty()) {
        connector.setHost(intf);
    }
    connector.setPort(port);
    connector.setName("VoltDB-HTTPS");
    connector.open();
    return connector;
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)

Example 64 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project drill by apache.

the class WebServer method createHttpsConnector.

/**
   * Create an HTTPS connector for given jetty server instance. If the admin has specified keystore/truststore settings
   * they will be used else a self-signed certificate is generated and used.
   *
   * @return Initialized {@link ServerConnector} for HTTPS connectios.
   * @throws Exception
   */
private ServerConnector createHttpsConnector() throws Exception {
    logger.info("Setting up HTTPS connector for web server");
    final SslContextFactory sslContextFactory = new SslContextFactory();
    if (config.hasPath(ExecConstants.HTTP_KEYSTORE_PATH) && !Strings.isNullOrEmpty(config.getString(ExecConstants.HTTP_KEYSTORE_PATH))) {
        logger.info("Using configured SSL settings for web server");
        sslContextFactory.setKeyStorePath(config.getString(ExecConstants.HTTP_KEYSTORE_PATH));
        sslContextFactory.setKeyStorePassword(config.getString(ExecConstants.HTTP_KEYSTORE_PASSWORD));
        // TrustStore and TrustStore password are optional
        if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PATH)) {
            sslContextFactory.setTrustStorePath(config.getString(ExecConstants.HTTP_TRUSTSTORE_PATH));
            if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PASSWORD)) {
                sslContextFactory.setTrustStorePassword(config.getString(ExecConstants.HTTP_TRUSTSTORE_PASSWORD));
            }
        }
    } else {
        logger.info("Using generated self-signed SSL settings for web server");
        final SecureRandom random = new SecureRandom();
        // Generate a private-public key pair
        final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024, random);
        final KeyPair keyPair = keyPairGenerator.generateKeyPair();
        final DateTime now = DateTime.now();
        // Create builder for certificate attributes
        final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, workManager.getContext().getEndpoint().getAddress());
        final Date notBefore = now.minusMinutes(1).toDate();
        final Date notAfter = now.plusYears(5).toDate();
        final BigInteger serialNumber = new BigInteger(128, random);
        // Create a certificate valid for 5years from now.
        final X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(// attributes
        nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic());
        // Sign the certificate using the private key
        final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
        final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
        // Check the validity
        certificate.checkValidity(now.toDate());
        // Make sure the certificate is self-signed.
        certificate.verify(certificate.getPublicKey());
        // Generate a random password for keystore protection
        final String keyStorePasswd = RandomStringUtils.random(20);
        final KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        keyStore.setKeyEntry("DrillAutoGeneratedCert", keyPair.getPrivate(), keyStorePasswd.toCharArray(), new java.security.cert.Certificate[] { certificate });
        sslContextFactory.setKeyStore(keyStore);
        sslContextFactory.setKeyStorePassword(keyStorePasswd);
    }
    final HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    // SSL Connector
    final ServerConnector sslConnector = new ServerConnector(embeddedJetty, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(config.getInt(ExecConstants.HTTP_PORT));
    return sslConnector;
}
Also used : KeyPair(java.security.KeyPair) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) SecureRandom(java.security.SecureRandom) KeyPairGenerator(java.security.KeyPairGenerator) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) KeyStore(java.security.KeyStore) DateTime(org.joda.time.DateTime) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger)

Example 65 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project geode by apache.

the class JettyHelper method initJetty.

public static Server initJetty(final String bindAddress, final int port, SSLConfig sslConfig) {
    final Server jettyServer = new Server();
    // Add a handler collection here, so that each new context adds itself
    // to this collection.
    jettyServer.setHandler(new HandlerCollection());
    ServerConnector connector = null;
    HttpConfiguration httpConfig = new HttpConfiguration();
    httpConfig.setSecureScheme(HTTPS);
    httpConfig.setSecurePort(port);
    if (sslConfig.isEnabled()) {
        SslContextFactory sslContextFactory = new SslContextFactory();
        if (StringUtils.isNotBlank(sslConfig.getAlias())) {
            sslContextFactory.setCertAlias(sslConfig.getAlias());
        }
        sslContextFactory.setNeedClientAuth(sslConfig.isRequireAuth());
        if (StringUtils.isNotBlank(sslConfig.getCiphers()) && !"any".equalsIgnoreCase(sslConfig.getCiphers())) {
            // If use has mentioned "any" let the SSL layer decide on the ciphers
            sslContextFactory.setIncludeCipherSuites(SSLUtil.readArray(sslConfig.getCiphers()));
        }
        String protocol = SSLUtil.getSSLAlgo(SSLUtil.readArray(sslConfig.getProtocols()));
        if (protocol != null) {
            sslContextFactory.setProtocol(protocol);
        } else {
            logger.warn(ManagementStrings.SSL_PROTOCOAL_COULD_NOT_BE_DETERMINED);
        }
        if (StringUtils.isBlank(sslConfig.getKeystore())) {
            throw new GemFireConfigException("Key store can't be empty if SSL is enabled for HttpService");
        }
        sslContextFactory.setKeyStorePath(sslConfig.getKeystore());
        if (StringUtils.isNotBlank(sslConfig.getKeystoreType())) {
            sslContextFactory.setKeyStoreType(sslConfig.getKeystoreType());
        }
        if (StringUtils.isNotBlank(sslConfig.getKeystorePassword())) {
            sslContextFactory.setKeyStorePassword(sslConfig.getKeystorePassword());
        }
        if (StringUtils.isNotBlank(sslConfig.getTruststore())) {
            sslContextFactory.setTrustStorePath(sslConfig.getTruststore());
        }
        if (StringUtils.isNotBlank(sslConfig.getTruststorePassword())) {
            sslContextFactory.setTrustStorePassword(sslConfig.getTruststorePassword());
        }
        httpConfig.addCustomizer(new SecureRequestCustomizer());
        // Somehow With HTTP_2.0 Jetty throwing NPE. Need to investigate further whether all GemFire
        // web application(Pulse, REST) can do with HTTP_1.1
        connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfig));
        connector.setPort(port);
    } else {
        connector = new ServerConnector(jettyServer, new HttpConnectionFactory(httpConfig));
        connector.setPort(port);
    }
    jettyServer.setConnectors(new Connector[] { connector });
    if (StringUtils.isNotBlank(bindAddress)) {
        connector.setHost(bindAddress);
    }
    if (bindAddress != null && !bindAddress.isEmpty()) {
        JettyHelper.bindAddress = bindAddress;
    }
    JettyHelper.port = port;
    return jettyServer;
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) Server(org.eclipse.jetty.server.Server) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) GemFireConfigException(org.apache.geode.GemFireConfigException) HandlerCollection(org.eclipse.jetty.server.handler.HandlerCollection) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)

Aggregations

SslConnectionFactory (org.eclipse.jetty.server.SslConnectionFactory)106 ServerConnector (org.eclipse.jetty.server.ServerConnector)101 HttpConnectionFactory (org.eclipse.jetty.server.HttpConnectionFactory)96 HttpConfiguration (org.eclipse.jetty.server.HttpConfiguration)90 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)87 SecureRequestCustomizer (org.eclipse.jetty.server.SecureRequestCustomizer)82 Server (org.eclipse.jetty.server.Server)56 ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)19 QueuedThreadPool (org.eclipse.jetty.util.thread.QueuedThreadPool)17 ServletHolder (org.eclipse.jetty.servlet.ServletHolder)16 IOException (java.io.IOException)15 File (java.io.File)14 ConnectionFactory (org.eclipse.jetty.server.ConnectionFactory)11 ServletException (javax.servlet.ServletException)10 HTTP2ServerConnectionFactory (org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory)10 MBeanContainer (org.eclipse.jetty.jmx.MBeanContainer)9 Connector (org.eclipse.jetty.server.Connector)9 DefaultHandler (org.eclipse.jetty.server.handler.DefaultHandler)9 WebAppContext (org.eclipse.jetty.webapp.WebAppContext)9 ArrayList (java.util.ArrayList)8