Examples with SslConnectionFactory org.eclipse.jetty.server.SslConnectionFactory used on opensource projects

Example 91 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project rest.li by linkedin.

the class HttpsH2JettyServer method getConnectors.

@Override
protected Connector[] getConnectors(Server server) {
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(_keyStore);
    sslContextFactory.setKeyStorePassword(_keyStorePassword);
    sslContextFactory.setTrustStorePath(_keyStore);
    sslContextFactory.setTrustStorePassword(_keyStorePassword);
    sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
    sslContextFactory.setUseCipherSuitesOrder(true);
    HttpConfiguration https_config = new HttpConfiguration();
    https_config.setSecureScheme(HttpScheme.HTTPS.asString());
    https_config.setSecurePort(_sslPort);
    // HTTPS Configuration
    HttpConfiguration http2_config = new HttpConfiguration(https_config);
    http2_config.addCustomizer(new SecureRequestCustomizer());
    // HTTP/2 Connection Factory
    HTTP2ServerConnectionFactory h2 = new HTTP2ServerConnectionFactory(http2_config) {

        /**
         * Required to override since we are using legacy versions in testing which would not be otherwise accepted
         */
        @Override
        public boolean isAcceptable(String protocol, String tlsProtocol, String tlsCipher) {
            return true;
        }
    };
    NegotiatingServerConnectionFactory.checkProtocolNegotiationAvailable();
    ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory();
    alpn.setDefaultProtocol("h2");
    // SSL Connection Factory
    SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol());
    // Connector supporting HTTP/2, http1.1 and negotiation protocols
    ServerConnector h2Connector = new ServerConnector(server, ssl, alpn, h2, new HttpConnectionFactory(https_config, HttpCompliance.RFC2616));
    h2Connector.setPort(_sslPort);
    server.addConnector(h2Connector);
    HttpConfiguration configuration = new HttpConfiguration();
    ServerConnector h2cConnector = new ServerConnector(server, new HttpConnectionFactory(configuration, HttpCompliance.RFC2616), new HTTP2CServerConnectionFactory(configuration));
    h2cConnector.setPort(_port);
    return new ServerConnector[] { h2Connector, h2cConnector };
}

Example 92 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project zeppelin by apache.

the class ZeppelinServer method initServerConnector.

private static void initServerConnector(Server server, int port, int sslPort) {
    ServerConnector connector;
    HttpConfiguration httpConfig = new HttpConfiguration();
    httpConfig.addCustomizer(new ForwardedRequestCustomizer());
    httpConfig.setSendServerVersion(conf.sendJettyName());
    httpConfig.setRequestHeaderSize(conf.getJettyRequestHeaderSize());
    if (conf.useSsl()) {
        LOG.debug("Enabling SSL for Zeppelin Server on port {}", sslPort);
        httpConfig.setSecureScheme(HttpScheme.HTTPS.asString());
        httpConfig.setSecurePort(sslPort);
        HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
        httpsConfig.addCustomizer(new SecureRequestCustomizer());
        SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(getSslContextFactory(conf), HttpVersion.HTTP_1_1.asString());
        HttpConnectionFactory httpsConnectionFactory = new HttpConnectionFactory(httpsConfig);
        connector = new ServerConnector(server, sslConnectionFactory, httpsConnectionFactory);
        connector.setPort(sslPort);
        connector.addBean(new JettySslHandshakeMetrics(Metrics.globalRegistry, Tags.empty()));
    } else {
        HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfig);
        connector = new ServerConnector(server, httpConnectionFactory);
        connector.setPort(port);
    }
    // Set some timeout options to make debugging easier.
    int timeout = 1000 * 30;
    connector.setIdleTimeout(timeout);
    connector.setHost(conf.getServerAddress());
    connector.addBean(new JettyConnectionMetrics(Metrics.globalRegistry, Tags.empty()));
    server.addConnector(connector);
}

Example 93 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project incubator-atlas by apache.

the class SecureEmbeddedServer method getConnector.

protected Connector getConnector(int port) throws IOException {
    org.apache.commons.configuration.Configuration config = getConfiguration();
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(config.getString(KEYSTORE_FILE_KEY, System.getProperty(KEYSTORE_FILE_KEY, DEFAULT_KEYSTORE_FILE_LOCATION)));
    sslContextFactory.setKeyStorePassword(getPassword(config, KEYSTORE_PASSWORD_KEY));
    sslContextFactory.setKeyManagerPassword(getPassword(config, SERVER_CERT_PASSWORD_KEY));
    sslContextFactory.setTrustStorePath(config.getString(TRUSTSTORE_FILE_KEY, System.getProperty(TRUSTSTORE_FILE_KEY, DEFATULT_TRUSTORE_FILE_LOCATION)));
    sslContextFactory.setTrustStorePassword(getPassword(config, TRUSTSTORE_PASSWORD_KEY));
    sslContextFactory.setWantClientAuth(config.getBoolean(CLIENT_AUTH_KEY, Boolean.getBoolean(CLIENT_AUTH_KEY)));
    List<Object> cipherList = config.getList(ATLAS_SSL_EXCLUDE_CIPHER_SUITES, DEFAULT_CIPHER_SUITES);
    sslContextFactory.setExcludeCipherSuites(cipherList.toArray(new String[cipherList.size()]));
    sslContextFactory.setRenegotiationAllowed(false);
    String[] excludedProtocols = config.containsKey(ATLAS_SSL_EXCLUDE_PROTOCOLS) ? config.getStringArray(ATLAS_SSL_EXCLUDE_PROTOCOLS) : DEFAULT_EXCLUDE_PROTOCOLS;
    if (excludedProtocols != null && excludedProtocols.length > 0) {
        sslContextFactory.addExcludeProtocols(excludedProtocols);
    }
    // SSL HTTP Configuration
    // HTTP Configuration
    HttpConfiguration http_config = new HttpConfiguration();
    http_config.setSecureScheme("https");
    final int bufferSize = AtlasConfiguration.WEBSERVER_REQUEST_BUFFER_SIZE.getInt();
    http_config.setSecurePort(port);
    http_config.setRequestHeaderSize(bufferSize);
    http_config.setResponseHeaderSize(bufferSize);
    http_config.setSendServerVersion(true);
    http_config.setSendDateHeader(false);
    HttpConfiguration https_config = new HttpConfiguration(http_config);
    https_config.addCustomizer(new SecureRequestCustomizer());
    // SSL Connector
    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config));
    sslConnector.setPort(port);
    server.addConnector(sslConnector);
    return sslConnector;
}

Example 94 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project druid by druid-io.

the class FriendlyServersTest method testFriendlySelfSignedHttpsServer.

@Test
public void testFriendlySelfSignedHttpsServer() throws Exception {
    final Lifecycle lifecycle = new Lifecycle();
    final String keyStorePath = getClass().getClassLoader().getResource("keystore.jks").getFile();
    Server server = new Server();
    HttpConfiguration https = new HttpConfiguration();
    https.addCustomizer(new SecureRequestCustomizer());
    SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
    sslContextFactory.setKeyStorePath(keyStorePath);
    sslContextFactory.setKeyStorePassword("abc123");
    sslContextFactory.setKeyManagerPassword("abc123");
    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https));
    sslConnector.setPort(0);
    server.setConnectors(new Connector[] { sslConnector });
    server.start();
    try {
        final SSLContext mySsl = HttpClientInit.sslContextWithTrustedKeyStore(keyStorePath, "abc123");
        final HttpClientConfig trustingConfig = HttpClientConfig.builder().withSslContext(mySsl).build();
        final HttpClient trustingClient = HttpClientInit.createClient(trustingConfig, lifecycle);
        final HttpClientConfig skepticalConfig = HttpClientConfig.builder().withSslContext(SSLContext.getDefault()).build();
        final HttpClient skepticalClient = HttpClientInit.createClient(skepticalConfig, lifecycle);
        // Correct name ("localhost")
        {
            final HttpResponseStatus status = trustingClient.go(new Request(HttpMethod.GET, new URL(StringUtils.format("https://localhost:%d/", sslConnector.getLocalPort()))), StatusResponseHandler.getInstance()).get().getStatus();
            Assert.assertEquals(404, status.getCode());
        }
        // Incorrect name ("127.0.0.1")
        {
            final ListenableFuture<StatusResponseHolder> response1 = trustingClient.go(new Request(HttpMethod.GET, new URL(StringUtils.format("https://127.0.0.1:%d/", sslConnector.getLocalPort()))), StatusResponseHandler.getInstance());
            Throwable ea = null;
            try {
                response1.get();
            } catch (ExecutionException e) {
                ea = e.getCause();
            }
            Assert.assertTrue("ChannelException thrown by 'get'", ea instanceof ChannelException);
            Assert.assertTrue("Expected error message", ea.getCause().getMessage().contains("Failed to handshake"));
        }
        {
            // Untrusting client
            final ListenableFuture<StatusResponseHolder> response2 = skepticalClient.go(new Request(HttpMethod.GET, new URL(StringUtils.format("https://localhost:%d/", sslConnector.getLocalPort()))), StatusResponseHandler.getInstance());
            Throwable eb = null;
            try {
                response2.get();
            } catch (ExecutionException e) {
                eb = e.getCause();
            }
            Assert.assertNotNull("ChannelException thrown by 'get'", eb);
            Assert.assertTrue("Root cause is SSLHandshakeException", eb.getCause().getCause() instanceof SSLHandshakeException);
        }
    } finally {
        lifecycle.stop();
        server.stop();
    }
}

Example 95 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project SSM by Intel-bigdata.

the class SmartZeppelinServer method setupJettyServer.

private static Server setupJettyServer(ZeppelinConfiguration zconf) {
    final Server server = new Server();
    ServerConnector connector;
    if (zconf.useSsl()) {
        LOG.debug("Enabling SSL for Zeppelin Server on port " + zconf.getServerSslPort());
        HttpConfiguration httpConfig = new HttpConfiguration();
        httpConfig.setSecureScheme("https");
        httpConfig.setSecurePort(zconf.getServerSslPort());
        httpConfig.setOutputBufferSize(32768);
        httpConfig.setRequestHeaderSize(8192);
        httpConfig.setResponseHeaderSize(8192);
        httpConfig.setSendServerVersion(true);
        HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
        SecureRequestCustomizer src = new SecureRequestCustomizer();
        // Only with Jetty 9.3.x
        // src.setStsMaxAge(2000);
        // src.setStsIncludeSubDomains(true);
        httpsConfig.addCustomizer(src);
        connector = new ServerConnector(server, new SslConnectionFactory(getSslContextFactory(zconf), HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    } else {
        connector = new ServerConnector(server);
    }
    // Set some timeout options to make debugging easier.
    int timeout = 1000 * 30;
    connector.setIdleTimeout(timeout);
    connector.setSoLingerTime(-1);
    String webUrl = "";
    connector.setHost(zconf.getServerAddress());
    if (zconf.useSsl()) {
        connector.setPort(zconf.getServerSslPort());
        webUrl = "https://" + zconf.getServerAddress() + ":" + zconf.getServerSslPort();
    } else {
        connector.setPort(zconf.getServerPort());
        webUrl = "http://" + zconf.getServerAddress() + ":" + zconf.getServerPort();
    }
    LOG.info("Web address:" + webUrl);
    server.addConnector(connector);
    return server;
}