Search in sources :

Example 96 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project symmetric-ds by JumpMind.

the class SymmetricWebServer method getConnectors.

protected Connector[] getConnectors(Server server, int port, int securePort, Mode mode) {
    ArrayList<Connector> connectors = new ArrayList<Connector>();
    String keyStoreFile = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE);
    String keyStoreType = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_TYPE, SecurityConstants.KEYSTORE_TYPE);
    HttpConfiguration httpConfig = new HttpConfiguration();
    if (mode.equals(Mode.HTTPS) || mode.equals(Mode.MIXED)) {
        httpConfig.setSecureScheme("https");
        httpConfig.setSecurePort(securePort);
    }
    httpConfig.setOutputBufferSize(32768);
    if (mode.equals(Mode.HTTP) || mode.equals(Mode.MIXED)) {
        ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
        http.setPort(port);
        http.setHost(host);
        http.setIdleTimeout(maxIdleTime);
        connectors.add(http);
        log.info(String.format("About to start %s web server on host:port %s:%s", name, host == null ? "default" : host, port));
    }
    if (mode.equals(Mode.HTTPS) || mode.equals(Mode.MIXED)) {
        ISecurityService securityService = SecurityServiceFactory.create(SecurityServiceType.SERVER, new TypedProperties(System.getProperties()));
        securityService.installDefaultSslCert(host);
        String keyStorePassword = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_PASSWORD);
        keyStorePassword = (keyStorePassword != null) ? keyStorePassword : SecurityConstants.KEYSTORE_PASSWORD;
        SslContextFactory sslConnectorFactory = new SslContextFactory();
        sslConnectorFactory.setKeyStorePath(keyStoreFile);
        sslConnectorFactory.setKeyManagerPassword(keyStorePassword);
        /* Prevent POODLE attack */
        sslConnectorFactory.addExcludeProtocols("SSLv3");
        sslConnectorFactory.setCertAlias(System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_CERT_ALIAS, SecurityConstants.ALIAS_SYM_PRIVATE_KEY));
        sslConnectorFactory.setKeyStoreType(keyStoreType);
        HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
        httpsConfig.addCustomizer(new SecureRequestCustomizer());
        ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslConnectorFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
        https.setPort(securePort);
        https.setIdleTimeout(maxIdleTime);
        https.setHost(host);
        connectors.add(https);
        log.info(String.format("About to start %s web server on secure host:port %s:%s", name, host == null ? "default" : host, securePort));
    }
    return connectors.toArray(new Connector[connectors.size()]);
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) ISecurityService(org.jumpmind.security.ISecurityService) ServerConnector(org.eclipse.jetty.server.ServerConnector) Connector(org.eclipse.jetty.server.Connector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) ArrayList(java.util.ArrayList) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) TypedProperties(org.jumpmind.properties.TypedProperties) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)

Example 97 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project drill by apache.

the class WebServer method createHttpsConnector.

/**
 * Create an HTTPS connector for given jetty server instance. If the admin has
 * specified keystore/truststore settings they will be used else a self-signed
 * certificate is generated and used.
 *
 * @return Initialized {@link ServerConnector} for HTTPS connections.
 */
private ServerConnector createHttpsConnector(int port, int acceptors, int selectors) throws Exception {
    logger.info("Setting up HTTPS connector for web server");
    SslContextFactory sslContextFactory = new SslContextFactoryConfigurator(config, workManager.getContext().getEndpoint().getAddress()).configureNewSslContextFactory();
    final HttpConfiguration httpsConfig = baseHttpConfig();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    // SSL Connector
    final ServerConnector sslConnector = new ServerConnector(embeddedJetty, null, null, null, acceptors, selectors, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(port);
    return sslConnector;
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) SslContextFactoryConfigurator(org.apache.drill.exec.server.rest.ssl.SslContextFactoryConfigurator)

Example 98 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project drill by apache.

the class WebServer method createHttpsConnector.

/**
 * Create an HTTPS connector for given jetty server instance. If the admin has
 * specified keystore/truststore settings they will be used else a self-signed
 * certificate is generated and used.
 * <p>
 * This is a shameless copy of
 * org.apache.drill.exec.server.rest.WebServer#createHttpsConnector(int, int, int).
 * The two should be merged at some point. The primary issue is that the Drill
 * version is tightly coupled to Drillbit configuration.
 *
 * @return Initialized {@link ServerConnector} for HTTPS connections.
 * @throws Exception when unable to create HTTPS connector
 */
private ServerConnector createHttpsConnector(Config config) throws Exception {
    LOG.info("Setting up HTTPS connector for web server");
    final SslContextFactory sslContextFactory = new SslContextFactory();
    // if (config.hasPath(ExecConstants.HTTP_KEYSTORE_PATH) &&
    // !Strings.isNullOrEmpty(config.getString(ExecConstants.HTTP_KEYSTORE_PATH)))
    // {
    // LOG.info("Using configured SSL settings for web server");
    // sslContextFactory.setKeyStorePath(config.getString(ExecConstants.HTTP_KEYSTORE_PATH));
    // sslContextFactory.setKeyStorePassword(config.getString(ExecConstants.HTTP_KEYSTORE_PASSWORD));
    // 
    // // TrustStore and TrustStore password are optional
    // if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PATH)) {
    // sslContextFactory.setTrustStorePath(config.getString(ExecConstants.HTTP_TRUSTSTORE_PATH));
    // if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PASSWORD)) {
    // sslContextFactory.setTrustStorePassword(config.getString(ExecConstants.HTTP_TRUSTSTORE_PASSWORD));
    // }
    // }
    // } else {
    LOG.info("Using generated self-signed SSL settings for web server");
    final SecureRandom random = new SecureRandom();
    // Generate a private-public key pair
    final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
    keyPairGenerator.initialize(1024, random);
    final KeyPair keyPair = keyPairGenerator.generateKeyPair();
    final DateTime now = DateTime.now();
    // Create builder for certificate attributes
    final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, "Drill AM");
    final Date notBefore = now.minusMinutes(1).toDate();
    final Date notAfter = now.plusYears(5).toDate();
    final BigInteger serialNumber = new BigInteger(128, random);
    // Create a certificate valid for 5years from now.
    final X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(// attributes
    nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic());
    // Sign the certificate using the private key
    final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
    final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
    // Check the validity
    certificate.checkValidity(now.toDate());
    // Make sure the certificate is self-signed.
    certificate.verify(certificate.getPublicKey());
    // Generate a random password for keystore protection
    final String keyStorePasswd = RandomStringUtils.random(20);
    final KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(null, null);
    keyStore.setKeyEntry("DrillAutoGeneratedCert", keyPair.getPrivate(), keyStorePasswd.toCharArray(), new java.security.cert.Certificate[] { certificate });
    sslContextFactory.setKeyStore(keyStore);
    sslContextFactory.setKeyStorePassword(keyStorePasswd);
    // }
    final HttpConfiguration httpsConfig = baseHttpConfig();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    // SSL Connector
    final ServerConnector sslConnector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(config.getInt(DrillOnYarnConfig.HTTP_PORT));
    return sslConnector;
}
Also used : KeyPair(java.security.KeyPair) X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) ContentSigner(org.bouncycastle.operator.ContentSigner) SecureRandom(java.security.SecureRandom) KeyPairGenerator(java.security.KeyPairGenerator) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) KeyStore(java.security.KeyStore) DateTime(org.joda.time.DateTime) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder) BigInteger(java.math.BigInteger)

Example 99 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project XRTB by benmfaul.

the class AddShutdownHook method startSeparateAdminServer.

/**
 * Start a different handler for control and reporting functions
 *
 * @throws Exception
 *             if SSL is specified but is not configured
 */
void startSeparateAdminServer() throws Exception {
    SSL ssl = Configuration.getInstance().ssl;
    QueuedThreadPool threadPool = new QueuedThreadPool(threads, 50);
    Server server = new Server(threadPool);
    ServerConnector connector;
    if (Configuration.getInstance().adminPort == 0)
        return;
    logger.info("Admin functions are available on port: {}", Configuration.getInstance().adminPort);
    if (!Configuration.getInstance().adminSSL) {
        // adminPort
        connector = new ServerConnector(server);
        connector.setPort(Configuration.getInstance().adminPort);
        connector.setIdleTimeout(60000);
        server.setConnectors(new Connector[] { connector });
    } else {
        if (config.getInstance().ssl == null) {
            throw new Exception("Admin port set to SSL but no SSL credentials are configured.");
        }
        logger.info("Admin functions are available by SSL only");
        HttpConfiguration https = new HttpConfiguration();
        https.addCustomizer(new SecureRequestCustomizer());
        SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setKeyStorePath(ssl.setKeyStorePath);
        sslContextFactory.setKeyStorePassword(ssl.setKeyStorePassword);
        sslContextFactory.setKeyManagerPassword(ssl.setKeyManagerPassword);
        ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https));
        sslConnector.setPort(Configuration.getInstance().adminPort);
        server.setConnectors(new Connector[] { sslConnector });
    }
    adminHandler = new AdminHandler();
    // org.eclipse.jetty.server.session.SessionHandler
    SessionHandler sh = new SessionHandler();
    sh.setHandler(adminHandler);
    // set session handle
    server.setHandler(sh);
    server.start();
    server.join();
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SessionHandler(org.eclipse.jetty.server.session.SessionHandler) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) Server(org.eclipse.jetty.server.Server) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) QueuedThreadPool(org.eclipse.jetty.util.thread.QueuedThreadPool) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) SSL(com.xrtb.common.SSL) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 100 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project spring-boot by spring-projects.

the class JettyServletWebServerFactoryTests method sslCiphersConfiguration.

@Test
void sslCiphersConfiguration() {
    Ssl ssl = new Ssl();
    ssl.setKeyStore("src/test/resources/test.jks");
    ssl.setKeyStorePassword("secret");
    ssl.setKeyPassword("password");
    ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" });
    JettyServletWebServerFactory factory = getFactory();
    factory.setSsl(ssl);
    this.webServer = factory.getWebServer();
    this.webServer.start();
    JettyWebServer jettyWebServer = (JettyWebServer) this.webServer;
    ServerConnector connector = (ServerConnector) jettyWebServer.getServer().getConnectors()[0];
    SslConnectionFactory connectionFactory = connector.getConnectionFactory(SslConnectionFactory.class);
    SslContextFactory sslContextFactory = extractSslContextFactory(connectionFactory);
    assertThat(sslContextFactory.getIncludeCipherSuites()).containsExactly("ALPHA", "BRAVO", "CHARLIE");
    assertThat(sslContextFactory.getExcludeCipherSuites()).isEmpty();
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) Ssl(org.springframework.boot.web.server.Ssl) Test(org.junit.jupiter.api.Test)

Aggregations

SslConnectionFactory (org.eclipse.jetty.server.SslConnectionFactory)106 ServerConnector (org.eclipse.jetty.server.ServerConnector)101 HttpConnectionFactory (org.eclipse.jetty.server.HttpConnectionFactory)96 HttpConfiguration (org.eclipse.jetty.server.HttpConfiguration)90 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)87 SecureRequestCustomizer (org.eclipse.jetty.server.SecureRequestCustomizer)82 Server (org.eclipse.jetty.server.Server)56 ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)19 QueuedThreadPool (org.eclipse.jetty.util.thread.QueuedThreadPool)17 ServletHolder (org.eclipse.jetty.servlet.ServletHolder)16 IOException (java.io.IOException)15 File (java.io.File)14 ConnectionFactory (org.eclipse.jetty.server.ConnectionFactory)11 ServletException (javax.servlet.ServletException)10 HTTP2ServerConnectionFactory (org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory)10 MBeanContainer (org.eclipse.jetty.jmx.MBeanContainer)9 Connector (org.eclipse.jetty.server.Connector)9 DefaultHandler (org.eclipse.jetty.server.handler.DefaultHandler)9 WebAppContext (org.eclipse.jetty.webapp.WebAppContext)9 ArrayList (java.util.ArrayList)8