use of org.eclipse.jetty.server.SslConnectionFactory in project symmetric-ds by JumpMind.
the class SymmetricWebServer method getConnectors.
protected Connector[] getConnectors(Server server, int port, int securePort, Mode mode) {
ArrayList<Connector> connectors = new ArrayList<Connector>();
String keyStoreFile = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE);
String keyStoreType = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_TYPE, SecurityConstants.KEYSTORE_TYPE);
HttpConfiguration httpConfig = new HttpConfiguration();
if (mode.equals(Mode.HTTPS) || mode.equals(Mode.MIXED)) {
httpConfig.setSecureScheme("https");
httpConfig.setSecurePort(securePort);
}
httpConfig.setOutputBufferSize(32768);
if (mode.equals(Mode.HTTP) || mode.equals(Mode.MIXED)) {
ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
http.setPort(port);
http.setHost(host);
http.setIdleTimeout(maxIdleTime);
connectors.add(http);
log.info(String.format("About to start %s web server on host:port %s:%s", name, host == null ? "default" : host, port));
}
if (mode.equals(Mode.HTTPS) || mode.equals(Mode.MIXED)) {
ISecurityService securityService = SecurityServiceFactory.create(SecurityServiceType.SERVER, new TypedProperties(System.getProperties()));
securityService.installDefaultSslCert(host);
String keyStorePassword = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_PASSWORD);
keyStorePassword = (keyStorePassword != null) ? keyStorePassword : SecurityConstants.KEYSTORE_PASSWORD;
SslContextFactory sslConnectorFactory = new SslContextFactory();
sslConnectorFactory.setKeyStorePath(keyStoreFile);
sslConnectorFactory.setKeyManagerPassword(keyStorePassword);
/* Prevent POODLE attack */
sslConnectorFactory.addExcludeProtocols("SSLv3");
sslConnectorFactory.setCertAlias(System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_CERT_ALIAS, SecurityConstants.ALIAS_SYM_PRIVATE_KEY));
sslConnectorFactory.setKeyStoreType(keyStoreType);
HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslConnectorFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
https.setPort(securePort);
https.setIdleTimeout(maxIdleTime);
https.setHost(host);
connectors.add(https);
log.info(String.format("About to start %s web server on secure host:port %s:%s", name, host == null ? "default" : host, securePort));
}
return connectors.toArray(new Connector[connectors.size()]);
}
use of org.eclipse.jetty.server.SslConnectionFactory in project drill by apache.
the class WebServer method createHttpsConnector.
/**
* Create an HTTPS connector for given jetty server instance. If the admin has
* specified keystore/truststore settings they will be used else a self-signed
* certificate is generated and used.
*
* @return Initialized {@link ServerConnector} for HTTPS connections.
*/
private ServerConnector createHttpsConnector(int port, int acceptors, int selectors) throws Exception {
logger.info("Setting up HTTPS connector for web server");
SslContextFactory sslContextFactory = new SslContextFactoryConfigurator(config, workManager.getContext().getEndpoint().getAddress()).configureNewSslContextFactory();
final HttpConfiguration httpsConfig = baseHttpConfig();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
final ServerConnector sslConnector = new ServerConnector(embeddedJetty, null, null, null, acceptors, selectors, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(port);
return sslConnector;
}
use of org.eclipse.jetty.server.SslConnectionFactory in project drill by apache.
the class WebServer method createHttpsConnector.
/**
* Create an HTTPS connector for given jetty server instance. If the admin has
* specified keystore/truststore settings they will be used else a self-signed
* certificate is generated and used.
* <p>
* This is a shameless copy of
* org.apache.drill.exec.server.rest.WebServer#createHttpsConnector(int, int, int).
* The two should be merged at some point. The primary issue is that the Drill
* version is tightly coupled to Drillbit configuration.
*
* @return Initialized {@link ServerConnector} for HTTPS connections.
* @throws Exception when unable to create HTTPS connector
*/
private ServerConnector createHttpsConnector(Config config) throws Exception {
LOG.info("Setting up HTTPS connector for web server");
final SslContextFactory sslContextFactory = new SslContextFactory();
// if (config.hasPath(ExecConstants.HTTP_KEYSTORE_PATH) &&
// !Strings.isNullOrEmpty(config.getString(ExecConstants.HTTP_KEYSTORE_PATH)))
// {
// LOG.info("Using configured SSL settings for web server");
// sslContextFactory.setKeyStorePath(config.getString(ExecConstants.HTTP_KEYSTORE_PATH));
// sslContextFactory.setKeyStorePassword(config.getString(ExecConstants.HTTP_KEYSTORE_PASSWORD));
//
// // TrustStore and TrustStore password are optional
// if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PATH)) {
// sslContextFactory.setTrustStorePath(config.getString(ExecConstants.HTTP_TRUSTSTORE_PATH));
// if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PASSWORD)) {
// sslContextFactory.setTrustStorePassword(config.getString(ExecConstants.HTTP_TRUSTSTORE_PASSWORD));
// }
// }
// } else {
LOG.info("Using generated self-signed SSL settings for web server");
final SecureRandom random = new SecureRandom();
// Generate a private-public key pair
final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024, random);
final KeyPair keyPair = keyPairGenerator.generateKeyPair();
final DateTime now = DateTime.now();
// Create builder for certificate attributes
final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, "Drill AM");
final Date notBefore = now.minusMinutes(1).toDate();
final Date notAfter = now.plusYears(5).toDate();
final BigInteger serialNumber = new BigInteger(128, random);
// Create a certificate valid for 5years from now.
final X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(// attributes
nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic());
// Sign the certificate using the private key
final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
// Check the validity
certificate.checkValidity(now.toDate());
// Make sure the certificate is self-signed.
certificate.verify(certificate.getPublicKey());
// Generate a random password for keystore protection
final String keyStorePasswd = RandomStringUtils.random(20);
final KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
keyStore.setKeyEntry("DrillAutoGeneratedCert", keyPair.getPrivate(), keyStorePasswd.toCharArray(), new java.security.cert.Certificate[] { certificate });
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyStorePassword(keyStorePasswd);
// }
final HttpConfiguration httpsConfig = baseHttpConfig();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
final ServerConnector sslConnector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(config.getInt(DrillOnYarnConfig.HTTP_PORT));
return sslConnector;
}
use of org.eclipse.jetty.server.SslConnectionFactory in project XRTB by benmfaul.
the class AddShutdownHook method startSeparateAdminServer.
/**
* Start a different handler for control and reporting functions
*
* @throws Exception
* if SSL is specified but is not configured
*/
void startSeparateAdminServer() throws Exception {
SSL ssl = Configuration.getInstance().ssl;
QueuedThreadPool threadPool = new QueuedThreadPool(threads, 50);
Server server = new Server(threadPool);
ServerConnector connector;
if (Configuration.getInstance().adminPort == 0)
return;
logger.info("Admin functions are available on port: {}", Configuration.getInstance().adminPort);
if (!Configuration.getInstance().adminSSL) {
// adminPort
connector = new ServerConnector(server);
connector.setPort(Configuration.getInstance().adminPort);
connector.setIdleTimeout(60000);
server.setConnectors(new Connector[] { connector });
} else {
if (config.getInstance().ssl == null) {
throw new Exception("Admin port set to SSL but no SSL credentials are configured.");
}
logger.info("Admin functions are available by SSL only");
HttpConfiguration https = new HttpConfiguration();
https.addCustomizer(new SecureRequestCustomizer());
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(ssl.setKeyStorePath);
sslContextFactory.setKeyStorePassword(ssl.setKeyStorePassword);
sslContextFactory.setKeyManagerPassword(ssl.setKeyManagerPassword);
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https));
sslConnector.setPort(Configuration.getInstance().adminPort);
server.setConnectors(new Connector[] { sslConnector });
}
adminHandler = new AdminHandler();
// org.eclipse.jetty.server.session.SessionHandler
SessionHandler sh = new SessionHandler();
sh.setHandler(adminHandler);
// set session handle
server.setHandler(sh);
server.start();
server.join();
}
use of org.eclipse.jetty.server.SslConnectionFactory in project spring-boot by spring-projects.
the class JettyServletWebServerFactoryTests method sslCiphersConfiguration.
@Test
void sslCiphersConfiguration() {
Ssl ssl = new Ssl();
ssl.setKeyStore("src/test/resources/test.jks");
ssl.setKeyStorePassword("secret");
ssl.setKeyPassword("password");
ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" });
JettyServletWebServerFactory factory = getFactory();
factory.setSsl(ssl);
this.webServer = factory.getWebServer();
this.webServer.start();
JettyWebServer jettyWebServer = (JettyWebServer) this.webServer;
ServerConnector connector = (ServerConnector) jettyWebServer.getServer().getConnectors()[0];
SslConnectionFactory connectionFactory = connector.getConnectionFactory(SslConnectionFactory.class);
SslContextFactory sslContextFactory = extractSslContextFactory(connectionFactory);
assertThat(sslContextFactory.getIncludeCipherSuites()).containsExactly("ALPHA", "BRAVO", "CHARLIE");
assertThat(sslContextFactory.getExcludeCipherSuites()).isEmpty();
}
Aggregations