/** * Creates a server connector. * * If an HTTPS key store is configured, returns a SSL connector for HTTPS. * * Otherwise, returns a normal HTTP connector by default. * * @param server The server. * @return The server connector. */ @SuppressWarnings("squid:S2095") private ServerConnector createConnector(final Server server) { final String keyStorePath = (String) configuration.get(MinijaxProperties.SSL_KEY_STORE_PATH); if (keyStorePath == null || keyStorePath.isEmpty()) { // Normal HTTP return new ServerConnector(server); } final String keyStorePassword = (String) configuration.get(MinijaxProperties.SSL_KEY_STORE_PASSWORD); final String keyManagerPassword = (String) configuration.get(MinijaxProperties.SSL_KEY_MANAGER_PASSWORD); final HttpConfiguration https = new HttpConfiguration(); https.addCustomizer(new SecureRequestCustomizer()); final SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(Minijax.class.getClassLoader().getResource(keyStorePath).toExternalForm()); sslContextFactory.setKeyStorePassword(keyStorePassword); sslContextFactory.setKeyManagerPassword(keyManagerPassword); return new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https)); }
private void setupSSL(Server server,HttpConfiguration http_config) { SslContextFactory sslContextFactory = new SslContextFactory(); if (sslKeyStoreFile!=null) sslContextFactory.setKeyStorePath(sslKeyStoreFile); else if (sslKeyStore!=null) sslContextFactory.setKeyStore(sslKeyStore); else { log.log(Level.SEVERE,"Error while configuring SSL connection. Missing KeyStore!"); return; } sslContextFactory.setKeyStorePassword(new String(sslKeyStorePassword)); sslContextFactory.setExcludeCipherSuites("SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config)); sslConnector.setPort(daemonPortSecure); server.addConnector(sslConnector); }
public void start() throws Exception { URL keystoreUrl = IntegrationTestServer.class.getClassLoader().getResource("keystore.jks"); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(keystoreUrl.getPath()); sslContextFactory.setKeyStorePassword("keystore"); SecureRequestCustomizer src = new SecureRequestCustomizer(); HttpConfiguration httpsConfiguration = new HttpConfiguration(); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.addCustomizer(src); ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfiguration)); https.setPort(this.httpsPort); this.server.setConnectors(new Connector[] { https }); ResourceConfig resourceConfig = new ResourceConfig(this.resourceClass); ServletContainer servletContainer = new ServletContainer(resourceConfig); ServletHolder servletHolder = new ServletHolder(servletContainer); ServletContextHandler servletContextHandler = new ServletContextHandler(server, "/*"); servletContextHandler.addServlet(servletHolder, "/*"); this.server.start(); }
private String getConnectorPath(ServerConnector sc) { String prefix = "http"; String host = sc.getHost(); int port = sc.getPort(); ConnectionFactory cf = sc.getDefaultConnectionFactory(); if (cf instanceof SslConnectionFactory) { prefix = "https"; } if (host == null || host.equals("0.0.0.0")) { try { host = InetAddress.getLocalHost().getHostAddress(); } catch (UnknownHostException e) { // Well, we failed to read from system, fall back to main.properties. // Better than nothing host = CONFIG.getJetty().getServerHost(); } } String layout = "%s://%s:%d" + CONFIG.getContextPath(); return String.format(layout, prefix, host, port); }
@Override public void customize(Server server) { // HTTPS Configuration HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.setSecureScheme("https"); httpsConfig.setSecurePort(8443); httpsConfig.addCustomizer(new SecureRequestCustomizer()); // SSL Context Factory for HTTPS and HTTP/2 SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStoreResource(newClassPathResource("keystore")); sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g"); sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR); // SSL Connection Factory SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "h2"); // HTTP/2 Connector ServerConnector http2Connector = new ServerConnector(server, ssl, new HTTP2ServerConnectionFactory(httpsConfig)); http2Connector.setPort(8443); server.addConnector(http2Connector); }
public static void addHttpsConnector(Server server, int port) throws IOException, URISyntaxException { String keyStoreFile = resourceAsFile("ssltest-keystore.jks").getAbsolutePath(); SslContextFactory sslContextFactory = new SslContextFactory(keyStoreFile); sslContextFactory.setKeyStorePassword("changeit"); String trustStoreFile = resourceAsFile("ssltest-cacerts.jks").getAbsolutePath(); sslContextFactory.setTrustStorePath(trustStoreFile); sslContextFactory.setTrustStorePassword("changeit"); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.setSecureScheme("https"); httpsConfig.setSecurePort(port); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); connector.setPort(port); server.addConnector(connector); }
@Test public void sslCiphersConfiguration() throws Exception { Ssl ssl = new Ssl(); ssl.setKeyStore("src/test/resources/test.jks"); ssl.setKeyStorePassword("secret"); ssl.setKeyPassword("password"); ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" }); JettyEmbeddedServletContainerFactory factory = getFactory(); factory.setSsl(ssl); this.container = factory.getEmbeddedServletContainer(); this.container.start(); JettyEmbeddedServletContainer jettyContainer = (JettyEmbeddedServletContainer) this.container; ServerConnector connector = (ServerConnector) jettyContainer.getServer() .getConnectors()[0]; SslConnectionFactory connectionFactory = connector .getConnectionFactory(SslConnectionFactory.class); assertThat(connectionFactory.getSslContextFactory().getIncludeCipherSuites()) .containsExactly("ALPHA", "BRAVO", "CHARLIE"); assertThat(connectionFactory.getSslContextFactory().getExcludeCipherSuites()) .isEmpty(); }
@Test public void sslEnabledMultiProtocolsConfiguration() throws Exception { Ssl ssl = new Ssl(); ssl.setKeyStore("src/test/resources/test.jks"); ssl.setKeyStorePassword("secret"); ssl.setKeyPassword("password"); ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" }); ssl.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2" }); JettyEmbeddedServletContainerFactory factory = getFactory(); factory.setSsl(ssl); this.container = factory.getEmbeddedServletContainer(); this.container.start(); JettyEmbeddedServletContainer jettyContainer = (JettyEmbeddedServletContainer) this.container; ServerConnector connector = (ServerConnector) jettyContainer.getServer() .getConnectors()[0]; SslConnectionFactory connectionFactory = connector .getConnectionFactory(SslConnectionFactory.class); assertThat(connectionFactory.getSslContextFactory().getIncludeProtocols()) .isEqualTo(new String[] { "TLSv1.1", "TLSv1.2" }); }
@Test public void sslEnabledProtocolsConfiguration() throws Exception { Ssl ssl = new Ssl(); ssl.setKeyStore("src/test/resources/test.jks"); ssl.setKeyStorePassword("secret"); ssl.setKeyPassword("password"); ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" }); ssl.setEnabledProtocols(new String[] { "TLSv1.1" }); JettyEmbeddedServletContainerFactory factory = getFactory(); factory.setSsl(ssl); this.container = factory.getEmbeddedServletContainer(); this.container.start(); JettyEmbeddedServletContainer jettyContainer = (JettyEmbeddedServletContainer) this.container; ServerConnector connector = (ServerConnector) jettyContainer.getServer() .getConnectors()[0]; SslConnectionFactory connectionFactory = connector .getConnectionFactory(SslConnectionFactory.class); assertThat(connectionFactory.getSslContextFactory().getIncludeProtocols()) .isEqualTo(new String[] { "TLSv1.1" }); }
@Test public void sslCiphersConfiguration() throws Exception { Ssl ssl = new Ssl(); ssl.setKeyStore("src/test/resources/test.jks"); ssl.setKeyStorePassword("secret"); ssl.setKeyPassword("password"); ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" }); JettyEmbeddedServletContainerFactory factory = getFactory(); factory.setSsl(ssl); this.container = factory.getEmbeddedServletContainer(); this.container.start(); JettyEmbeddedServletContainer jettyContainer = (JettyEmbeddedServletContainer) this.container; ServerConnector connector = (ServerConnector) jettyContainer.getServer() .getConnectors()[0]; SslConnectionFactory connectionFactory = connector .getConnectionFactory(SslConnectionFactory.class); assertThat(connectionFactory.getSslContextFactory().getIncludeCipherSuites()) .containsExactly("ALPHA", "BRAVO", "CHARLIE"); }
@Test public void sslCiphersConfiguration() throws Exception { Ssl ssl = new Ssl(); ssl.setKeyStore("src/test/resources/test.jks"); ssl.setKeyStorePassword("secret"); ssl.setKeyPassword("password"); ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" }); JettyEmbeddedServletContainerFactory factory = getFactory(); factory.setSsl(ssl); this.container = factory.getEmbeddedServletContainer(); this.container.start(); JettyEmbeddedServletContainer jettyContainer = (JettyEmbeddedServletContainer) this.container; ServerConnector connector = (ServerConnector) jettyContainer.getServer() .getConnectors()[0]; SslConnectionFactory connectionFactory = connector .getConnectionFactory(SslConnectionFactory.class); assertThat(connectionFactory.getSslContextFactory().getIncludeCipherSuites(), equalTo(new String[] { "ALPHA", "BRAVO", "CHARLIE" })); }
@BeforeClass public static void startHttpsServer() throws Exception { skipIfHeadlessEnvironment(); server = new Server(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(ErrorCases.class.getResource("keystore").getPath()); sslContextFactory.setKeyStorePassword("activeeon"); HttpConfiguration httpConfig = new HttpConfiguration(); HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new ConnectionFactory[] { new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig) }); server.addConnector(sslConnector); server.start(); serverUrl = "https://localhost:" + sslConnector.getLocalPort() + "/rest"; }
@Test public void testCreateHttpServerUsingHttpsAndRedirection() { createHttpsContextProperties(); server = jettyStarter.createHttpServer(8080, 8443, true, true); Connector[] connectors = server.getConnectors(); assertThat(connectors).hasLength(2); assertThat(connectors[0].getName()).isEqualTo(JettyStarter.HTTP_CONNECTOR_NAME); assertThat(connectors[0].getConnectionFactory(HttpConnectionFactory.class)).isNotNull(); assertThat(connectors[1].getName()).isEqualTo(JettyStarter.HTTPS_CONNECTOR_NAME.toLowerCase()); assertThat(connectors[1].getConnectionFactory(HttpConnectionFactory.class)).isNotNull(); assertThat(connectors[1].getConnectionFactory(SslConnectionFactory.class)).isNotNull(); unsetHttpsContextProperties(); }
/** * Create ssl connector if https is used * @return */ private ServerConnector sslConnector() { HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); http_config.setSecurePort(this.getPort()); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslContextFactory = new SslContextFactory(this.getCertKeyStorePath()); sslContextFactory.setKeyStorePassword(this.getCertKeyStorePassword()); //exclude weak ciphers sslContextFactory.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$"); //only support tlsv1.2 sslContextFactory.addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1"); ServerConnector connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https_config)); connector.setPort(this.getPort()); connector.setIdleTimeout(50000); return connector; }
protected Server createServer(int port, boolean serverSsl, boolean clientSsl) { Server server = new Server(); if (!serverSsl) { InetSocketAddress addr = new InetSocketAddress("localhost", port); ServerConnector connector = new ServerConnector(server); connector.setHost(addr.getHostName()); connector.setPort(addr.getPort()); server.setConnectors(new Connector[]{connector}); } else { SslContextFactory sslContextFactory = createSslContextFactory(clientSsl); ServerConnector httpsConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory() ); httpsConnector.setPort(port); httpsConnector.setHost("localhost"); server.setConnectors(new Connector[]{httpsConnector}); } return server; }
@Test public void httpsRequireClientCert() throws Exception { Server server = BaseServerBuilder.create().httpsPort(8443).sslKeyStoreType(SslKeyStoreType.PKCS12) .sslKeyStorePath(ETC_SECURITY + "/server_keystore.p12").sslKeyStorePassword("pkcs12password") .sslTrustStoreType(SslKeyStoreType.JKS).sslRequireClientCert(true) .sslTrustStorePath(ETC_SECURITY + "/server_truststore.jks").sslTrustStorePassword("truststorepassword") .sslRequireClientCert(true).build(); List<Connector> connectors = Arrays.asList(server.getConnectors()); assertThat(server.getConnectors().length, is(1)); // should have a server connector on port 8443 ServerConnector connector = (ServerConnector) connectors.get(0); assertThat(connector.getPort(), is(8443)); // should have a https connection factory SslConnectionFactory httpsConnectionFactory = connector.getConnectionFactory(SslConnectionFactory.class); assertThat(httpsConnectionFactory, is(notNullValue())); SslContextFactory sslContextFactory = httpsConnectionFactory.getSslContextFactory(); // should require client cert authentication assertThat(sslContextFactory.getNeedClientAuth(), is(true)); }
public void setupSslServer(int port, SslContextFactory sslContextFactory) { if (_server != null && port > 0) { try { HttpConfiguration https = new HttpConfiguration(); https.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector( _server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https)); sslConnector.setPort(port); _server.addConnector(sslConnector); LOG.info("Helix SSL rest server is ready to start."); } catch (Exception ex) { LOG.error("Failed to setup Helix SSL rest server, " + ex); } } }
@Override public void startSSL(String keyStoreLocation, String keyStorePassword) throws Exception { Server server = new Server(); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(keyStoreLocation); sslContextFactory.setKeyStorePassword(keyStorePassword); ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); https.setHost(host); https.setPort(port); server.setConnectors(new Connector[]{https}); configureContextHandler(server); startServer(server); }
private ServerConnector createSSLConnector() { SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(m_keystore); sslContextFactory.setKeyStorePassword(m_keystorepassword); sslContextFactory.setTrustStorePath(m_truststore); sslContextFactory.setTrustStorePassword(m_truststorepassword); sslContextFactory.setNeedClientAuth(m_clientauthentication); sslContextFactory.setIncludeCipherSuites(m_tls_cipher_suites); HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); SslConnectionFactory sslConnFactory = new SslConnectionFactory(sslContextFactory, "http/1.1"); HttpConnectionFactory httpConnFactory = new HttpConnectionFactory(https_config); ServerConnector sslConnector = new ServerConnector(m_jettyServer, sslConnFactory, httpConnFactory); return sslConnector; }
private ServerConnector createServerConnectorForHTTPS(final Server server, final HttpConfiguration httpConfigurationForHTTPS) { final SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(getKeyStoreFile().getPath()); sslContextFactory.setKeyStorePassword(KEY_STORE_PASSWORD_STRING); sslContextFactory.setKeyManagerPassword(KEY_PASSWORD_STRING); sslContextFactory.setTrustStorePath(getKeyStoreFile().getPath()); sslContextFactory.setTrustStorePassword(KEY_STORE_PASSWORD_STRING); sslContextFactory.setExcludeCipherSuites( // TODO make this configurable! // "SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", // "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", // Using wildcards instead. This should be much safer: ".*RC4.*", ".*DES.*"); // sslContextFactory.setCertAlias(CERTIFICATE_ALIAS); // Jetty uses our certificate. We put only one single cert into the key store. Hence, we don't need this. final ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpConfigurationForHTTPS)); sslConnector.setPort(getSecurePort()); // sslConnector.setIdleTimeout(300*1000); // sslConnector.setStopTimeout(30*1000); // sslConnector.setSoLingerTime(10); return sslConnector; }
private Integer getPort(Scheme scheme) { for (Connector connector : server.getConnectors()) { if (connector instanceof ServerConnector) { ServerConnector serverConnector = (ServerConnector) connector; Collection<ConnectionFactory> connectionFactories = serverConnector.getConnectionFactories(); for (ConnectionFactory connectionFactory : connectionFactories) { Class<? extends AbstractConnectionFactory> connectorClass; switch (scheme) { case HTTP: connectorClass = HttpConnectionFactory.class; break; case HTTPS: connectorClass = SslConnectionFactory.class; break; default: throw new UnsupportedOperationException("No such scheme."); } if (connectorClass.isAssignableFrom(connectionFactory.getClass())) { return serverConnector.getLocalPort(); } } } } return null; }
private SslConnectionFactory getSSLConnectionFactory() { Resource keyStoreResource = null; try { keyStoreResource = Resource.newClassPathResource("localhost"); System.out.println(keyStoreResource); } catch (Exception ex) { Logger.getLogger(EventServer.class.getName()).log(Level.SEVERE, null, ex); } SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStoreResource(keyStoreResource); sslContextFactory.setKeyStorePassword(keyStorePassword); sslContextFactory.setKeyManagerPassword(keyManagerPassword); return new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()); }
private ServerConnector getServerConnector() { SslConnectionFactory sslConnectionFactory = getSSLConnectionFactory(); HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(new HttpConfiguration()); ServerConnector connector = new ServerConnector(server, sslConnectionFactory, httpConnectionFactory); connector.setPort(port); return connector; }
/** * Create an HTTPS connector for given jetty server instance. If the config has specified keystore/truststore settings * they will be used else a self-signed certificate is generated and used. * * @param hostName * @param config {@link DremioConfig} containing SSL related settings if any. * @param embeddedJetty Jetty server instance needed for creating a ServerConnector. * * @return Initialized {@link ServerConnector} for HTTPS connections and the trust store. Trust store is non-null only * when in case of auto generated self-signed certificate. * @throws Exception */ public Pair<ServerConnector, KeyStore> createHttpsConnector(final Server embeddedJetty, final DremioConfig config, final String hostName, final String... alternativeNames) throws Exception { logger.info("Setting up HTTPS connector for web server"); final SslContextFactory sslContextFactory = new SslContextFactory(); Pair<KeyStore, String> keyStore = getKeyStore(config, hostName, alternativeNames); KeyStore trustStore = getTrustStore(config); sslContextFactory.setKeyStore(keyStore.getLeft()); // Assuming that the keystore and the keymanager passwords are the same // based on JSSE examples... sslContextFactory.setKeyManagerPassword(keyStore.getRight()); sslContextFactory.setTrustStore(trustStore); // Disable ciphers, protocols and other that are considered weak/vulnerable sslContextFactory.setExcludeCipherSuites( "TLS_DHE.*", "TLS_EDH.*" // TODO: there are few other ciphers that Chrome complains about being obsolete. Research more about them and // include here. ); sslContextFactory.setExcludeProtocols("SSLv3"); sslContextFactory.setRenegotiationAllowed(false); // SSL Connector final ServerConnector sslConnector = new ServerConnector(embeddedJetty, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(new HttpConfiguration())); return Pair.of(sslConnector, trustStore); }
private ServerConnector httpsConnector(HttpConfiguration httpConfig) { // === jetty-https.xml === // SSL Context Factory SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(CONFIG.getJetty().getKeyStorePath()); sslContextFactory.setKeyStorePassword(CONFIG.getJetty().getKeyStorePassword()); sslContextFactory.setKeyManagerPassword(CONFIG.getJetty().getKeyStorePassword()); sslContextFactory.setExcludeCipherSuites( "SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); // SSL HTTP Configuration HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); // SSL Connector ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); https.setHost(CONFIG.getJetty().getServerHost()); https.setPort(CONFIG.getJetty().getHttpsPort()); https.setIdleTimeout(IDLE_TIMEOUT); return https; }
@Override public ServerConnector getConnector(Server server, SslContextFactory sslContextFactory, int port) { HttpConfiguration config = new HttpConfiguration(); config.addCustomizer(new SecureRequestCustomizer()); HttpConnectionFactory connectionFactory = new HttpConnectionFactory(config); SslConnectionFactory sslConnectionFactory = new SslConnectionFactory( sslContextFactory, HttpVersion.HTTP_1_1.asString()); ServerConnector serverConnector = new ServerConnector(server, sslConnectionFactory, connectionFactory); serverConnector.setPort(port); return serverConnector; }
private Server createServer(URI endpointURI, boolean needClientAuth) { if ("ws".equals(endpointURI.getScheme())) { return new Server(endpointURI.getPort()); } else if ("wss".equals(endpointURI.getScheme())) { // see http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/ManyConnectors.java // http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java Server server = new Server(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(getStorePath("serverKeyStore.jks")); sslContextFactory.setKeyStorePassword("passw0rd"); sslContextFactory.setKeyManagerPassword("passw0rd"); sslContextFactory.setCertAlias("default"); sslContextFactory.setNeedClientAuth(needClientAuth); sslContextFactory.setTrustStorePath(getStorePath("serverTrustStore.jks")); sslContextFactory.setTrustStorePassword("passw0rd"); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector https= new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); https.setPort(endpointURI.getPort()); server.addConnector(https); return server; } else throw new IllegalArgumentException("unrecognized uri: "+endpointURI); }
private SslConnectionFactory newSslConnectionFactory() { Ssl sslConfig = connectorConfig.ssl(); SslContextFactory factory = new JDiscSslContextFactory(); sslKeyStoreConfigurator.configure(new DefaultSslKeyStoreContext(factory)); sslTrustStoreConfigurator.configure(new DefaultSslTrustStoreContext(factory)); switch (sslConfig.clientAuth()) { case NEED_AUTH: factory.setNeedClientAuth(true); break; case WANT_AUTH: factory.setWantClientAuth(true); break; } if (!sslConfig.prng().isEmpty()) { factory.setSecureRandomAlgorithm(sslConfig.prng()); } setStringArrayParameter( factory, sslConfig.excludeProtocol(), ExcludeProtocol::name, SslContextFactory::setExcludeProtocols); setStringArrayParameter( factory, sslConfig.includeProtocol(), IncludeProtocol::name, SslContextFactory::setIncludeProtocols); setStringArrayParameter( factory, sslConfig.excludeCipherSuite(), ExcludeCipherSuite::name, SslContextFactory::setExcludeCipherSuites); setStringArrayParameter( factory, sslConfig.includeCipherSuite(), IncludeCipherSuite::name, SslContextFactory::setIncludeCipherSuites); factory.setKeyManagerFactoryAlgorithm(sslConfig.sslKeyManagerFactoryAlgorithm()); factory.setProtocol(sslConfig.protocol()); return new SslConnectionFactory(factory, HttpVersion.HTTP_1_1.asString()); }
private void setupConnectors() { Configuration conf = Configuration.getInstance(); HttpConfiguration http = new HttpConfiguration(); http.addCustomizer(new SecureRequestCustomizer()); http.setSecureScheme("https"); ServerConnector connector = new ServerConnector(server); connector.addConnectionFactory(new HttpConnectionFactory(http)); connector.setPort(port); if(conf.getPropertyAsBoolean("ui.ssl.enabled", false)) { int httpsPort = conf.getPropertyAsInteger("ui.ssl.port", 443); http.setSecurePort(httpsPort); HttpConfiguration https = new HttpConfiguration(); https.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(conf.getProperty("ui.ssl.keystore.path")); sslContextFactory.setKeyStorePassword(conf.getProperty("ui.ssl.keystore.password")); sslContextFactory.setKeyManagerPassword(conf.getProperty("ui.ssl.keymanager.password")); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https)); sslConnector.setPort(httpsPort); server.addConnector(sslConnector); } server.addConnector(connector); }
public void run() { try { QueuedThreadPool threadPool = new QueuedThreadPool(); threadPool.setMaxThreads(16); Server server = new Server(threadPool); ServletContextHandler handler = new ServletContextHandler(); handler.setContextPath(""); ResourceConfig config = new ResourceConfig(InstanceProviderResources.class).register(new Binder()); handler.addServlet(new ServletHolder(new ServletContainer(config)), "/*"); server.setHandler(handler); // SSL Context Factory SslContextFactory sslContextFactory = createSSLContextObject(); // SSL HTTP Configuration HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.setSecureScheme("https"); httpConfig.setSecurePort(10043); HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); // SSL Connector ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); sslConnector.setPort(10043); server.addConnector(sslConnector); server.start(); server.join(); } catch (Exception e) { System.err.println("*** " + e); } }
@Override protected Connector getConnector() throws Exception { SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setSslContext(defineSSLContextServerParameters().createSSLContext(camelContext)); ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, null)); return https; }
private SslConnectionFactory prepareSsl(ALPNServerConnectionFactory alpn) { SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath( Application.class.getResource("/keystore").toExternalForm()); sslContextFactory.setKeyStorePassword("changeit"); sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR); sslContextFactory.setUseCipherSuitesOrder(true); SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol()); return ssl; }
@Override protected ServerConnector buildConnector( Server server, HttpConfiguration httpConfig ) { SslConnectionFactory sslConnFactory = new SslConnectionFactory(); configureSsl( sslConnFactory, configuration.get() ); return new ServerConnector( server, sslConnFactory, new HttpConnectionFactory( httpConfig ) ); }
protected SslConnectionFactory buildSslConnectorFactory(HttpConfiguration httpConfig) { Objects.requireNonNull(keyStore, "'keyStore' must be specified"); SslContextFactory contextFactory = new SslContextFactory(); URL keystoreUrl = keyStore.getUrl(); contextFactory.setKeyStoreResource(new URLResource(keystoreUrl, null) { }); contextFactory.setKeyStorePassword(keyStorePassword); contextFactory.setCertAlias(certificateAlias); return new SslConnectionFactory(contextFactory, HttpVersion.HTTP_1_1.asString()); }
private Connector makeSslConnector(String keyStoreAlias, String keyStorePassword, String keyStorePath, int port) { HttpConfiguration httpConfig = buildHttpConfiguration(port); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setCertAlias(keyStoreAlias); if (keyStorePath != null) { sslContextFactory.setKeyStorePath(keyStorePath); } if (keyStorePassword != null) { sslContextFactory.setKeyStorePassword(keyStorePassword); } sslContextFactory.setExcludeCipherSuites("SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); // SSL HTTP Configuration HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); // SSL Connector ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); sslConnector.setPort(port); sslConnector.setIdleTimeout(30000); // Config return sslConnector; }
