@Override public SslContextFactory getInstance(String containerId, int port) { ConnectorConfig.Ssl sslConfig = connectorConfig.ssl(); if (!sslConfig.enabled()) throw new IllegalStateException(); SslContextFactory factory = new JDiscSslContextFactory(); switch (sslConfig.clientAuth()) { case NEED_AUTH: factory.setNeedClientAuth(true); break; case WANT_AUTH: factory.setWantClientAuth(true); break; } // Check if using new ssl syntax from services.xml factory.setKeyStore(createKeystore(sslConfig)); factory.setKeyStorePassword(""); if (!sslConfig.caCertificateFile().isEmpty()) { factory.setTrustStore(createTruststore(sslConfig)); } factory.setProtocol("TLS"); return factory; }
private static void validateConfig(ConnectorConfig.Ssl config) { if (!config.enabled()) return; if (config.certificateFile().isEmpty()) { throw new IllegalArgumentException("Missing certificate file."); } if (config.privateKeyFile().isEmpty()) { throw new IllegalArgumentException("Missing private key file."); } }
new BooleanNode(true) : new BooleanNode(builder.tcpNoDelay); throttling = new Throttling(builder.throttling, throwIfUninitialized); ssl = new Ssl(builder.ssl, throwIfUninitialized);
public ServerConnector createConnector(final Metric metric, final Server server, final ServerSocketChannel ch) { ServerConnector connector; if (connectorConfig.ssl().enabled()) { connector = new JDiscServerConnector(connectorConfig, metric, server, ch, newSslConnectionFactory(), newHttpConnectionFactory()); } else { connector = new JDiscServerConnector(connectorConfig, metric, server, ch, newHttpConnectionFactory()); } connector.setPort(connectorConfig.listenPort()); connector.setName(connectorConfig.name()); connector.setAcceptQueueSize(connectorConfig.acceptQueueSize()); connector.setReuseAddress(connectorConfig.reuseAddress()); connector.setIdleTimeout((long)(connectorConfig.idleTimeout() * 1000.0)); connector.setStopTimeout((long)(connectorConfig.stopTimeout() * 1000.0)); return connector; }
private HttpConnectionFactory newHttpConnectionFactory() { HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.setSendDateHeader(true); httpConfig.setSendServerVersion(false); httpConfig.setSendXPoweredBy(false); httpConfig.setHeaderCacheSize(connectorConfig.headerCacheSize()); httpConfig.setOutputBufferSize(connectorConfig.outputBufferSize()); httpConfig.setRequestHeaderSize(connectorConfig.requestHeaderSize()); httpConfig.setResponseHeaderSize(connectorConfig.responseHeaderSize()); if (connectorConfig.ssl().enabled()) { httpConfig.addCustomizer(new SecureRequestCustomizer()); } return new HttpConnectionFactory(httpConfig); }
public Ssl build() { return new Ssl(this); }
private static KeyStore createKeystore(ConnectorConfig.Ssl sslConfig) { PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(readToString(sslConfig.privateKeyFile())); List<X509Certificate> certificates = X509CertificateUtils.certificateListFromPem(readToString(sslConfig.certificateFile())); return KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry("default", privateKey, certificates).build(); }
private static KeyStore createTruststore(ConnectorConfig.Ssl sslConfig) { List<X509Certificate> caCertificates = X509CertificateUtils.certificateListFromPem(readToString(sslConfig.caCertificateFile())); KeyStoreBuilder truststoreBuilder = KeyStoreBuilder.withType(KeyStoreType.JKS); for (int i = 0; i < caCertificates.size(); i++) { truststoreBuilder.withCertificateEntry("entry-" + i, caCertificates.get(i)); } return truststoreBuilder.build(); }
public Builder(Ssl config) { enabled(config.enabled()); privateKeyFile(config.privateKeyFile()); certificateFile(config.certificateFile()); caCertificateFile(config.caCertificateFile()); clientAuth(config.clientAuth()); }