/** * Configures ssl connector * * @return */ Connector createSslConnector() { log.info("About to start ssl connector at port {} with {} keystoreFile", tlsPort, keystoreFile); final String absoluteKeystoreFile = new File(keystoreFile).getAbsolutePath(); Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); connector.setPort(tlsPort); connector.setSecure(true); connector.setScheme("https"); Http11NioProtocol proto = (Http11NioProtocol) connector.getProtocolHandler(); proto.setSSLEnabled(true); proto.setKeystoreFile(absoluteKeystoreFile); proto.setKeystorePass(keystorePass); proto.setKeystoreType("PKCS12"); proto.setSslProtocol("TLSv1.2"); proto.setKeyAlias("tomcat"); return connector; }
@Override protected String getNamePrefix() { if (isSSLEnabled()) { return "https-" + getSslImplementationShortName()+ "-nio"; } else { return "http-nio"; } } }
public Http11NioProtocol() { cHandler = new Http11ConnectionHandler( this ); setSoLinger(Constants.DEFAULT_CONNECTION_LINGER); setSoTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT); //setServerSoTimeout(Constants.DEFAULT_SERVER_SOCKET_TIMEOUT); setTcpNoDelay(Constants.DEFAULT_TCP_NO_DELAY); }
/** * Create a new instance of {@code Http11NioProtocol} */ public Http11NioProtocol() { setSoLinger(Constants.DEFAULT_CONNECTION_LINGER); setSoTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT); setTcpNoDelay(Constants.DEFAULT_TCP_NO_DELAY); setKeepAliveTimeout(Constants.DEFAULT_KEEP_ALIVE_TIMEOUT); }
private Connector createSslConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler(); try { File keystore = new ClassPathResource(keystorePath).getFile(); connector.setScheme(HTTPS_SCHEME); connector.setSecure(true); connector.setPort(Integer.parseInt(httpsPort)); protocol.setSSLEnabled(true); protocol.setKeystoreFile(keystore.getAbsolutePath()); protocol.setKeystorePass(keystorePasswd); protocol.setTruststoreFile(keystore.getAbsolutePath()); protocol.setTruststorePass(truststorePasswd); protocol.setKeyAlias(keyAlias); return connector; } catch (IOException ex) { throw new IllegalStateException("cant access keystore: [" + "keystore" + "] or truststore: [" + "keystore" + "]", ex); } } }
@Override public void resume() throws Exception { try { endpoint.resume(); } catch (Exception ex) { CoyoteLogger.HTTP_NIO_LOGGER.errorResumingEndpoint(ex); throw ex; } CoyoteLogger.HTTP_NIO_LOGGER.resumeHttpConnector(getName()); }
public Http11NioProtocol() { endpoint=new NioEndpoint(); cHandler = new Http11ConnectionHandler(this); ((NioEndpoint) endpoint).setHandler(cHandler); setSoLinger(Constants.DEFAULT_CONNECTION_LINGER); setSoTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT); setTcpNoDelay(Constants.DEFAULT_TCP_NO_DELAY); setProcessorCache(200); }
public void setKeystore(String s) { setKeystoreFile(s);} public String getKeystore(){ return getKeystoreFile();}
public void setKeypass(String s) { setKeystorePass(s);} public String getKeypass() { return getKeystorePass();}
@Bean public EmbeddedServletContainerFactory servletContainer() { TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory(); tomcat.addConnectorCustomizers((TomcatConnectorCustomizer) connector -> { connector.setScheme("https"); connector.setPort(cfg.getPort()); Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler(); protocol.setSSLEnabled(true); protocol.setSSLCertificateKeyFile(cfg.getKey()); protocol.setSSLCertificateFile(cfg.getCert()); cfg.getChain().ifPresent(protocol::setSSLCertificateChainFile); }); return tomcat; }
@Override public void init() throws Exception { endpoint.setName(getName()); endpoint.setHandler(cHandler); if (isSSLEnabled()) { sslImplementation = new NioJSSEImplementation(); CoyoteLogger.HTTP_NIO_LOGGER.initHttpConnector(getName());
public void register(Http11NioProcessor processor) { if (proto.getDomain() != null) { synchronized (this) { try { registerCount.addAndGet(1); if (log.isDebugEnabled()) log.debug("Register ["+processor+"] count="+registerCount.get()); RequestInfo rp = processor.getRequest().getRequestProcessor(); rp.setGlobalProcessor(global); ObjectName rpName = new ObjectName (proto.getDomain() + ":type=RequestProcessor,worker=" + proto.getName() + ",name=HttpRequest" + count++); Registry.getRegistry(null, null).registerComponent(rp, rpName, null); rp.setRpName(rpName); } catch (Exception e) { log.warn("Error registering request"); } } } }
/** Start the protocol */ public void init() throws Exception { ep.setName(getName()); ep.setHandler(cHandler); //todo, determine if we even need these ep.getSocketProperties().setRxBufSize(Math.max(ep.getSocketProperties().getRxBufSize(),getMaxHttpHeaderSize())); ep.getSocketProperties().setTxBufSize(Math.max(ep.getSocketProperties().getTxBufSize(),getMaxHttpHeaderSize())); try { ep.init(); sslImplementation = new JSSEImplementation(); } catch (Exception ex) { log.error(sm.getString("http11protocol.endpoint.initerror"), ex); throw ex; } if(log.isInfoEnabled()) log.info(sm.getString("http11protocol.init", getName())); }
@Override protected void initSsl(SocketWrapper<NioChannel> socket, Http11NioProcessor processor) { if (proto.isSSLEnabled() && (proto.sslImplementation != null) && (socket.getSocket() instanceof SecureNioChannel)) { SecureNioChannel ch = (SecureNioChannel)socket.getSocket(); processor.setSslSupport( proto.sslImplementation.getSSLSupport( ch.getSslEngine().getSession())); } else { processor.setSslSupport(null); } }
@Override public void start() throws Exception { if (org.apache.tomcat.util.Constants.ENABLE_MODELER) { if (this.domain != null) { try { tpOname = new ObjectName(domain + ":" + "type=ThreadPool,name=" + getJmxName()); Registry.getRegistry(null, null).registerComponent(endpoint, tpOname, null); } catch (Exception e) { CoyoteLogger.HTTP_NIO_LOGGER.errorRegisteringPool(e); } rgOname = new ObjectName(domain + ":type=GlobalRequestProcessor,name=" + getJmxName()); Registry.getRegistry(null, null).registerComponent(cHandler.global, rgOname, null); } } try { endpoint.start(); } catch (Exception ex) { CoyoteLogger.HTTP_NIO_LOGGER.errorStartingEndpoint(ex); throw ex; } CoyoteLogger.HTTP_NIO_LOGGER.startHttpConnector(getName()); }
public void setKeytype(String s ) { setKeystoreType(s);}
private Connector createSslConnector() { Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler(); try { connector.setScheme("https"); connector.setSecure(true); connector.setPort(tlsPort); File keystore = getKeyStoreFile(); File truststore = keystore; protocol.setSSLEnabled(true); protocol.setKeystoreFile(keystore.getAbsolutePath()); protocol.setKeystorePass(sslKeystorePassword); protocol.setTruststoreFile(truststore.getAbsolutePath()); protocol.setTruststorePass(sslKeystorePassword); protocol.setKeyAlias(sslKeystoreAlias); return connector; } catch (IOException ex) { throw new IllegalStateException( "can't access keystore: [" + "keystore" + "] or truststore: [" + "keystore" + "]", ex); } }
public void start() throws Exception { if( this.domain != null ) { try { tpOname=new ObjectName (domain + ":" + "type=ThreadPool,name=" + getName()); Registry.getRegistry(null, null) .registerComponent(ep, tpOname, null ); } catch (Exception e) { log.error("Can't register threadpool" ); } rgOname=new ObjectName (domain + ":type=GlobalRequestProcessor,name=" + getName()); Registry.getRegistry(null, null).registerComponent ( cHandler.global, rgOname, null ); } try { ep.start(); } catch (Exception ex) { log.error(sm.getString("http11protocol.endpoint.starterror"), ex); throw ex; } if(log.isInfoEnabled()) log.info(sm.getString("http11protocol.start", getName())); }
public void register(Http11NioProcessor processor) { if (proto.getDomain() != null) { synchronized (this) { try { rp.setGlobalProcessor(global); final ObjectName rpName = new ObjectName (proto.getDomain() + ":type=RequestProcessor,worker=" + proto.getName() + ",name=HttpRequest" + count++); if (Constants.IS_SECURITY_ENABLED) { AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override protected void initSsl(SocketWrapper<NioChannel> socket, Processor<NioChannel> processor) { if (proto.isSSLEnabled() && (proto.sslImplementation != null) && (socket.getSocket() instanceof SecureNioChannel)) { SecureNioChannel ch = (SecureNioChannel)socket.getSocket(); processor.setSslSupport( proto.sslImplementation.getSSLSupport( ch.getSslEngine().getSession())); } else { processor.setSslSupport(null); } }