Refine search
public SSLEngineConfigurator build(SSLProperties sslProperties) { SSLContextConfigurator sslContext = new SSLContextConfigurator(); sslContext.setKeyStoreFile(sslProperties.getKeyStoreFile()); // contains server keypair sslContext.setKeyStorePass(sslProperties.getKeyStorePass()); sslProperties.getTrustStoreFile().ifPresent(file->sslContext.setTrustStoreFile(file)); // contains client certificate sslProperties.getTrustStorePass().ifPresent(pass->sslContext.setTrustStorePass(pass)); sslProperties.getKeyStoreType().ifPresent(type->sslContext.setKeyStoreType(type)); sslProperties.getKeyStoreProvider().ifPresent(provider->sslContext.setKeyStoreProvider(provider)); sslProperties.getTrustStoreType().ifPresent(type->sslContext.setTrustStoreType(type)); sslProperties.getTrustStoreProvider().ifPresent(provider->sslContext.setTrustStoreProvider(provider)); SSLEngineConfigurator sslConf = new SSLEngineConfigurator(sslContext).setClientMode(false); sslProperties.getClientAuth().filter(auth-> auth.toLowerCase().equals("want")) .ifPresent(auth->sslConf.setWantClientAuth(true)); sslProperties.getClientAuth().filter(auth-> auth.toLowerCase().equals("need")) .ifPresent(auth->sslConf.setNeedClientAuth(true));
private SSLEngineConfigurator buildSslEngineConfigurator(Path certFile, Path keyFile, String keyPassword) throws GeneralSecurityException, IOException { if (keyFile == null || !Files.isRegularFile(keyFile) || !Files.isReadable(keyFile)) { throw new InvalidKeyException("Unreadable or missing private key: " + keyFile); } if (certFile == null || !Files.isRegularFile(certFile) || !Files.isReadable(certFile)) { throw new CertificateException("Unreadable or missing X.509 certificate: " + certFile); } final SSLContextConfigurator sslContextConfigurator = new SSLContextConfigurator(); final char[] password = firstNonNull(keyPassword, "").toCharArray(); final KeyStore keyStore = PemKeyStore.buildKeyStore(certFile, keyFile, password); sslContextConfigurator.setKeyStorePass(password); sslContextConfigurator.setKeyStoreBytes(KeyStoreUtils.getBytes(keyStore, password)); final SSLContext sslContext = sslContextConfigurator.createSSLContext(true); return new SSLEngineConfigurator(sslContext, false, false, false); }
/** * Start SSL-secured HTTP test server. * * @throws IOException in case there is an error while reading server key store or trust store. * @return an instance of the started SSL-secured HTTP test server. */ public static Server start() throws IOException { // Grizzly ssl configuration SSLContextConfigurator sslContext = new SSLContextConfigurator(); // set up security context sslContext.setKeyStoreFile(KEYSTORE_SERVER_FILE); // contains server keypair sslContext.setKeyStorePass(KEYSTORE_SERVER_PWD); sslContext.setTrustStoreFile(TRUSTORE_SERVER_FILE); // contains client certificate sslContext.setTrustStorePass(TRUSTORE_SERVER_PWD); ResourceConfig rc = new ResourceConfig(); rc.registerClasses(RootResource.class, SecurityFilter.class, AuthenticationExceptionMapper.class); final HttpServer grizzlyServer = GrizzlyHttpServerFactory.createHttpServer( getBaseURI(), rc, true, new SSLEngineConfigurator(sslContext).setClientMode(false).setNeedClientAuth(true) ); // start Grizzly embedded server // LOGGER.info("Jersey app started. Try out " + BASE_URI + "\nHit CTRL + C to stop it..."); grizzlyServer.start(); return new Server(grizzlyServer); }
/** * Initialize server side SSL configuration. * * @return server side {@link SSLEngineConfigurator}. */ private static SSLEngineConfigurator initializeSSL() { // Initialize SSLContext configuration SSLContextConfigurator sslContextConfig = new SSLContextConfigurator(); // Set key store ClassLoader cl = SSLEchoClient.class.getClassLoader(); URL cacertsUrl = cl.getResource("ssltest-cacerts.jks"); if (cacertsUrl != null) { sslContextConfig.setTrustStoreFile(cacertsUrl.getFile()); sslContextConfig.setTrustStorePass("changeit"); } // Set trust store URL keystoreUrl = cl.getResource("ssltest-keystore.jks"); if (keystoreUrl != null) { sslContextConfig.setKeyStoreFile(keystoreUrl.getFile()); sslContextConfig.setKeyStorePass("changeit"); } // Create SSLEngine configurator return new SSLEngineConfigurator(sslContextConfig.createSSLContext(), false, false, false); } }
public void startServer() throws TelegramApiRequestException { ResourceConfig rc = new ResourceConfig(); rc.register(restApi); rc.register(JacksonFeature.class); final HttpServer grizzlyServer; if (keystoreServerFile != null && keystoreServerPwd != null) { SSLContextConfigurator sslContext = new SSLContextConfigurator(); // set up security context sslContext.setKeyStoreFile(keystoreServerFile); // contains server keypair sslContext.setKeyStorePass(keystoreServerPwd); grizzlyServer = GrizzlyHttpServerFactory.createHttpServer(getBaseURI(), rc, true, new SSLEngineConfigurator(sslContext).setClientMode(false).setNeedClientAuth(false)); } else { grizzlyServer = GrizzlyHttpServerFactory.createHttpServer(getBaseURI(), rc); } try { grizzlyServer.start(); } catch (IOException e) { throw new TelegramApiRequestException("Error starting webhook server", e); } }
/** * Initialize server side SSL configuration. * * @return server side {@link SSLEngineConfigurator}. */ private static SSLEngineConfigurator createSslConfiguration() { // Initialize SSLContext configuration SSLContextConfigurator sslContextConfig = new SSLContextConfigurator(); ClassLoader cl = Server.class.getClassLoader(); // Set key store URL keystoreUrl = cl.getResource("ssltest-keystore.jks"); if (keystoreUrl != null) { sslContextConfig.setKeyStoreFile(keystoreUrl.getFile()); sslContextConfig.setKeyStorePass("changeit"); } // Create SSLEngine configurator return new SSLEngineConfigurator(sslContextConfig.createSSLContext(), false, false, false); }}
/** * Build <tt>SSLFilter</tt> with the given {@link SSLEngineConfigurator}. * * @param serverSSLEngineConfigurator SSLEngine configurator for server side connections * @param renegotiateOnClientAuthWant <tt>true</tt>, if SSLBaseFilter has to force client authentication * during re-handshake, in case the client didn't send its credentials * during the initial handshake in response to "wantClientAuth" flag. * In this case "needClientAuth" flag will be raised and re-handshake * will be initiated */ public SSLBaseFilter(SSLEngineConfigurator serverSSLEngineConfigurator, boolean renegotiateOnClientAuthWant) { this.renegotiateOnClientAuthWant = renegotiateOnClientAuthWant; this.serverSSLEngineConfigurator = ((serverSSLEngineConfigurator != null) ? serverSSLEngineConfigurator : new SSLEngineConfigurator( SSLContextConfigurator.DEFAULT_CONFIG.createSSLContext(true), false, false, false)); }
SSLContextConfigurator sslContext = new SSLContextConfigurator(); sslContext.setKeyStoreFile("path_to_my_keystore"); sslContext.setKeyStorePass("password"); sslContext.setTrustStoreFile("path_to_my_truststore"); sslContext.setTrustStorePass("password"); sslContext.setSecurityProtocol("TLSv1.2"); SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(sslContext); sslEngineConfigurator.setNeedClientAuth(true); sslEngineConfigurator.setWantClientAuth(true); sslEngineConfigurator.setEnabledCipherSuites(new String[]{"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA"}); sslEngineConfigurator.setClientMode(false); NetworkListener listener = new NetworkListener("grizzly_ssl", uri.getHost(), 8443);
@SuppressWarnings("squid:S2177") private SSLContextConfigurator getSslConfig() throws IOException { SSLContextConfigurator defaultConfig = SSLContextConfigurator.DEFAULT_CONFIG; if (!defaultConfig.validateConfiguration(true)) { String keystoreServer = createCertificateStore("keystore_server"); String truststoreServer = createCertificateStore("truststore_server"); defaultConfig.setKeyStoreFile(keystoreServer); defaultConfig.setKeyStorePass("secret"); defaultConfig.setTrustStoreFile(truststoreServer); defaultConfig.setTrustStorePass("secret"); } return defaultConfig; }
SSLContextConfigurator sslContextConfigurator = new SSLContextConfigurator(); // set up security context sslContextConfigurator.setKeyStoreFile(configuration.getKeystore()); // contains the server keypair sslContextConfigurator.setKeyStorePass(configuration.getKeystorePassword()); sslContextConfigurator.setKeyStoreType(configuration.getKeystoreType()); sslContextConfigurator.setKeyPass(configuration.getKeystoreKeypass()); sslContextConfigurator.setTrustStoreFile(configuration.getTruststore()); // contains the list of trusted certificates sslContextConfigurator.setTrustStorePass(configuration.getTruststorePassword()); sslContextConfigurator.setTrustStoreType(configuration.getTruststoreType()); if (!sslContextConfigurator.validateConfiguration(true)) throw new Exception("Invalid SSL configuration");
private ExtendedSSLEngineConfigurator getSSLEngineConfigurator(URI uri, Map<String, Object> properties) { Object configuratorObject = properties.get(ClientProperties.SSL_ENGINE_CONFIGURATOR); if (configuratorObject == null) { // if we are trying to access "wss" scheme and we don't have sslEngineConfigurator instance // we should try to create ssl connection using JVM properties. if ("wss".equalsIgnoreCase(uri.getScheme())) { final SSLContextConfigurator defaultConfig = new SSLContextConfigurator(); defaultConfig.retrieve(System.getProperties()); return new ExtendedSSLEngineConfigurator(defaultConfig.createSSLContext(), uri.getHost()); } else { return null; } } if (configuratorObject instanceof SSLEngineConfigurator) { return new ExtendedSSLEngineConfigurator((SSLEngineConfigurator) configuratorObject, uri.getHost()); } if (configuratorObject instanceof SslEngineConfigurator) { return new ExtendedSSLEngineConfigurator((SslEngineConfigurator) configuratorObject, uri.getHost()); } // if we have reached here the ssl engine configuration property is set, but is of incompatible type LOGGER.log(Level.CONFIG, String.format("Invalid type of configuration property of %s (%s), %s cannot be cast to %s or %s", ClientProperties.SSL_ENGINE_CONFIGURATOR, configuratorObject.toString(), configuratorObject.getClass().toString(), SSLEngineConfigurator.class.toString(), SslEngineConfigurator.class.toString())); return null; }
@Override public TyrusClientSocket openClientSocket(String url, ClientEndpointConfig cec, SPIEndpoint endpoint, SPIHandshakeListener listener, Map<String, Object> properties) throws DeploymentException { URI uri; try { uri = new URI(url); } catch (URISyntaxException e) { throw new DeploymentException("Invalid URI.", e); } SSLEngineConfigurator sslEngineConfigurator = (properties == null ? null : (SSLEngineConfigurator) properties.get(SSL_ENGINE_CONFIGURATOR)); // if we are trying to access "wss" scheme and we don't have sslEngineConfigurator instance // we should try to create ssl connection using JVM properties. if(uri.getScheme().equalsIgnoreCase("wss") && sslEngineConfigurator == null) { SSLContextConfigurator defaultConfig = new SSLContextConfigurator(); defaultConfig.retrieve(System.getProperties()); sslEngineConfigurator = new SSLEngineConfigurator(defaultConfig, true, false, false); } GrizzlyClientSocket clientSocket = new GrizzlyClientSocket(endpoint, uri, cec, CLIENT_SOCKET_TIMEOUT, listener, properties == null ? null : sslEngineConfigurator, properties == null ? null : (String) properties.get(GrizzlyClientSocket.PROXY_URI), properties == null ? null : (ThreadPoolConfig) properties.get(GrizzlyClientSocket.WORKER_THREAD_POOL_CONFIG), properties == null ? null : (ThreadPoolConfig) properties.get(GrizzlyClientSocket.SELECTOR_THREAD_POOL_CONFIG)); clientSocket.connect(); return clientSocket; } }
public SSLContext getSslContext() { if (sslContext == null) { synchronized(sync) { if (sslContext == null) { sslContext = sslContextConfiguration.createSSLContext(true); } } } return sslContext; }
static HttpServer startSecureServer() throws IOException { System.out.println("Starting server on port " + ConfigLoader.getHttpsServerPort()); ResourceConfig rc = new PackagesResourceConfig("com.kinpoint.server.grizzlyresources"); SSLContextConfigurator sslCon = new SSLContextConfigurator(); sslCon.setKeyStoreFile(ConfigLoader.getKeystoreLocation()); // contains server keypair sslCon.setKeyStorePass(ConfigLoader.getKeystorePassword()); HttpHandler hand = ContainerFactory.createContainer(HttpHandler.class, rc); HttpServer secure = GrizzlyServerFactory.createHttpServer(BASE_URI_SECURED, hand, true, new SSLEngineConfigurator(sslCon, false, false, false)); return secure; }
@Override public boolean validateConfiguration(boolean needsKeyStore) { return super.validateConfiguration(needsKeyStore); }
/** * Constructor that allows you creating empty configuration. * * @param readSystemProperties * If <code>true</code> populates configuration from * {@link System#getProperties()}, else you have empty * configuration. */ public SSLContextConfigurator(boolean readSystemProperties) { if (readSystemProperties) { retrieve(System.getProperties()); } }
client = ClientManager.createClient(); //System.getProperties().put("javax.net.debug", "all"); // Useful for debugging SSL interaction // The keystore in the next two lines is the same keystore you used for running the server, // likely in ${jetty.base}/etc/keystore System.getProperties().put(SSLContextConfigurator.KEY_STORE_FILE, "/tmp/keystore"); System.getProperties().put(SSLContextConfigurator.TRUST_STORE_FILE, "/tmp/keystore"); // The following two passwords are what you used for your self-signed cert System.getProperties().put(SSLContextConfigurator.KEY_STORE_PASSWORD, "HumanReadablePassword"); System.getProperties().put(SSLContextConfigurator.TRUST_STORE_PASSWORD, "HumanReadablePassword"); final SSLContextConfigurator defaultConfig = new SSLContextConfigurator(); defaultConfig.retrieve(System.getProperties()); // or setup SSLContextConfigurator using its API. SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(defaultConfig, true, false, false); client.getProperties().put(GrizzlyEngine.SSL_ENGINE_CONFIGURATOR, sslEngineConfigurator); client.connectToServer(sillyWebSocketClient , ClientEndpointConfig.Builder.create().build(), new URI("wss://localhost:8443/sillyWebSocketServer/echo")); System.out.println ("Connected .... ");
/** * Returns a new {@link SSLContextConfigurator} when invoked. * * <p>This method never returns {@code null}.</p> * * @return a new {@link SSLContextConfigurator}; never {@code null} */ @Produces @Dependent private static final SSLContextConfigurator produceSSLContextConfigurator() { return new SSLContextConfigurator(true /* yes, read System properties */); }
/** * Initialize server side SSL configuration. * * @return server side {@link SSLEngineConfigurator}. */ private static SSLEngineConfigurator initializeSSL() { // Initialize SSLContext configuration SSLContextConfigurator sslContextConfig = new SSLContextConfigurator(); // Set key store ClassLoader cl = SSLEchoServer.class.getClassLoader(); URL cacertsUrl = cl.getResource("ssltest-cacerts.jks"); if (cacertsUrl != null) { sslContextConfig.setTrustStoreFile(cacertsUrl.getFile()); sslContextConfig.setTrustStorePass("changeit"); } // Set trust store URL keystoreUrl = cl.getResource("ssltest-keystore.jks"); if (keystoreUrl != null) { sslContextConfig.setKeyStoreFile(keystoreUrl.getFile()); sslContextConfig.setKeyStorePass("changeit"); } // Create SSLEngine configurator return new SSLEngineConfigurator(sslContextConfig.createSSLContext(), false, false, false); } }