protected String getScheme(@Nullable Ssl ssl) { return ssl != null && ssl.isEnabled() ? "https" : "http"; }
protected SslContextBuilder getContextBuilder() { SslContextBuilder builder = SslContextBuilder .forServer(getKeyManagerFactory(this.ssl, this.sslStoreProvider)) .trustManager(getTrustManagerFactory(this.ssl, this.sslStoreProvider)); if (this.ssl.getEnabledProtocols() != null) { builder.protocols(this.ssl.getEnabledProtocols()); } if (this.ssl.getCiphers() != null) { builder.ciphers(Arrays.asList(this.ssl.getCiphers())); } if (this.ssl.getClientAuth() == Ssl.ClientAuth.NEED) { builder.clientAuth(ClientAuth.REQUIRE); } else if (this.ssl.getClientAuth() == Ssl.ClientAuth.WANT) { builder.clientAuth(ClientAuth.OPTIONAL); } return builder; }
private static KeyManagerFactory getKeyManagerFactory( Ssl ssl, @Nullable SslStoreProvider sslStoreProvider) throws Exception { final KeyStore store; if (sslStoreProvider != null) { store = sslStoreProvider.getKeyStore(); } else { store = loadKeyStore(ssl.getKeyStoreType(), ssl.getKeyStore(), ssl.getKeyStorePassword()); } final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); String keyPassword = ssl.getKeyPassword(); if (keyPassword == null) { keyPassword = ssl.getKeyStorePassword(); } keyManagerFactory.init(store, keyPassword != null ? keyPassword.toCharArray() : null); return keyManagerFactory; }
private void configureSslPasswords(SslContextFactory factory, Ssl ssl) { if (ssl.getKeyStorePassword() != null) { factory.setKeyStorePassword(ssl.getKeyStorePassword()); } if (ssl.getKeyPassword() != null) { factory.setKeyManagerPassword(ssl.getKeyPassword()); } }
private KeyStore getTrustStore(Ssl ssl, SslStoreProvider sslStoreProvider) throws Exception { if (sslStoreProvider != null) { return sslStoreProvider.getTrustStore(); } return loadKeyStore(ssl.getTrustStoreType(), ssl.getTrustStoreProvider(), ssl.getTrustStore(), ssl.getTrustStorePassword()); }
private KeyStore getKeyStore(Ssl ssl, SslStoreProvider sslStoreProvider) throws Exception { if (sslStoreProvider != null) { return sslStoreProvider.getKeyStore(); } return loadKeyStore(ssl.getKeyStoreType(), ssl.getKeyStoreProvider(), ssl.getKeyStore(), ssl.getKeyStorePassword()); }
ksp.setResource(resourceName(sslConfig.getKeyStore())); ksp.setPassword(sslConfig.getKeyStorePassword()); ksp.setProvider(sslConfig.getKeyStoreProvider()); ksp.setType(sslConfig.getKeyStoreType()); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyStore(ksp); kmp.setKeyPassword(sslConfig.getKeyPassword()); tsp.setResource(resourceName(sslConfig.getTrustStore())); tsp.setPassword(sslConfig.getTrustStorePassword()); tsp.setProvider(sslConfig.getTrustStoreProvider()); tsp.setType(sslConfig.getTrustStoreType()); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(tsp); if (sslConfig.getClientAuth() == Ssl.ClientAuth.WANT) { scsp.setClientAuthentication(ClientAuthentication.WANT.name()); } else if (sslConfig.getClientAuth() == Ssl.ClientAuth.NEED) { scsp.setClientAuthentication(ClientAuthentication.REQUIRE.name()); sspp.setSecureSocketProtocol(Arrays.asList(sslConfig.getEnabledProtocols())); scsp.setSecureSocketProtocols(sspp); CipherSuitesParameters csp = new CipherSuitesParameters(); csp.setCipherSuite(Arrays.asList(sslConfig.getCiphers())); scsp.setCipherSuites(csp); scp.setCertAlias(sslConfig.getKeyAlias()); scp.setKeyManagers(kmp); scp.setTrustManagers(tmp);
try { if (sslStoreProvider == null && ssl.getKeyStore() == null && ssl.getTrustStore() == null) { logger.warn("Configuring TLS with a self-signed certificate " + "because no key or trust store was specified"); .trustManager(getTrustManagerFactory(ssl, sslStoreProvider)); final String[] enabledProtocols = ssl.getEnabledProtocols(); if (enabledProtocols != null) { sslBuilder.protocols(enabledProtocols.clone()); final String[] ciphers = ssl.getCiphers(); if (ciphers != null) { sslBuilder.ciphers(ImmutableList.copyOf(ciphers)); final ClientAuth clientAuth = ssl.getClientAuth(); if (clientAuth != null) { switch (clientAuth) {
SslStoreProvider sslStoreProvider) { protocol.setSSLEnabled(true); protocol.setSslProtocol(ssl.getProtocol()); configureSslClientAuth(protocol, ssl); protocol.setKeystorePass(ssl.getKeyStorePassword()); protocol.setKeyPass(ssl.getKeyPassword()); protocol.setKeyAlias(ssl.getKeyAlias()); String ciphers = StringUtils.arrayToCommaDelimitedString(ssl.getCiphers()); if (StringUtils.hasText(ciphers)) { protocol.setCiphers(ciphers); if (ssl.getEnabledProtocols() != null) { for (SSLHostConfig sslHostConfig : protocol.findSslHostConfigs()) { sslHostConfig.setProtocols(StringUtils .arrayToCommaDelimitedString(ssl.getEnabledProtocols()));
private static TrustManagerFactory getTrustManagerFactory( Ssl ssl, @Nullable SslStoreProvider sslStoreProvider) throws Exception { final KeyStore store; if (sslStoreProvider != null) { store = sslStoreProvider.getTrustStore(); } else { store = loadKeyStore(ssl.getTrustStoreType(), ssl.getTrustStore(), ssl.getTrustStorePassword()); } final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(store); return trustManagerFactory; }
private void configureSslKeyStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) { try { protocol.setKeystoreFile(ResourceUtils.getURL(ssl.getKeyStore()).toString()); } catch (FileNotFoundException ex) { throw new WebServerException("Could not load key store: " + ex.getMessage(), ex); } if (ssl.getKeyStoreType() != null) { protocol.setKeystoreType(ssl.getKeyStoreType()); } if (ssl.getKeyStoreProvider() != null) { protocol.setKeystoreProvider(ssl.getKeyStoreProvider()); } }
private KeyManager[] getKeyManagers(Ssl ssl, SslStoreProvider sslStoreProvider) { try { KeyStore keyStore = getKeyStore(ssl, sslStoreProvider); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); char[] keyPassword = (ssl.getKeyPassword() != null) ? ssl.getKeyPassword().toCharArray() : null; if (keyPassword == null && ssl.getKeyStorePassword() != null) { keyPassword = ssl.getKeyStorePassword().toCharArray(); } keyManagerFactory.init(keyStore, keyPassword); if (ssl.getKeyAlias() != null) { return getConfigurableAliasKeyManagers(ssl, keyManagerFactory.getKeyManagers()); } return keyManagerFactory.getKeyManagers(); } catch (Exception ex) { throw new IllegalStateException(ex); } }
factory.setProtocol(ssl.getProtocol()); configureSslClientAuth(factory, ssl); configureSslPasswords(factory, ssl); factory.setCertAlias(ssl.getKeyAlias()); if (!ObjectUtils.isEmpty(ssl.getCiphers())) { factory.setIncludeCipherSuites(ssl.getCiphers()); factory.setExcludeCipherSuites(); if (ssl.getEnabledProtocols() != null) { factory.setIncludeProtocols(ssl.getEnabledProtocols());
@Override public void customize(Undertow.Builder builder) { try { SSLContext sslContext = SSLContext.getInstance(this.ssl.getProtocol()); sslContext.init(getKeyManagers(this.ssl, this.sslStoreProvider), getTrustManagers(this.ssl, this.sslStoreProvider), null); builder.addHttpsListener(this.port, getListenAddress(), sslContext); builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE, getSslClientAuthMode(this.ssl)); if (this.ssl.getEnabledProtocols() != null) { builder.setSocketOption(Options.SSL_ENABLED_PROTOCOLS, Sequence.of(this.ssl.getEnabledProtocols())); } if (this.ssl.getCiphers() != null) { builder.setSocketOption(Options.SSL_ENABLED_CIPHER_SUITES, Sequence.of(this.ssl.getCiphers())); } } catch (NoSuchAlgorithmException | KeyManagementException ex) { throw new IllegalStateException(ex); } }
private SslClientAuthMode getSslClientAuthMode(Ssl ssl) { if (ssl.getClientAuth() == Ssl.ClientAuth.NEED) { return SslClientAuthMode.REQUIRED; } if (ssl.getClientAuth() == Ssl.ClientAuth.WANT) { return SslClientAuthMode.REQUESTED; } return SslClientAuthMode.NOT_REQUESTED; }
private KeyStore getTrustStore(Ssl ssl, SslStoreProvider sslStoreProvider) throws Exception { if (sslStoreProvider != null) { return sslStoreProvider.getTrustStore(); } return loadKeyStore(ssl.getTrustStoreType(), ssl.getTrustStoreProvider(), ssl.getTrustStore(), ssl.getTrustStorePassword()); }
private KeyStore getKeyStore(Ssl ssl, SslStoreProvider sslStoreProvider) throws Exception { if (sslStoreProvider != null) { return sslStoreProvider.getKeyStore(); } return loadKeyStore(ssl.getKeyStoreType(), ssl.getKeyStoreProvider(), ssl.getKeyStore(), ssl.getKeyStorePassword()); }
private void configureSslKeyStore(SslContextFactory factory, Ssl ssl) { try { URL url = ResourceUtils.getURL(ssl.getKeyStore()); factory.setKeyStoreResource(Resource.newResource(url)); } catch (IOException ex) { throw new WebServerException( "Could not find key store '" + ssl.getKeyStore() + "'", ex); } if (ssl.getKeyStoreType() != null) { factory.setKeyStoreType(ssl.getKeyStoreType()); } if (ssl.getKeyStoreProvider() != null) { factory.setKeyStoreProvider(ssl.getKeyStoreProvider()); } }
protected KeyManagerFactory getKeyManagerFactory(Ssl ssl, SslStoreProvider sslStoreProvider) { try { KeyStore keyStore = getKeyStore(ssl, sslStoreProvider); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); char[] keyPassword = (ssl.getKeyPassword() != null) ? ssl.getKeyPassword().toCharArray() : null; if (keyPassword == null && ssl.getKeyStorePassword() != null) { keyPassword = ssl.getKeyStorePassword().toCharArray(); } keyManagerFactory.init(keyStore, keyPassword); return keyManagerFactory; } catch (Exception ex) { throw new IllegalStateException(ex); } }
private void configureSslClientAuth(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) { if (ssl.getClientAuth() == Ssl.ClientAuth.NEED) { protocol.setClientAuth(Boolean.TRUE.toString()); } else if (ssl.getClientAuth() == Ssl.ClientAuth.WANT) { protocol.setClientAuth("want"); } }