public static SSLContext createSslContext(boolean allowInsecureConnection, Certificate[] trustCertificates) throws GeneralSecurityException { return createSslContext(allowInsecureConnection, trustCertificates, (Certificate[]) null, (PrivateKey) null); }
public static SSLContext createSslContext(boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath) throws GeneralSecurityException { X509Certificate[] trustCertificates = loadCertificatesFromPemFile(trustCertsFilePath); X509Certificate[] certificates = loadCertificatesFromPemFile(certFilePath); PrivateKey privateKey = loadPrivateKeyFromPemFile(keyFilePath); return createSslContext(allowInsecureConnection, trustCertificates, certificates, privateKey); }
public ServerManager(ServiceConfig config) { this.webServiceExecutor = Executors.newFixedThreadPool(32, new DefaultThreadFactory("pulsar-external-web")); this.server = new Server(new ExecutorThreadPool(webServiceExecutor)); this.externalServicePort = config.getWebServicePort(); List<ServerConnector> connectors = Lists.newArrayList(); ServerConnector connector = new ServerConnector(server, 1, 1); connector.setPort(externalServicePort); connectors.add(connector); if (config.isTlsEnabled()) { SslContextFactory sslCtxFactory = new SslContextFactory(); try { SSLContext sslCtx = SecurityUtility.createSslContext(false, null, config.getTlsCertificateFilePath(), config.getTlsKeyFilePath()); sslCtxFactory.setSslContext(sslCtx); } catch (GeneralSecurityException e) { throw new RestException(e); } sslCtxFactory.setWantClientAuth(false); ServerConnector tlsConnector = new ServerConnector(server, 1, 1, sslCtxFactory); tlsConnector.setPort(config.getWebServicePortTls()); connectors.add(tlsConnector); } // Limit number of concurrent HTTP connections to avoid getting out of file descriptors connectors.stream().forEach(c -> c.setAcceptQueueSize(1024 / connectors.size())); server.setConnectors(connectors.toArray(new ServerConnector[connectors.size()])); }
SecurityUtility.createSslContext( pulsar.getConfiguration().isTlsAllowInsecureConnection(), pulsar.getConfiguration().getTlsTrustCertsFilePath(),
sslCtx = SecurityUtility.createSslContext(pulsarConfig.isTlsAllowInsecureConnection(), trustCertificates, authData.getTlsCertificates(), authData.getTlsPrivateKey()); } else { sslCtx = SecurityUtility.createSslContext(pulsarConfig.isTlsAllowInsecureConnection(), trustCertificates);