private SSLEngineConfigurator buildSslEngineConfigurator(Path certFile, Path keyFile, String keyPassword) throws GeneralSecurityException, IOException { if (keyFile == null || !Files.isRegularFile(keyFile) || !Files.isReadable(keyFile)) { throw new InvalidKeyException("Unreadable or missing private key: " + keyFile); } if (certFile == null || !Files.isRegularFile(certFile) || !Files.isReadable(certFile)) { throw new CertificateException("Unreadable or missing X.509 certificate: " + certFile); } final SSLContextConfigurator sslContextConfigurator = new SSLContextConfigurator(); final char[] password = firstNonNull(keyPassword, "").toCharArray(); final KeyStore keyStore = PemKeyStore.buildKeyStore(certFile, keyFile, password); sslContextConfigurator.setKeyStorePass(password); sslContextConfigurator.setKeyStoreBytes(KeyStoreUtils.getBytes(keyStore, password)); final SSLContext sslContext = sslContextConfigurator.createSSLContext(true); return new SSLEngineConfigurator(sslContext, false, false, false); }
public SSLEngineConfigurator build(SSLProperties sslProperties) { SSLContextConfigurator sslContext = new SSLContextConfigurator();
SSLContextConfigurator sslConfig = new SSLContextConfigurator(); sslConfig.setKeyStoreFile(new File(params.basePath, "keystore").getAbsolutePath()); sslConfig.setKeyStorePass("opentrip");
/** * Start SSL-secured HTTP test server. * * @throws IOException in case there is an error while reading server key store or trust store. * @return an instance of the started SSL-secured HTTP test server. */ public static Server start() throws IOException { // Grizzly ssl configuration SSLContextConfigurator sslContext = new SSLContextConfigurator(); // set up security context sslContext.setKeyStoreFile(KEYSTORE_SERVER_FILE); // contains server keypair sslContext.setKeyStorePass(KEYSTORE_SERVER_PWD); sslContext.setTrustStoreFile(TRUSTORE_SERVER_FILE); // contains client certificate sslContext.setTrustStorePass(TRUSTORE_SERVER_PWD); ResourceConfig rc = new ResourceConfig(); rc.registerClasses(RootResource.class, SecurityFilter.class, AuthenticationExceptionMapper.class); final HttpServer grizzlyServer = GrizzlyHttpServerFactory.createHttpServer( getBaseURI(), rc, true, new SSLEngineConfigurator(sslContext).setClientMode(false).setNeedClientAuth(true) ); // start Grizzly embedded server // LOGGER.info("Jersey app started. Try out " + BASE_URI + "\nHit CTRL + C to stop it..."); grizzlyServer.start(); return new Server(grizzlyServer); }
public void startServer() throws TelegramApiRequestException { ResourceConfig rc = new ResourceConfig(); rc.register(restApi); rc.register(JacksonFeature.class); final HttpServer grizzlyServer; if (keystoreServerFile != null && keystoreServerPwd != null) { SSLContextConfigurator sslContext = new SSLContextConfigurator(); // set up security context sslContext.setKeyStoreFile(keystoreServerFile); // contains server keypair sslContext.setKeyStorePass(keystoreServerPwd); grizzlyServer = GrizzlyHttpServerFactory.createHttpServer(getBaseURI(), rc, true, new SSLEngineConfigurator(sslContext).setClientMode(false).setNeedClientAuth(false)); } else { grizzlyServer = GrizzlyHttpServerFactory.createHttpServer(getBaseURI(), rc); } try { grizzlyServer.start(); } catch (IOException e) { throw new TelegramApiRequestException("Error starting webhook server", e); } }
/** * Returns a new {@link SSLContextConfigurator} when invoked. * * <p>This method never returns {@code null}.</p> * * @return a new {@link SSLContextConfigurator}; never {@code null} */ @Produces @Dependent private static final SSLContextConfigurator produceSSLContextConfigurator() { return new SSLContextConfigurator(true /* yes, read System properties */); }
client = ClientManager.createClient(); //System.getProperties().put("javax.net.debug", "all"); // Useful for debugging SSL interaction // The keystore in the next two lines is the same keystore you used for running the server, // likely in ${jetty.base}/etc/keystore System.getProperties().put(SSLContextConfigurator.KEY_STORE_FILE, "/tmp/keystore"); System.getProperties().put(SSLContextConfigurator.TRUST_STORE_FILE, "/tmp/keystore"); // The following two passwords are what you used for your self-signed cert System.getProperties().put(SSLContextConfigurator.KEY_STORE_PASSWORD, "HumanReadablePassword"); System.getProperties().put(SSLContextConfigurator.TRUST_STORE_PASSWORD, "HumanReadablePassword"); final SSLContextConfigurator defaultConfig = new SSLContextConfigurator(); defaultConfig.retrieve(System.getProperties()); // or setup SSLContextConfigurator using its API. SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(defaultConfig, true, false, false); client.getProperties().put(GrizzlyEngine.SSL_ENGINE_CONFIGURATOR, sslEngineConfigurator); client.connectToServer(sillyWebSocketClient , ClientEndpointConfig.Builder.create().build(), new URI("wss://localhost:8443/sillyWebSocketServer/echo")); System.out.println ("Connected .... ");
static HttpServer startSecureServer() throws IOException { System.out.println("Starting server on port " + ConfigLoader.getHttpsServerPort()); ResourceConfig rc = new PackagesResourceConfig("com.kinpoint.server.grizzlyresources"); SSLContextConfigurator sslCon = new SSLContextConfigurator(); sslCon.setKeyStoreFile(ConfigLoader.getKeystoreLocation()); // contains server keypair sslCon.setKeyStorePass(ConfigLoader.getKeystorePassword()); HttpHandler hand = ContainerFactory.createContainer(HttpHandler.class, rc); HttpServer secure = GrizzlyServerFactory.createHttpServer(BASE_URI_SECURED, hand, true, new SSLEngineConfigurator(sslCon, false, false, false)); return secure; }
/** * Initialize server side SSL configuration. * * @return server side {@link SSLEngineConfigurator}. */ private static SSLEngineConfigurator createSslConfiguration() { // Initialize SSLContext configuration SSLContextConfigurator sslContextConfig = new SSLContextConfigurator(); ClassLoader cl = Server.class.getClassLoader(); // Set key store URL keystoreUrl = cl.getResource("ssltest-keystore.jks"); if (keystoreUrl != null) { sslContextConfig.setKeyStoreFile(keystoreUrl.getFile()); sslContextConfig.setKeyStorePass("changeit"); } // Create SSLEngine configurator return new SSLEngineConfigurator(sslContextConfig.createSSLContext(), false, false, false); }}
@Override public TyrusClientSocket openClientSocket(String url, ClientEndpointConfig cec, SPIEndpoint endpoint, SPIHandshakeListener listener, Map<String, Object> properties) throws DeploymentException { URI uri; try { uri = new URI(url); } catch (URISyntaxException e) { throw new DeploymentException("Invalid URI.", e); } SSLEngineConfigurator sslEngineConfigurator = (properties == null ? null : (SSLEngineConfigurator) properties.get(SSL_ENGINE_CONFIGURATOR)); // if we are trying to access "wss" scheme and we don't have sslEngineConfigurator instance // we should try to create ssl connection using JVM properties. if(uri.getScheme().equalsIgnoreCase("wss") && sslEngineConfigurator == null) { SSLContextConfigurator defaultConfig = new SSLContextConfigurator(); defaultConfig.retrieve(System.getProperties()); sslEngineConfigurator = new SSLEngineConfigurator(defaultConfig, true, false, false); } GrizzlyClientSocket clientSocket = new GrizzlyClientSocket(endpoint, uri, cec, CLIENT_SOCKET_TIMEOUT, listener, properties == null ? null : sslEngineConfigurator, properties == null ? null : (String) properties.get(GrizzlyClientSocket.PROXY_URI), properties == null ? null : (ThreadPoolConfig) properties.get(GrizzlyClientSocket.WORKER_THREAD_POOL_CONFIG), properties == null ? null : (ThreadPoolConfig) properties.get(GrizzlyClientSocket.SELECTOR_THREAD_POOL_CONFIG)); clientSocket.connect(); return clientSocket; } }
/** * Initialize server side SSL configuration. * * @return server side {@link SSLEngineConfigurator}. */ private static SSLEngineConfigurator createSslConfiguration(final String keyStoreName) { // Initialize SSLContext configuration SSLContextConfigurator sslContextConfig = new SSLContextConfigurator(); ClassLoader cl = Server.class.getClassLoader(); // Set key store URL keystoreUrl = cl.getResource(keyStoreName); if (keystoreUrl != null) { sslContextConfig.setKeyStoreFile(keystoreUrl.getFile()); sslContextConfig.setKeyStorePass("changeit"); } // Create SSLEngine configurator return new SSLEngineConfigurator(sslContextConfig.createSSLContext(), false, false, false); }}
private SSLEngineConfigurator buildSslEngineConfigurator(Path certFile, Path keyFile, String keyPassword) throws GeneralSecurityException, IOException { if (keyFile == null || !Files.isRegularFile(keyFile) || !Files.isReadable(keyFile)) { throw new InvalidKeyException("Unreadable or missing private key: " + keyFile); } if (certFile == null || !Files.isRegularFile(certFile) || !Files.isReadable(certFile)) { throw new CertificateException("Unreadable or missing X.509 certificate: " + certFile); } final SSLContextConfigurator sslContext = new SSLContextConfigurator(); final char[] password = firstNonNull(keyPassword, "").toCharArray(); final KeyStore keyStore = PemKeyStore.buildKeyStore(certFile, keyFile, password); sslContext.setKeyStorePass(password); sslContext.setKeyStoreBytes(KeyStoreUtils.getBytes(keyStore, password)); if (!sslContext.validateConfiguration(true)) { throw new IllegalStateException("Couldn't initialize SSL context for HTTP server"); } return new SSLEngineConfigurator(sslContext.createSSLContext(false), false, false, false); }
/** * Initialize server side SSL configuration. * * @return server side {@link SSLEngineConfigurator}. */ private static SSLEngineConfigurator initializeSSL() { // Initialize SSLContext configuration SSLContextConfigurator sslContextConfig = new SSLContextConfigurator(); // Set key store ClassLoader cl = SSLEchoClient.class.getClassLoader(); URL cacertsUrl = cl.getResource("ssltest-cacerts.jks"); if (cacertsUrl != null) { sslContextConfig.setTrustStoreFile(cacertsUrl.getFile()); sslContextConfig.setTrustStorePass("changeit"); } // Set trust store URL keystoreUrl = cl.getResource("ssltest-keystore.jks"); if (keystoreUrl != null) { sslContextConfig.setKeyStoreFile(keystoreUrl.getFile()); sslContextConfig.setKeyStorePass("changeit"); } // Create SSLEngine configurator return new SSLEngineConfigurator(sslContextConfig.createSSLContext(), false, false, false); } }
SSLContextConfigurator sslCon = new SSLContextConfigurator(); String keyStoreFile = conf.get(LensConfConstants.SSL_KEYSTORE_FILE_PATH); String sslPassword = conf.get(LensConfConstants.SSL_KEYSTORE_PASSWORD);
private SSLContextConfigurator createSSLContextConfigurator() { SSLContextConfigurator sslContextConfigurator = new SSLContextConfigurator(); ClassLoader cl = getClass().getClassLoader(); // override system properties URL cacertsUrl = cl.getResource("ssltest-cacerts.jks"); if (cacertsUrl != null) { sslContextConfigurator.setTrustStoreFile(cacertsUrl.getFile()); sslContextConfigurator.setTrustStorePass("changeit"); } // override system properties URL keystoreUrl = cl.getResource("ssltest-keystore.jks"); if (keystoreUrl != null) { sslContextConfigurator.setKeyStoreFile(keystoreUrl.getFile()); sslContextConfigurator.setKeyStorePass("changeit"); } return sslContextConfigurator; }
SSLContextConfigurator sslContextConfigurator = new SSLContextConfigurator(); // set up security context sslContextConfigurator.setKeyStoreFile(configuration.getKeystore()); // contains the server keypair sslContextConfigurator.setKeyStorePass(configuration.getKeystorePassword()); sslContextConfigurator.setKeyStoreType(configuration.getKeystoreType()); sslContextConfigurator.setKeyPass(configuration.getKeystoreKeypass()); sslContextConfigurator.setTrustStoreFile(configuration.getTruststore()); // contains the list of trusted certificates sslContextConfigurator.setTrustStorePass(configuration.getTruststorePassword()); sslContextConfigurator.setTrustStoreType(configuration.getTruststoreType()); if (!sslContextConfigurator.validateConfiguration(true)) throw new Exception("Invalid SSL configuration");
private static SSLEngineConfigurator createSSLConfig() throws Exception { final SSLContextConfigurator sslContextConfigurator = new SSLContextConfigurator(); final ClassLoader cl = GrizzlyFeedableBodyGeneratorTest.class.getClassLoader(); // override system properties final URL cacertsUrl = cl.getResource("ssltest-cacerts.jks"); if (cacertsUrl != null) { sslContextConfigurator.setTrustStoreFile(cacertsUrl.getFile()); sslContextConfigurator.setTrustStorePass("changeit"); } // override system properties final URL keystoreUrl = cl.getResource("ssltest-keystore.jks"); if (keystoreUrl != null) { sslContextConfigurator.setKeyStoreFile(keystoreUrl.getFile()); sslContextConfigurator.setKeyStorePass("changeit"); } return new SSLEngineConfigurator( sslContextConfigurator.createSSLContext(false), false, false, false); }
private static SSLContextConfigurator createSSLContextConfigurator() { SSLContextConfigurator sslContextConfigurator = new SSLContextConfigurator(); ClassLoader cl = SNITest.class.getClassLoader(); // override system properties URL cacertsUrl = cl.getResource("ssltest-cacerts.jks"); if (cacertsUrl != null) { sslContextConfigurator.setTrustStoreFile(cacertsUrl.getFile()); sslContextConfigurator.setTrustStorePass("changeit"); } // override system properties URL keystoreUrl = cl.getResource("ssltest-keystore.jks"); if (keystoreUrl != null) { sslContextConfigurator.setKeyStoreFile(keystoreUrl.getFile()); sslContextConfigurator.setKeyStorePass("changeit"); } return sslContextConfigurator; } }
/** * Start REST service. */ @Override protected void startUp() { long traceId = LoggerHelpers.traceEnterWithContext(log, this.objectId, "startUp"); try { log.info("Starting REST server listening on port: {}", this.restServerConfig.getPort()); if (restServerConfig.isTlsEnabled()) { SSLContextConfigurator contextConfigurator = new SSLContextConfigurator(); contextConfigurator.setKeyStoreFile(restServerConfig.getKeyFilePath()); contextConfigurator.setKeyStorePass(JKSHelper.loadPasswordFrom(restServerConfig.getKeyFilePasswordPath())); httpServer = GrizzlyHttpServerFactory.createHttpServer(baseUri, resourceConfig, true, new SSLEngineConfigurator(contextConfigurator, false, false, false)); } else { httpServer = GrizzlyHttpServerFactory.createHttpServer(baseUri, resourceConfig, true); } } finally { LoggerHelpers.traceLeave(log, this.objectId, "startUp", traceId); } }
public void startServer() throws TelegramApiRequestException { ResourceConfig rc = new ResourceConfig(); rc.register(restApi); rc.register(JacksonFeature.class); final HttpServer grizzlyServer; if (keystoreServerFile != null && keystoreServerPwd != null) { SSLContextConfigurator sslContext = new SSLContextConfigurator(); // set up security context sslContext.setKeyStoreFile(keystoreServerFile); // contains server keypair sslContext.setKeyStorePass(keystoreServerPwd); grizzlyServer = GrizzlyHttpServerFactory.createHttpServer(getBaseURI(), rc, true, new SSLEngineConfigurator(sslContext).setClientMode(false).setNeedClientAuth(false)); } else { grizzlyServer = GrizzlyHttpServerFactory.createHttpServer(getBaseURI(), rc); } try { grizzlyServer.start(); } catch (IOException e) { throw new TelegramApiRequestException("Error starting webhook server", e); } }