private SslSocketConnector getSslSocketConnector(final int sslPortNumber) { final SslSocketConnector secureConnector = new SslSocketConnector(); secureConnector.setPort(sslPortNumber); secureConnector.setKeystore(this.props.getString("jetty.keystore")); secureConnector.setPassword(this.props.getString("jetty.password")); secureConnector.setKeyPassword(this.props.getString("jetty.keypassword")); secureConnector.setTruststore(this.props.getString("jetty.truststore")); secureConnector.setTrustPassword(this.props.getString("jetty.trustpassword")); secureConnector.setHeaderBufferSize(MAX_HEADER_BUFFER_SIZE); // set up vulnerable cipher suites to exclude final List<String> cipherSuitesToExclude = this.props .getStringList("jetty.excludeCipherSuites"); logger.info("Excluded Cipher Suites: " + String.valueOf(cipherSuitesToExclude)); if (cipherSuitesToExclude != null && !cipherSuitesToExclude.isEmpty()) { secureConnector.setExcludeCipherSuites(cipherSuitesToExclude.toArray(new String[0])); } return secureConnector; } }
"ssl.server.truststore.type", "jks")); SslSocketConnector sslListener = new SslSocketConnector(); sslListener.setHost(addr.getHostName()); sslListener.setPort(addr.getPort()); sslListener.setKeystore(sslConf.get("ssl.server.keystore.location")); sslListener.setPassword(sslConf.get("ssl.server.keystore.password", "")); sslListener.setKeyPassword(sslConf.get("ssl.server.keystore.keypassword", "")); sslListener.setKeystoreType(sslConf.get("ssl.server.keystore.type", "jks")); sslListener.setNeedClientAuth(needCertsAuth); webServer.addConnector(sslListener);
/** * Configure an ssl listener on the server. * @param addr address to listen on * @param keystore location of the keystore * @param storPass password for the keystore * @param keyPass password for the key * @deprecated Use {@link #addSslListener(InetSocketAddress, Configuration, boolean)} */ @Deprecated public void addSslListener(InetSocketAddress addr, String keystore, String storPass, String keyPass) throws IOException { if (webServer.isStarted()) { throw new IOException("Failed to add ssl listener"); } SslSocketConnector sslListener = new SslSocketConnector(); sslListener.setHost(addr.getHostName()); sslListener.setPort(addr.getPort()); sslListener.setKeystore(keystore); sslListener.setPassword(storPass); sslListener.setKeyPassword(keyPass); webServer.addConnector(sslListener); }
private void configureSSL(SslSocketConnector connector, SecurityContext securityContext) { connector.setProtocol("TLS"); if (securityContext != null) { keyStoreType = securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()); keyStore = securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStore"); keyStorePassword = securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStorePassword"); trustStoreType = securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()); trustStore = securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStore"); trustStorePassword = securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStorePassword"); } connector.setKeystore(keyStore); connector.setKeyPassword(keyStorePassword); connector.setKeystoreType(keyStoreType); connector.setTruststore(trustStore); connector.setTrustPassword(trustStorePassword); connector.setTruststoreType(trustStoreType); connector.setPassword(keyStorePassword); if (trustStore != null) { connector.setNeedClientAuth(true); } }
bioResult = new SslSocketConnector(); bioResult.setKeyPassword(getKeyPassword()); bioResult.setKeystore(getKeystorePath()); bioResult.setKeystoreType(getKeystoreType()); bioResult.setPassword(getKeystorePassword()); bioResult.setProtocol(getSslProtocol()); bioResult.setProvider(getSecurityProvider()); bioResult.setSecureRandomAlgorithm(getSecureRandomAlgorithm()); bioResult.setSslKeyManagerFactoryAlgorithm(getCertAlgorithm()); bioResult .setSslTrustManagerFactoryAlgorithm(getCertAlgorithm()); bioResult.setTrustPassword(getKeystorePassword()); } else { bioResult = new SslSocketConnector() { @Override protected SSLServerSocketFactory createFactory() bioResult.setNeedClientAuth(true); } else if (isWantClientAuthentication()) { bioResult.setWantClientAuth(true); bioResult.setExcludeCipherSuites(excludedCipherSuites);
sslLogger.log(TreeLogger.TRACE, "Using keystore " + keyStore); SslSocketConnector conn = new SslSocketConnector(); if (clientAuth != null) { switch (clientAuth) { case NONE: conn.setWantClientAuth(false); conn.setNeedClientAuth(false); break; case WANT: sslLogger.log(TreeLogger.TRACE, "Requesting client certificates"); conn.setWantClientAuth(true); conn.setNeedClientAuth(false); break; case REQUIRE: sslLogger.log(TreeLogger.TRACE, "Requiring client certificates"); conn.setWantClientAuth(true); conn.setNeedClientAuth(true); break; conn.setKeystore(keyStore); conn.setTruststore(keyStore); conn.setKeyPassword(keyStorePassword); conn.setTrustPassword(keyStorePassword); return conn;
SslSocketConnector sslConnector = new SslSocketConnector(); sslConnector.setPort(portNumber); sslConnector.setHost(host); configureSSL(sslConnector, securityContext); server.setConnectors(new Connector[] {sslConnector});
Server server = new Server(); // Encrypt the connection using a valid certificate/keystore SslContextFactory sslContextFactory = new SslContextFactory("path/keystore.jks"); sslContextFactory.setKeyStorePassword("password"); // Create a new SocketConnector at port 443, which is the default port for // HTTPS web pages (no port number needs to be specified in the browser). SslSocketConnector sslConnector = new SslSocketConnector(sslContextFactory); sslConnector.setPort(443); // Add the SocketConnector to the server server.setConnectors(new Connector[] {sslConnector});
connector = new SslSocketConnector();
SslSelectChannelConnector ssl_connector = new SslSelectChannelConnector(); ssl_connector.setPort(8443); SslContextFactory cf = ssl_connector.getSslContextFactory(); cf.setKeyStorePath(jetty_home + "/etc/keystore"); cf.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); cf.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g"); cf.setTrustStore(jetty_home + "/etc/keystore"); cf.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); cf.setExcludeCipherSuites( new String[] { "SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA" }); ssl_connector.setStatsOn(false); server.addConnector(ssl_connector); ssl_connector.open(); SslSocketConnector ssl2_connector = new SslSocketConnector(cf); ssl2_connector.setPort(8444); ssl2_connector.setStatsOn(false); server.addConnector(ssl2_connector); ssl2_connector.open();
"ssl.server.truststore.type", "jks")); SslSocketConnector sslListener = new SslSocketConnector(); sslListener.setHost(addr.getHostName()); sslListener.setPort(addr.getPort()); sslListener.setKeystore(sslConf.get("ssl.server.keystore.location")); sslListener.setPassword(sslConf.get("ssl.server.keystore.password", "")); sslListener.setKeyPassword(sslConf.get("ssl.server.keystore.keypassword", "")); sslListener.setKeystoreType(sslConf.get("ssl.server.keystore.type", "jks")); sslListener.setNeedClientAuth(needCertsAuth); webServer.addConnector(sslListener);
/** * Configure an ssl listener on the server. * @param addr address to listen on * @param keystore location of the keystore * @param storPass password for the keystore * @param keyPass password for the key * @deprecated Use {@link #addSslListener(InetSocketAddress, Configuration, boolean)} */ @Deprecated public void addSslListener(InetSocketAddress addr, String keystore, String storPass, String keyPass) throws IOException { if (webServer.isStarted()) { throw new IOException("Failed to add ssl listener"); } SslSocketConnector sslListener = new SslSocketConnector(); sslListener.setHost(addr.getHostName()); sslListener.setPort(addr.getPort()); sslListener.setKeystore(keystore); sslListener.setPassword(storPass); sslListener.setKeyPassword(keyPass); webServer.addConnector(sslListener); }
private void configureSSL(SslSocketConnector connector, SecurityContext securityContext) { connector.setProtocol("TLS"); if (securityContext != null) { keyStoreType = securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()); keyStore = securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStore"); keyStorePassword = securityContext.getSSLProperties().getProperty("javax.net.ssl.keyStorePassword"); trustStoreType = securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()); trustStore = securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStore"); trustStorePassword = securityContext.getSSLProperties().getProperty("javax.net.ssl.trustStorePassword"); } connector.setKeystore(keyStore); connector.setKeyPassword(keyStorePassword); connector.setKeystoreType(keyStoreType); connector.setTruststore(trustStore); connector.setTrustPassword(trustStorePassword); connector.setTruststoreType(trustStoreType); connector.setPassword(keyStorePassword); if (trustStore != null) { connector.setNeedClientAuth(true); } }
SslSocketConnector sslConnector = new SslSocketConnector(); sslConnector.setPort(portNumber); sslConnector.setHost(host); configureSSL(sslConnector, securityContext); server.setConnectors(new Connector[] {sslConnector});
Server server = new Server(); // Encrypt the connection using a valid certificate/keystore SslContextFactory sslContextFactory = new SslContextFactory("path/keystore.jks"); sslContextFactory.setKeyStorePassword("password"); // Create new socket connector using the contextFactory SslSocketConnector sslConnector = new SslSocketConnector(sslContextFactory); sslConnector.setPort(443); // Add the SocketConnector to the server server.setConnectors(new Connector[] {sslConnector});
/** * Configure an ssl listener on the server. * @param addr address to listen on * @param sslConf conf to retrieve ssl options * @param needClientAuth whether client authentication is required */ public void addSslListener(InetSocketAddress addr, Configuration sslConf, boolean needClientAuth) throws IOException { if (webServer.isStarted()) { throw new IOException("Failed to add ssl listener"); } if (needClientAuth) { // setting up SSL truststore for authenticating clients System.setProperty("javax.net.ssl.trustStore", sslConf.get( "ssl.server.truststore.location", "")); System.setProperty("javax.net.ssl.trustStorePassword", sslConf.get( "ssl.server.truststore.password", "")); System.setProperty("javax.net.ssl.trustStoreType", sslConf.get( "ssl.server.truststore.type", "jks")); } SslSocketConnector sslListener = new SslSocketConnector(); sslListener.setHost(addr.getHostName()); sslListener.setPort(addr.getPort()); sslListener.setKeystore(sslConf.get("ssl.server.keystore.location")); sslListener.setPassword(sslConf.get("ssl.server.keystore.password", "")); sslListener.setKeyPassword(sslConf.get("ssl.server.keystore.keypassword", "")); sslListener.setKeystoreType(sslConf.get("ssl.server.keystore.type", "jks")); sslListener.setNeedClientAuth(needClientAuth); webServer.addConnector(sslListener); }
/** * Configure an ssl listener on the server. * @param addr address to listen on * @param keystore location of the keystore * @param storPass password for the keystore * @param keyPass password for the key * @deprecated Use {@link #addSslListener(InetSocketAddress, Configuration, boolean)} */ @Deprecated public void addSslListener(InetSocketAddress addr, String keystore, String storPass, String keyPass) throws IOException { if (webServer.isStarted()) { throw new IOException("Failed to add ssl listener"); } SslSocketConnector sslListener = new SslSocketConnector(); sslListener.setHost(addr.getHostName()); sslListener.setPort(addr.getPort()); sslListener.setKeystore(keystore); sslListener.setPassword(storPass); sslListener.setKeyPassword(keyPass); webServer.addConnector(sslListener); }
private Connector getSSLConnector() { SslSocketConnector sslConnector = new SslSocketConnector(); sslConnector.setPort(getPort()); sslConnector.setKeyPassword(getHttpsHost().getKeyStorePassword()); sslConnector.setKeystore(getHttpsHost().getKeyStorePath()); sslConnector.setTruststore(getHttpsHost().getTrustStorePath()); sslConnector.setTrustPassword(getHttpsHost().getTrustStorePassword()); return sslConnector; }
} else if ("https".equals(scheme)) { SslSocketConnector c = new SslSocketConnectorSecure(); c.setHeaderBufferSize(1024*64); c.setNeedClientAuth(needsClientAuth); c.setKeyPassword(keyPassword); c.setKeystore(keyStore); c.setKeystoreType(keyStoreType); c.setPassword(keyStorePassword); c.setTruststore(trustStore); c.setTruststoreType(trustStoreType); c.setTrustPassword(trustStorePassword);
SslContextFactory theSSLFactory = new SslContextFactory(); theSSLFactory.setKeyStorePath("key"); theSSLFactory.setKeyManagerPassword("OBF:password"); theSSLFactory.setKeyStorePassword("OBF:password"); theSSLFactory.setTrustStore("trust"); theSSLFactory.setTrustStorePassword("OBF:password"); SslSocketConnector theSSLConnector = new SslSocketConnector(theSSLFactory); theSSLConnector.setPort(theHTTPSPort);