sslContextFactory.setKeyStorePath(tlsServerConfig.getKeyStorePath()); sslContextFactory.setKeyStoreType(tlsServerConfig.getKeyStoreType()); sslContextFactory.setKeyStorePassword(tlsServerConfig.getKeyStorePasswordProvider().getPassword()); sslContextFactory.setCertAlias(tlsServerConfig.getCertAlias()); sslContextFactory.setKeyManagerFactoryAlgorithm(tlsServerConfig.getKeyManagerFactoryAlgorithm() == null ? KeyManagerFactory.getDefaultAlgorithm() : tlsServerConfig.getKeyManagerFactoryAlgorithm()); sslContextFactory.setKeyManagerPassword(tlsServerConfig.getKeyManagerPasswordProvider() == null ? null : tlsServerConfig.getKeyManagerPasswordProvider().getPassword()); if (tlsServerConfig.getIncludeCipherSuites() != null) { sslContextFactory.setIncludeCipherSuites( tlsServerConfig.getIncludeCipherSuites().toArray(new String[0])); if (tlsServerConfig.getExcludeCipherSuites() != null) { sslContextFactory.setExcludeCipherSuites( tlsServerConfig.getExcludeCipherSuites().toArray(new String[0])); if (tlsServerConfig.getIncludeProtocols() != null) { sslContextFactory.setIncludeProtocols( tlsServerConfig.getIncludeProtocols().toArray(new String[0])); if (tlsServerConfig.getExcludeProtocols() != null) { sslContextFactory.setExcludeProtocols( tlsServerConfig.getExcludeProtocols().toArray(new String[0])); sslContextFactory.setNeedClientAuth(tlsServerConfig.isRequireClientCertificate()); if (tlsServerConfig.isRequireClientCertificate()) { if (tlsServerConfig.getCrlPath() != null) {
@Override public void start() throws Exception { log.info("Starting Jetty Server..."); server.start(); if (node.isEnableTlsPort()) { // Perform validation Preconditions.checkNotNull(sslContextFactory); final SSLEngine sslEngine = sslContextFactory.newSSLEngine(); if (sslEngine.getEnabledCipherSuites() == null || sslEngine.getEnabledCipherSuites().length == 0) { throw new ISE( "No supported cipher suites found, supported suites [%s], configured suites include list: [%s] exclude list: [%s]", Arrays.toString(sslEngine.getSupportedCipherSuites()), tlsServerConfig.getIncludeCipherSuites(), tlsServerConfig.getExcludeCipherSuites() ); } if (sslEngine.getEnabledProtocols() == null || sslEngine.getEnabledProtocols().length == 0) { throw new ISE( "No supported protocols found, supported protocols [%s], configured protocols include list: [%s] exclude list: [%s]", Arrays.toString(sslEngine.getSupportedProtocols()), tlsServerConfig.getIncludeProtocols(), tlsServerConfig.getExcludeProtocols() ); } } }
@Override public void start() throws Exception { log.info("Starting Jetty Server..."); server.start(); if (node.isEnableTlsPort()) { // Perform validation Preconditions.checkNotNull(sslContextFactory); final SSLEngine sslEngine = sslContextFactory.newSSLEngine(); if (sslEngine.getEnabledCipherSuites() == null || sslEngine.getEnabledCipherSuites().length == 0) { throw new ISE( "No supported cipher suites found, supported suites [%s], configured suites include list: [%s] exclude list: [%s]", Arrays.toString(sslEngine.getSupportedCipherSuites()), tlsServerConfig.getIncludeCipherSuites(), tlsServerConfig.getExcludeCipherSuites() ); } if (sslEngine.getEnabledProtocols() == null || sslEngine.getEnabledProtocols().length == 0) { throw new ISE( "No supported protocols found, supported protocols [%s], configured protocols include list: [%s] exclude list: [%s]", Arrays.toString(sslEngine.getSupportedProtocols()), tlsServerConfig.getIncludeProtocols(), tlsServerConfig.getExcludeProtocols() ); } } }
sslContextFactory.setKeyStorePath(tlsServerConfig.getKeyStorePath()); sslContextFactory.setKeyStoreType(tlsServerConfig.getKeyStoreType()); sslContextFactory.setKeyStorePassword(tlsServerConfig.getKeyStorePasswordProvider().getPassword()); sslContextFactory.setCertAlias(tlsServerConfig.getCertAlias()); sslContextFactory.setKeyManagerFactoryAlgorithm(tlsServerConfig.getKeyManagerFactoryAlgorithm() == null ? KeyManagerFactory.getDefaultAlgorithm() : tlsServerConfig.getKeyManagerFactoryAlgorithm()); sslContextFactory.setKeyManagerPassword(tlsServerConfig.getKeyManagerPasswordProvider() == null ? null : tlsServerConfig.getKeyManagerPasswordProvider().getPassword()); if (tlsServerConfig.getIncludeCipherSuites() != null) { sslContextFactory.setIncludeCipherSuites( tlsServerConfig.getIncludeCipherSuites().toArray(new String[0])); if (tlsServerConfig.getExcludeCipherSuites() != null) { sslContextFactory.setExcludeCipherSuites( tlsServerConfig.getExcludeCipherSuites().toArray(new String[0])); if (tlsServerConfig.getIncludeProtocols() != null) { sslContextFactory.setIncludeProtocols( tlsServerConfig.getIncludeProtocols().toArray(new String[0])); if (tlsServerConfig.getExcludeProtocols() != null) { sslContextFactory.setExcludeProtocols( tlsServerConfig.getExcludeProtocols().toArray(new String[0])); sslContextFactory.setNeedClientAuth(tlsServerConfig.isRequireClientCertificate()); if (tlsServerConfig.isRequireClientCertificate()) { if (tlsServerConfig.getCrlPath() != null) {