protected void configureSslStoreProvider(AbstractHttp11JsseProtocol<?> protocol, SslStoreProvider sslStoreProvider) { Assert.isInstanceOf(Http11NioProtocol.class, protocol, "SslStoreProvider can only be used with Http11NioProtocol"); TomcatURLStreamHandlerFactory instance = TomcatURLStreamHandlerFactory .getInstance(); instance.addUserFactory( new SslStoreProviderUrlStreamHandlerFactory(sslStoreProvider)); try { if (sslStoreProvider.getKeyStore() != null) { protocol.setKeystorePass(""); protocol.setKeystoreFile( SslStoreProviderUrlStreamHandlerFactory.KEY_STORE_URL); } if (sslStoreProvider.getTrustStore() != null) { protocol.setTruststorePass(""); protocol.setTruststoreFile( SslStoreProviderUrlStreamHandlerFactory.TRUST_STORE_URL); } } catch (Exception ex) { throw new WebServerException("Could not load store: " + ex.getMessage(), ex); } }
private void configureSslTrustStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) { if (ssl.getTrustStore() != null) { try { protocol.setTruststoreFile( ResourceUtils.getURL(ssl.getTrustStore()).toString()); } catch (FileNotFoundException ex) { throw new WebServerException( "Could not load trust store: " + ex.getMessage(), ex); } } protocol.setTruststorePass(ssl.getTrustStorePassword()); if (ssl.getTrustStoreType() != null) { protocol.setTruststoreType(ssl.getTrustStoreType()); } if (ssl.getTrustStoreProvider() != null) { protocol.setTruststoreProvider(ssl.getTrustStoreProvider()); } }
public void build(AbstractHttp11JsseProtocol<?> protocol,SSLProperties sslProperties) { protocol.setKeystoreFile(sslProperties.getKeyStoreFile()); // contains server keypair protocol.setKeyPass(sslProperties.getKeyStorePass()); sslProperties.getKeyStoreType().ifPresent(type->protocol.setKeystoreType(type)); sslProperties.getKeyStoreProvider().ifPresent(provider->protocol.setKeystoreProvider(provider)); sslProperties.getTrustStoreFile().ifPresent(file->protocol.setTruststoreFile(file)); // contains client certificate sslProperties.getTrustStorePass().ifPresent(pass->protocol.setTruststorePass(pass)); sslProperties.getTrustStoreType().ifPresent(type->protocol.setTruststoreType(type)); sslProperties.getTrustStoreProvider().ifPresent(provider->protocol.setTruststoreProvider(provider)); sslProperties.getClientAuth().ifPresent(auth->protocol.setClientAuth(auth)); protocol.setSSLEnabled(true); sslProperties.getCiphers().ifPresent(ciphers->protocol.setCiphers(ciphers)); sslProperties.getProtocol().ifPresent(pr->protocol.setSslProtocol(pr)); } }