private ServerConnector createHttp11ServerConnector(Server server, HttpConfiguration config, SslContextFactory sslContextFactory) { HttpConnectionFactory connectionFactory = new HttpConnectionFactory(config); SslConnectionFactory sslConnectionFactory = new SslConnectionFactory( sslContextFactory, HttpVersion.HTTP_1_1.asString()); return new ServerConnector(server, sslConnectionFactory, connectionFactory); }
private ServerConnector createConnector(final SslContextFactory sslContextFactory, final Integer listenPort) { final ServerConnector serverConnector; if (sslContextFactory == null) { serverConnector = new ServerConnector(server); } else { final HttpConfiguration httpsConfiguration = new HttpConfiguration(); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); serverConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfiguration)); } serverConnector.setPort(listenPort); return serverConnector; }
private ServerConnector createUnconfiguredSslServerConnector(Server server, HttpConfiguration httpConfiguration, int port) { // add some secure config final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.setSecurePort(port); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); // build the connector return new ServerConnector(server, new SslConnectionFactory(createSslContextFactory(), "http/1.1"), new HttpConnectionFactory(httpsConfiguration)); }
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception { Server server = new Server(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setIncludeProtocols("TLSv1.2"); sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyManagerPassword(keyPassword); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); sslConnector.setPort(port); server.addConnector(sslConnector); server.setHandler(handler); return server; }
new ServerConnector( server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https)); sslConnector.setPort(httpPort);
private ServerConnector createHttp2ServerConnector(Server server, HttpConfiguration config, SslContextFactory sslContextFactory) { HTTP2ServerConnectionFactory h2 = new HTTP2ServerConnectionFactory(config); ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(); sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR); sslContextFactory.setProvider("Conscrypt"); SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol()); return new ServerConnector(server, ssl, alpn, h2, new HttpConnectionFactory(config)); }
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(new HttpConfiguration()) );
private ServerConnector https(final Server server, final Config conf, final String path, final SSLContext sslContext, final boolean http2) { HttpConfiguration httpConf = conf(new HttpConfiguration(), conf.withoutPath(CONNECTOR), path); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setSslContext(sslContext); sslContextFactory.setIncludeProtocols("TLSv1.2"); sslContextFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); HttpConfiguration httpsConf = new HttpConfiguration(httpConf); httpsConf.addCustomizer(new SecureRequestCustomizer()); HttpConnectionFactory https11 = new HttpConnectionFactory(httpsConf); if (http2) { ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(H2, H2_17, HTTP_1_1); alpn.setDefaultProtocol(HTTP_1_1); HTTP2ServerConnectionFactory https2 = new HTTP2ServerConnectionFactory(httpsConf); ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "alpn"), alpn, https2, https11); return conf(connector, conf.getConfig(CONNECTOR), path + ".connector"); } else { ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HTTP_1_1), https11); return conf(connector, conf.getConfig(CONNECTOR), path + ".connector"); } }
/** * Create ssl connector if https is used * @return */ private ServerConnector sslConnector() { HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); http_config.setSecurePort(this.getPort()); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslContextFactory = new SslContextFactory(this.getCertKeyStorePath()); sslContextFactory.setKeyStorePassword(this.getCertKeyStorePassword()); //exclude weak ciphers sslContextFactory.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$"); //only support tlsv1.2 sslContextFactory.addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1"); ServerConnector connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https_config)); connector.setPort(this.getPort()); connector.setIdleTimeout(50000); return connector; }
new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(config)); https.setPort(port);
public static ServerConnector addHttpsConnector(Server server) throws IOException, URISyntaxException { String keyStoreFile = resourceAsFile("ssltest-keystore.jks").getAbsolutePath(); SslContextFactory sslContextFactory = new SslContextFactory(keyStoreFile); sslContextFactory.setKeyStorePassword("changeit"); String trustStoreFile = resourceAsFile("ssltest-cacerts.jks").getAbsolutePath(); sslContextFactory.setTrustStorePath(trustStoreFile); sslContextFactory.setTrustStorePassword("changeit"); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.setSecureScheme("https"); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); server.addConnector(connector); return connector; }
new SslConnectionFactory(factory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig) );
return new SslConnectionFactory( sslContextFactory, HttpVersion.HTTP_1_1.asString() );
@Override public Server createServer(Responder testResponder) throws Exception { System.setProperty("javax.net.ssl.keyStore", "src/test/keystore"); System.setProperty("javax.net.ssl.keyStorePassword", "avrotest"); System.setProperty("javax.net.ssl.password", "avrotest"); System.setProperty("javax.net.ssl.trustStore", "src/test/truststore"); System.setProperty("javax.net.ssl.trustStorePassword", "avrotest"); SslConnectionFactory connectionFactory = new SslConnectionFactory("HTTP/1.1"); SslContextFactory sslContextFactory = connectionFactory.getSslContextFactory(); sslContextFactory.setKeyStorePath(System.getProperty("javax.net.ssl.keyStore")); sslContextFactory.setKeyManagerPassword(System.getProperty("javax.net.ssl.password")); sslContextFactory.setKeyStorePassword(System.getProperty("javax.net.ssl.keyStorePassword")); sslContextFactory.setNeedClientAuth(false); return new HttpServer(testResponder, connectionFactory, "localhost", 18443); }
private Connector createSSLConnector( final Server httpBindServer ) { final int securePort = getHttpBindSecurePort(); try { final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( ConnectionType.BOSH_C2S ); if (securePort > 0 && identityStore.getStore().aliases().hasMoreElements() ) { if ( !identityStore.containsDomainCertificate( ) ) { Log.warn("HTTP binding: Using certificates but they are not valid for the hosted domain"); } final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager()); final ConnectionConfiguration configuration = connectionManager.getListener( ConnectionType.BOSH_C2S, true ).generateConnectionConfiguration(); final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory(); final HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.setSecureScheme("https"); httpsConfig.setSecurePort(securePort); configureProxiedConnector(httpsConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); final ServerConnector sslConnector = new ServerConnector(httpBindServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); sslConnector.setHost(getBindInterface()); sslConnector.setPort(securePort); return sslConnector; } } catch (Exception e) { Log.error("Error creating SSL connector for Http bind", e); } return null; }
LOGGER.info("Excluded protocols: {}", StringUtils.join(goSSLConfig.getProtocolsToBeExcluded(), ",")); LOGGER.info("Renegotiation Allowed: {}", goSSLConfig.isRenegotiationAllowed()); ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); https.setHost(systemEnvironment.getListenHost()); https.setPort(systemEnvironment.getSslServerPort());
@Override public Connector build(Server server, MetricRegistry metrics, String name, @Nullable ThreadPool threadPool) { final HttpConfiguration httpConfig = buildHttpConfiguration(); final HttpConnectionFactory httpConnectionFactory = buildHttpConnectionFactory(httpConfig); final SslContextFactory sslContextFactory = configureSslContextFactory(new SslContextFactory()); sslContextFactory.addLifeCycleListener(logSslInfoOnStart(sslContextFactory)); server.addBean(sslContextFactory); server.addBean(new SslReload(sslContextFactory, this::configureSslContextFactory)); final SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()); final Scheduler scheduler = new ScheduledExecutorScheduler(); final ByteBufferPool bufferPool = buildBufferPool(); return buildConnector(server, scheduler, bufferPool, name, threadPool, new Jetty93InstrumentedConnectionFactory( sslConnectionFactory, metrics.timer(httpConnections())), httpConnectionFactory); }
@Override public Connector build(Server server, MetricRegistry metrics, String name, @Nullable ThreadPool threadPool) { // HTTP/2 requires that a server MUST support TLSv1.2 and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher // See http://http2.github.io/http2-spec/index.html#rfc.section.9.2.2 setSupportedProtocols(Collections.singletonList("TLSv1.2")); checkSupportedCipherSuites(); // Setup connection factories final HttpConfiguration httpConfig = buildHttpConfiguration(); final HttpConnectionFactory http1 = buildHttpConnectionFactory(httpConfig); final HTTP2ServerConnectionFactory http2 = new HTTP2ServerConnectionFactory(httpConfig); http2.setMaxConcurrentStreams(maxConcurrentStreams); http2.setInitialStreamRecvWindow(initialStreamRecvWindow); final NegotiatingServerConnectionFactory alpn = new ALPNServerConnectionFactory(H2, H2_17); alpn.setDefaultProtocol(HTTP_1_1); // Speak HTTP 1.1 over TLS if negotiation fails final SslContextFactory sslContextFactory = configureSslContextFactory(new SslContextFactory()); sslContextFactory.addLifeCycleListener(logSslInfoOnStart(sslContextFactory)); server.addBean(sslContextFactory); server.addBean(new SslReload(sslContextFactory, this::configureSslContextFactory)); // We should use ALPN as a negotiation protocol. Old clients that don't support it will be served // via HTTPS. New clients, however, that want to use HTTP/2 will use TLS with ALPN extension. // If negotiation succeeds, the client and server switch to HTTP/2 protocol. final SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, "alpn"); return buildConnector(server, new ScheduledExecutorScheduler(), buildBufferPool(), name, threadPool, new Jetty93InstrumentedConnectionFactory(sslConnectionFactory, metrics.timer(httpConnections())), alpn, http2, http1); }
private ServerConnector createHttpsChannelConnector( Server server, HttpConfiguration httpConfig) { httpConfig.setSecureScheme(HTTPS_SCHEME); httpConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector conn = createHttpChannelConnector(server, httpConfig); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setNeedClientAuth(needsClientAuth); sslContextFactory.setKeyManagerPassword(keyPassword); if (keyStore != null) { sslContextFactory.setKeyStorePath(keyStore); sslContextFactory.setKeyStoreType(keyStoreType); sslContextFactory.setKeyStorePassword(keyStorePassword); } if (trustStore != null) { sslContextFactory.setTrustStorePath(trustStore); sslContextFactory.setTrustStoreType(trustStoreType); sslContextFactory.setTrustStorePassword(trustStorePassword); } if(null != excludeCiphers && !excludeCiphers.isEmpty()) { sslContextFactory.setExcludeCipherSuites( StringUtils.getTrimmedStrings(excludeCiphers)); LOG.info("Excluded Cipher List:" + excludeCiphers); } conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString())); return conn; } }
new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https) );