public static SslContextFactory createSslContextFactory(boolean tlsAllowInsecureConnection, String tlsTrustCertsFilePath, String tlsCertificateFilePath, String tlsKeyFilePath, boolean tlsRequireTrustedClientCertOnConnect) throws GeneralSecurityException { SslContextFactory sslCtxFactory = new SslContextFactory(); SSLContext sslCtx = createSslContext(tlsAllowInsecureConnection, tlsTrustCertsFilePath, tlsCertificateFilePath, tlsKeyFilePath); sslCtxFactory.setSslContext(sslCtx); if (tlsRequireTrustedClientCertOnConnect) { sslCtxFactory.setNeedClientAuth(true); } else { sslCtxFactory.setWantClientAuth(true); } sslCtxFactory.setTrustAll(true); return sslCtxFactory; } }
private void createSecureConnector(final Map<String, String> sslProperties) { SslContextFactory ssl = new SslContextFactory(); if (sslProperties.get(StandardSSLContextService.KEYSTORE.getName()) != null) { ssl.setKeyStorePath(sslProperties.get(StandardSSLContextService.KEYSTORE.getName())); ssl.setKeyStorePassword(sslProperties.get(StandardSSLContextService.KEYSTORE_PASSWORD.getName())); ssl.setKeyStoreType(sslProperties.get(StandardSSLContextService.KEYSTORE_TYPE.getName())); } if (sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName()) != null) { ssl.setTrustStorePath(sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName())); ssl.setTrustStorePassword(sslProperties.get(StandardSSLContextService.TRUSTSTORE_PASSWORD.getName())); ssl.setTrustStoreType(sslProperties.get(StandardSSLContextService.TRUSTSTORE_TYPE.getName())); } final String clientAuth = sslProperties.get(NEED_CLIENT_AUTH); if (clientAuth == null) { ssl.setNeedClientAuth(true); } else { ssl.setNeedClientAuth(Boolean.parseBoolean(clientAuth)); } // build the connector final ServerConnector https = new ServerConnector(jetty, ssl); // set host and port https.setPort(0); // Severely taxed environments may have significant delays when executing. https.setIdleTimeout(30000L); // add the connector jetty.addConnector(https); // mark secure as enabled secure = true; }
sslContextFactory.setNeedClientAuth( true ); break; case OPTIONAL: case NONE: sslContextFactory.setWantClientAuth( false ); sslContextFactory.setNeedClientAuth( false ); break; default:
private void configureSslClientAuth(SslContextFactory factory, Ssl ssl) { if (ssl.getClientAuth() == Ssl.ClientAuth.NEED) { factory.setNeedClientAuth(true); factory.setWantClientAuth(true); } else if (ssl.getClientAuth() == Ssl.ClientAuth.WANT) { factory.setWantClientAuth(true); } }
@Override public Server createServer(Responder testResponder) throws Exception { System.setProperty("javax.net.ssl.keyStore", "src/test/keystore"); System.setProperty("javax.net.ssl.keyStorePassword", "avrotest"); System.setProperty("javax.net.ssl.password", "avrotest"); System.setProperty("javax.net.ssl.trustStore", "src/test/truststore"); System.setProperty("javax.net.ssl.trustStorePassword", "avrotest"); SslConnectionFactory connectionFactory = new SslConnectionFactory("HTTP/1.1"); SslContextFactory sslContextFactory = connectionFactory.getSslContextFactory(); sslContextFactory.setKeyStorePath(System.getProperty("javax.net.ssl.keyStore")); sslContextFactory.setKeyManagerPassword(System.getProperty("javax.net.ssl.password")); sslContextFactory.setKeyStorePassword(System.getProperty("javax.net.ssl.keyStorePassword")); sslContextFactory.setNeedClientAuth(false); return new HttpServer(testResponder, connectionFactory, "localhost", 18443); }
httpsConfig.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslCtxFactory = new SslContextFactory(); sslCtxFactory.setNeedClientAuth(needsClientAuth); sslCtxFactory.setKeyManagerPassword(keyPassword);
sslContextFactory.setNeedClientAuth( false ); sslContextFactory.setWantClientAuth( false ); break; case wanted: sslContextFactory.setNeedClientAuth( false ); sslContextFactory.setWantClientAuth( true ); break; case needed: sslContextFactory.setNeedClientAuth( true ); break;
factory.setNeedClientAuth(true); } else if (wantClientAuth != null && wantClientAuth) { factory.setWantClientAuth(true);
factory.setNeedClientAuth(needClientAuth);
@Override public WebSocketClient build() throws Exception { SslContextFactory sslContextFactory = sslVerificationMode == SslVerificationMode.NONE ? new TrustAllSSLContextFactory() : new SslContextFactory(); sslContextFactory.setNeedClientAuth(true); sslContextFactory.setKeyStore(agentKeystore()); sslContextFactory.setKeyStorePassword(keystorePassword()); sslContextFactory.setKeyManagerPassword(keystorePassword()); if (rootCertFile != null) { sslContextFactory.setTrustStore(agentTruststore()); sslContextFactory.setTrustStorePassword(keystorePassword()); } if (sslVerificationMode == SslVerificationMode.NO_VERIFY_HOST) { sslContextFactory.setEndpointIdentificationAlgorithm(null); } WebSocketClient client = new WebSocketClient(sslContextFactory); client.setMaxIdleTimeout(systemEnvironment.getWebsocketMaxIdleTime()); return client; }
sslContextFactory.setNeedClientAuth(sslConfig.isRequireAuth());
private ServerConnector createHttpsChannelConnector( Server server, HttpConfiguration httpConfig) { httpConfig.setSecureScheme(HTTPS_SCHEME); httpConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector conn = createHttpChannelConnector(server, httpConfig); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setNeedClientAuth(needsClientAuth); sslContextFactory.setKeyManagerPassword(keyPassword); if (keyStore != null) { sslContextFactory.setKeyStorePath(keyStore); sslContextFactory.setKeyStoreType(keyStoreType); sslContextFactory.setKeyStorePassword(keyStorePassword); } if (trustStore != null) { sslContextFactory.setTrustStorePath(trustStore); sslContextFactory.setTrustStoreType(trustStoreType); sslContextFactory.setTrustStorePassword(trustStorePassword); } if(null != excludeCiphers && !excludeCiphers.isEmpty()) { sslContextFactory.setExcludeCipherSuites( StringUtils.getTrimmedStrings(excludeCiphers)); LOG.info("Excluded Cipher List:" + excludeCiphers); } conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString())); return conn; } }
protected SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) { final SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
sslContextFactory.setNeedClientAuth(true); sslContextFactory.setWantClientAuth(true);
protected static void configureSslContextFactory(SslContextFactory contextFactory, NiFiProperties props) { contextFactory.setNeedClientAuth(true); } else { contextFactory.setWantClientAuth(true);
private SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) { final SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); sslFactory.setProtocol(sslService.getSslAlgorithm()); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
contextFactory.setNeedClientAuth(needClientAuth);
sslContextFactory.setNeedClientAuth(tlsServerConfig.isRequireClientCertificate()); if (tlsServerConfig.isRequireClientCertificate()) { if (tlsServerConfig.getCrlPath() != null) {
/** * Set the value of the needClientAuth property * * @param needClientAuth true iff we require client certificate authentication. * @deprecated */ @Deprecated public void setNeedClientAuth(boolean needClientAuth) { _sslContextFactory.setNeedClientAuth(needClientAuth); }
/** * @see org.eclipse.jetty.server.ssl.SslConnector#setNeedClientAuth(boolean) * @deprecated */ @Deprecated public void setNeedClientAuth(boolean needClientAuth) { _sslContextFactory.setNeedClientAuth(needClientAuth); }