private static KeyManager[] createAliasedKeyManagers(KeyManager[] delegates, String certAlias) { KeyManager[] aliasedManagers = new KeyManager[delegates.length]; for (int i = 0; i < delegates.length; i++) { if (delegates[i] instanceof X509ExtendedKeyManager) { aliasedManagers[i] = new AliasedX509ExtendedKeyManager((X509ExtendedKeyManager) delegates[i], certAlias); } else { aliasedManagers[i] = delegates[i]; } } return aliasedManagers; } }
@Override public Socket createSocket() throws IOException { return sslContextFactory.newSslSocket(); }
public void reload(SslContextFactory factory) throws Exception { factory.reload(configurer); }
protected SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) { final SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
private SslContextFactory createSslContextFactory() { SslContextFactory factory = new SslContextFactory(); if (keyStorePath != null) { factory.setKeyStorePath(keyStorePath); factory.setKeyStoreType(keyStoreType); if (keyStorePassword != null) { factory.setKeyStorePassword(keyStorePassword); factory.setKeyStoreProvider(keyStoreProvider); factory.setTrustStorePath(trustStorePath); factory.setTrustStorePassword(trustStorePassword); factory.setTrustStoreType(trustStoreType); if (trustStoreProvider != null) { factory.setTrustStoreProvider(trustStoreProvider); factory.setValidateCerts(validateCerts); factory.setValidatePeerCerts(validatePeers); if (supportedProtocols != null) { factory.setIncludeProtocols(supportedProtocols.toArray(new String[0])); factory.setExcludeProtocols(excludedProtocols.toArray(new String[0])); factory.setIncludeCipherSuites(supportedCipherSuites.toArray(new String[0])); factory.setExcludeCipherSuites(excludedCipherSuites.toArray(new String[0]));
@Override public WebSocketClient build() throws Exception { SslContextFactory sslContextFactory = sslVerificationMode == SslVerificationMode.NONE ? new TrustAllSSLContextFactory() : new SslContextFactory(); sslContextFactory.setNeedClientAuth(true); sslContextFactory.setKeyStore(agentKeystore()); sslContextFactory.setKeyStorePassword(keystorePassword()); sslContextFactory.setKeyManagerPassword(keystorePassword()); if (rootCertFile != null) { sslContextFactory.setTrustStore(agentTruststore()); sslContextFactory.setTrustStorePassword(keystorePassword()); } if (sslVerificationMode == SslVerificationMode.NO_VERIFY_HOST) { sslContextFactory.setEndpointIdentificationAlgorithm(null); } WebSocketClient client = new WebSocketClient(sslContextFactory); client.setMaxIdleTimeout(systemEnvironment.getWebsocketMaxIdleTime()); return client; }
@Override public Server createServer(Responder testResponder) throws Exception { System.setProperty("javax.net.ssl.keyStore", "src/test/keystore"); System.setProperty("javax.net.ssl.keyStorePassword", "avrotest"); System.setProperty("javax.net.ssl.password", "avrotest"); System.setProperty("javax.net.ssl.trustStore", "src/test/truststore"); System.setProperty("javax.net.ssl.trustStorePassword", "avrotest"); SslConnectionFactory connectionFactory = new SslConnectionFactory("HTTP/1.1"); SslContextFactory sslContextFactory = connectionFactory.getSslContextFactory(); sslContextFactory.setKeyStorePath(System.getProperty("javax.net.ssl.keyStore")); sslContextFactory.setKeyManagerPassword(System.getProperty("javax.net.ssl.password")); sslContextFactory.setKeyStorePassword(System.getProperty("javax.net.ssl.keyStorePassword")); sslContextFactory.setNeedClientAuth(false); return new HttpServer(testResponder, connectionFactory, "localhost", 18443); }
public static SslContextFactory createSslContextFactory(boolean tlsAllowInsecureConnection, String tlsTrustCertsFilePath, String tlsCertificateFilePath, String tlsKeyFilePath, boolean tlsRequireTrustedClientCertOnConnect) throws GeneralSecurityException { SslContextFactory sslCtxFactory = new SslContextFactory(); SSLContext sslCtx = createSslContext(tlsAllowInsecureConnection, tlsTrustCertsFilePath, tlsCertificateFilePath, tlsKeyFilePath); sslCtxFactory.setSslContext(sslCtx); if (tlsRequireTrustedClientCertOnConnect) { sslCtxFactory.setNeedClientAuth(true); } else { sslCtxFactory.setWantClientAuth(true); } sslCtxFactory.setTrustAll(true); return sslCtxFactory; } }
private SslContextFactory createSslContextFactory() { final SslContextFactory contextFactory = new SslContextFactory(); configureSslContextFactory(contextFactory, props); return contextFactory; }
private void configureSslPasswords(SslContextFactory factory, Ssl ssl) { if (ssl.getKeyStorePassword() != null) { factory.setKeyStorePassword(ssl.getKeyStorePassword()); } if (ssl.getKeyPassword() != null) { factory.setKeyManagerPassword(ssl.getKeyPassword()); } }
private static Supplier<WebSocketClient> createTestClientSupplier() { return () -> { SslContextFactory sslContextFactory = new SslContextFactory( /* trustall= */ true ); /* remove extra filters added by jetty on cipher suites */ sslContextFactory.setExcludeCipherSuites(); return new WebSocketClient( sslContextFactory ); }; } }
private void configureSslClientAuth(SslContextFactory factory, Ssl ssl) { if (ssl.getClientAuth() == Ssl.ClientAuth.NEED) { factory.setNeedClientAuth(true); factory.setWantClientAuth(true); } else if (ssl.getClientAuth() == Ssl.ClientAuth.WANT) { factory.setWantClientAuth(true); } }
private ServerConnector createHttp2ServerConnector(Server server, HttpConfiguration config, SslContextFactory sslContextFactory) { HTTP2ServerConnectionFactory h2 = new HTTP2ServerConnectionFactory(config); ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(); sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR); sslContextFactory.setProvider("Conscrypt"); SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol()); return new ServerConnector(server, ssl, alpn, h2, new HttpConnectionFactory(config)); }
protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception { TrustManager[] trustManagers = super.getTrustManagers(trustStore, crls); List<TrustManager> managers = new ArrayList<>(); for (TrustManager trustManager : trustManagers) { if (trustManager instanceof X509TrustManager) { managers.add(new CustomX509TrustManager((X509TrustManager) trustManager)); } else { managers.add(trustManager); } } return managers.toArray(new TrustManager[managers.size()]); }
final SslContextFactory sslContextFactory = createSslContextFactory(); try { sslContextFactory.start(); } catch (Exception e) { throw new IllegalStateException("Unable to configure SSLContext", e);
private SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) { final SslContextFactory sslFactory = new SslContextFactory(); sslFactory.setNeedClientAuth(needClientAuth); sslFactory.setWantClientAuth(wantClientAuth); sslFactory.setProtocol(sslService.getSslAlgorithm()); if (sslService.isKeyStoreConfigured()) { sslFactory.setKeyStorePath(sslService.getKeyStoreFile()); sslFactory.setKeyStorePassword(sslService.getKeyStorePassword()); sslFactory.setKeyStoreType(sslService.getKeyStoreType()); } if (sslService.isTrustStoreConfigured()) { sslFactory.setTrustStorePath(sslService.getTrustStoreFile()); sslFactory.setTrustStorePassword(sslService.getTrustStorePassword()); sslFactory.setTrustStoreType(sslService.getTrustStoreType()); } return sslFactory; }
@Override public void execute(Map<String, List<String>> parameters, PrintWriter output) throws Exception { // Iterate through all the reloaders first to ensure valid configuration for (SslReload reloader : getReloaders()) { reloader.reload(new SslContextFactory()); } // Now we know that configuration is valid, reload for real for (SslReload reloader : getReloaders()) { reloader.reload(); } output.write("Reloaded certificate configuration\n"); }
@Override protected TrustManager[] getTrustManagers( KeyStore trustStore, Collection<? extends CRL> crls ) throws Exception { TrustManager[] trustManagers = super.getTrustManagers(trustStore, crls); TrustManager[] newTrustManagers = new TrustManager[trustManagers.length]; for (int i = 0; i < trustManagers.length; i++) { if (trustManagers[i] instanceof X509ExtendedTrustManager) { newTrustManagers[i] = new CustomCheckX509TrustManager( (X509ExtendedTrustManager) trustManagers[i], certificateChecker, tlsServerConfig.isValidateHostnames() ); } else { newTrustManagers[i] = trustManagers[i]; log.info("Encountered non-X509ExtendedTrustManager: " + trustManagers[i].getClass()); } } return newTrustManagers; } }
public void reload() throws Exception { getFactory().reload(configurer); }
@Override public void customize(Server server) { SslContextFactory sslContextFactory = new SslContextFactory(); configureSsl(sslContextFactory, this.ssl, this.sslStoreProvider); ServerConnector connector = createConnector(server, sslContextFactory, this.address); server.setConnectors(new Connector[] { connector }); }