Java Code Examples for org.eclipse.jetty.util.ssl.SslContextFactory#setSslContext()

The following examples show how to use org.eclipse.jetty.util.ssl.SslContextFactory#setSslContext() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: WebClientFactoryImpl.java    From smarthome with Eclipse Public License 2.0 6 votes vote down vote up
private SslContextFactory createSslContextFactoryFromExtensibleTrustManager() {
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setEndpointIdentificationAlgorithm("HTTPS");
    if (extensibleTrustManager != null) {
        try {
            logger.debug("Setting up SSLContext for {}", extensibleTrustManager);
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, new TrustManager[] { extensibleTrustManager }, null);
            sslContextFactory.setSslContext(sslContext);
        } catch (NoSuchAlgorithmException | KeyManagementException ex) {
            throw new HttpClientInitializationException("Cannot create an TLS context!", ex);
        }
    }

    String excludeCipherSuites[] = { "^.*_(MD5)$" };
    sslContextFactory.setExcludeCipherSuites(excludeCipherSuites);
    return sslContextFactory;
}
 
Example 2
Source File: WebClientFactoryImpl.java    From smarthome with Eclipse Public License 2.0 6 votes vote down vote up
@Deprecated
private SslContextFactory createSslContextFactoryFromTrustManagerProvider(@Nullable String endpoint) {
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setEndpointIdentificationAlgorithm("HTTPS");
    if (endpoint != null && trustmanagerProvider != null) {
        Stream<TrustManager> trustManagerStream = trustmanagerProvider.getTrustManagers(endpoint);
        TrustManager[] trustManagers = trustManagerStream.toArray(TrustManager[]::new);
        if (trustManagers.length > 0) {
            logger.debug("using custom trustmanagers (certificate pinning) for httpClient for endpoint {}",
                    endpoint);
            try {
                SSLContext sslContext = SSLContext.getInstance("TLS");
                sslContext.init(null, trustManagers, null);
                sslContextFactory.setSslContext(sslContext);
            } catch (NoSuchAlgorithmException | KeyManagementException ex) {
                throw new HttpClientInitializationException(
                        "Cannot create an TLS context for the endpoint '" + endpoint + "'!", ex);
            }
        }
    }

    String excludeCipherSuites[] = { "^.*_(MD5)$" };
    sslContextFactory.setExcludeCipherSuites(excludeCipherSuites);
    return sslContextFactory;
}
 
Example 3
Source File: WebClientFactoryImpl.java    From openhab-core with Eclipse Public License 2.0 5 votes vote down vote up
private SslContextFactory createSslContextFactory() {
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setEndpointIdentificationAlgorithm("HTTPS");

    try {
        logger.debug("Setting up SSLContext for {}", extensibleTrustManager);
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, new TrustManager[] { extensibleTrustManager }, null);
        sslContextFactory.setSslContext(sslContext);
    } catch (NoSuchAlgorithmException | KeyManagementException ex) {
        throw new HttpClientInitializationException("Cannot create an TLS context!", ex);
    }

    return sslContextFactory;
}
 
Example 4
Source File: JettyAppServer.java    From keycloak with Apache License 2.0 5 votes vote down vote up
private void setupSSL() {
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setSslContext(TLSUtils.initializeTLS());
    ServerConnector connector = new ServerConnector(server);
    connector.setPort(configuration.getBindHttpPort());
    HttpConfiguration https = new HttpConfiguration();
    ServerConnector sslConnector = new ServerConnector(server,
            new SslConnectionFactory(sslContextFactory, "http/1.1"),
            new HttpConnectionFactory(https));
    sslConnector.setPort(configuration.getBindHttpsPort());
    server.setConnectors(new Connector[] { connector, sslConnector });
}
 
Example 5
Source File: ODataTestServer.java    From syndesis with Apache License 2.0 4 votes vote down vote up
@SuppressWarnings( "deprecation" )
private void initServer(SSLContext sslContext, String userName) throws UnknownHostException {
    ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
    context.setContextPath(FORWARD_SLASH);
    this.setHandler(context);

    ServletHandler productsHandler = new ServletHandler();
    productsHandler.addServletWithMapping(
        ProductsServlet.class,
        FORWARD_SLASH + PRODUCTS_SVC + FORWARD_SLASH + STAR);
    productsHandler.addFilterWithMapping(ODataPathFilter.class, FORWARD_SLASH + STAR, FilterMapping.REQUEST);
    context.insertHandler(productsHandler);

    if (userName != null) {
        LoginService loginService = new HashLoginService("MyRealm", "src/test/resources/realm.properties");
        this.addBean(loginService);

        ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
        Constraint constraint = new Constraint();
        constraint.setName("auth");
        constraint.setAuthenticate(true);
        constraint.setRoles(new String[] { USER, "admin" });

        ConstraintMapping mapping = new ConstraintMapping();
        mapping.setPathSpec(FORWARD_SLASH + PRODUCTS_SVC + FORWARD_SLASH + STAR);
        mapping.setConstraint(constraint);

        securityHandler.setConstraintMappings(Collections.singletonList(mapping));
        securityHandler.setAuthenticator(new BasicAuthenticator());

        context.setSecurityHandler(securityHandler);
    }

    httpConnector = new ServerConnector(this);
    httpConnector.setPort(httpPort); // Finds next available port if still 0
    this.addConnector(httpConnector);


    if (sslContext != null) {
        // HTTPS
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSecureScheme("https");
        httpConfiguration.setSecurePort(httpsPort); // Finds next available port if still 0
        httpConfiguration.addCustomizer(new SecureRequestCustomizer());

        final SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setSslContext(sslContext);
        httpsConnector = new ServerConnector(this, sslContextFactory, new HttpConnectionFactory(httpConfiguration));
        httpsConnector.setPort(httpsPort); // Finds next available port if still 0
        this.addConnector(httpsConnector);
    }
}
 
Example 6
Source File: WebSocketCommon.java    From datacollector with Apache License 2.0 4 votes vote down vote up
public static WebSocketClient createWebSocketClient(String resourceUrl, TlsConfigBean tlsConf) {
  try {
    resourceUrl = resourceUrl.toLowerCase();
    if (resourceUrl.startsWith("wss")) {
      SslContextFactory sslContextFactory = new SslContextFactory();
      if (tlsConf != null && tlsConf.isEnabled() && tlsConf.isInitialized()) {
        if (tlsConf.getKeyStore() != null) {
          sslContextFactory.setKeyStore(tlsConf.getKeyStore());
        } else {
          if (tlsConf.keyStoreFilePath != null) {
            sslContextFactory.setKeyStorePath(tlsConf.keyStoreFilePath);
          }
          if (tlsConf.keyStoreType != null) {
            sslContextFactory.setKeyStoreType(tlsConf.keyStoreType.getJavaValue());
          }
        }
        if (tlsConf.keyStorePassword != null) {
          sslContextFactory.setKeyStorePassword(tlsConf.keyStorePassword.get());
        }
        if (tlsConf.getTrustStore() != null) {
          sslContextFactory.setTrustStore(tlsConf.getTrustStore());
        } else {
          if (tlsConf.trustStoreFilePath != null) {
            sslContextFactory.setTrustStorePath(tlsConf.trustStoreFilePath);
          }
          if (tlsConf.trustStoreType != null) {
            sslContextFactory.setTrustStoreType(tlsConf.trustStoreType.getJavaValue());
          }
        }
        if (tlsConf.trustStorePassword != null) {
          sslContextFactory.setTrustStorePassword(tlsConf.trustStorePassword.get());
        }

        sslContextFactory.setSslContext(tlsConf.getSslContext());
        sslContextFactory.setIncludeCipherSuites(tlsConf.getFinalCipherSuites());
        sslContextFactory.setIncludeProtocols(tlsConf.getFinalProtocols());
      }
      return new WebSocketClient(sslContextFactory);
    } else {
     return new WebSocketClient();
    }
  } catch (Exception e) {
    throw new IllegalArgumentException(resourceUrl, e);
  }
}