Java Code Examples for org.eclipse.jetty.util.ssl.SslContextFactory#setIncludeProtocols()

The following examples show how to use org.eclipse.jetty.util.ssl.SslContextFactory#setIncludeProtocols() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TlsCertificateAuthorityService.java    From localization_nifi with Apache License 2.0 6 votes vote down vote up
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception {
    Server server = new Server();

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setIncludeProtocols("TLSv1.2");
    sslContextFactory.setKeyStore(keyStore);
    sslContextFactory.setKeyManagerPassword(keyPassword);

    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());

    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(port);

    server.addConnector(sslConnector);
    server.setHandler(handler);

    return server;
}
 
Example 2
Source File: TlsCertificateAuthorityService.java    From nifi with Apache License 2.0 6 votes vote down vote up
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception {
    Server server = new Server();

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setIncludeProtocols(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
    sslContextFactory.setKeyStore(keyStore);
    sslContextFactory.setKeyManagerPassword(keyPassword);

    // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
    // not a client.  Server does not need to perform hostname verification on the client.
    // Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
    sslContextFactory.setEndpointIdentificationAlgorithm(null);

    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());

    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(port);

    server.addConnector(sslConnector);
    server.setHandler(handler);

    return server;
}
 
Example 3
Source File: SSLUtils.java    From kop with Apache License 2.0 5 votes vote down vote up
/**
 * Configures Protocol, Algorithm and Provider related settings in SslContextFactory.
 */
protected static void configureSslContextFactoryAlgorithms(SslContextFactory ssl,
                                                           Map<String, Object> sslConfigValues) {
    Set<String> sslEnabledProtocols =
        (Set<String>) getOrDefault(
            sslConfigValues,
            SslConfigs.SSL_ENABLED_PROTOCOLS_CONFIG,
            Arrays.asList(SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS.split("\\s*,\\s*")));
    ssl.setIncludeProtocols(sslEnabledProtocols.toArray(new String[sslEnabledProtocols.size()]));

    String sslProvider = (String) sslConfigValues.get(SslConfigs.SSL_PROVIDER_CONFIG);
    if (sslProvider != null) {
        ssl.setProvider(sslProvider);
    }

    ssl.setProtocol(
        (String) getOrDefault(sslConfigValues, SslConfigs.SSL_PROTOCOL_CONFIG, SslConfigs.DEFAULT_SSL_PROTOCOL));

    Set<String> sslCipherSuites = (Set<String>) sslConfigValues.get(SslConfigs.SSL_CIPHER_SUITES_CONFIG);
    if (sslCipherSuites != null) {
        ssl.setIncludeCipherSuites(sslCipherSuites.toArray(new String[sslCipherSuites.size()]));
    }

    ssl.setKeyManagerFactoryAlgorithm((String) getOrDefault(
        sslConfigValues,
        SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG,
        SslConfigs.DEFAULT_SSL_KEYMANGER_ALGORITHM));

    String sslSecureRandomImpl = (String) sslConfigValues.get(SslConfigs.SSL_SECURE_RANDOM_IMPLEMENTATION_CONFIG);
    if (sslSecureRandomImpl != null) {
        ssl.setSecureRandomAlgorithm(sslSecureRandomImpl);
    }

    ssl.setTrustManagerFactoryAlgorithm((String) getOrDefault(
        sslConfigValues,
        SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG,
        SslConfigs.DEFAULT_SSL_TRUSTMANAGER_ALGORITHM));
}
 
Example 4
Source File: HttpServerExtension.java    From kareldb with Apache License 2.0 4 votes vote down vote up
private static SslContextFactory createSslContextFactory(KarelDbConfig config) {
    SslContextFactory sslContextFactory = new SslContextFactory();
    if (!config.getString(KarelDbConfig.SSL_KEYSTORE_LOCATION_CONFIG).isEmpty()) {
        sslContextFactory.setKeyStorePath(
            config.getString(KarelDbConfig.SSL_KEYSTORE_LOCATION_CONFIG)
        );
        sslContextFactory.setKeyStorePassword(
            config.getPassword(KarelDbConfig.SSL_KEYSTORE_PASSWORD_CONFIG).value()
        );
        sslContextFactory.setKeyManagerPassword(
            config.getPassword(KarelDbConfig.SSL_KEY_PASSWORD_CONFIG).value()
        );
        sslContextFactory.setKeyStoreType(
            config.getString(KarelDbConfig.SSL_KEYSTORE_TYPE_CONFIG)
        );

        if (!config.getString(KarelDbConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG).isEmpty()) {
            sslContextFactory.setKeyManagerFactoryAlgorithm(
                config.getString(KarelDbConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG));
        }
    }

    configureClientAuth(config, sslContextFactory);

    List<String> enabledProtocols = config.getList(KarelDbConfig.SSL_ENABLED_PROTOCOLS_CONFIG);
    if (!enabledProtocols.isEmpty()) {
        sslContextFactory.setIncludeProtocols(enabledProtocols.toArray(new String[0]));
    }

    List<String> cipherSuites = config.getList(KarelDbConfig.SSL_CIPHER_SUITES_CONFIG);
    if (!cipherSuites.isEmpty()) {
        sslContextFactory.setIncludeCipherSuites(cipherSuites.toArray(new String[0]));
    }

    sslContextFactory.setEndpointIdentificationAlgorithm(
        config.getString(KarelDbConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG));

    if (!config.getString(KarelDbConfig.SSL_TRUSTSTORE_LOCATION_CONFIG).isEmpty()) {
        sslContextFactory.setTrustStorePath(
            config.getString(KarelDbConfig.SSL_TRUSTSTORE_LOCATION_CONFIG)
        );
        sslContextFactory.setTrustStorePassword(
            config.getPassword(KarelDbConfig.SSL_TRUSTSTORE_PASSWORD_CONFIG).value()
        );
        sslContextFactory.setTrustStoreType(
            config.getString(KarelDbConfig.SSL_TRUSTSTORE_TYPE_CONFIG)
        );

        if (!config.getString(KarelDbConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG).isEmpty()) {
            sslContextFactory.setTrustManagerFactoryAlgorithm(
                config.getString(KarelDbConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG)
            );
        }
    }

    sslContextFactory.setProtocol(config.getString(KarelDbConfig.SSL_PROTOCOL_CONFIG));
    if (!config.getString(KarelDbConfig.SSL_PROVIDER_CONFIG).isEmpty()) {
        sslContextFactory.setProtocol(config.getString(KarelDbConfig.SSL_PROVIDER_CONFIG));
    }

    sslContextFactory.setRenegotiationAllowed(false);

    return sslContextFactory;
}
 
Example 5
Source File: SslContextFactoryUtils.java    From vespa with Apache License 2.0 4 votes vote down vote up
static void setEnabledProtocols(SslContextFactory factory, SSLContext sslContext, List<String> enabledProtocols) {
    String[] supportedProtocols = sslContext.getSupportedSSLParameters().getProtocols();
    factory.setIncludeProtocols(enabledProtocols.toArray(String[]::new));
    factory.setExcludeProtocols(createExclusionList(enabledProtocols, supportedProtocols));
}
 
Example 6
Source File: ZTSUtils.java    From athenz with Apache License 2.0 4 votes vote down vote up
public static SslContextFactory createSSLContextObject(final String[] clientProtocols,
        final PrivateKeyStore privateKeyStore) {
    
    String keyStorePath = System.getProperty(ZTSConsts.ZTS_PROP_KEYSTORE_PATH);
    String keyStorePasswordAppName = System.getProperty(ZTSConsts.ZTS_PROP_KEYSTORE_PASSWORD_APPNAME);
    String keyStorePassword = System.getProperty(ZTSConsts.ZTS_PROP_KEYSTORE_PASSWORD);
    String keyStoreType = System.getProperty(ZTSConsts.ZTS_PROP_KEYSTORE_TYPE, "PKCS12");
    String keyManagerPassword = System.getProperty(ZTSConsts.ZTS_PROP_KEYMANAGER_PASSWORD);
    String keyManagerPasswordAppName = System.getProperty(ZTSConsts.ZTS_PROP_KEYMANAGER_PASSWORD_APPNAME);

    String trustStorePath = System.getProperty(ZTSConsts.ZTS_PROP_TRUSTSTORE_PATH);
    String trustStorePassword = System.getProperty(ZTSConsts.ZTS_PROP_TRUSTSTORE_PASSWORD);
    String trustStorePasswordAppName = System.getProperty(ZTSConsts.ZTS_PROP_TRUSTSTORE_PASSWORD_APPNAME);

    String trustStoreType = System.getProperty(ZTSConsts.ZTS_PROP_TRUSTSTORE_TYPE, "PKCS12");
    String excludedCipherSuites = System.getProperty(ZTSConsts.ZTS_PROP_EXCLUDED_CIPHER_SUITES,
            ZTS_DEFAULT_EXCLUDED_CIPHER_SUITES);
    String excludedProtocols = System.getProperty(ZTSConsts.ZTS_PROP_EXCLUDED_PROTOCOLS,
            ZTS_DEFAULT_EXCLUDED_PROTOCOLS);
    boolean wantClientAuth = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_WANT_CLIENT_CERT, "false"));
    
    SslContextFactory sslContextFactory = new SslContextFactory();
    if (keyStorePath != null) {
        LOGGER.info("createSSLContextObject: using SSL KeyStore path: " + keyStorePath);
        sslContextFactory.setKeyStorePath(keyStorePath);
    }
    
    if (keyStorePassword != null) {
        keyStorePassword = getApplicationSecret(privateKeyStore, keyStorePasswordAppName, keyStorePassword);
        sslContextFactory.setKeyStorePassword(keyStorePassword);
    }
    sslContextFactory.setKeyStoreType(keyStoreType);

    if (keyManagerPassword != null) {
        keyManagerPassword = getApplicationSecret(privateKeyStore, keyManagerPasswordAppName, keyManagerPassword);
        sslContextFactory.setKeyManagerPassword(keyManagerPassword);
    }
    
    if (trustStorePath != null) {
        LOGGER.info("createSSLContextObject: using SSL TrustStore path: " + trustStorePath);
        sslContextFactory.setTrustStorePath(trustStorePath);
    }
    if (trustStorePassword != null) {
        trustStorePassword = getApplicationSecret(privateKeyStore, trustStorePasswordAppName, trustStorePassword);
        sslContextFactory.setTrustStorePassword(trustStorePassword);
    }
    sslContextFactory.setTrustStoreType(trustStoreType);

    sslContextFactory.setExcludeCipherSuites(excludedCipherSuites.split(","));
    sslContextFactory.setExcludeProtocols(excludedProtocols.split(","));

    sslContextFactory.setWantClientAuth(wantClientAuth);
    if (clientProtocols != null) {
        sslContextFactory.setIncludeProtocols(clientProtocols);
    }

    return sslContextFactory;
}
 
Example 7
Source File: WebSocketCommon.java    From datacollector with Apache License 2.0 4 votes vote down vote up
public static WebSocketClient createWebSocketClient(String resourceUrl, TlsConfigBean tlsConf) {
  try {
    resourceUrl = resourceUrl.toLowerCase();
    if (resourceUrl.startsWith("wss")) {
      SslContextFactory sslContextFactory = new SslContextFactory();
      if (tlsConf != null && tlsConf.isEnabled() && tlsConf.isInitialized()) {
        if (tlsConf.getKeyStore() != null) {
          sslContextFactory.setKeyStore(tlsConf.getKeyStore());
        } else {
          if (tlsConf.keyStoreFilePath != null) {
            sslContextFactory.setKeyStorePath(tlsConf.keyStoreFilePath);
          }
          if (tlsConf.keyStoreType != null) {
            sslContextFactory.setKeyStoreType(tlsConf.keyStoreType.getJavaValue());
          }
        }
        if (tlsConf.keyStorePassword != null) {
          sslContextFactory.setKeyStorePassword(tlsConf.keyStorePassword.get());
        }
        if (tlsConf.getTrustStore() != null) {
          sslContextFactory.setTrustStore(tlsConf.getTrustStore());
        } else {
          if (tlsConf.trustStoreFilePath != null) {
            sslContextFactory.setTrustStorePath(tlsConf.trustStoreFilePath);
          }
          if (tlsConf.trustStoreType != null) {
            sslContextFactory.setTrustStoreType(tlsConf.trustStoreType.getJavaValue());
          }
        }
        if (tlsConf.trustStorePassword != null) {
          sslContextFactory.setTrustStorePassword(tlsConf.trustStorePassword.get());
        }

        sslContextFactory.setSslContext(tlsConf.getSslContext());
        sslContextFactory.setIncludeCipherSuites(tlsConf.getFinalCipherSuites());
        sslContextFactory.setIncludeProtocols(tlsConf.getFinalProtocols());
      }
      return new WebSocketClient(sslContextFactory);
    } else {
     return new WebSocketClient();
    }
  } catch (Exception e) {
    throw new IllegalArgumentException(resourceUrl, e);
  }
}
 
Example 8
Source File: BrooklynWebServer.java    From brooklyn-server with Apache License 2.0 4 votes vote down vote up
private SslContextFactory createContextFactory() throws KeyStoreException {
    SslContextFactory sslContextFactory = new SslContextFactory();

    // allow webconsole keystore & related properties to be set in brooklyn.properties
    String ksUrl = getKeystoreUrl();
    String ksPassword = getConfig(keystorePassword, BrooklynWebConfig.KEYSTORE_PASSWORD);
    String ksCertAlias = getConfig(keystoreCertAlias, BrooklynWebConfig.KEYSTORE_CERTIFICATE_ALIAS);
    String trProtos = getConfig(transportProtocols, BrooklynWebConfig.TRANSPORT_PROTOCOLS);
    String trCiphers = getConfig(transportCiphers, BrooklynWebConfig.TRANSPORT_CIPHERS);
    
    if (ksUrl!=null) {
        sslContextFactory.setKeyStorePath(getLocalKeyStorePath(ksUrl));
        if (Strings.isEmpty(ksPassword))
            throw new IllegalArgumentException("Keystore password is required and non-empty if keystore is specified.");
        sslContextFactory.setKeyStorePassword(ksPassword);
        if (Strings.isNonEmpty(ksCertAlias))
            sslContextFactory.setCertAlias(ksCertAlias);
    } else {
        log.info("No keystore specified but https enabled; creating a default keystore");
        
        if (Strings.isEmpty(ksCertAlias))
            ksCertAlias = "web-console";
        
        // if password is blank the process will block and read from stdin !
        if (Strings.isEmpty(ksPassword)) {
            ksPassword = Identifiers.makeRandomId(8);
            log.debug("created random password "+ksPassword+" for ad hoc internal keystore");
        }
        
        KeyStore ks = SecureKeys.newKeyStore();
        KeyPair key = SecureKeys.newKeyPair();
        X509Certificate cert = new FluentKeySigner("brooklyn").newCertificateFor("web-console", key);
        ks.setKeyEntry(ksCertAlias, key.getPrivate(), ksPassword.toCharArray(),
            new Certificate[] { cert });
        
        sslContextFactory.setKeyStore(ks);
        sslContextFactory.setKeyStorePassword(ksPassword);
        sslContextFactory.setCertAlias(ksCertAlias);
    }
    if (!Strings.isEmpty(truststorePath)) {
        sslContextFactory.setTrustStorePath(checkFileExists(truststorePath, "truststore"));
        sslContextFactory.setTrustStorePassword(trustStorePassword);
    }

    if (Strings.isNonBlank(trProtos)) {
        sslContextFactory.setIncludeProtocols(parseArray(trProtos));
    }
    if (Strings.isNonBlank(trCiphers)) {
        sslContextFactory.setIncludeCipherSuites(parseArray(trCiphers));
    }
    return sslContextFactory;
}
 
Example 9
Source File: ApplicationServer.java    From rest-utils with Apache License 2.0 4 votes vote down vote up
private SslContextFactory createSslContextFactory(RestConfig config) {
  SslContextFactory sslContextFactory = new SslContextFactory.Server();
  if (!config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG).isEmpty()) {
    sslContextFactory.setKeyStorePath(
            config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG)
    );
    sslContextFactory.setKeyStorePassword(
            config.getPassword(RestConfig.SSL_KEYSTORE_PASSWORD_CONFIG).value()
    );
    sslContextFactory.setKeyManagerPassword(
            config.getPassword(RestConfig.SSL_KEY_PASSWORD_CONFIG).value()
    );
    sslContextFactory.setKeyStoreType(
            config.getString(RestConfig.SSL_KEYSTORE_TYPE_CONFIG)
    );

    if (!config.getString(RestConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG).isEmpty()) {
      sslContextFactory.setKeyManagerFactoryAlgorithm(
              config.getString(RestConfig.SSL_KEYMANAGER_ALGORITHM_CONFIG));
    }

    if (config.getBoolean(RestConfig.SSL_KEYSTORE_RELOAD_CONFIG)) {
      Path watchLocation = getWatchLocation(config);
      try {
        FileWatcher.onFileChange(watchLocation, () -> {
              // Need to reset the key store path for symbolic link case
              sslContextFactory.setKeyStorePath(
                  config.getString(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG)
              );
              sslContextFactory.reload(scf -> log.info("Reloaded SSL cert"));
            }
        );
        log.info("Enabled SSL cert auto reload for: " + watchLocation);
      } catch (java.io.IOException e) {
        log.error("Can not enabled SSL cert auto reload", e);
      }
    }
  }

  configureClientAuth(sslContextFactory, config);

  List<String> enabledProtocols = config.getList(RestConfig.SSL_ENABLED_PROTOCOLS_CONFIG);
  if (!enabledProtocols.isEmpty()) {
    sslContextFactory.setIncludeProtocols(enabledProtocols.toArray(new String[0]));
  }

  List<String> cipherSuites = config.getList(RestConfig.SSL_CIPHER_SUITES_CONFIG);
  if (!cipherSuites.isEmpty()) {
    sslContextFactory.setIncludeCipherSuites(cipherSuites.toArray(new String[0]));
  }

  sslContextFactory.setEndpointIdentificationAlgorithm(
          config.getString(RestConfig.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG));

  if (!config.getString(RestConfig.SSL_TRUSTSTORE_LOCATION_CONFIG).isEmpty()) {
    sslContextFactory.setTrustStorePath(
            config.getString(RestConfig.SSL_TRUSTSTORE_LOCATION_CONFIG)
    );
    sslContextFactory.setTrustStorePassword(
            config.getPassword(RestConfig.SSL_TRUSTSTORE_PASSWORD_CONFIG).value()
    );
    sslContextFactory.setTrustStoreType(
            config.getString(RestConfig.SSL_TRUSTSTORE_TYPE_CONFIG)
    );

    if (!config.getString(RestConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG).isEmpty()) {
      sslContextFactory.setTrustManagerFactoryAlgorithm(
              config.getString(RestConfig.SSL_TRUSTMANAGER_ALGORITHM_CONFIG)
      );
    }
  }

  sslContextFactory.setProtocol(config.getString(RestConfig.SSL_PROTOCOL_CONFIG));
  if (!config.getString(RestConfig.SSL_PROVIDER_CONFIG).isEmpty()) {
    sslContextFactory.setProtocol(config.getString(RestConfig.SSL_PROVIDER_CONFIG));
  }

  sslContextFactory.setRenegotiationAllowed(false);

  return sslContextFactory;
}
 
Example 10
Source File: JettyServer.java    From nifi with Apache License 2.0 4 votes vote down vote up
protected static void configureSslContextFactory(SslContextFactory contextFactory, NiFiProperties props) {
    // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
    // not a client.  Server does not need to perform hostname verification on the client.
    // Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
    contextFactory.setEndpointIdentificationAlgorithm(null);

    // Explicitly exclude legacy TLS protocol versions
    // contextFactory.setProtocol(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
    contextFactory.setIncludeProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
    contextFactory.setExcludeProtocols("TLS", "TLSv1", "TLSv1.1", "SSL", "SSLv2", "SSLv2Hello", "SSLv3");

    // require client auth when not supporting login, Kerberos service, or anonymous access
    if (props.isClientAuthRequiredForRestApi()) {
        contextFactory.setNeedClientAuth(true);
    } else {
        contextFactory.setWantClientAuth(true);
    }

    /* below code sets JSSE system properties when values are provided */
    // keystore properties
    if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_KEYSTORE))) {
        contextFactory.setKeyStorePath(props.getProperty(NiFiProperties.SECURITY_KEYSTORE));
    }
    String keyStoreType = props.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE);
    if (StringUtils.isNotBlank(keyStoreType)) {
        contextFactory.setKeyStoreType(keyStoreType);
        String keyStoreProvider = KeyStoreUtils.getKeyStoreProvider(keyStoreType);
        if (StringUtils.isNoneEmpty(keyStoreProvider)) {
            contextFactory.setKeyStoreProvider(keyStoreProvider);
        }
    }
    final String keystorePassword = props.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD);
    final String keyPassword = props.getProperty(NiFiProperties.SECURITY_KEY_PASSWD);
    if (StringUtils.isNotBlank(keystorePassword)) {
        // if no key password was provided, then assume the keystore password is the same as the key password.
        final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword;
        contextFactory.setKeyStorePassword(keystorePassword);
        contextFactory.setKeyManagerPassword(defaultKeyPassword);
    } else if (StringUtils.isNotBlank(keyPassword)) {
        // since no keystore password was provided, there will be no keystore integrity check
        contextFactory.setKeyManagerPassword(keyPassword);
    }

    // truststore properties
    if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE))) {
        contextFactory.setTrustStorePath(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE));
    }
    String trustStoreType = props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE);
    if (StringUtils.isNotBlank(trustStoreType)) {
        contextFactory.setTrustStoreType(trustStoreType);
        String trustStoreProvider = KeyStoreUtils.getKeyStoreProvider(trustStoreType);
        if (StringUtils.isNoneEmpty(trustStoreProvider)) {
            contextFactory.setTrustStoreProvider(trustStoreProvider);
        }
    }
    if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD))) {
        contextFactory.setTrustStorePassword(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD));
    }
}
 
Example 11
Source File: KeyAndTrustManager.java    From chipster with MIT License 3 votes vote down vote up
/**
 * Return SslContextFactory with keystore initialised from Chipster
 * configuration. To be used on the server side.
 * 
 * @param protocols
 * 
 * @return SslContextFactory instance
 * @throws IOException
 * @throws KeyStoreException
 * @throws FileNotFoundException
 * @throws CertificateException
 * @throws NoSuchAlgorithmException
 * @throws MicroarrayException
 */
public static SslContextFactory createSslContextFactory(String keyStore, String keyStorePassword,
		String[] protocols) throws NoSuchAlgorithmException, CertificateException, FileNotFoundException,
		KeyStoreException, IOException {

	// Initialise SslContextFactory to use the keystore
	SslContextFactory sslContextFactory = new SslContextFactory(keyStore);
	sslContextFactory.setKeyStorePassword(keyStorePassword);
	sslContextFactory.setIncludeProtocols(protocols);

	return sslContextFactory;
}