下面列出了怎么用org.eclipse.jetty.server.SslConnectionFactory的API类实例代码及写法,或者点击链接到github查看源代码。
private ServerConnector getConnector() {
if ( sslConfig != null ) {
log.logBasic( BaseMessages.getString( PKG, "WebServer.Log.SslModeUsing" ) );
SslConnectionFactory connector = new SslConnectionFactory();
SslContextFactory contextFactory = new SslContextFactory();
contextFactory.setKeyStoreResource( new PathResource( new File( sslConfig.getKeyStore() ) ) );
contextFactory.setKeyStorePassword( sslConfig.getKeyStorePassword() );
contextFactory.setKeyManagerPassword( sslConfig.getKeyPassword() );
contextFactory.setKeyStoreType( sslConfig.getKeyStoreType() );
return new ServerConnector( server, connector );
} else {
return new ServerConnector( server );
}
}
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception {
Server server = new Server();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setIncludeProtocols("TLSv1.2");
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyManagerPassword(keyPassword);
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(port);
server.addConnector(sslConnector);
server.setHandler(handler);
return server;
}
protected static void addHttpsConnector(Server server, Integer port) throws Exception {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(Config.sslKeyStore().getAbsolutePath());
sslContextFactory.setKeyStorePassword(Config.token().getSslKeyStorePassword());
sslContextFactory.setKeyManagerPassword(Config.token().getSslKeyManagerPassword());
sslContextFactory.setTrustAll(true);
HttpConfiguration config = new HttpConfiguration();
config.setSecureScheme("https");
config.setOutputBufferSize(32768);
config.setRequestHeaderSize(8192 * 2);
config.setResponseHeaderSize(8192 * 2);
config.setSendServerVersion(true);
config.setSendDateHeader(false);
ServerConnector sslConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(config));
sslConnector.setPort(port);
server.addConnector(sslConnector);
}
private SslConnectionFactory getSSLConnectionFactory() {
Resource keyStoreResource = null;
try {
keyStoreResource = Resource.newClassPathResource("localhost");
System.out.println(keyStoreResource);
} catch (Exception ex) {
Logger.getLogger(EventServer.class.getName()).log(Level.SEVERE, null, ex);
}
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStoreResource(keyStoreResource);
String secret = readresource();
sslContextFactory.setKeyStorePassword(Encrypt.getInstance().decrypt(secret));
sslContextFactory.setKeyManagerPassword(Encrypt.getInstance().decrypt(secret));
return new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString());
}
@BeforeClass
public static void startHttpsServer() throws Exception {
skipIfHeadlessEnvironment();
server = new Server();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(ErrorCases.class.getResource("keystore").getPath());
sslContextFactory.setKeyStorePassword("activeeon");
HttpConfiguration httpConfig = new HttpConfiguration();
HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector sslConnector = new ServerConnector(server,
new ConnectionFactory[] { new SslConnectionFactory(sslContextFactory,
HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfig) });
server.addConnector(sslConnector);
server.start();
serverUrl = "https://localhost:" + sslConnector.getLocalPort() + "/rest";
}
@Test
public void testCreateHttpServerUsingHttpsAndRedirection() {
createHttpsContextProperties();
server = jettyStarter.createHttpServer(8080, 8443, true, true);
Connector[] connectors = server.getConnectors();
assertThat(connectors).hasLength(2);
assertThat(connectors[0].getName()).isEqualTo(JettyStarter.HTTP_CONNECTOR_NAME);
assertThat(connectors[0].getConnectionFactory(HttpConnectionFactory.class)).isNotNull();
assertThat(connectors[1].getName()).isEqualTo(JettyStarter.HTTPS_CONNECTOR_NAME.toLowerCase());
assertThat(connectors[1].getConnectionFactory(HttpConnectionFactory.class)).isNotNull();
assertThat(connectors[1].getConnectionFactory(SslConnectionFactory.class)).isNotNull();
unsetHttpsContextProperties();
}
/**
* Create ssl connector if https is used
* @return
*/
private ServerConnector sslConnector() {
HttpConfiguration http_config = new HttpConfiguration();
http_config.setSecureScheme("https");
http_config.setSecurePort(this.getPort());
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
SslContextFactory sslContextFactory = new SslContextFactory(this.getCertKeyStorePath());
sslContextFactory.setKeyStorePassword(this.getCertKeyStorePassword());
//exclude weak ciphers
sslContextFactory.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
//only support tlsv1.2
sslContextFactory.addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1");
ServerConnector connector = new ServerConnector(jettyServer,
new SslConnectionFactory(sslContextFactory, "http/1.1"),
new HttpConnectionFactory(https_config));
connector.setPort(this.getPort());
connector.setIdleTimeout(50000);
return connector;
}
protected Server createServer(int port, boolean serverSsl, boolean clientSsl) {
Server server = new Server();
if (!serverSsl) {
InetSocketAddress addr = new InetSocketAddress("localhost", port);
ServerConnector connector = new ServerConnector(server);
connector.setHost(addr.getHostName());
connector.setPort(addr.getPort());
server.setConnectors(new Connector[]{connector});
} else {
SslContextFactory sslContextFactory = createSslContextFactory(clientSsl);
ServerConnector httpsConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, "http/1.1"),
new HttpConnectionFactory()
);
httpsConnector.setPort(port);
httpsConnector.setHost("localhost");
server.setConnectors(new Connector[]{httpsConnector});
}
return server;
}
public void setupSslServer(int port, SslContextFactory sslContextFactory) {
if (_server != null && port > 0) {
try {
HttpConfiguration https = new HttpConfiguration();
https.addCustomizer(new SecureRequestCustomizer());
ServerConnector sslConnector = new ServerConnector(
_server,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(https));
sslConnector.setPort(port);
_server.addConnector(sslConnector);
LOG.info("Helix SSL rest server is ready to start.");
} catch (Exception ex) {
LOG.error("Failed to setup Helix SSL rest server, " + ex);
}
}
}
@Override
public void startSSL(String keyStoreLocation, String keyStorePassword) throws Exception {
Server server = new Server();
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(keyStoreLocation);
sslContextFactory.setKeyStorePassword(keyStorePassword);
ServerConnector https = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, "http/1.1"),
new HttpConnectionFactory(httpsConfig));
https.setHost(host);
https.setPort(port);
server.setConnectors(new Connector[]{https});
configureContextHandler(server);
startServer(server);
}
private ServerConnector createSSLConnector() {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(m_keystore);
sslContextFactory.setKeyStorePassword(m_keystorepassword);
sslContextFactory.setTrustStorePath(m_truststore);
sslContextFactory.setTrustStorePassword(m_truststorepassword);
sslContextFactory.setNeedClientAuth(m_clientauthentication);
sslContextFactory.setIncludeCipherSuites(m_tls_cipher_suites);
HttpConfiguration http_config = new HttpConfiguration();
http_config.setSecureScheme("https");
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
SslConnectionFactory sslConnFactory = new SslConnectionFactory(sslContextFactory, "http/1.1");
HttpConnectionFactory httpConnFactory = new HttpConnectionFactory(https_config);
ServerConnector sslConnector = new ServerConnector(m_jettyServer, sslConnFactory, httpConnFactory);
return sslConnector;
}
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception {
Server server = new Server();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setIncludeProtocols(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyManagerPassword(keyPassword);
// Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
// not a client. Server does not need to perform hostname verification on the client.
// Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
sslContextFactory.setEndpointIdentificationAlgorithm(null);
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(port);
server.addConnector(sslConnector);
server.setHandler(handler);
return server;
}
public PrometheusServer(int addr, SSLContextService sslContextService, ComponentLog logger, boolean needClientAuth, boolean wantClientAuth) throws Exception {
PrometheusServer.logger = logger;
this.server = new Server();
this.handler = new ServletContextHandler(server, "/metrics");
this.handler.addServlet(new ServletHolder(new MetricsServlet()), "/");
SslContextFactory sslFactory = createSslFactory(sslContextService, needClientAuth, wantClientAuth);
HttpConfiguration httpsConfiguration = new HttpConfiguration();
httpsConfiguration.setSecureScheme("https");
httpsConfiguration.setSecurePort(addr);
httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslFactory, "http/1.1"),
new HttpConnectionFactory(httpsConfiguration));
https.setPort(addr);
this.server.setConnectors(new Connector[]{https});
this.server.start();
}
private void createHttpsConnector(final HttpConfiguration httpConfig) {
// Configure SSL
if (httpsEnable && !Strings.isNullOrEmpty(keystoreFile) && new File(keystoreFile).exists()) {
// SSL Context
final SslContextFactory sslContextFactory = new SslContextFactory();
// Define keystore path and passwords
sslContextFactory.setKeyStorePath(keystoreFile);
sslContextFactory.setKeyStorePassword(keystorePassword);
sslContextFactory.setKeyManagerPassword(keystorePassword);
// HTTPS config
final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// HTTPS Connector
final ServerConnector sslConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, "http/1.1"),
new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(httpsPort);
sslConnector.setHost(bindInterface);
server.addConnector(sslConnector);
}
}
private ServerConnector createHttpsChannelConnector(
Server server, HttpConfiguration httpConfig) {
httpConfig.setSecureScheme(HTTPS_SCHEME);
httpConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector conn = createHttpChannelConnector(server, httpConfig);
SslContextFactory.Server sslContextFactory =
new SslContextFactory.Server();
sslContextFactory.setNeedClientAuth(needsClientAuth);
if (keyPassword != null) {
sslContextFactory.setKeyManagerPassword(keyPassword);
}
if (keyStore != null) {
sslContextFactory.setKeyStorePath(keyStore);
sslContextFactory.setKeyStoreType(keyStoreType);
if (keyStorePassword != null) {
sslContextFactory.setKeyStorePassword(keyStorePassword);
}
}
if (trustStore != null) {
sslContextFactory.setTrustStorePath(trustStore);
sslContextFactory.setTrustStoreType(trustStoreType);
if (trustStorePassword != null) {
sslContextFactory.setTrustStorePassword(trustStorePassword);
}
}
if (null != excludeCiphers && !excludeCiphers.isEmpty()) {
sslContextFactory.setExcludeCipherSuites(
StringUtils.getTrimmedStrings(excludeCiphers));
LOG.info("Excluded Cipher List: {}", excludeCiphers);
}
conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory,
HttpVersion.HTTP_1_1.asString()));
return conn;
}
public void init() {
// connector configuration
SslContextFactory sslContextFactory = new SslContextFactory();
if (null != keyStorePath) {
sslContextFactory.setKeyStorePath(keyStorePath);
}
if (null != keyStorePassword) {
sslContextFactory.setKeyStorePassword(keyStorePassword);
}
if (null != keyManagerPassword) {
sslContextFactory.setKeyManagerPassword(keyManagerPassword);
}
SslConnectionFactory sslConnectionFactory =
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString());
HttpConnectionFactory httpConnectionFactory =
new HttpConnectionFactory(new HttpConfiguration());
ServerConnector sslConnector =
new ServerConnector(server, sslConnectionFactory, httpConnectionFactory);
sslConnector.setHost(host);
sslConnector.setPort(port);
server.addConnector(sslConnector);
ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
ServletHolder servletHolder = new ServletHolder(new ExchangeServlet(sessions, ringBuffer));
context.addServlet(servletHolder, "/trade/*");
// context.addServlet(DefaultServlet.class, "/");
server.setHandler(context);
}
@BeforeEach
void setUp() throws Exception {
server = new Server();
Path keyStorePath = Paths.get(ReporterFactoryTest.class.getResource("/keystore").toURI());
final SslContextFactory sslContextFactory = new SslContextFactory(keyStorePath.toAbsolutePath().toString());
sslContextFactory.setKeyStorePassword("password");
sslContextFactory.getSslContext();
final HttpConfiguration httpConfiguration = new HttpConfiguration();
httpConfiguration.setSecureScheme("https");
httpConfiguration.setSecurePort(0);
final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
final ServerConnector httpsConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfiguration));
httpsConnector.setPort(0);
server.addConnector(httpsConnector);
server.setHandler(new AbstractHandler() {
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) {
baseRequest.setHandled(true);
requestHandled.set(true);
}
});
server.start();
configuration = SpyConfiguration.createSpyConfig();
reporterConfiguration = configuration.getConfig(ReporterConfiguration.class);
when(reporterConfiguration.getServerUrls()).thenReturn(Collections.singletonList(new URL("https://localhost:" + getPort())));
}
private ServerConnector createUnconfiguredSslServerConnector(Server server, HttpConfiguration httpConfiguration) {
// add some secure config
final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
httpsConfiguration.setSecureScheme("https");
httpsConfiguration.setSecurePort(props.getSslPort());
httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
// build the connector
return new ServerConnector(server,
new SslConnectionFactory(createSslContextFactory(), "http/1.1"),
new HttpConnectionFactory(httpsConfiguration));
}
private ServerConnector getServerConnector() {
SslConnectionFactory sslConnectionFactory = getSSLConnectionFactory();
HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(new HttpConfiguration());
ServerConnector connector = new ServerConnector(server, sslConnectionFactory, httpConnectionFactory);
connector.setPort(port);
return connector;
}
public MockServer() throws IOException {
server = new Server();
connector = new ServerConnector(server);
connector.setPort(httpPort);
HttpConfiguration https = new HttpConfiguration();
https.addCustomizer(new SecureRequestCustomizer());
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setTrustAll(true);
sslContextFactory.setValidateCerts(false);
sslContextFactory.setNeedClientAuth(false);
sslContextFactory.setWantClientAuth(false);
sslContextFactory.setValidatePeerCerts(false);
sslContextFactory.setKeyStorePassword("password");
sslContextFactory.setKeyStorePath(MockServer.class.getResource("mock-keystore.jks").toExternalForm());
sslConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory,
HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(https));
sslConnector.setPort(httpsPort);
server.setConnectors(new Connector[] {connector, sslConnector});
ServletContextHandler context = new ServletContextHandler(server, "/", ServletContextHandler.SESSIONS);
context.addServlet(new ServletHolder(new AlwaysSuccessServlet()), "/*");
server.setHandler(context);
}
public HttpsServer start(int httpsPort, String httpsHostname) {
server.setHandler(
new AbstractHandler() {
@Override
public void handle(String path,
Request request,
HttpServletRequest httpRequest,
HttpServletResponse response) throws IOException {
response.setHeader(CONTENT_TYPE, responseContentType);
try (PrintWriter writer = response.getWriter()) {
writer.println(responseContent);
}
}
});
// SSL HTTP Configuration
HttpConfiguration httpsConfig = new HttpConfiguration(); //httpConfig);
httpsConfig.setSecureScheme("https");
httpsConfig.setSecurePort(httpsPort);
ServerConnector sslConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfig)
);
sslConnector.setPort(httpsPort);
sslConnector.setHost(httpsHostname);
server.addConnector(sslConnector);
try {
server.start();
}
catch (Exception e) {
throw new RuntimeException("Failed to start https server", e);
}
return this;
}
@Override
public void customize(final JettyServletWebServerFactory factory) {
LOGGER.info("Customizing Jetty server for integration tests...");
factory.addServerCustomizers((server) -> {
final Ssl sslProperties = serverProperties.getSsl();
if (sslProperties != null) {
createSslContextFactory(sslProperties);
ServerConnector con = (ServerConnector) server.getConnectors()[0];
int existingConnectorPort = con.getLocalPort();
// create the http configuration
final HttpConfiguration httpConfiguration = new HttpConfiguration();
httpConfiguration.setRequestHeaderSize(HEADER_BUFFER_SIZE);
httpConfiguration.setResponseHeaderSize(HEADER_BUFFER_SIZE);
// add some secure config
final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
httpsConfiguration.setSecureScheme("https");
httpsConfiguration.setSecurePort(existingConnectorPort);
httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
// build the connector with the endpoint identification algorithm set to null
final ServerConnector httpsConnector = new ServerConnector(server,
new SslConnectionFactory(createSslContextFactory(sslProperties), "http/1.1"),
new HttpConnectionFactory(httpsConfiguration));
server.removeConnector(con);
server.addConnector(httpsConnector);
}
});
LOGGER.info("JettyServer is customized");
}
@Override
protected ConnectionFactory[] getConnectionFactorys() throws URISyntaxException {
@SuppressWarnings("deprecation")
SslContextFactory sslContextFactory = new SslContextFactory();
String path = get(HttpPlugin.KEY_STORE_PATH);
File keystoreFile = FileUtil.file(path);
if (!keystoreFile.exists()) {
String msg = path + " is not exist";
Logs.http().error(msg);
SumkException.throwException(-2345345, msg);
}
sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
sslContextFactory.setKeyStorePassword(get("sumk.jetty.ssl.storePassword"));
sslContextFactory.setKeyManagerPassword(get("sumk.jetty.ssl.managerPassword"));
sslContextFactory.setCertAlias(get("sumk.jetty.ssl.alias"));
String v = AppInfo.get("sumk.jetty.ssl.storeType", null);
if (v != null) {
sslContextFactory.setKeyStoreType(v);
}
sslContextFactory.setTrustAll(AppInfo.getBoolean("sumk.jetty.ssl.trustAll", false));
Logs.http().info("using https");
return new ConnectionFactory[] { new SslConnectionFactory(sslContextFactory, "http/1.1"),
new HttpConnectionFactory() };
}
private ServerConnector createHttpsChannelConnector(
Server server, HttpConfiguration httpConfig) {
httpConfig.setSecureScheme(HTTPS_SCHEME);
httpConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector conn = createHttpChannelConnector(server, httpConfig);
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setNeedClientAuth(needsClientAuth);
sslContextFactory.setKeyManagerPassword(keyPassword);
if (keyStore != null) {
sslContextFactory.setKeyStorePath(keyStore);
sslContextFactory.setKeyStoreType(keyStoreType);
sslContextFactory.setKeyStorePassword(keyStorePassword);
}
if (trustStore != null) {
sslContextFactory.setTrustStorePath(trustStore);
sslContextFactory.setTrustStoreType(trustStoreType);
sslContextFactory.setTrustStorePassword(trustStorePassword);
}
if(null != excludeCiphers && !excludeCiphers.isEmpty()) {
sslContextFactory.setExcludeCipherSuites(
StringUtils.getTrimmedStrings(excludeCiphers));
LOG.info("Excluded Cipher List:{}", excludeCiphers);
}
conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory,
HttpVersion.HTTP_1_1.asString()));
return conn;
}
private Server createServer(URI endpointURI, boolean needClientAuth) {
if ("ws".equals(endpointURI.getScheme())) {
return new Server(endpointURI.getPort());
}
else if ("wss".equals(endpointURI.getScheme())) {
// see http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/ManyConnectors.java
// http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java
Server server = new Server();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(getStorePath("serverKeyStore.jks"));
sslContextFactory.setKeyStorePassword("passw0rd");
sslContextFactory.setKeyManagerPassword("passw0rd");
sslContextFactory.setCertAlias("default");
sslContextFactory.setNeedClientAuth(needClientAuth);
sslContextFactory.setTrustStorePath(getStorePath("serverTrustStore.jks"));
sslContextFactory.setTrustStorePassword("passw0rd");
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector https= new ServerConnector(server,
new SslConnectionFactory(sslContextFactory,
HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfig));
https.setPort(endpointURI.getPort());
server.addConnector(https);
return server;
}
else
throw new IllegalArgumentException("unrecognized uri: "+endpointURI);
}
private static ProxyTarget createProxyTarget(int targetPort, Duration targetTimeout, List<JDiscServerConnector> connectors) {
JDiscServerConnector targetConnector = connectors.stream()
.filter(connector -> connector.listenPort() == targetPort)
.findAny()
.orElseThrow(() -> new IllegalArgumentException("Could not find any connector with listen port " + targetPort));
SslContextFactory.Server sslContextFactory =
Optional.ofNullable(targetConnector.getConnectionFactory(SslConnectionFactory.class))
.or(() -> Optional.ofNullable(targetConnector.getConnectionFactory(DetectorConnectionFactory.class))
.map(detectorConnFactory -> detectorConnFactory.getBean(SslConnectionFactory.class)))
.map(connFactory -> (SslContextFactory.Server) connFactory.getSslContextFactory())
.orElseThrow(() -> new IllegalArgumentException("Health check proxy can only target https port"));
return new ProxyTarget(targetPort, targetTimeout, sslContextFactory);
}
private List<ConnectionFactory> connectionFactoriesForHttps(Metric metric, HttpConnectionFactory httpFactory) {
ConnectorConfig.ProxyProtocol proxyProtocolConfig = connectorConfig.proxyProtocol();
SslConnectionFactory sslFactory = newSslConnectionFactory(metric, httpFactory);
if (proxyProtocolConfig.enabled()) {
if (proxyProtocolConfig.mixedMode()) {
return List.of(new DetectorConnectionFactory(sslFactory, new ProxyConnectionFactory(sslFactory.getProtocol())), sslFactory, httpFactory);
} else {
return List.of(new ProxyConnectionFactory(), sslFactory, httpFactory);
}
} else {
return List.of(sslFactory, httpFactory);
}
}
private void logEffectiveSslConfiguration() {
if (!server.isStarted()) throw new IllegalStateException();
for (Connector connector : server.getConnectors()) {
ServerConnector serverConnector = (ServerConnector) connector;
int localPort = serverConnector.getLocalPort();
var sslConnectionFactory = serverConnector.getConnectionFactory(SslConnectionFactory.class);
if (sslConnectionFactory != null) {
var sslContextFactory = sslConnectionFactory.getSslContextFactory();
log.info(String.format("Enabled SSL cipher suites for port '%d': %s",
localPort, Arrays.toString(sslContextFactory.getSelectedCipherSuites())));
log.info(String.format("Enabled SSL protocols for port '%d': %s",
localPort, Arrays.toString(sslContextFactory.getSelectedProtocols())));
}
}
}
@Override
public ConnectionFactory setup(final HttpConfiguration config) {
final SslContextFactory context = new SslContextFactory();
keyStorePath.ifPresent(context::setKeyStorePath);
keyStorePassword.ifPresent(context::setKeyStorePassword);
keyManagerPassword.ifPresent(context::setKeyManagerPassword);
trustAll.ifPresent(context::setTrustAll);
return new SslConnectionFactory(context, nextProtocol);
}
@Test
public void testCreateHttpServerUsingHttps() {
createHttpsContextProperties();
server = jettyStarter.createHttpServer(8080, 8443, true, false);
Connector[] connectors = server.getConnectors();
assertThat(connectors).hasLength(1);
assertThat(connectors[0].getName()).isEqualTo(JettyStarter.HTTPS_CONNECTOR_NAME);
assertThat(connectors[0].getConnectionFactory(HttpConnectionFactory.class)).isNotNull();
assertThat(connectors[0].getConnectionFactory(SslConnectionFactory.class)).isNotNull();
unsetHttpsContextProperties();
}