Beispiel #1
0
  // =========================================================================================================
  // HTTPS handling
  private HttpServer createHttpsServer(
      InetSocketAddress pSocketAddress, JolokiaServerConfig pConfig) {
    // initialise the HTTPS server
    try {
      HttpsServer server = HttpsServer.create(pSocketAddress, pConfig.getBacklog());
      SSLContext sslContext = SSLContext.getInstance(pConfig.getSecureSocketProtocol());

      // initialise the keystore
      KeyStore ks = getKeyStore(pConfig);

      // setup the key manager factory
      KeyManagerFactory kmf = getKeyManagerFactory(pConfig);
      kmf.init(ks, pConfig.getKeystorePassword());

      // setup the trust manager factory
      TrustManagerFactory tmf = getTrustManagerFactory(pConfig);
      tmf.init(ks);

      // setup the HTTPS context and parameters
      sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

      // Update the config to filter out bad protocols or ciphers
      pConfig.updateHTTPSSettingsFromContext(sslContext);

      server.setHttpsConfigurator(new JolokiaHttpsConfigurator(sslContext, pConfig));
      return server;
    } catch (GeneralSecurityException e) {
      throw new IllegalStateException("Cannot use keystore for https communication: " + e, e);
    } catch (IOException e) {
      throw new IllegalStateException("Cannot open keystore for https communication: " + e, e);
    }
  }
  private HttpServer httpsServer(InetSocketAddress address)
      throws IOException, GeneralSecurityException {
    // Initialize the keystore
    char[] password = "******".toCharArray();
    ks = KeyStore.getInstance("JKS");
    try (FileInputStream fis = new FileInputStream("UMS.jks")) {
      ks.load(fis, password);
    }

    // Setup the key manager factory
    kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, password);

    // Setup the trust manager factory
    tmf = TrustManagerFactory.getInstance("SunX509");
    tmf.init(ks);

    HttpsServer server = HttpsServer.create(address, 0);
    sslContext = SSLContext.getInstance("TLS");
    sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

    server.setHttpsConfigurator(
        new HttpsConfigurator(sslContext) {
          @Override
          public void configure(HttpsParameters params) {
            try {
              // initialise the SSL context
              SSLContext c = SSLContext.getDefault();
              SSLEngine engine = c.createSSLEngine();
              params.setNeedClientAuth(true);
              params.setCipherSuites(engine.getEnabledCipherSuites());
              params.setProtocols(engine.getEnabledProtocols());

              // get the default parameters
              SSLParameters defaultSSLParameters = c.getDefaultSSLParameters();
              params.setSSLParameters(defaultSSLParameters);
            } catch (Exception e) {
              LOGGER.debug("https configure error  " + e);
            }
          }
        });
    return server;
  }
Beispiel #3
0
  static HttpServer createDashboardHttpServer(Config config) throws IOException {
    boolean secure = config.isServerSecure();
    HttpServer server;
    if (!secure) {
      server = HttpServer.create();
    } else {
      server = HttpsServer.create();
      SSLContext defaultSslContext;
      try {
        defaultSslContext = SSLContext.getDefault();
      } catch (NoSuchAlgorithmException ex) {
        throw new RuntimeException(ex);
      }
      HttpsConfigurator httpsConf = new HttpsConfigurator(defaultSslContext);
      ((HttpsServer) server).setHttpsConfigurator(httpsConf);
    }
    // The Dashboard is on a separate port to prevent malicious HTML documents
    // in the user's repository from performing admin actions with
    // XMLHttpRequest or the like, as the HTML page will then be blocked by
    // same-origin policies.
    try {
      server.bind(new InetSocketAddress(config.getServerDashboardPort()), 0);
    } catch (BindException ex) {
      log.log(
          Level.WARNING,
          "Server dashboard port {0,number,#} is in use.",
          config.getServerDashboardPort());
      throw ex;
    }

    // Use separate Executor for Dashboard to allow the administrator to
    // investigate why things are going wrong without waiting on the normal work
    // queue.
    int maxThreads = 4;
    Executor executor =
        new ThreadPoolExecutor(
            maxThreads, maxThreads, 10, TimeUnit.MINUTES, new LinkedBlockingQueue<Runnable>());
    server.setExecutor(executor);

    log.info("dashboard is listening on port #" + server.getAddress().getPort());

    return server;
  }
Beispiel #4
0
  public static void main(String[] args) throws Exception {
    HttpServer s1 = null;
    HttpsServer s2 = null;
    ExecutorService executor = null;
    try {
      String root = System.getProperty("test.src") + "/docs";
      System.out.print("Test12: ");
      InetSocketAddress addr = new InetSocketAddress(0);
      s1 = HttpServer.create(addr, 0);
      s2 = HttpsServer.create(addr, 0);
      HttpHandler h = new FileServerHandler(root);
      HttpContext c1 = s1.createContext("/test1", h);
      HttpContext c2 = s2.createContext("/test1", h);
      executor = Executors.newCachedThreadPool();
      s1.setExecutor(executor);
      s2.setExecutor(executor);
      ctx = new SimpleSSLContext(System.getProperty("test.src")).get();
      s2.setHttpsConfigurator(new HttpsConfigurator(ctx));
      s1.start();
      s2.start();

      int port = s1.getAddress().getPort();
      int httpsport = s2.getAddress().getPort();
      Runner r[] = new Runner[8];
      r[0] = new Runner(true, "http", root + "/test1", port, "smallfile.txt", 23);
      r[1] = new Runner(true, "http", root + "/test1", port, "largefile.txt", 2730088);
      r[2] = new Runner(true, "https", root + "/test1", httpsport, "smallfile.txt", 23);
      r[3] = new Runner(true, "https", root + "/test1", httpsport, "largefile.txt", 2730088);
      r[4] = new Runner(false, "http", root + "/test1", port, "smallfile.txt", 23);
      r[5] = new Runner(false, "http", root + "/test1", port, "largefile.txt", 2730088);
      r[6] = new Runner(false, "https", root + "/test1", httpsport, "smallfile.txt", 23);
      r[7] = new Runner(false, "https", root + "/test1", httpsport, "largefile.txt", 2730088);
      start(r);
      join(r);
      System.out.println("OK");
    } finally {
      delay();
      if (s1 != null) s1.stop(2);
      if (s2 != null) s2.stop(2);
      if (executor != null) executor.shutdown();
    }
  }
Beispiel #5
0
  static HttpServer createHttpServer(Config config) throws IOException {
    HttpServer server;
    if (!config.isServerSecure()) {
      server = HttpServer.create();
    } else {
      server = HttpsServer.create();
      try {
        HttpsConfigurator httpsConf =
            new HttpsConfigurator(SSLContext.getDefault()) {
              public void configure(HttpsParameters params) {
                SSLParameters sslParams = getSSLContext().getDefaultSSLParameters();
                // Allow verifying the GSA and other trusted computers.
                sslParams.setWantClientAuth(true);
                params.setSSLParameters(sslParams);
              }
            };
        ((HttpsServer) server).setHttpsConfigurator(httpsConf);
      } catch (java.security.NoSuchAlgorithmException ex) {
        throw new RuntimeException(ex);
      }
    }

    int maxThreads = config.getServerMaxWorkerThreads();
    int queueCapacity = config.getServerQueueCapacity();
    BlockingQueue<Runnable> blockingQueue = new ArrayBlockingQueue<Runnable>(queueCapacity);
    // The Executor can't reject jobs directly, because HttpServer does not
    // appear to handle that case.
    RejectedExecutionHandler policy = new SuggestHandlerAbortPolicy(HttpExchanges.abortImmediately);
    Executor executor =
        new ThreadPoolExecutor(maxThreads, maxThreads, 1, TimeUnit.MINUTES, blockingQueue, policy);
    server.setExecutor(executor);

    try {
      server.bind(new InetSocketAddress(config.getServerPort()), 0);
    } catch (BindException ex) {
      log.log(Level.WARNING, "Server port {0,number,#} is in use.", config.getServerPort());
      throw ex;
    }
    log.info("GSA host name: " + config.getGsaHostname());
    log.info("server is listening on port #" + server.getAddress().getPort());
    return server;
  }
Beispiel #6
0
  public static void main(String[] args) throws Exception {
    HttpServer s1 = null;
    HttpsServer s2 = null;
    ExecutorService executor = null;
    try {
      String root = System.getProperty("test.src") + "/docs";
      System.out.print("Test1: ");
      InetSocketAddress addr = new InetSocketAddress(0);
      s1 = HttpServer.create(addr, 0);
      if (s1 instanceof HttpsServer) {
        throw new RuntimeException("should not be httpsserver");
      }
      s2 = HttpsServer.create(addr, 0);
      HttpHandler h = new FileServerHandler(root);
      HttpContext c1 = s1.createContext("/test1", h);
      HttpContext c2 = s2.createContext("/test1", h);
      executor = Executors.newCachedThreadPool();
      s1.setExecutor(executor);
      s2.setExecutor(executor);
      ctx = new SimpleSSLContext(System.getProperty("test.src")).get();
      s2.setHttpsConfigurator(new HttpsConfigurator(ctx));
      s1.start();
      s2.start();

      int port = s1.getAddress().getPort();
      int httpsport = s2.getAddress().getPort();
      test(true, "http", root + "/test1", port, "smallfile.txt", 23);
      test(true, "http", root + "/test1", port, "largefile.txt", 2730088);
      test(true, "https", root + "/test1", httpsport, "smallfile.txt", 23);
      test(true, "https", root + "/test1", httpsport, "largefile.txt", 2730088);
      test(false, "http", root + "/test1", port, "smallfile.txt", 23);
      test(false, "http", root + "/test1", port, "largefile.txt", 2730088);
      test(false, "https", root + "/test1", httpsport, "smallfile.txt", 23);
      test(false, "https", root + "/test1", httpsport, "largefile.txt", 2730088);
      System.out.println("OK");
    } finally {
      delay();
      s1.stop(2);
      s2.stop(2);
      executor.shutdown();
    }
  }
  private static HttpsServer createHttps(final Configuration config)
      throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException,
          FileNotFoundException, UnrecoverableKeyException, KeyManagementException {
    HttpsServer https;
    final String ksFilename = config.KS_FILENAME;

    final char[] ksPassword = config.KS_PASSWORD;
    final char[] certPassword = config.CERT_PASSWORD;

    final KeyStore ks = KeyStore.getInstance("JKS");
    final SSLContext context = SSLContext.getInstance("TLS");
    final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

    try (FileInputStream ksis = new FileInputStream(ksFilename); ) {
      ks.load(ksis, ksPassword);
    }

    kmf.init(ks, certPassword);
    context.init(kmf.getKeyManagers(), null, null);

    https = HttpsServer.create(config.HOST_HTTPS, config.BACKLOG);
    https.setHttpsConfigurator(new HttpsConfigurator(context));
    return https;
  }