Beispiel #1
0
  private void updateKeyStoreFromPEM(KeyStore keystore, JolokiaServerConfig pConfig)
      throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException,
          InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
          SignatureException {

    if (pConfig.getCaCert() != null) {
      File caCert = getAndValidateFile(pConfig.getCaCert(), "CA cert");
      KeyStoreUtil.updateWithCaPem(keystore, caCert);
    } else if (pConfig.useSslClientAuthentication()) {
      throw new IllegalArgumentException(
          "Cannot use client cert authentication if no CA is given with 'caCert'");
    }

    if (pConfig.getServerCert() != null) {
      // Use the provided server key
      File serverCert = getAndValidateFile(pConfig.getServerCert(), "server cert");
      if (pConfig.getServerKey() == null) {
        throw new IllegalArgumentException(
            "Cannot use server cert from "
                + pConfig.getServerCert()
                + " without a provided a key given with 'serverKey'");
      }
      File serverKey = getAndValidateFile(pConfig.getServerKey(), "server key");
      KeyStoreUtil.updateWithServerPems(
          keystore,
          serverCert,
          serverKey,
          pConfig.getServerKeyAlgorithm(),
          pConfig.getKeystorePassword());
    }
  }
Beispiel #2
0
  // =========================================================================================================
  // HTTPS handling
  private HttpServer createHttpsServer(
      InetSocketAddress pSocketAddress, JolokiaServerConfig pConfig) {
    // initialise the HTTPS server
    try {
      HttpsServer server = HttpsServer.create(pSocketAddress, pConfig.getBacklog());
      SSLContext sslContext = SSLContext.getInstance(pConfig.getSecureSocketProtocol());

      // initialise the keystore
      KeyStore ks = getKeyStore(pConfig);

      // setup the key manager factory
      KeyManagerFactory kmf = getKeyManagerFactory(pConfig);
      kmf.init(ks, pConfig.getKeystorePassword());

      // setup the trust manager factory
      TrustManagerFactory tmf = getTrustManagerFactory(pConfig);
      tmf.init(ks);

      // setup the HTTPS context and parameters
      sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

      // Update the config to filter out bad protocols or ciphers
      pConfig.updateHTTPSSettingsFromContext(sslContext);

      server.setHttpsConfigurator(new JolokiaHttpsConfigurator(sslContext, pConfig));
      return server;
    } catch (GeneralSecurityException e) {
      throw new IllegalStateException("Cannot use keystore for https communication: " + e, e);
    } catch (IOException e) {
      throw new IllegalStateException("Cannot open keystore for https communication: " + e, e);
    }
  }
Beispiel #3
0
  private KeyStore getKeyStore(JolokiaServerConfig pConfig)
      throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
          InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
          SignatureException {
    char[] password = pConfig.getKeystorePassword();
    String keystoreFile = pConfig.getKeystore();
    KeyStore keystore = KeyStore.getInstance(pConfig.getKeyStoreType());
    if (keystoreFile != null) {
      // Load everything from a keystore which must include CA (if useClientSslAuthenticatin is
      // used) and
      // server cert/key
      loadKeyStoreFromFile(keystore, keystoreFile, password);
    } else {
      // Load keys from PEM files
      keystore.load(null);
      updateKeyStoreFromPEM(keystore, pConfig);

      // If no server cert is configured, then use a self-signed server certificate
      if (pConfig.getServerCert() == null) {
        KeyStoreUtil.updateWithSelfSignedServerCertificate(keystore);
      }
    }
    return keystore;
  }