Ejemplo n.º 1
0
    public void run() {
      URLConnection con = null;
      try {
        con = url.openConnection();

        if ("HTTPS".equalsIgnoreCase(url.getProtocol())) {
          HttpsURLConnection scon = (HttpsURLConnection) con;
          try {
            scon.setSSLSocketFactory(SSLUtil.getSSLSocketFactory(clientCertAlias, trustAnyCert));
            HostnameVerifier hv = SSLUtil.getHostnameVerifier(hostCertLevel);
            if (hv != null) {
              scon.setHostnameVerifier(hv);
            }
          } catch (GeneralSecurityException e) {
            Debug.logError(e, module);
          } catch (GenericConfigException e) {
            Debug.logError(e, module);
          }
        }
      } catch (IOException e) {
        Debug.logError(e, module);
      }

      synchronized (URLConnector.this) {
        if (timedOut && con != null) {
          close(con);
        } else {
          connection = con;
          URLConnector.this.notify();
        }
      }
    }
Ejemplo n.º 2
0
  public static SSLServerSocket createSSLServerSocket(
      KeytoolKey key, int port, int backlog, InetAddress addr)
      throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException,
          UnrecoverableKeyException, KeyManagementException, NoSuchProviderException {
    SSLContext context = SSLUtil.createSSLContext(key, null);
    SSLServerSocketFactory ssf = context.getServerSocketFactory();
    SSLServerSocket server = (SSLServerSocket) ssf.createServerSocket(port, backlog, addr);

    SSLUtil.removeOutdatedCiphers(server);

    return server;
  }
Ejemplo n.º 3
0
  protected void initialiseSsl() throws Exception {
    if (isSSLEnabled()) {
      sslImplementation = SSLImplementation.getInstance(getSslImplementationName());

      for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) {
        for (SSLHostConfigCertificate certificate : sslHostConfig.getCertificates(true)) {
          SSLUtil sslUtil = sslImplementation.getSSLUtil(sslHostConfig, certificate);

          SSLContext sslContext = sslUtil.createSSLContext(negotiableProtocols);
          sslContext.init(sslUtil.getKeyManagers(), sslUtil.getTrustManagers(), null);

          SSLSessionContext sessionContext = sslContext.getServerSessionContext();
          if (sessionContext != null) {
            sslUtil.configureSessionContext(sessionContext);
          }
          SSLContextWrapper sslContextWrapper = new SSLContextWrapper(sslContext, sslUtil);
          certificate.setSslContextWrapper(sslContextWrapper);
        }
      }
    }
  }
  private ClientConnectionManager createClientConnectionManager() {
    SchemeRegistry schemeRegistry = SchemeRegistryFactory.createDefault();

    // SSL Trust all for HTTP Client 4.x
    SSLSocketFactory sf =
        new SSLSocketFactory(
            SSLUtil.getTrustAllContext(), SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
    Scheme httpsScheme = new Scheme("https", port, sf);
    schemeRegistry.register(httpsScheme);

    ClientConnectionManager connectionManager = new PoolingClientConnectionManager(schemeRegistry);
    return connectionManager;
  }
Ejemplo n.º 5
0
  public static Server initJetty(
      final String bindAddress,
      final int port,
      boolean useSSL,
      boolean needClientAuth,
      String protocols,
      String ciphers,
      Properties sysProps)
      throws Exception {

    final Server jettyServer = new Server();

    // Add a handler collection here, so that each new context adds itself
    // to this collection.
    jettyServer.setHandler(new HandlerCollection());
    ServerConnector connector = null;

    HttpConfiguration httpConfig = new HttpConfiguration();
    httpConfig.setSecureScheme(HTTPS);
    httpConfig.setSecurePort(port);

    if (useSSL) {
      SslContextFactory sslContextFactory = new SslContextFactory();

      sslContextFactory.setNeedClientAuth(needClientAuth);

      if (!StringUtils.isBlank(ciphers) && !"any".equalsIgnoreCase(ciphers)) {
        // If use has mentioned "any" let the SSL layer decide on the ciphers
        sslContextFactory.setIncludeCipherSuites(SSLUtil.readArray(ciphers));
      }

      String protocol = SSLUtil.getSSLAlgo(SSLUtil.readArray(protocols));
      if (protocol != null) {
        sslContextFactory.setProtocol(protocol);
      } else {
        logger.warn(ManagementStrings.SSL_PROTOCOAL_COULD_NOT_BE_DETERMINED);
      }

      if (StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStore"))) {
        throw new GemFireConfigException(
            "Key store can't be empty if SSL is enabled for HttpService");
      }

      sslContextFactory.setKeyStorePath(sysProps.getProperty("javax.net.ssl.keyStore"));

      if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStoreType"))) {
        sslContextFactory.setKeyStoreType(sysProps.getProperty("javax.net.ssl.keyStoreType"));
      }

      if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStorePassword"))) {
        sslContextFactory.setKeyStorePassword(
            sysProps.getProperty("javax.net.ssl.keyStorePassword"));
      }

      if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.trustStore"))) {
        sslContextFactory.setTrustStorePath(sysProps.getProperty("javax.net.ssl.trustStore"));
      }

      if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.trustStorePassword"))) {
        sslContextFactory.setTrustStorePassword(
            sysProps.getProperty("javax.net.ssl.trustStorePassword"));
      }

      httpConfig.addCustomizer(new SecureRequestCustomizer());

      // Somehow With HTTP_2.0 Jetty throwing NPE. Need to investigate further whether all GemFire
      // web application(Pulse, REST) can do with HTTP_1.1
      connector =
          new ServerConnector(
              jettyServer,
              new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
              new HttpConnectionFactory(httpConfig));

      connector.setPort(port);
    } else {
      connector = new ServerConnector(jettyServer, new HttpConnectionFactory(httpConfig));

      connector.setPort(port);
    }

    jettyServer.setConnectors(new Connector[] {connector});

    if (!StringUtils.isBlank(bindAddress)) {
      connector.setHost(bindAddress);
    }

    if (bindAddress != null && !bindAddress.isEmpty()) {
      JettyHelper.bindAddress = bindAddress;
    }

    JettyHelper.port = port;

    return jettyServer;
  }
Ejemplo n.º 6
0
 public SSLContextWrapper(SSLContext sslContext, SSLUtil sslUtil) {
   this.sslContext = sslContext;
   // Determine which cipher suites and protocols to enable
   enabledCiphers = sslUtil.getEnableableCiphers(sslContext);
   enabledProtocols = sslUtil.getEnableableProtocols(sslContext);
 }