public void run() { URLConnection con = null; try { con = url.openConnection(); if ("HTTPS".equalsIgnoreCase(url.getProtocol())) { HttpsURLConnection scon = (HttpsURLConnection) con; try { scon.setSSLSocketFactory(SSLUtil.getSSLSocketFactory(clientCertAlias, trustAnyCert)); HostnameVerifier hv = SSLUtil.getHostnameVerifier(hostCertLevel); if (hv != null) { scon.setHostnameVerifier(hv); } } catch (GeneralSecurityException e) { Debug.logError(e, module); } catch (GenericConfigException e) { Debug.logError(e, module); } } } catch (IOException e) { Debug.logError(e, module); } synchronized (URLConnector.this) { if (timedOut && con != null) { close(con); } else { connection = con; URLConnector.this.notify(); } } }
public static SSLServerSocket createSSLServerSocket( KeytoolKey key, int port, int backlog, InetAddress addr) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException, NoSuchProviderException { SSLContext context = SSLUtil.createSSLContext(key, null); SSLServerSocketFactory ssf = context.getServerSocketFactory(); SSLServerSocket server = (SSLServerSocket) ssf.createServerSocket(port, backlog, addr); SSLUtil.removeOutdatedCiphers(server); return server; }
protected void initialiseSsl() throws Exception { if (isSSLEnabled()) { sslImplementation = SSLImplementation.getInstance(getSslImplementationName()); for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) { for (SSLHostConfigCertificate certificate : sslHostConfig.getCertificates(true)) { SSLUtil sslUtil = sslImplementation.getSSLUtil(sslHostConfig, certificate); SSLContext sslContext = sslUtil.createSSLContext(negotiableProtocols); sslContext.init(sslUtil.getKeyManagers(), sslUtil.getTrustManagers(), null); SSLSessionContext sessionContext = sslContext.getServerSessionContext(); if (sessionContext != null) { sslUtil.configureSessionContext(sessionContext); } SSLContextWrapper sslContextWrapper = new SSLContextWrapper(sslContext, sslUtil); certificate.setSslContextWrapper(sslContextWrapper); } } } }
private ClientConnectionManager createClientConnectionManager() { SchemeRegistry schemeRegistry = SchemeRegistryFactory.createDefault(); // SSL Trust all for HTTP Client 4.x SSLSocketFactory sf = new SSLSocketFactory( SSLUtil.getTrustAllContext(), SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); Scheme httpsScheme = new Scheme("https", port, sf); schemeRegistry.register(httpsScheme); ClientConnectionManager connectionManager = new PoolingClientConnectionManager(schemeRegistry); return connectionManager; }
public static Server initJetty( final String bindAddress, final int port, boolean useSSL, boolean needClientAuth, String protocols, String ciphers, Properties sysProps) throws Exception { final Server jettyServer = new Server(); // Add a handler collection here, so that each new context adds itself // to this collection. jettyServer.setHandler(new HandlerCollection()); ServerConnector connector = null; HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.setSecureScheme(HTTPS); httpConfig.setSecurePort(port); if (useSSL) { SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setNeedClientAuth(needClientAuth); if (!StringUtils.isBlank(ciphers) && !"any".equalsIgnoreCase(ciphers)) { // If use has mentioned "any" let the SSL layer decide on the ciphers sslContextFactory.setIncludeCipherSuites(SSLUtil.readArray(ciphers)); } String protocol = SSLUtil.getSSLAlgo(SSLUtil.readArray(protocols)); if (protocol != null) { sslContextFactory.setProtocol(protocol); } else { logger.warn(ManagementStrings.SSL_PROTOCOAL_COULD_NOT_BE_DETERMINED); } if (StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStore"))) { throw new GemFireConfigException( "Key store can't be empty if SSL is enabled for HttpService"); } sslContextFactory.setKeyStorePath(sysProps.getProperty("javax.net.ssl.keyStore")); if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStoreType"))) { sslContextFactory.setKeyStoreType(sysProps.getProperty("javax.net.ssl.keyStoreType")); } if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStorePassword"))) { sslContextFactory.setKeyStorePassword( sysProps.getProperty("javax.net.ssl.keyStorePassword")); } if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.trustStore"))) { sslContextFactory.setTrustStorePath(sysProps.getProperty("javax.net.ssl.trustStore")); } if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.trustStorePassword"))) { sslContextFactory.setTrustStorePassword( sysProps.getProperty("javax.net.ssl.trustStorePassword")); } httpConfig.addCustomizer(new SecureRequestCustomizer()); // Somehow With HTTP_2.0 Jetty throwing NPE. Need to investigate further whether all GemFire // web application(Pulse, REST) can do with HTTP_1.1 connector = new ServerConnector( jettyServer, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfig)); connector.setPort(port); } else { connector = new ServerConnector(jettyServer, new HttpConnectionFactory(httpConfig)); connector.setPort(port); } jettyServer.setConnectors(new Connector[] {connector}); if (!StringUtils.isBlank(bindAddress)) { connector.setHost(bindAddress); } if (bindAddress != null && !bindAddress.isEmpty()) { JettyHelper.bindAddress = bindAddress; } JettyHelper.port = port; return jettyServer; }
public SSLContextWrapper(SSLContext sslContext, SSLUtil sslUtil) { this.sslContext = sslContext; // Determine which cipher suites and protocols to enable enabledCiphers = sslUtil.getEnableableCiphers(sslContext); enabledProtocols = sslUtil.getEnableableProtocols(sslContext); }