// =========================================================================================================
// HTTPS handling
private HttpServer createHttpsServer(
InetSocketAddress pSocketAddress, JolokiaServerConfig pConfig) {
// initialise the HTTPS server
try {
HttpsServer server = HttpsServer.create(pSocketAddress, pConfig.getBacklog());
SSLContext sslContext = SSLContext.getInstance(pConfig.getSecureSocketProtocol());
// initialise the keystore
KeyStore ks = getKeyStore(pConfig);
// setup the key manager factory
KeyManagerFactory kmf = getKeyManagerFactory(pConfig);
kmf.init(ks, pConfig.getKeystorePassword());
// setup the trust manager factory
TrustManagerFactory tmf = getTrustManagerFactory(pConfig);
tmf.init(ks);
// setup the HTTPS context and parameters
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
// Update the config to filter out bad protocols or ciphers
pConfig.updateHTTPSSettingsFromContext(sslContext);
server.setHttpsConfigurator(new JolokiaHttpsConfigurator(sslContext, pConfig));
return server;
} catch (GeneralSecurityException e) {
throw new IllegalStateException("Cannot use keystore for https communication: " + e, e);
} catch (IOException e) {
throw new IllegalStateException("Cannot open keystore for https communication: " + e, e);
}
}
/**
* Get the TrustManagers for the specified trust store.
*
* @param tsFile The trust store file
* @param tsPass The trust store password
* @return The TrustManagers that can manager the specified trust store.
* @throws Exception
*/
protected TrustManager[] getTrustManagers(String tsFile, String tsPass) throws Exception {
tsFile = JavaKeyStoreHandler.getTrustStoreName(tsFile);
tsPass = JavaKeyStoreHandler.getTrustStorePassword(tsPass);
KeyStore ts = KeyStore.getInstance("JKS");
ts.load(new FileInputStream(tsFile), tsPass.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(ts);
return tmf.getTrustManagers();
}
/*
* If this is a secure server, we now setup the SSLContext we'll
* use for creating the SSLEngines throughout the lifetime of
* this process.
*/
private void createSSLContext() throws Exception {
char[] passphrase = "passphrase".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("testkeys"), passphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
}
public static void main(PeerFactory peerFactory, KeyStore keyStore, String[] args)
throws Exception {
long time = System.currentTimeMillis();
String relPath;
if ((args != null) && (args.length > 0) && args[0].equals("sh")) {
relPath = pathToStoresSH;
} else {
relPath = pathToStores;
}
PATH = new File(System.getProperty("test.src", "."), relPath);
CipherTest.peerFactory = peerFactory;
System.out.print("Initializing test '" + peerFactory.getName() + "'...");
// secureRandom = new SecureRandom();
// secureRandom.nextInt();
// trustStore = readKeyStore(trustStoreFile);
CipherTest.keyStore = keyStore;
// keyStore = readKeyStore(keyStoreFile);
KeyManagerFactory keyFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, "test12".toCharArray());
keyManager = (X509ExtendedKeyManager) keyFactory.getKeyManagers()[0];
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
trustManager = (X509TrustManager) tmf.getTrustManagers()[0];
// trustManager = new AlwaysTrustManager();
SSLContext context = SSLContext.getInstance("TLS");
context.init(new KeyManager[] {keyManager}, new TrustManager[] {trustManager}, null);
SSLContext.setDefault(context);
CipherTest cipherTest = new CipherTest(peerFactory);
Thread serverThread = new Thread(peerFactory.newServer(cipherTest), "Server");
serverThread.setDaemon(true);
serverThread.start();
System.out.println("Done");
cipherTest.run();
time = System.currentTimeMillis() - time;
System.out.println("Done. (" + time + " ms)");
}
private void initialize() throws Exception {
String trustFilename =
System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile;
char[] passphrase = "passphrase".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(trustFilename), passphrase);
for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) {
String alias = (String) e.nextElement();
if (ks.isCertificateEntry(alias)) {
certChain[0] = (X509Certificate) ks.getCertificate(alias);
break;
}
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
trustManager = (X509TrustManager) (tmf.getTrustManagers())[0];
}
private TrustManagerFactory getTrustManagerFactory(JolokiaServerConfig pConfig)
throws NoSuchAlgorithmException {
String algo = pConfig.getTrustManagerAlgorithm();
return TrustManagerFactory.getInstance(
algo != null ? algo : TrustManagerFactory.getDefaultAlgorithm());
}
