// =========================================================================================================
// HTTPS handling
private HttpServer createHttpsServer(
InetSocketAddress pSocketAddress, JolokiaServerConfig pConfig) {
// initialise the HTTPS server
try {
HttpsServer server = HttpsServer.create(pSocketAddress, pConfig.getBacklog());
SSLContext sslContext = SSLContext.getInstance(pConfig.getSecureSocketProtocol());
// initialise the keystore
KeyStore ks = getKeyStore(pConfig);
// setup the key manager factory
KeyManagerFactory kmf = getKeyManagerFactory(pConfig);
kmf.init(ks, pConfig.getKeystorePassword());
// setup the trust manager factory
TrustManagerFactory tmf = getTrustManagerFactory(pConfig);
tmf.init(ks);
// setup the HTTPS context and parameters
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
// Update the config to filter out bad protocols or ciphers
pConfig.updateHTTPSSettingsFromContext(sslContext);
server.setHttpsConfigurator(new JolokiaHttpsConfigurator(sslContext, pConfig));
return server;
} catch (GeneralSecurityException e) {
throw new IllegalStateException("Cannot use keystore for https communication: " + e, e);
} catch (IOException e) {
throw new IllegalStateException("Cannot open keystore for https communication: " + e, e);
}
}
private HttpServer httpsServer(InetSocketAddress address)
throws IOException, GeneralSecurityException {
// Initialize the keystore
char[] password = "******".toCharArray();
ks = KeyStore.getInstance("JKS");
try (FileInputStream fis = new FileInputStream("UMS.jks")) {
ks.load(fis, password);
}
// Setup the key manager factory
kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, password);
// Setup the trust manager factory
tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
HttpsServer server = HttpsServer.create(address, 0);
sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
server.setHttpsConfigurator(
new HttpsConfigurator(sslContext) {
@Override
public void configure(HttpsParameters params) {
try {
// initialise the SSL context
SSLContext c = SSLContext.getDefault();
SSLEngine engine = c.createSSLEngine();
params.setNeedClientAuth(true);
params.setCipherSuites(engine.getEnabledCipherSuites());
params.setProtocols(engine.getEnabledProtocols());
// get the default parameters
SSLParameters defaultSSLParameters = c.getDefaultSSLParameters();
params.setSSLParameters(defaultSSLParameters);
} catch (Exception e) {
LOGGER.debug("https configure error " + e);
}
}
});
return server;
}
/** {@inheritDoc} */
public void configure(HttpsParameters params) {
// initialise the SSL context
SSLEngine engine = context.createSSLEngine();
// get the default parameters
SSLParameters defaultSSLParameters = context.getDefaultSSLParameters();
// Cert authentication is delayed later to the ClientCertAuthenticator
params.setWantClientAuth(serverConfig.useSslClientAuthentication());
defaultSSLParameters.setWantClientAuth(serverConfig.useSslClientAuthentication());
// Cipher Suites
params.setCipherSuites(serverConfig.getSSLCipherSuites());
defaultSSLParameters.setCipherSuites(serverConfig.getSSLCipherSuites());
// Protocols
params.setProtocols(serverConfig.getSSLProtocols());
defaultSSLParameters.setProtocols(serverConfig.getSSLProtocols());
params.setSSLParameters(defaultSSLParameters);
}
public void run() {
try {
URL url = new URL(protocol + "://localhost:" + port + "/test1/" + f);
HttpURLConnection urlc = (HttpURLConnection) url.openConnection();
if (urlc instanceof HttpsURLConnection) {
HttpsURLConnection urlcs = (HttpsURLConnection) urlc;
urlcs.setHostnameVerifier(
new HostnameVerifier() {
public boolean verify(String s, SSLSession s1) {
return true;
}
});
urlcs.setSSLSocketFactory(ctx.getSocketFactory());
}
byte[] buf = new byte[4096];
if (fixedLen) {
urlc.setRequestProperty("XFixed", "yes");
}
InputStream is = urlc.getInputStream();
File temp = File.createTempFile("Test1", null);
temp.deleteOnExit();
OutputStream fout = new BufferedOutputStream(new FileOutputStream(temp));
int c, count = 0;
while ((c = is.read(buf)) != -1) {
count += c;
fout.write(buf, 0, c);
}
is.close();
fout.close();
if (count != size) {
throw new RuntimeException("wrong amount of data returned");
}
String orig = root + "/" + f;
compare(new File(orig), temp);
temp.delete();
} catch (Exception e) {
e.printStackTrace();
fail = true;
}
}