// ========================================================================================================= // HTTPS handling private HttpServer createHttpsServer( InetSocketAddress pSocketAddress, JolokiaServerConfig pConfig) { // initialise the HTTPS server try { HttpsServer server = HttpsServer.create(pSocketAddress, pConfig.getBacklog()); SSLContext sslContext = SSLContext.getInstance(pConfig.getSecureSocketProtocol()); // initialise the keystore KeyStore ks = getKeyStore(pConfig); // setup the key manager factory KeyManagerFactory kmf = getKeyManagerFactory(pConfig); kmf.init(ks, pConfig.getKeystorePassword()); // setup the trust manager factory TrustManagerFactory tmf = getTrustManagerFactory(pConfig); tmf.init(ks); // setup the HTTPS context and parameters sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); // Update the config to filter out bad protocols or ciphers pConfig.updateHTTPSSettingsFromContext(sslContext); server.setHttpsConfigurator(new JolokiaHttpsConfigurator(sslContext, pConfig)); return server; } catch (GeneralSecurityException e) { throw new IllegalStateException("Cannot use keystore for https communication: " + e, e); } catch (IOException e) { throw new IllegalStateException("Cannot open keystore for https communication: " + e, e); } }
private HttpServer httpsServer(InetSocketAddress address) throws IOException, GeneralSecurityException { // Initialize the keystore char[] password = "******".toCharArray(); ks = KeyStore.getInstance("JKS"); try (FileInputStream fis = new FileInputStream("UMS.jks")) { ks.load(fis, password); } // Setup the key manager factory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, password); // Setup the trust manager factory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ks); HttpsServer server = HttpsServer.create(address, 0); sslContext = SSLContext.getInstance("TLS"); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); server.setHttpsConfigurator( new HttpsConfigurator(sslContext) { @Override public void configure(HttpsParameters params) { try { // initialise the SSL context SSLContext c = SSLContext.getDefault(); SSLEngine engine = c.createSSLEngine(); params.setNeedClientAuth(true); params.setCipherSuites(engine.getEnabledCipherSuites()); params.setProtocols(engine.getEnabledProtocols()); // get the default parameters SSLParameters defaultSSLParameters = c.getDefaultSSLParameters(); params.setSSLParameters(defaultSSLParameters); } catch (Exception e) { LOGGER.debug("https configure error " + e); } } }); return server; }
private KeyManagerFactory getKeyManagerFactory(JolokiaServerConfig pConfig) throws NoSuchAlgorithmException { String algo = pConfig.getKeyManagerAlgorithm(); return KeyManagerFactory.getInstance( algo != null ? algo : KeyManagerFactory.getDefaultAlgorithm()); }