/** Create a channel connector for "http/https" requests */
Connector createChannelConnector(int queueSize, Builder b) {
SelectChannelConnector connector;
if (!b.useSSL) {
connector = new SelectChannelConnector();
} else {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(b.keyStorePath);
Set<String> excludedSSLProtocols =
Sets.newHashSet(
Splitter.on(",")
.trimResults()
.omitEmptyStrings()
.split(Strings.nullToEmpty(b.conf.getVar(ConfVars.HIVE_SSL_PROTOCOL_BLACKLIST))));
sslContextFactory.addExcludeProtocols(
excludedSSLProtocols.toArray(new String[excludedSSLProtocols.size()]));
sslContextFactory.setKeyStorePassword(b.keyStorePassword);
connector = new SslSelectChannelConnector(sslContextFactory);
}
connector.setLowResourcesMaxIdleTime(10000);
connector.setAcceptQueueSize(queueSize);
connector.setResolveNames(false);
connector.setUseDirectBuffers(false);
connector.setRequestHeaderSize(1024 * 64);
connector.setReuseAddress(!Shell.WINDOWS);
return connector;
}
/**
* set up the ssl connectors with strong ciphers
*
* @throws Exception
*/
protected void initConnectors() throws Exception {
if (!_disableHTTP) {
if (_unsecuredConnector == null) {
_unsecuredConnector = new SelectChannelConnector();
}
if (_unsecurePort != null) {
_unsecuredConnector.setPort(Integer.parseInt(_unsecurePort));
} else {
_unsecuredConnector.setPort(_serviceInfo.getEndpoint().getPort());
}
if (_httpBindAddress != null) {
_unsecuredConnector.setHost(_httpBindAddress);
}
if (lowResourcesConnections != null) {
_unsecuredConnector.setLowResourcesConnections(lowResourcesConnections);
}
if (lowResourcesMaxIdleTime != null) {
_unsecuredConnector.setLowResourcesMaxIdleTime(lowResourcesMaxIdleTime);
}
if (threadPool != null) {
_unsecuredConnector.setThreadPool(threadPool);
}
_server.addConnector(_unsecuredConnector);
}
if (!_disableSSL) {
SslContextFactory sslFac = new SslContextFactory();
sslFac.setIncludeCipherSuites(_ciphers);
KeyStore ks = KeyStoreUtil.getViPRKeystore(_coordinatorClient);
_log.debug(
"The certificates in Jetty is {}. ",
ks.getCertificateChain(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS));
sslFac.setCertAlias(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS);
sslFac.setKeyStore(ks);
_securedConnector = new SslSelectChannelConnector(sslFac);
if (_securePort != null) {
_securedConnector.setPort(Integer.parseInt(_securePort));
} else {
_securedConnector.setPort(_serviceInfo.getEndpoint().getPort());
}
if (_bindAddress != null) {
_securedConnector.setHost(_bindAddress);
}
if (lowResourcesConnections != null) {
_securedConnector.setLowResourcesConnections(lowResourcesConnections);
}
if (lowResourcesMaxIdleTime != null) {
_securedConnector.setLowResourcesMaxIdleTime(lowResourcesMaxIdleTime);
}
if (threadPool != null) {
_securedConnector.setThreadPool(threadPool);
}
_server.addConnector(_securedConnector);
}
_server.setSendServerVersion(false);
}