本文整理汇总了Java中org.eclipse.jetty.util.ssl.SslContextFactory.setExcludeCipherSuites方法的典型用法代码示例。如果您正苦于以下问题:Java SslContextFactory.setExcludeCipherSuites方法的具体用法?Java SslContextFactory.setExcludeCipherSuites怎么用?Java SslContextFactory.setExcludeCipherSuites使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.eclipse.jetty.util.ssl.SslContextFactory的用法示例。
在下文中一共展示了SslContextFactory.setExcludeCipherSuites方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: createHttpClient
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private HttpClient createHttpClient() {
//Allow ssl by default
SslContextFactory sslContextFactory = new SslContextFactory();
//Don't exclude RSA because Sixt needs them, dammit!
sslContextFactory.setExcludeCipherSuites("");
HttpClient client = new HttpClient(sslContextFactory);
client.setFollowRedirects(false);
client.setMaxConnectionsPerDestination(16);
client.setConnectTimeout(FeatureFlags.getHttpConnectTimeout(serviceProperties));
client.setAddressResolutionTimeout(FeatureFlags.getHttpAddressResolutionTimeout(serviceProperties));
//You can set more restrictive timeouts per request, but not less, so
// we set the maximum timeout of 1 hour here.
client.setIdleTimeout(60 * 60 * 1000);
try {
client.start();
} catch (Exception e) {
logger.error("Error building http client", e);
}
return client;
}
示例2: createHttpClient
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private HttpClient createHttpClient() {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setExcludeCipherSuites("");
HttpClient client = new HttpClient(sslContextFactory);
client.setFollowRedirects(false);
client.setMaxConnectionsPerDestination(2);
//You can set more restrictive timeouts per request, but not less, so
// we set the maximum timeout of 1 hour here.
client.setIdleTimeout(60 * 60 * 1000);
try {
client.start();
} catch (Exception e) {
logger.error("Error building http client", e);
}
return client;
}
示例3: createHttpsConnector
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
/**
* Create an HTTPS connector for given jetty server instance. If the config has specified keystore/truststore settings
* they will be used else a self-signed certificate is generated and used.
*
* @param hostName
* @param config {@link DremioConfig} containing SSL related settings if any.
* @param embeddedJetty Jetty server instance needed for creating a ServerConnector.
*
* @return Initialized {@link ServerConnector} for HTTPS connections and the trust store. Trust store is non-null only
* when in case of auto generated self-signed certificate.
* @throws Exception
*/
public Pair<ServerConnector, KeyStore> createHttpsConnector(final Server embeddedJetty,
final DremioConfig config, final String hostName, final String... alternativeNames) throws Exception {
logger.info("Setting up HTTPS connector for web server");
final SslContextFactory sslContextFactory = new SslContextFactory();
Pair<KeyStore, String> keyStore = getKeyStore(config, hostName, alternativeNames);
KeyStore trustStore = getTrustStore(config);
sslContextFactory.setKeyStore(keyStore.getLeft());
// Assuming that the keystore and the keymanager passwords are the same
// based on JSSE examples...
sslContextFactory.setKeyManagerPassword(keyStore.getRight());
sslContextFactory.setTrustStore(trustStore);
// Disable ciphers, protocols and other that are considered weak/vulnerable
sslContextFactory.setExcludeCipherSuites(
"TLS_DHE.*",
"TLS_EDH.*"
// TODO: there are few other ciphers that Chrome complains about being obsolete. Research more about them and
// include here.
);
sslContextFactory.setExcludeProtocols("SSLv3");
sslContextFactory.setRenegotiationAllowed(false);
// SSL Connector
final ServerConnector sslConnector = new ServerConnector(embeddedJetty,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(new HttpConfiguration()));
return Pair.of(sslConnector, trustStore);
}
示例4: setupSSL
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private void setupSSL(Server server,HttpConfiguration http_config) {
SslContextFactory sslContextFactory = new SslContextFactory();
if (sslKeyStoreFile!=null)
sslContextFactory.setKeyStorePath(sslKeyStoreFile);
else if (sslKeyStore!=null)
sslContextFactory.setKeyStore(sslKeyStore);
else {
log.log(Level.SEVERE,"Error while configuring SSL connection. Missing KeyStore!");
return;
}
sslContextFactory.setKeyStorePassword(new String(sslKeyStorePassword));
sslContextFactory.setExcludeCipherSuites("SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
ServerConnector sslConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(https_config));
sslConnector.setPort(daemonPortSecure);
server.addConnector(sslConnector);
}
示例5: configureSsl
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
/**
* Configure the SSL connection.
*
* @param factory the Jetty {@link SslContextFactory}.
* @param ssl the ssl details.
*/
protected void configureSsl(SslContextFactory factory, Ssl ssl) {
factory.setProtocol(ssl.getProtocol());
configureSslClientAuth(factory, ssl);
configureSslPasswords(factory, ssl);
factory.setCertAlias(ssl.getKeyAlias());
if (!ObjectUtils.isEmpty(ssl.getCiphers())) {
factory.setIncludeCipherSuites(ssl.getCiphers());
factory.setExcludeCipherSuites();
}
if (ssl.getEnabledProtocols() != null) {
factory.setIncludeProtocols(ssl.getEnabledProtocols());
}
if (getSslStoreProvider() != null) {
try {
factory.setKeyStore(getSslStoreProvider().getKeyStore());
factory.setTrustStore(getSslStoreProvider().getTrustStore());
} catch (Exception ex) {
throw new IllegalStateException("Unable to set SSL store", ex);
}
} else {
configureSslKeyStore(factory, ssl);
configureSslTrustStore(factory, ssl);
}
}
示例6: httpsConnector
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private ServerConnector httpsConnector(HttpConfiguration httpConfig) {
// === jetty-https.xml ===
// SSL Context Factory
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(CONFIG.getJetty().getKeyStorePath());
sslContextFactory.setKeyStorePassword(CONFIG.getJetty().getKeyStorePassword());
sslContextFactory.setKeyManagerPassword(CONFIG.getJetty().getKeyStorePassword());
sslContextFactory.setExcludeCipherSuites(
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
// SSL HTTP Configuration
HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
ServerConnector https = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfig));
https.setHost(CONFIG.getJetty().getServerHost());
https.setPort(CONFIG.getJetty().getHttpsPort());
https.setIdleTimeout(IDLE_TIMEOUT);
return https;
}
示例7: configureSsl
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
/**
* Configure the SSL connection.
* @param factory the Jetty {@link SslContextFactory}.
* @param ssl the ssl details.
*/
protected void configureSsl(SslContextFactory factory, Ssl ssl) {
factory.setProtocol(ssl.getProtocol());
configureSslClientAuth(factory, ssl);
configureSslPasswords(factory, ssl);
factory.setCertAlias(ssl.getKeyAlias());
if (!ObjectUtils.isEmpty(ssl.getCiphers())) {
factory.setIncludeCipherSuites(ssl.getCiphers());
factory.setExcludeCipherSuites();
}
if (ssl.getEnabledProtocols() != null) {
factory.setIncludeProtocols(ssl.getEnabledProtocols());
}
if (getSslStoreProvider() != null) {
try {
factory.setKeyStore(getSslStoreProvider().getKeyStore());
factory.setTrustStore(getSslStoreProvider().getTrustStore());
}
catch (Exception ex) {
throw new IllegalStateException("Unable to set SSL store", ex);
}
}
else {
configureSslKeyStore(factory, ssl);
configureSslTrustStore(factory, ssl);
}
}
开发者ID:vikrammane23,项目名称:https-github.com-g0t4-jenkins2-course-spring-boot,代码行数:32,代码来源:JettyEmbeddedServletContainerFactory.java
示例8: createSSLContextObject
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
SslContextFactory createSSLContextObject(boolean needClientAuth) {
String keyStorePath = System.getProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_PATH);
String keyStorePasswordAppName = System.getProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_PASSWORD_APPNAME);
String keyStorePassword = System.getProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_PASSWORD);
String keyStoreType = System.getProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_TYPE, "PKCS12");
String keyManagerPassword = System.getProperty(AthenzConsts.ATHENZ_PROP_KEYMANAGER_PASSWORD);
String keyManagerPasswordAppName = System.getProperty(AthenzConsts.ATHENZ_PROP_KEYMANAGER_PASSWORD_APPNAME);
String trustStorePath = System.getProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_PATH);
String trustStorePassword = System.getProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_PASSWORD);
String trustStorePasswordAppName = System.getProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_PASSWORD_APPNAME);
String trustStoreType = System.getProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_TYPE, "PKCS12");
String includedCipherSuites = System.getProperty(AthenzConsts.ATHENZ_PROP_INCLUDED_CIPHER_SUITES);
String excludedCipherSuites = System.getProperty(AthenzConsts.ATHENZ_PROP_EXCLUDED_CIPHER_SUITES);
String excludedProtocols = System.getProperty(AthenzConsts.ATHENZ_PROP_EXCLUDED_PROTOCOLS,
ATHENZ_DEFAULT_EXCLUDED_PROTOCOLS);
SslContextFactory sslContextFactory = new SslContextFactory();
if (keyStorePath != null) {
LOG.info("Using SSL KeyStore path: {}", keyStorePath);
sslContextFactory.setKeyStorePath(keyStorePath);
}
if (keyStorePassword != null) {
//default implementation should just return the same
sslContextFactory.setKeyStorePassword(this.privateKeyStore.getApplicationSecret(keyStorePasswordAppName, keyStorePassword));
}
sslContextFactory.setKeyStoreType(keyStoreType);
if (keyManagerPassword != null) {
sslContextFactory.setKeyManagerPassword(this.privateKeyStore.getApplicationSecret(keyManagerPasswordAppName, keyManagerPassword));
}
if (trustStorePath != null) {
LOG.info("Using SSL TrustStore path: {}", trustStorePath);
sslContextFactory.setTrustStorePath(trustStorePath);
}
if (trustStorePassword != null) {
sslContextFactory.setTrustStorePassword(this.privateKeyStore.getApplicationSecret(trustStorePasswordAppName, trustStorePassword));
}
sslContextFactory.setTrustStoreType(trustStoreType);
if (includedCipherSuites != null && !includedCipherSuites.isEmpty()) {
sslContextFactory.setIncludeCipherSuites(includedCipherSuites.split(","));
}
if (excludedCipherSuites != null && !excludedCipherSuites.isEmpty()) {
sslContextFactory.setExcludeCipherSuites(excludedCipherSuites.split(","));
}
if (!excludedProtocols.isEmpty()) {
sslContextFactory.setExcludeProtocols(excludedProtocols.split(","));
}
if (needClientAuth) {
sslContextFactory.setNeedClientAuth(true);
} else {
sslContextFactory.setWantClientAuth(true);
}
return sslContextFactory;
}
示例9: createSSLContextObject
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
public static SslContextFactory createSSLContextObject(String[] clientProtocols, PrivateKeyStore privateKeyStore) {
String keyStorePath = System.getProperty(ZTSConsts.ZTS_PROP_KEYSTORE_PATH);
String keyStorePasswordAppName = System.getProperty(ZTSConsts.ZTS_PROP_KEYSTORE_PASSWORD_APPNAME);
String keyStorePassword = System.getProperty(ZTSConsts.ZTS_PROP_KEYSTORE_PASSWORD);
String keyStoreType = System.getProperty(ZTSConsts.ZTS_PROP_KEYSTORE_TYPE, "PKCS12");
String keyManagerPassword = System.getProperty(ZTSConsts.ZTS_PROP_KEYMANAGER_PASSWORD);
String keyManagerPasswordAppName = System.getProperty(ZTSConsts.ZTS_PROP_KEYMANAGER_PASSWORD_APPNAME);
String trustStorePath = System.getProperty(ZTSConsts.ZTS_PROP_TRUSTSTORE_PATH);
String trustStorePassword = System.getProperty(ZTSConsts.ZTS_PROP_TRUSTSTORE_PASSWORD);
String trustStorePasswordAppName = System.getProperty(ZTSConsts.ZTS_PROP_TRUSTSTORE_PASSWORD_APPNAME);
String trustStoreType = System.getProperty(ZTSConsts.ZTS_PROP_TRUSTSTORE_TYPE, "PKCS12");
String excludedCipherSuites = System.getProperty(ZTSConsts.ZTS_PROP_EXCLUDED_CIPHER_SUITES,
ZTS_DEFAULT_EXCLUDED_CIPHER_SUITES);
String excludedProtocols = System.getProperty(ZTSConsts.ZTS_PROP_EXCLUDED_PROTOCOLS,
ZTS_DEFAULT_EXCLUDED_PROTOCOLS);
Boolean wantClientAuth = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_WANT_CLIENT_CERT, "false"));
SslContextFactory sslContextFactory = new SslContextFactory();
if (keyStorePath != null) {
LOGGER.info("createSSLContextObject: using SSL KeyStore path: " + keyStorePath);
sslContextFactory.setKeyStorePath(keyStorePath);
}
if (keyStorePassword != null) {
if (null != privateKeyStore) {
keyStorePassword = privateKeyStore.getApplicationSecret(keyStorePasswordAppName, keyStorePassword);
}
sslContextFactory.setKeyStorePassword(keyStorePassword);
}
sslContextFactory.setKeyStoreType(keyStoreType);
if (keyManagerPassword != null) {
if (null != privateKeyStore) {
keyManagerPassword = privateKeyStore.getApplicationSecret(keyManagerPasswordAppName, keyManagerPassword);
}
sslContextFactory.setKeyManagerPassword(keyManagerPassword);
}
if (trustStorePath != null) {
LOGGER.info("createSSLContextObject: using SSL TrustStore path: " + trustStorePath);
sslContextFactory.setTrustStorePath(trustStorePath);
}
if (trustStorePassword != null) {
if (null != privateKeyStore) {
trustStorePassword = privateKeyStore.getApplicationSecret(trustStorePasswordAppName, trustStorePassword);
}
sslContextFactory.setTrustStorePassword(trustStorePassword);
}
sslContextFactory.setTrustStoreType(trustStoreType);
if (excludedCipherSuites.length() != 0) {
sslContextFactory.setExcludeCipherSuites(excludedCipherSuites.split(","));
}
if (excludedProtocols.length() != 0) {
sslContextFactory.setExcludeProtocols(excludedProtocols.split(","));
}
sslContextFactory.setWantClientAuth(wantClientAuth);
if (clientProtocols != null) {
sslContextFactory.setIncludeProtocols(clientProtocols);
}
return sslContextFactory;
}