本文整理汇总了Java中org.eclipse.jetty.util.ssl.SslContextFactory.setKeyStore方法的典型用法代码示例。如果您正苦于以下问题:Java SslContextFactory.setKeyStore方法的具体用法?Java SslContextFactory.setKeyStore怎么用?Java SslContextFactory.setKeyStore使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.eclipse.jetty.util.ssl.SslContextFactory的用法示例。
在下文中一共展示了SslContextFactory.setKeyStore方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: createHttpsConnector
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
/**
* Create an HTTPS connector for given jetty server instance. If the config has specified keystore/truststore settings
* they will be used else a self-signed certificate is generated and used.
*
* @param hostName
* @param config {@link DremioConfig} containing SSL related settings if any.
* @param embeddedJetty Jetty server instance needed for creating a ServerConnector.
*
* @return Initialized {@link ServerConnector} for HTTPS connections and the trust store. Trust store is non-null only
* when in case of auto generated self-signed certificate.
* @throws Exception
*/
public Pair<ServerConnector, KeyStore> createHttpsConnector(final Server embeddedJetty,
final DremioConfig config, final String hostName, final String... alternativeNames) throws Exception {
logger.info("Setting up HTTPS connector for web server");
final SslContextFactory sslContextFactory = new SslContextFactory();
Pair<KeyStore, String> keyStore = getKeyStore(config, hostName, alternativeNames);
KeyStore trustStore = getTrustStore(config);
sslContextFactory.setKeyStore(keyStore.getLeft());
// Assuming that the keystore and the keymanager passwords are the same
// based on JSSE examples...
sslContextFactory.setKeyManagerPassword(keyStore.getRight());
sslContextFactory.setTrustStore(trustStore);
// Disable ciphers, protocols and other that are considered weak/vulnerable
sslContextFactory.setExcludeCipherSuites(
"TLS_DHE.*",
"TLS_EDH.*"
// TODO: there are few other ciphers that Chrome complains about being obsolete. Research more about them and
// include here.
);
sslContextFactory.setExcludeProtocols("SSLv3");
sslContextFactory.setRenegotiationAllowed(false);
// SSL Connector
final ServerConnector sslConnector = new ServerConnector(embeddedJetty,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(new HttpConfiguration()));
return Pair.of(sslConnector, trustStore);
}
示例2: getSslContextFactory
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
public SslContextFactory getSslContextFactory() throws GeneralSecurityException, IOException {
SslContextFactory sslContextFactory = new SslContextFactory();
KeyStore keyStore = KeyStore.getInstance(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE_TYPE));
Path keyStorePath = Paths.get(C2_SERVER_HOME).resolve(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE)).toAbsolutePath();
logger.debug("keystore path: " + keyStorePath);
try (InputStream inputStream = Files.newInputStream(keyStorePath)) {
keyStore.load(inputStream, properties.getProperty(MINIFI_C2_SERVER_KEYSTORE_PASSWD).toCharArray());
}
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyManagerPassword(properties.getProperty(MINIFI_C2_SERVER_KEY_PASSWD));
sslContextFactory.setWantClientAuth(true);
String trustStorePath = Paths.get(C2_SERVER_HOME).resolve(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE)).toAbsolutePath().toFile().getAbsolutePath();
logger.debug("truststore path: " + trustStorePath);
sslContextFactory.setTrustStorePath(trustStorePath);
sslContextFactory.setTrustStoreType(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE_TYPE));
sslContextFactory.setTrustStorePassword(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE_PASSWD));
try {
sslContextFactory.start();
} catch (Exception e) {
throw new IOException(e);
}
return sslContextFactory;
}
示例3: createSslContextFactory
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private SslContextFactory createSslContextFactory(OptionMap options) {
SslContextFactory context = new SslContextFactory();
Object keystore = options.get("keystore");
if (keystore instanceof KeyStore) {
context.setKeyStore((KeyStore) keystore);
} else {
throw new MisconfigurationException("");
}
context.setKeyStorePassword(options.getString("keystorePassword"));
Object truststore = options.get("truststore");
if (truststore instanceof KeyStore) {
context.setTrustStore((KeyStore) truststore);
}
context.setTrustStorePassword(options.getString("truststorePassword"));
String clientAuth = options.getString("clientAuth", "none");
switch (clientAuth) {
case "need": context.setNeedClientAuth(true); break;
case "want": context.setWantClientAuth(true); break;
}
return context;
}
示例4: setupSSL
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private void setupSSL(Server server,HttpConfiguration http_config) {
SslContextFactory sslContextFactory = new SslContextFactory();
if (sslKeyStoreFile!=null)
sslContextFactory.setKeyStorePath(sslKeyStoreFile);
else if (sslKeyStore!=null)
sslContextFactory.setKeyStore(sslKeyStore);
else {
log.log(Level.SEVERE,"Error while configuring SSL connection. Missing KeyStore!");
return;
}
sslContextFactory.setKeyStorePassword(new String(sslKeyStorePassword));
sslContextFactory.setExcludeCipherSuites("SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
ServerConnector sslConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(https_config));
sslConnector.setPort(daemonPortSecure);
server.addConnector(sslConnector);
}
示例5: getSslContextFactory
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
@SuppressWarnings("deprecation")
private static SslContextFactory getSslContextFactory(ZeppelinConfiguration conf) {
// Note that the API for the SslContextFactory is different for
// Jetty version 9
SslContextFactory sslContextFactory = new SslContextFactory();
// Set keystore
sslContextFactory.setKeyStore(conf.getKeyStorePath());
sslContextFactory.setKeyStoreType(conf.getKeyStoreType());
sslContextFactory.setKeyStorePassword(conf.getKeyStorePassword());
sslContextFactory.setKeyManagerPassword(conf.getKeyManagerPassword());
// Set truststore
sslContextFactory.setTrustStore(conf.getTrustStorePath());
sslContextFactory.setTrustStoreType(conf.getTrustStoreType());
sslContextFactory.setTrustStorePassword(conf.getTrustStorePassword());
sslContextFactory.setNeedClientAuth(conf.useClientAuth());
return sslContextFactory;
}
示例6: configureSsl
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
/**
* Configure the SSL connection.
* @param factory the Jetty {@link SslContextFactory}.
* @param ssl the ssl details.
*/
protected void configureSsl(SslContextFactory factory, Ssl ssl) {
factory.setProtocol(ssl.getProtocol());
configureSslClientAuth(factory, ssl);
configureSslPasswords(factory, ssl);
factory.setCertAlias(ssl.getKeyAlias());
if (ssl.getCiphers() != null) {
factory.setIncludeCipherSuites(ssl.getCiphers());
}
if (ssl.getEnabledProtocols() != null) {
factory.setIncludeProtocols(ssl.getEnabledProtocols());
}
if (getSslStoreProvider() != null) {
try {
factory.setKeyStore(getSslStoreProvider().getKeyStore());
factory.setTrustStore(getSslStoreProvider().getTrustStore());
}
catch (Exception ex) {
throw new IllegalStateException("Unable to set SSL store", ex);
}
}
else {
configureSslKeyStore(factory, ssl);
configureSslTrustStore(factory, ssl);
}
}
示例7: configureSsl
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
/**
* Configure the SSL connection.
*
* @param factory the Jetty {@link SslContextFactory}.
* @param ssl the ssl details.
*/
protected void configureSsl(SslContextFactory factory, Ssl ssl) {
factory.setProtocol(ssl.getProtocol());
configureSslClientAuth(factory, ssl);
configureSslPasswords(factory, ssl);
factory.setCertAlias(ssl.getKeyAlias());
if (!ObjectUtils.isEmpty(ssl.getCiphers())) {
factory.setIncludeCipherSuites(ssl.getCiphers());
factory.setExcludeCipherSuites();
}
if (ssl.getEnabledProtocols() != null) {
factory.setIncludeProtocols(ssl.getEnabledProtocols());
}
if (getSslStoreProvider() != null) {
try {
factory.setKeyStore(getSslStoreProvider().getKeyStore());
factory.setTrustStore(getSslStoreProvider().getTrustStore());
} catch (Exception ex) {
throw new IllegalStateException("Unable to set SSL store", ex);
}
} else {
configureSslKeyStore(factory, ssl);
configureSslTrustStore(factory, ssl);
}
}
示例8: configureSsl
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
/**
* Configure the SSL connection.
* @param factory the Jetty {@link SslContextFactory}.
* @param ssl the ssl details.
*/
protected void configureSsl(SslContextFactory factory, Ssl ssl) {
factory.setProtocol(ssl.getProtocol());
configureSslClientAuth(factory, ssl);
configureSslPasswords(factory, ssl);
factory.setCertAlias(ssl.getKeyAlias());
if (!ObjectUtils.isEmpty(ssl.getCiphers())) {
factory.setIncludeCipherSuites(ssl.getCiphers());
factory.setExcludeCipherSuites();
}
if (ssl.getEnabledProtocols() != null) {
factory.setIncludeProtocols(ssl.getEnabledProtocols());
}
if (getSslStoreProvider() != null) {
try {
factory.setKeyStore(getSslStoreProvider().getKeyStore());
factory.setTrustStore(getSslStoreProvider().getTrustStore());
}
catch (Exception ex) {
throw new IllegalStateException("Unable to set SSL store", ex);
}
}
else {
configureSslKeyStore(factory, ssl);
configureSslTrustStore(factory, ssl);
}
}
开发者ID:vikrammane23,项目名称:https-github.com-g0t4-jenkins2-course-spring-boot,代码行数:32,代码来源:JettyEmbeddedServletContainerFactory.java
示例9: NetworkAssistantHttpsEngine
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
public NetworkAssistantHttpsEngine(int port) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
this.port = port;
this.server = new Server();
this.server.setSendServerVersion(false);
SslContextFactory contextFactory = new SslContextFactory(true);
// this looks like fun, doesn't it?!?
// contextFactory.setKeyStorePath() would be easier, but it can't handle
// paths from within the jar..
// ..and contextFactory.setKeyStoreInputStream() is deprecated
final String keyStorePath = "/mpo/dayon/common/security/X509";
final String keyStorePass = "spasspass";
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(NetworkAssistantHttpsEngine.class.getResourceAsStream(keyStorePath), keyStorePass.toCharArray());
contextFactory.setKeyStore(keyStore);
contextFactory.setKeyStorePassword(keyStorePass);
this.acceptor = new MySocketConnector(contextFactory);
this.server.setConnectors(new Connector[] { this.acceptor });
final HandlerList httpHandlers = new HandlerList();
{
final File jnlp = SystemUtilities.getOrCreateAppDirectory("jnlp");
if (jnlp == null) {
throw new RuntimeException("No JNLP directory!");
}
httpHandlers.addHandler(handler = new MyHttpHandler(jnlp.getAbsolutePath()));
}
this.server.setHandler(httpHandlers);
}
示例10: initServerForTrustedAuths
import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
/**
* Initialize HTTPS server to which trusted Auths connect
* @param properties Auth server's properties to get paths for key stores and certificates
* @param authKeyStorePassword Password for Auth's key store that is used for communication with trusted Auths
* @return HTTPS server object
* @throws CertificateException When there is a problem with certificate.
* @throws NoSuchAlgorithmException If the specified algorithm cannot be found.
* @throws KeyStoreException When there is a problem with accessing key store.
* @throws IOException If there is a problem in IO.
*/
private Server initServerForTrustedAuths(AuthServerProperties properties, String authKeyStorePassword)
throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException
{
TrustedAuthConnectionHandler trustedAuthConnectionHandler = new TrustedAuthConnectionHandler(this);
Server serverForTrustedAuths = new Server();
serverForTrustedAuths.setHandler(trustedAuthConnectionHandler);
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setTrustAll(false);
sslContextFactory.setKeyStore(AuthCrypto.loadKeyStore(properties.getInternetKeyStorePath(), authKeyStorePassword));
sslContextFactory.setKeyStorePassword(authKeyStorePassword);
KeyStore serverTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
serverTrustStore.load(null, authKeyStorePassword.toCharArray());
String[] trustedCACertPaths = properties.getTrustedCACertPaths();
for (int i = 0; i < trustedCACertPaths.length; i++) {
serverTrustStore.setCertificateEntry("" + i, AuthCrypto.loadCertificateFromFile(trustedCACertPaths[i]));
}
sslContextFactory.setTrustStore(serverTrustStore);
sslContextFactory.setNeedClientAuth(true);
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setPersistentConnectionsEnabled(true);
httpConfig.setSecureScheme("https");
// time out with out keep alive messages?
//httpConfig.setBlockingTimeout();
httpConfig.addCustomizer(new SecureRequestCustomizer());
//new SSL
ServerConnector connector = new ServerConnector(serverForTrustedAuths,
new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpConfig));
connector.setPort(properties.getTrustedAuthPort());
// Idle time out for keep alive connections
// time out with out requests?
connector.setIdleTimeout(properties.getTrustedAuthPortIdleTimeout());
serverForTrustedAuths.setConnectors(new org.eclipse.jetty.server.Connector[]{connector});
return serverForTrustedAuths;
}