Java SslContextFactory.setNeedClientAuth方法代码示例

import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private SslContextFactory createSslContextFactory(OptionMap options) {
    SslContextFactory context = new SslContextFactory();
    Object keystore = options.get("keystore");
    if (keystore instanceof KeyStore) {
        context.setKeyStore((KeyStore) keystore);
    } else {
        throw new MisconfigurationException("");
    }
    context.setKeyStorePassword(options.getString("keystorePassword"));

    Object truststore = options.get("truststore");
     if (truststore instanceof KeyStore) {
        context.setTrustStore((KeyStore) truststore);
    }
    context.setTrustStorePassword(options.getString("truststorePassword"));

    String clientAuth = options.getString("clientAuth", "none");
    switch (clientAuth) {
        case "need": context.setNeedClientAuth(true); break;
        case "want": context.setWantClientAuth(true); break;
    }

    return context;
}
 

import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
@SuppressWarnings("deprecation")
private static SslContextFactory getSslContextFactory(ZeppelinConfiguration conf) {
  // Note that the API for the SslContextFactory is different for
  // Jetty version 9
  SslContextFactory sslContextFactory = new SslContextFactory();

  // Set keystore
  sslContextFactory.setKeyStore(conf.getKeyStorePath());
  sslContextFactory.setKeyStoreType(conf.getKeyStoreType());
  sslContextFactory.setKeyStorePassword(conf.getKeyStorePassword());
  sslContextFactory.setKeyManagerPassword(conf.getKeyManagerPassword());

  // Set truststore
  sslContextFactory.setTrustStore(conf.getTrustStorePath());
  sslContextFactory.setTrustStoreType(conf.getTrustStoreType());
  sslContextFactory.setTrustStorePassword(conf.getTrustStorePassword());

  sslContextFactory.setNeedClientAuth(conf.useClientAuth());

  return sslContextFactory;
}
 

import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private void configureSslClientAuth(SslContextFactory factory, Ssl ssl) {
    if (ssl.getClientAuth() == Ssl.ClientAuth.NEED) {
        factory.setNeedClientAuth(true);
        factory.setWantClientAuth(true);
    } else if (ssl.getClientAuth() == Ssl.ClientAuth.WANT) {
        factory.setWantClientAuth(true);
    }
}
 

import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private void createSecureConnector(Properties properties) {
    SslContextFactory ssl = new SslContextFactory();

    if (properties.getProperty(KEYSTORE_LOCATION_KEY) != null) {
        ssl.setKeyStorePath(properties.getProperty(KEYSTORE_LOCATION_KEY));
        ssl.setKeyStorePassword(properties.getProperty(KEYSTORE_PASSWORD_KEY));
        ssl.setKeyStoreType(properties.getProperty(KEYSTORE_TYPE_KEY));
    }

    if (properties.getProperty(TRUSTSTORE_LOCATION_KEY) != null) {
        ssl.setTrustStorePath(properties.getProperty(TRUSTSTORE_LOCATION_KEY));
        ssl.setTrustStorePassword(properties.getProperty(TRUSTSTORE_PASSWORD_KEY));
        ssl.setTrustStoreType(properties.getProperty(TRUSTSTORE_TYPE_KEY));
        ssl.setNeedClientAuth(Boolean.parseBoolean(properties.getProperty(NEED_CLIENT_AUTH_KEY, "true")));
    }

    // build the connector
    final ServerConnector https = new ServerConnector(jetty, ssl);

    // set host and port
    https.setPort(Integer.parseInt(properties.getProperty(PORT_KEY, "0")));
    https.setHost(properties.getProperty(HOST_KEY, "localhost"));

    // Severely taxed environments may have significant delays when executing.
    https.setIdleTimeout(30000L);

    // add the connector
    jetty.addConnector(https);

    logger.info("Added an https connector on the host '{}' and port '{}'", new Object[]{https.getHost(), https.getPort()});
}
 

import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
@BeforeClass
public static void setUp() throws Exception {
    PullHttpChangeIngestorCommonTest.init();

    SslContextFactory ssl = new SslContextFactory();

    ssl.setKeyStorePath("./src/test/resources/localhost-ks.jks");
    ssl.setKeyStorePassword("localtest");
    ssl.setKeyStoreType("JKS");
    ssl.setTrustStorePath("./src/test/resources/localhost-ts.jks");
    ssl.setTrustStorePassword("localtest");
    ssl.setTrustStoreType("JKS");
    ssl.setNeedClientAuth(true);

    // build the connector
    final ServerConnector https = new ServerConnector(jetty, ssl);

    // set host and port
    https.setPort(0);
    https.setHost("localhost");

    // Severely taxed environments may have significant delays when executing.
    https.setIdleTimeout(30000L);

    // add the connector
    jetty.addConnector(https);

    jetty.start();

    Thread.sleep(1000);

    if (!jetty.isStarted()) {
        throw new IllegalStateException("Jetty server not started");
    }
}
 

import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private void configureSslClientAuth(SslContextFactory factory, Ssl ssl) {
	if (ssl.getClientAuth() == ClientAuth.NEED) {
		factory.setNeedClientAuth(true);
		factory.setWantClientAuth(true);
	}
	else if (ssl.getClientAuth() == ClientAuth.WANT) {
		factory.setWantClientAuth(true);
	}
}
 

import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private Server createServer(URI endpointURI, boolean needClientAuth) {
    if ("ws".equals(endpointURI.getScheme())) {
        return new Server(endpointURI.getPort());
    }
    else if ("wss".equals(endpointURI.getScheme())) {
        // see http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/ManyConnectors.java
        //     http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java
        
        Server server = new Server();
        
        SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setKeyStorePath(getStorePath("serverKeyStore.jks"));
        sslContextFactory.setKeyStorePassword("passw0rd");
        sslContextFactory.setKeyManagerPassword("passw0rd");
        sslContextFactory.setCertAlias("default");
        sslContextFactory.setNeedClientAuth(needClientAuth);
        sslContextFactory.setTrustStorePath(getStorePath("serverTrustStore.jks"));
        sslContextFactory.setTrustStorePassword("passw0rd");
        
        HttpConfiguration httpsConfig = new HttpConfiguration();
        httpsConfig.addCustomizer(new SecureRequestCustomizer());
        
        ServerConnector https= new ServerConnector(server,
                new SslConnectionFactory(sslContextFactory,
                        HttpVersion.HTTP_1_1.asString()),
                new HttpConnectionFactory(httpsConfig));
        https.setPort(endpointURI.getPort());
        
        server.addConnector(https);
        return server;
    }
    else
        throw new IllegalArgumentException("unrecognized uri: "+endpointURI);
}
 

import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private SslConnectionFactory newSslConnectionFactory() {
    Ssl sslConfig = connectorConfig.ssl();

    SslContextFactory factory = new JDiscSslContextFactory();

    sslKeyStoreConfigurator.configure(new DefaultSslKeyStoreContext(factory));
    sslTrustStoreConfigurator.configure(new DefaultSslTrustStoreContext(factory));

    switch (sslConfig.clientAuth()) {
        case NEED_AUTH:
            factory.setNeedClientAuth(true);
            break;
        case WANT_AUTH:
            factory.setWantClientAuth(true);
            break;
    }

    if (!sslConfig.prng().isEmpty()) {
        factory.setSecureRandomAlgorithm(sslConfig.prng());
    }

    setStringArrayParameter(
            factory, sslConfig.excludeProtocol(), ExcludeProtocol::name, SslContextFactory::setExcludeProtocols);
    setStringArrayParameter(
            factory, sslConfig.includeProtocol(), IncludeProtocol::name, SslContextFactory::setIncludeProtocols);
    setStringArrayParameter(
            factory, sslConfig.excludeCipherSuite(), ExcludeCipherSuite::name, SslContextFactory::setExcludeCipherSuites);
    setStringArrayParameter(
            factory, sslConfig.includeCipherSuite(), IncludeCipherSuite::name, SslContextFactory::setIncludeCipherSuites);

    factory.setKeyManagerFactoryAlgorithm(sslConfig.sslKeyManagerFactoryAlgorithm());
    factory.setProtocol(sslConfig.protocol());
    return new SslConnectionFactory(factory, HttpVersion.HTTP_1_1.asString());
}
 

import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private SslContextFactory createSslContextFactory() {
    final SslContextFactory contextFactory = new SslContextFactory();

    // if needClientAuth is false then set want to true so we can optionally use certs
    if (properties.getNeedClientAuth()) {
        logger.info("Setting Jetty's SSLContextFactory needClientAuth to true");
        contextFactory.setNeedClientAuth(true);
    } else {
        logger.info("Setting Jetty's SSLContextFactory wantClientAuth to true");
        contextFactory.setWantClientAuth(true);
    }

    /* below code sets JSSE system properties when values are provided */
    // keystore properties
    if (StringUtils.isNotBlank(properties.getKeyStorePath())) {
        contextFactory.setKeyStorePath(properties.getKeyStorePath());
    }
    if (StringUtils.isNotBlank(properties.getKeyStoreType())) {
        contextFactory.setKeyStoreType(properties.getKeyStoreType());
    }
    final String keystorePassword = properties.getKeyStorePassword();
    final String keyPassword = properties.getKeyPassword();
    if (StringUtils.isNotBlank(keystorePassword)) {
        // if no key password was provided, then assume the keystore password is the same as the key password.
        final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword;
        contextFactory.setKeyManagerPassword(keystorePassword);
        contextFactory.setKeyStorePassword(defaultKeyPassword);
    } else if (StringUtils.isNotBlank(keyPassword)) {
        // since no keystore password was provided, there will be no keystore integrity check
        contextFactory.setKeyStorePassword(keyPassword);
    }

    // truststore properties
    if (StringUtils.isNotBlank(properties.getTrustStorePath())) {
        contextFactory.setTrustStorePath(properties.getTrustStorePath());
    }
    if (StringUtils.isNotBlank(properties.getTrustStoreType())) {
        contextFactory.setTrustStoreType(properties.getTrustStoreType());
    }
    if (StringUtils.isNotBlank(properties.getTrustStorePassword())) {
        contextFactory.setTrustStorePassword(properties.getTrustStorePassword());
    }

    return contextFactory;
}
 

import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
/**
 * Initialize HTTPS server to which trusted Auths connect
 * @param properties Auth server's properties to get paths for key stores and certificates
 * @param authKeyStorePassword Password for Auth's key store that is used for communication with trusted Auths
 * @return HTTPS server object
 * @throws CertificateException When there is a problem with certificate.
 * @throws NoSuchAlgorithmException If the specified algorithm cannot be found.
 * @throws KeyStoreException When there is a problem with accessing key store.
 * @throws IOException If there is a problem in IO.
 */
private Server initServerForTrustedAuths(AuthServerProperties properties, String authKeyStorePassword)
        throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException
{
    TrustedAuthConnectionHandler trustedAuthConnectionHandler = new TrustedAuthConnectionHandler(this);

    Server serverForTrustedAuths = new Server();
    serverForTrustedAuths.setHandler(trustedAuthConnectionHandler);

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setTrustAll(false);
    sslContextFactory.setKeyStore(AuthCrypto.loadKeyStore(properties.getInternetKeyStorePath(), authKeyStorePassword));
    sslContextFactory.setKeyStorePassword(authKeyStorePassword);

    KeyStore serverTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
    serverTrustStore.load(null, authKeyStorePassword.toCharArray());
    String[] trustedCACertPaths = properties.getTrustedCACertPaths();
    for (int i = 0; i < trustedCACertPaths.length; i++) {
        serverTrustStore.setCertificateEntry("" + i, AuthCrypto.loadCertificateFromFile(trustedCACertPaths[i]));
    }
    sslContextFactory.setTrustStore(serverTrustStore);
    sslContextFactory.setNeedClientAuth(true);

    HttpConfiguration httpConfig = new HttpConfiguration();
    httpConfig.setPersistentConnectionsEnabled(true);
    httpConfig.setSecureScheme("https");
    // time out with out keep alive messages?
    //httpConfig.setBlockingTimeout();

    httpConfig.addCustomizer(new SecureRequestCustomizer());
    //new SSL
    ServerConnector connector = new ServerConnector(serverForTrustedAuths,
            new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpConfig));

    connector.setPort(properties.getTrustedAuthPort());

    // Idle time out for keep alive connections
    // time out with out requests?
    connector.setIdleTimeout(properties.getTrustedAuthPortIdleTimeout());

    serverForTrustedAuths.setConnectors(new org.eclipse.jetty.server.Connector[]{connector});

    return serverForTrustedAuths;
}
 

import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
SslContextFactory createSSLContextObject(boolean needClientAuth) {
    
    String keyStorePath = System.getProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_PATH);
    String keyStorePasswordAppName = System.getProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_PASSWORD_APPNAME);
    String keyStorePassword = System.getProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_PASSWORD);
    String keyStoreType = System.getProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_TYPE, "PKCS12");
    String keyManagerPassword = System.getProperty(AthenzConsts.ATHENZ_PROP_KEYMANAGER_PASSWORD);
    String keyManagerPasswordAppName = System.getProperty(AthenzConsts.ATHENZ_PROP_KEYMANAGER_PASSWORD_APPNAME);
    String trustStorePath = System.getProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_PATH);
    String trustStorePassword = System.getProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_PASSWORD);
    String trustStorePasswordAppName = System.getProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_PASSWORD_APPNAME);
    String trustStoreType = System.getProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_TYPE, "PKCS12");
    String includedCipherSuites = System.getProperty(AthenzConsts.ATHENZ_PROP_INCLUDED_CIPHER_SUITES);
    String excludedCipherSuites = System.getProperty(AthenzConsts.ATHENZ_PROP_EXCLUDED_CIPHER_SUITES);
    String excludedProtocols = System.getProperty(AthenzConsts.ATHENZ_PROP_EXCLUDED_PROTOCOLS,
            ATHENZ_DEFAULT_EXCLUDED_PROTOCOLS);
    
    SslContextFactory sslContextFactory = new SslContextFactory();
    if (keyStorePath != null) {
        LOG.info("Using SSL KeyStore path: {}", keyStorePath);
        sslContextFactory.setKeyStorePath(keyStorePath);
    }
    if (keyStorePassword != null) {
        //default implementation should just return the same
        sslContextFactory.setKeyStorePassword(this.privateKeyStore.getApplicationSecret(keyStorePasswordAppName, keyStorePassword));
    }
    sslContextFactory.setKeyStoreType(keyStoreType);

    if (keyManagerPassword != null) {
        sslContextFactory.setKeyManagerPassword(this.privateKeyStore.getApplicationSecret(keyManagerPasswordAppName, keyManagerPassword));
    }
    if (trustStorePath != null) {
        LOG.info("Using SSL TrustStore path: {}", trustStorePath);
        sslContextFactory.setTrustStorePath(trustStorePath);
    }
    if (trustStorePassword != null) {
        sslContextFactory.setTrustStorePassword(this.privateKeyStore.getApplicationSecret(trustStorePasswordAppName, trustStorePassword));
    }
    sslContextFactory.setTrustStoreType(trustStoreType);

    if (includedCipherSuites != null && !includedCipherSuites.isEmpty()) {
        sslContextFactory.setIncludeCipherSuites(includedCipherSuites.split(","));
    }
    
    if (excludedCipherSuites != null && !excludedCipherSuites.isEmpty()) {
        sslContextFactory.setExcludeCipherSuites(excludedCipherSuites.split(","));
    }
    
    if (!excludedProtocols.isEmpty()) {
        sslContextFactory.setExcludeProtocols(excludedProtocols.split(","));
    }
    
    if (needClientAuth) {
        sslContextFactory.setNeedClientAuth(true);
    } else {
        sslContextFactory.setWantClientAuth(true);
    }
    
    return sslContextFactory;
}
 

import org.eclipse.jetty.util.ssl.SslContextFactory; //导入方法依赖的package包/类
private static JettyServer createHttpsJettyServer(boolean clientAuth) throws MalformedURLException, IOException {
    Server server = new Server();
    HttpConfiguration https_config = new HttpConfiguration();
    https_config.setSecureScheme("https");
    int port = 0;
    try (ServerSocket socket = new ServerSocket(0)) {
        port = socket.getLocalPort();
    }
    https_config.setSecurePort(port);
    https_config.setOutputBufferSize(32768);
    
    String keystorePath = DEFAULT_SERVER_KEY_STORE;
    SslContextFactory sslContextFactory = new SslContextFactory();
    File keystoreFile = new File(keystorePath);
    if (!keystoreFile.exists()) {
        throw new FileNotFoundException();
    }
    
    String trustStorePath = DEFAULT_CA_TRUST_STORE;
    File trustStoreFile = new File(trustStorePath);
    if (!trustStoreFile.exists()) {
        throw new FileNotFoundException();
    }
    
    sslContextFactory.setTrustStorePath(trustStorePath);
    sslContextFactory.setTrustStoreType(DEFAULT_SSL_STORE_TYPE);
    sslContextFactory.setTrustStorePassword(DEFAULT_CERT_PWD);

    sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
    sslContextFactory.setKeyStoreType(DEFAULT_SSL_STORE_TYPE);
    sslContextFactory.setKeyStorePassword(DEFAULT_CERT_PWD);

    sslContextFactory.setProtocol(DEFAULT_SSL_PROTOCOL);
    sslContextFactory.setNeedClientAuth(clientAuth);

    ServerConnector https = new ServerConnector(server,
            new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()),
                new HttpConnectionFactory(https_config));
    https.setPort(port);
    https.setIdleTimeout(500000);
    server.setConnectors(new Connector[] { https });
    HandlerList handlers = new HandlerList();
    ResourceHandler resourceHandler = new ResourceHandler();
    resourceHandler.setBaseResource(Resource.newResource("."));
    handlers.setHandlers(new Handler[]
    { resourceHandler, new DefaultHandler() });
    server.setHandler(handlers);
    return new JettyServer(server, port);
}