You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@felix.apache.org by ja...@apache.org on 2013/11/11 14:55:08 UTC
svn commit: r1540723 - in
/felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal:
JettyConfig.java JettyService.java
Author: jawi
Date: Mon Nov 11 13:55:08 2013
New Revision: 1540723
URL: http://svn.apache.org/r1540723
Log:
FELIX-1955 - configure keystore/truststore types:
- allow the type of keystore/truststore to be configured, for example, to
use PKCS12 store files;
- added two new configuration options `org.apache.felix.https.keystore.type`
and `org.apache.felix.https.truststore.type` to define what type of store
is to be expected.
Modified:
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
Modified: felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java?rev=1540723&r1=1540722&r2=1540723&view=diff
==============================================================================
--- felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java (original)
+++ felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java Mon Nov 11 13:55:08 2013
@@ -16,6 +16,7 @@
*/
package org.apache.felix.http.jetty.internal;
+import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Dictionary;
@@ -55,6 +56,9 @@ public final class JettyConfig
private static final String FELIX_KEYSTORE_KEY_PASSWORD = "org.apache.felix.https.keystore.key.password";
private static final String OSCAR_KEYSTORE_KEY_PASSWORD = "org.ungoverned.osgi.bundle.https.key.password";
+ /** Felix specific property to override the type of keystore (JKS). */
+ private static final String FELIX_KEYSTORE_TYPE = "org.apache.felix.https.keystore.type";
+
/** Felix specific property to control whether to enable HTTPS. */
private static final String FELIX_HTTPS_ENABLE = "org.apache.felix.https.enable";
private static final String OSCAR_HTTPS_ENABLE = "org.ungoverned.osgi.bundle.https.enable";
@@ -68,6 +72,9 @@ public final class JettyConfig
/** Felix specific property to override the truststore password. */
private static final String FELIX_TRUSTSTORE_PASSWORD = "org.apache.felix.https.truststore.password";
+ /** Felix specific property to override the type of truststore (JKS). */
+ private static final String FELIX_TRUSTSTORE_TYPE = "org.apache.felix.https.truststore.type";
+
/** Felix specific property to control whether to want or require HTTPS client certificates. Valid values are "none", "wants", "needs". Default is "none". */
private static final String FELIX_HTTPS_CLIENT_CERT = "org.apache.felix.https.clientcertificate";
@@ -205,6 +212,11 @@ public final class JettyConfig
return getProperty(FELIX_KEYSTORE_KEY_PASSWORD, this.context.getProperty(OSCAR_KEYSTORE_KEY_PASSWORD));
}
+ public String getKeystoreType()
+ {
+ return getProperty(FELIX_KEYSTORE_TYPE, KeyStore.getDefaultType());
+ }
+
public String getKeystore()
{
return getProperty(FELIX_KEYSTORE, this.context.getProperty(OSCAR_KEYSTORE));
@@ -266,6 +278,11 @@ public final class JettyConfig
return getProperty(FELIX_TRUSTSTORE, null);
}
+ public String getTruststoreType()
+ {
+ return getProperty(FELIX_TRUSTSTORE_TYPE, KeyStore.getDefaultType());
+ }
+
public boolean isDebug()
{
return getBooleanProperty(FELIX_HTTP_DEBUG, getBooleanProperty(HTTP_DEBUG, false));
Modified: felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java?rev=1540723&r1=1540722&r2=1540723&view=diff
==============================================================================
--- felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java (original)
+++ felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java Mon Nov 11 13:55:08 2013
@@ -245,7 +245,7 @@ public final class JettyService extends
{
if (this.config.isUseHttp() || this.config.isUseHttps())
{
- StringBuffer message = new StringBuffer("Started jetty ").append(getJettyVersion()).append(" at port(s)");
+ StringBuffer message = new StringBuffer("Started Jetty ").append(getJettyVersion()).append(" at port(s)");
HashLoginService realm = new HashLoginService("OSGi HTTP Service Realm");
this.server = new Server();
this.server.addLifeCycleListener(this);
@@ -311,120 +311,74 @@ public final class JettyService extends
private void initializeHttp() throws Exception
{
Connector connector = this.config.isUseHttpNio() ? new SelectChannelConnector() : new SocketConnector();
- connector.setPort(this.config.getHttpPort());
- configureConnector(connector);
+ configureConnector(connector, this.config.getHttpPort());
this.server.addConnector(connector);
}
- @SuppressWarnings("deprecation")
private void initializeHttps() throws Exception
{
- // this massive code duplication is caused by the SslSelectChannelConnector
- // and the SslSocketConnector not have a common API to setup security
- // stuff
- Connector connector;
- if (this.config.isUseHttpsNio())
+ SslConnector connector = this.config.isUseHttpsNio() ? new SslSelectChannelConnector() : new SslSocketConnector();
+ configureConnector(connector, this.config.getHttpsPort());
+ configureSslConnector(connector);
+ this.server.addConnector(connector);
+ }
+
+ @SuppressWarnings("deprecation")
+ private void configureSslConnector(final SslConnector connector)
+ {
+ if (this.config.getKeystoreType() != null)
{
- SslSelectChannelConnector sslConnector = new SslSelectChannelConnector();
+ connector.setKeystoreType(this.config.getKeystoreType());
+ }
- if (this.config.getKeystore() != null)
- {
- sslConnector.setKeystore(this.config.getKeystore());
- }
+ if (this.config.getKeystore() != null)
+ {
+ connector.setKeystore(this.config.getKeystore());
+ }
- if (this.config.getPassword() != null)
- {
- System.setProperty(SslSelectChannelConnector.PASSWORD_PROPERTY, this.config.getPassword());
- sslConnector.setPassword(this.config.getPassword());
- }
+ if (this.config.getPassword() != null)
+ {
+ connector.setPassword(this.config.getPassword());
+ }
- if (this.config.getKeyPassword() != null)
- {
- System.setProperty(SslSelectChannelConnector.KEYPASSWORD_PROPERTY, this.config.getKeyPassword());
- sslConnector.setKeyPassword(this.config.getKeyPassword());
- }
+ if (this.config.getKeyPassword() != null)
+ {
+ connector.setKeyPassword(this.config.getKeyPassword());
+ }
- if (this.config.getTruststore() != null)
- {
- sslConnector.setTruststore(this.config.getTruststore());
- }
+ if (this.config.getTruststoreType() != null)
+ {
+ connector.setTruststoreType(this.config.getTruststoreType());
+ }
- if (this.config.getTrustPassword() != null)
- {
- sslConnector.setTrustPassword(this.config.getTrustPassword());
- }
+ if (this.config.getTruststore() != null)
+ {
+ connector.setTruststore(this.config.getTruststore());
+ }
- if ("wants".equals(this.config.getClientcert()))
- {
- sslConnector.setWantClientAuth(true);
- }
- else if ("needs".equals(this.config.getClientcert()))
- {
- sslConnector.setNeedClientAuth(true);
- }
+ if (this.config.getTrustPassword() != null)
+ {
+ connector.setTrustPassword(this.config.getTrustPassword());
+ }
- connector = sslConnector;
+ if ("wants".equalsIgnoreCase(this.config.getClientcert()))
+ {
+ connector.setWantClientAuth(true);
}
- else
+ else if ("needs".equalsIgnoreCase(this.config.getClientcert()))
{
- SslSocketConnector sslConnector = new SslSocketConnector();
-
- if (this.config.getKeystore() != null)
- {
- sslConnector.setKeystore(this.config.getKeystore());
- }
-
- if (this.config.getPassword() != null)
- {
- System.setProperty(SslSelectChannelConnector.PASSWORD_PROPERTY, this.config.getPassword());
- sslConnector.setPassword(this.config.getPassword());
- }
-
- if (this.config.getKeyPassword() != null)
- {
- System.setProperty(SslSelectChannelConnector.KEYPASSWORD_PROPERTY, this.config.getKeyPassword());
- sslConnector.setKeyPassword(this.config.getKeyPassword());
- }
-
- if (this.config.getTruststore() != null)
- {
- sslConnector.setTruststore(this.config.getTruststore());
- }
-
- if (this.config.getTrustPassword() != null)
- {
- sslConnector.setTrustPassword(this.config.getTrustPassword());
- }
-
- if ("wants".equals(this.config.getClientcert()))
- {
- sslConnector.setWantClientAuth(true);
- }
- else if ("needs".equals(this.config.getClientcert()))
- {
- sslConnector.setNeedClientAuth(true);
- }
-
- connector = sslConnector;
+ connector.setNeedClientAuth(true);
}
-
- connector.setPort(this.config.getHttpsPort());
- configureConnector(connector);
-
- this.server.addConnector(connector);
}
- private void configureConnector(final Connector connector)
+ private void configureConnector(final Connector connector, int port)
{
connector.setMaxIdleTime(this.config.getHttpTimeout());
connector.setRequestBufferSize(this.config.getRequestBufferSize());
connector.setResponseBufferSize(this.config.getResponseBufferSize());
+ connector.setPort(port);
connector.setHost(this.config.getHost());
connector.setStatsOn(this.config.isRegisterMBeans());
-
- // connector.setLowResourceMaxIdleTime(ms);
- // connector.setRequestBufferSize(requestBufferSize);
- // connector.setResponseBufferSize(responseBufferSize);
}
private void configureSessionManager(final ServletContextHandler context)