Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

430951 Support SNI with ExtendedSslContextFactory 

Made modules do automatic selection of Extended SSL Context if running java 8
This commit is contained in:
Greg Wilkins 2015-05-01 15:50:06 +10:00
parent 0a16705947
commit 2271464406
9 changed files with 106 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
jetty-server/src/main/config/etc/jetty-ssl-context.xml Normal file
View File

@ -0,0 +1,29 @@
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<!-- ============================================================= -->
<!-- SSL ContextFactory configuration -->
<!-- For java 8 and beyond the keystore is created in -->
<!-- jetty-ssl-extended-context.xml -->
<!-- ============================================================= -->
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath,jetty.keystore" default="etc/keystore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword,jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword,jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set>
<Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath,jetty.truststore" default="etc/keystore"/></Set>
<Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword,jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="NeedClientAuth"><Property name="jetty.sslContext.needClientAuth,jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property name="jetty.sslContext.wantClientAuth,jetty.ssl.wantClientAuth" default="false"/></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
</Configure>

13
jetty-server/src/main/config/etc/jetty-ssl-extended-context.xml Normal file
View File

@ -0,0 +1,13 @@
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- ============================================================= -->
<!-- Create an extended SSL Context Factory for use in java 8 -->
<!-- and later. -->
<!-- Configuration is completed in jetty-ssl-context.xml -->
<!-- ============================================================= -->
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.ExtendedSslContextFactory">
<Set name="useCipherSuitesOrder"><Property name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
</New>
</Configure>

25
jetty-server/src/main/config/etc/jetty-ssl.xml
View File

@ -36,31 +36,6 @@
</Arg>
</Call>
<!-- ============================================================= -->
<!-- Create a TLS (SSL) Context Factory for later reuse -->
<!-- ============================================================= -->
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslConfig.keyStorePath,jetty.keystore" default="etc/keystore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.sslConfig.keyStorePassword,jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="KeyManagerPassword"><Property name="jetty.sslConfig.keyManagerPassword,jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set>
<Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslConfig.trustStorePath,jetty.truststore" default="etc/keystore"/></Set>
<Set name="TrustStorePassword"><Property name="jetty.sslConfig.trustStorePassword,jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="NeedClientAuth"><Property name="jetty.sslConfig.needClientAuth,jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property name="jetty.sslConfig.wantClientAuth,jetty.ssl.wantClientAuth" default="false"/></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
</New>
<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->

12
jetty-server/src/main/config/modules/ssl-impl/ssl-java7.mod Normal file
View File

@ -0,0 +1,12 @@
#
# SSL java 7 Keystore module
#
[name]
ssl-context
[depend]
server
[xml]
etc/jetty-ssl-context.xml

12
jetty-server/src/main/config/modules/ssl-impl/ssl-java8.mod Normal file
View File

@ -0,0 +1,12 @@
#
# SSL java 8 Keystore module
#
[name]
ssl-context
[depend]
server
[xml]
etc/jetty-ssl-extended-context.xml

32
jetty-server/src/main/config/modules/ssl.mod
View File

@ -1,12 +1,15 @@
#
# SSL Keystore module
#
[name]
ssl
[depend]
server
ssl-impl/ssl-java${java.version.minor}
[xml]
etc/jetty-ssl.xml
etc/jetty-ssl-context.xml
[files]
http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/plain/jetty-server/src/main/config/etc/keystore|etc/keystore
@ -42,27 +45,30 @@ jetty.ssl.port=8443
# jetty.ssl.sniHostCheck=true
### SslContextFactory Configuration
## Keystore file path (relative to $jetty.base)
# jetty.sslConfig.keyStorePath=etc/keystore
## Truststore file path (relative to $jetty.base)
# jetty.sslConfig.trustStorePath=etc/keystore
## Note that OBF passwords are not secure, just protected from casual observation
## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
## Keystore file path (relative to $jetty.base)
# jetty.sslContext.keyStorePath=etc/keystore
## Truststore file path (relative to $jetty.base)
# jetty.sslContext.trustStorePath=etc/keystore
## Keystore password
# jetty.sslConfig.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
# jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
## KeyManager password
# jetty.sslConfig.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g
# jetty.sslContext.keyManagerPassword=OBF:1u2u1wml1z7s1z7a1wnl1u2g
## Truststore password
# jetty.sslConfig.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
# jetty.sslContext.trustStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
## whether client certificate authentication is required
# jetty.sslConfig.needClientAuth=false
# jetty.sslContext.needClientAuth=false
## Whether client certificate authentication is desired
# jetty.sslConfig.wantClientAuth=false
# jetty.sslContext.wantClientAuth=false
## Whether cipher order is significant (since java 8 only)
# jetty.sslContext.useCipherSuitesOrder=true

4
jetty-server/src/main/java/org/eclipse/jetty/server/handler/RequestLogHandler.java
View File

@ -20,6 +20,7 @@ package org.eclipse.jetty.server.handler;
import java.io.IOException;
import javax.servlet.DispatcherType;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -50,7 +51,8 @@ public class RequestLogHandler extends HandlerWrapper
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException
{
baseRequest.getHttpChannel().setRequestLog(_requestLog);
if (baseRequest.getDispatcherType()==DispatcherType.REQUEST)
baseRequest.getHttpChannel().setRequestLog(_requestLog);
if (_handler!=null)
_handler.handle(target,baseRequest, request, response);
}

10
jetty-start/src/main/java/org/eclipse/jetty/start/Modules.java
View File

@ -43,6 +43,16 @@ public class Modules extends Graph<Module>
this.args = args;
this.setSelectionTerm("enable");
this.setNodeTerm("module");
String java_version = System.getProperty("java.version");
if (java_version!=null)
{
String[] parts = java_version.split("\\.");
if (parts!=null && parts.length>0)
System.setProperty("java.version.major",parts[0]);
if (parts!=null && parts.length>1)
System.setProperty("java.version.minor",parts[1]);
}
}
public void dump()

8
jetty-start/src/test/java/org/eclipse/jetty/start/ModulesTest.java
View File

@ -34,10 +34,13 @@ import org.eclipse.jetty.start.graph.RegexNamePredicate;
import org.eclipse.jetty.start.graph.Selection;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.toolchain.test.TestingDir;
import org.hamcrest.Matchers;
import org.junit.Rule;
import org.junit.Test;
import static org.hamcrest.Matchers.anyOf;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
import static org.junit.Assert.assertThat;
@ -73,6 +76,11 @@ public class ModulesTest
Modules modules = new Modules(basehome,args);
modules.registerAll();
// Check versions
assertThat(System.getProperty("java.version.major"),equalTo("1"));
assertThat(System.getProperty("java.version.minor"),anyOf(equalTo("7"),Matchers.equalTo("8"),Matchers.equalTo("9")));
List<String> moduleNames = new ArrayList<>();
for (Module mod : modules)
{