FELIX-1955 - configure keystore/truststore types:
- allow the type of keystore/truststore to be configured, for example, to
use PKCS12 store files;
- added two new configuration options `org.apache.felix.https.keystore.type`
and `org.apache.felix.https.truststore.type` to define what type of store
is to be expected.
git-svn-id: https://svn.apache.org/repos/asf/felix/trunk@1540723 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
index 3a88a54..7da5871 100644
--- a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
+++ b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
@@ -16,6 +16,7 @@
*/
package org.apache.felix.http.jetty.internal;
+import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Dictionary;
@@ -55,6 +56,9 @@
private static final String FELIX_KEYSTORE_KEY_PASSWORD = "org.apache.felix.https.keystore.key.password";
private static final String OSCAR_KEYSTORE_KEY_PASSWORD = "org.ungoverned.osgi.bundle.https.key.password";
+ /** Felix specific property to override the type of keystore (JKS). */
+ private static final String FELIX_KEYSTORE_TYPE = "org.apache.felix.https.keystore.type";
+
/** Felix specific property to control whether to enable HTTPS. */
private static final String FELIX_HTTPS_ENABLE = "org.apache.felix.https.enable";
private static final String OSCAR_HTTPS_ENABLE = "org.ungoverned.osgi.bundle.https.enable";
@@ -68,6 +72,9 @@
/** Felix specific property to override the truststore password. */
private static final String FELIX_TRUSTSTORE_PASSWORD = "org.apache.felix.https.truststore.password";
+ /** Felix specific property to override the type of truststore (JKS). */
+ private static final String FELIX_TRUSTSTORE_TYPE = "org.apache.felix.https.truststore.type";
+
/** Felix specific property to control whether to want or require HTTPS client certificates. Valid values are "none", "wants", "needs". Default is "none". */
private static final String FELIX_HTTPS_CLIENT_CERT = "org.apache.felix.https.clientcertificate";
@@ -205,6 +212,11 @@
return getProperty(FELIX_KEYSTORE_KEY_PASSWORD, this.context.getProperty(OSCAR_KEYSTORE_KEY_PASSWORD));
}
+ public String getKeystoreType()
+ {
+ return getProperty(FELIX_KEYSTORE_TYPE, KeyStore.getDefaultType());
+ }
+
public String getKeystore()
{
return getProperty(FELIX_KEYSTORE, this.context.getProperty(OSCAR_KEYSTORE));
@@ -266,6 +278,11 @@
return getProperty(FELIX_TRUSTSTORE, null);
}
+ public String getTruststoreType()
+ {
+ return getProperty(FELIX_TRUSTSTORE_TYPE, KeyStore.getDefaultType());
+ }
+
public boolean isDebug()
{
return getBooleanProperty(FELIX_HTTP_DEBUG, getBooleanProperty(HTTP_DEBUG, false));
diff --git a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
index 9533377..3841d0f 100644
--- a/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
+++ b/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
@@ -245,7 +245,7 @@
{
if (this.config.isUseHttp() || this.config.isUseHttps())
{
- StringBuffer message = new StringBuffer("Started jetty ").append(getJettyVersion()).append(" at port(s)");
+ StringBuffer message = new StringBuffer("Started Jetty ").append(getJettyVersion()).append(" at port(s)");
HashLoginService realm = new HashLoginService("OSGi HTTP Service Realm");
this.server = new Server();
this.server.addLifeCycleListener(this);
@@ -311,120 +311,74 @@
private void initializeHttp() throws Exception
{
Connector connector = this.config.isUseHttpNio() ? new SelectChannelConnector() : new SocketConnector();
- connector.setPort(this.config.getHttpPort());
- configureConnector(connector);
+ configureConnector(connector, this.config.getHttpPort());
+ this.server.addConnector(connector);
+ }
+
+ private void initializeHttps() throws Exception
+ {
+ SslConnector connector = this.config.isUseHttpsNio() ? new SslSelectChannelConnector() : new SslSocketConnector();
+ configureConnector(connector, this.config.getHttpsPort());
+ configureSslConnector(connector);
this.server.addConnector(connector);
}
@SuppressWarnings("deprecation")
- private void initializeHttps() throws Exception
+ private void configureSslConnector(final SslConnector connector)
{
- // this massive code duplication is caused by the SslSelectChannelConnector
- // and the SslSocketConnector not have a common API to setup security
- // stuff
- Connector connector;
- if (this.config.isUseHttpsNio())
+ if (this.config.getKeystoreType() != null)
{
- SslSelectChannelConnector sslConnector = new SslSelectChannelConnector();
-
- if (this.config.getKeystore() != null)
- {
- sslConnector.setKeystore(this.config.getKeystore());
- }
-
- if (this.config.getPassword() != null)
- {
- System.setProperty(SslSelectChannelConnector.PASSWORD_PROPERTY, this.config.getPassword());
- sslConnector.setPassword(this.config.getPassword());
- }
-
- if (this.config.getKeyPassword() != null)
- {
- System.setProperty(SslSelectChannelConnector.KEYPASSWORD_PROPERTY, this.config.getKeyPassword());
- sslConnector.setKeyPassword(this.config.getKeyPassword());
- }
-
- if (this.config.getTruststore() != null)
- {
- sslConnector.setTruststore(this.config.getTruststore());
- }
-
- if (this.config.getTrustPassword() != null)
- {
- sslConnector.setTrustPassword(this.config.getTrustPassword());
- }
-
- if ("wants".equals(this.config.getClientcert()))
- {
- sslConnector.setWantClientAuth(true);
- }
- else if ("needs".equals(this.config.getClientcert()))
- {
- sslConnector.setNeedClientAuth(true);
- }
-
- connector = sslConnector;
- }
- else
- {
- SslSocketConnector sslConnector = new SslSocketConnector();
-
- if (this.config.getKeystore() != null)
- {
- sslConnector.setKeystore(this.config.getKeystore());
- }
-
- if (this.config.getPassword() != null)
- {
- System.setProperty(SslSelectChannelConnector.PASSWORD_PROPERTY, this.config.getPassword());
- sslConnector.setPassword(this.config.getPassword());
- }
-
- if (this.config.getKeyPassword() != null)
- {
- System.setProperty(SslSelectChannelConnector.KEYPASSWORD_PROPERTY, this.config.getKeyPassword());
- sslConnector.setKeyPassword(this.config.getKeyPassword());
- }
-
- if (this.config.getTruststore() != null)
- {
- sslConnector.setTruststore(this.config.getTruststore());
- }
-
- if (this.config.getTrustPassword() != null)
- {
- sslConnector.setTrustPassword(this.config.getTrustPassword());
- }
-
- if ("wants".equals(this.config.getClientcert()))
- {
- sslConnector.setWantClientAuth(true);
- }
- else if ("needs".equals(this.config.getClientcert()))
- {
- sslConnector.setNeedClientAuth(true);
- }
-
- connector = sslConnector;
+ connector.setKeystoreType(this.config.getKeystoreType());
}
- connector.setPort(this.config.getHttpsPort());
- configureConnector(connector);
+ if (this.config.getKeystore() != null)
+ {
+ connector.setKeystore(this.config.getKeystore());
+ }
- this.server.addConnector(connector);
+ if (this.config.getPassword() != null)
+ {
+ connector.setPassword(this.config.getPassword());
+ }
+
+ if (this.config.getKeyPassword() != null)
+ {
+ connector.setKeyPassword(this.config.getKeyPassword());
+ }
+
+ if (this.config.getTruststoreType() != null)
+ {
+ connector.setTruststoreType(this.config.getTruststoreType());
+ }
+
+ if (this.config.getTruststore() != null)
+ {
+ connector.setTruststore(this.config.getTruststore());
+ }
+
+ if (this.config.getTrustPassword() != null)
+ {
+ connector.setTrustPassword(this.config.getTrustPassword());
+ }
+
+ if ("wants".equalsIgnoreCase(this.config.getClientcert()))
+ {
+ connector.setWantClientAuth(true);
+ }
+ else if ("needs".equalsIgnoreCase(this.config.getClientcert()))
+ {
+ connector.setNeedClientAuth(true);
+ }
}
- private void configureConnector(final Connector connector)
+ private void configureConnector(final Connector connector, int port)
{
connector.setMaxIdleTime(this.config.getHttpTimeout());
connector.setRequestBufferSize(this.config.getRequestBufferSize());
connector.setResponseBufferSize(this.config.getResponseBufferSize());
+ connector.setPort(port);
connector.setHost(this.config.getHost());
connector.setStatsOn(this.config.isRegisterMBeans());
-
- // connector.setLowResourceMaxIdleTime(ms);
- // connector.setRequestBufferSize(requestBufferSize);
- // connector.setResponseBufferSize(responseBufferSize);
}
private void configureSessionManager(final ServletContextHandler context)