2011-03-15 00:33:36 +01:00
//
2014-05-11 01:53:11 +02:00
// Jetty9HttpServerImpl
2011-03-15 00:33:36 +01:00
// Copyright 2011 by Florian Richter
// First released 13.04.2011 at http://yacy.net
//
// $LastChangedDate$
// $LastChangedRevision$
// $LastChangedBy$
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 2.1 of the License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with this program in the file lgpl21.txt
// If not, see <http://www.gnu.org/licenses/>.
//
2011-01-17 12:06:17 +01:00
package net.yacy.http ;
2013-12-25 05:20:13 +01:00
import java.io.FileInputStream ;
import java.io.FileOutputStream ;
2014-01-10 10:42:47 +01:00
import java.io.IOException ;
2013-12-25 05:20:13 +01:00
import java.security.KeyStore ;
2014-01-06 07:00:16 +01:00
import java.util.StringTokenizer ;
2013-12-25 05:20:13 +01:00
import javax.net.ssl.KeyManagerFactory ;
import javax.net.ssl.SSLContext ;
2013-09-12 22:02:11 +02:00
import net.yacy.cora.util.ConcurrentLog ;
2013-12-23 01:32:29 +01:00
import net.yacy.http.servlets.YaCyDefaultServlet ;
2012-06-29 21:16:20 +02:00
import net.yacy.search.Switchboard ;
2014-01-17 00:02:23 +01:00
import net.yacy.search.SwitchboardConstants ;
2013-12-25 05:20:13 +01:00
import net.yacy.utils.PKCS12Tool ;
2014-05-11 01:53:11 +02:00
import org.eclipse.jetty.http.HttpVersion ;
2013-12-23 01:32:29 +01:00
import org.eclipse.jetty.server.Connector ;
2011-01-17 12:06:17 +01:00
import org.eclipse.jetty.server.Handler ;
2014-05-11 01:53:11 +02:00
import org.eclipse.jetty.server.HttpConfiguration ;
import org.eclipse.jetty.server.HttpConnectionFactory ;
import org.eclipse.jetty.server.SecureRequestCustomizer ;
2011-01-17 12:06:17 +01:00
import org.eclipse.jetty.server.Server ;
2014-05-11 01:53:11 +02:00
import org.eclipse.jetty.server.ServerConnector ;
import org.eclipse.jetty.server.SslConnectionFactory ;
2013-09-30 03:12:52 +02:00
import org.eclipse.jetty.server.handler.ContextHandler ;
2013-09-16 03:01:18 +02:00
import org.eclipse.jetty.server.handler.ContextHandlerCollection ;
2011-01-17 12:06:17 +01:00
import org.eclipse.jetty.server.handler.DefaultHandler ;
import org.eclipse.jetty.server.handler.HandlerList ;
2014-01-06 07:00:16 +01:00
import org.eclipse.jetty.server.handler.IPAccessHandler ;
2013-09-16 03:01:18 +02:00
import org.eclipse.jetty.servlet.ServletHolder ;
2014-01-10 10:42:47 +01:00
import org.eclipse.jetty.util.resource.Resource ;
2013-12-25 05:20:13 +01:00
import org.eclipse.jetty.util.ssl.SslContextFactory ;
2014-01-10 10:42:47 +01:00
import org.eclipse.jetty.webapp.WebAppContext ;
2011-03-26 00:18:48 +01:00
2011-03-14 21:17:01 +01:00
/ * *
2014-05-11 01:53:11 +02:00
* class to embedded Jetty 9 http server into YaCy
2011-03-14 21:17:01 +01:00
* /
2014-05-11 01:53:11 +02:00
public class Jetty9HttpServerImpl implements YaCyHttpServer {
2013-09-12 22:02:11 +02:00
2013-11-03 21:34:21 +01:00
private final Server server ;
2013-09-11 02:24:47 +02:00
/ * *
* @param port TCP Port to listen for http requests
* /
2014-05-11 01:53:11 +02:00
public Jetty9HttpServerImpl ( int port ) {
2013-09-11 02:24:47 +02:00
Switchboard sb = Switchboard . getSwitchboard ( ) ;
2013-09-22 01:57:32 +02:00
2013-09-14 20:49:05 +02:00
server = new Server ( ) ;
2014-05-11 01:53:11 +02:00
ServerConnector connector = new ServerConnector ( server ) ;
2011-01-17 12:06:17 +01:00
connector . setPort ( port ) ;
2013-09-14 20:49:05 +02:00
connector . setName ( " httpd: " + Integer . toString ( port ) ) ;
2014-10-16 20:36:12 +02:00
connector . setIdleTimeout ( 9000 ) ; // timout in ms when no bytes send / received
2011-01-17 12:06:17 +01:00
server . addConnector ( connector ) ;
2013-12-25 05:20:13 +01:00
// add ssl/https connector
boolean useSSL = sb . getConfigBool ( " server.https " , false ) ;
2014-05-11 01:53:11 +02:00
2013-12-25 05:20:13 +01:00
if ( useSSL ) {
final SslContextFactory sslContextFactory = new SslContextFactory ( ) ;
final SSLContext sslContext = initSslContext ( sb ) ;
if ( sslContext ! = null ) {
2014-05-11 01:53:11 +02:00
2014-10-07 13:10:06 +02:00
int sslport = sb . getLocalPort ( " port.ssl " , 8443 ) ;
2013-12-25 05:20:13 +01:00
sslContextFactory . setSslContext ( sslContext ) ;
2014-05-11 01:53:11 +02:00
// SSL HTTP Configuration
HttpConfiguration https_config = new HttpConfiguration ( ) ;
https_config . addCustomizer ( new SecureRequestCustomizer ( ) ) ;
// SSL Connector
ServerConnector sslConnector = new ServerConnector ( server ,
new SslConnectionFactory ( sslContextFactory , HttpVersion . HTTP_1_1 . asString ( ) ) ,
new HttpConnectionFactory ( https_config ) ) ;
sslConnector . setPort ( sslport ) ;
sslConnector . setName ( " ssld: " + Integer . toString ( sslport ) ) ; // name must start with ssl (for withSSL() to work correctly)
2014-10-16 20:36:12 +02:00
sslConnector . setIdleTimeout ( 9000 ) ; // timout in ms when no bytes send / received
2013-12-25 05:20:13 +01:00
2014-05-11 01:53:11 +02:00
server . addConnector ( sslConnector ) ;
2013-12-25 05:20:13 +01:00
ConcurrentLog . info ( " SERVER " , " SSL support initialized successfully on port " + sslport ) ;
}
}
2011-03-26 00:18:48 +01:00
YacyDomainHandler domainHandler = new YacyDomainHandler ( ) ;
domainHandler . setAlternativeResolver ( sb . peers ) ;
2013-09-22 01:57:32 +02:00
2013-09-26 22:20:35 +02:00
// configure root context
2014-01-10 10:42:47 +01:00
WebAppContext htrootContext = new WebAppContext ( ) ;
htrootContext . setContextPath ( " / " ) ;
2014-02-27 00:23:34 +01:00
String htrootpath = sb . getConfig ( SwitchboardConstants . HTROOT_PATH , SwitchboardConstants . HTROOT_PATH_DEFAULT ) ;
2014-04-21 17:28:21 +02:00
htrootContext . setErrorHandler ( new YaCyErrorHandler ( ) ) ; // handler for custom error page
2014-01-10 10:42:47 +01:00
try {
2014-02-27 00:23:34 +01:00
htrootContext . setBaseResource ( Resource . newResource ( htrootpath ) ) ;
2014-01-10 10:42:47 +01:00
// set web.xml to use
// make use of Jetty feature to define web.xml other as default WEB-INF/web.xml
2014-12-27 00:10:14 +01:00
// and to use a DefaultsDescriptor merged with a individual web.xml
// use defaults/web.xml as default and look in DATA/SETTINGS for local addition/changes
htrootContext . setDefaultsDescriptor ( sb . appPath + " /defaults/web.xml " ) ;
2014-01-10 10:42:47 +01:00
Resource webxml = Resource . newResource ( sb . dataPath + " /DATA/SETTINGS/web.xml " ) ;
if ( webxml . exists ( ) ) {
htrootContext . setDescriptor ( webxml . getName ( ) ) ;
2014-12-27 00:10:14 +01:00
}
2014-01-10 10:42:47 +01:00
} catch ( IOException ex ) {
if ( htrootContext . getBaseResource ( ) = = null ) {
ConcurrentLog . severe ( " SERVER " , " could not find directory: htroot " ) ;
} else {
ConcurrentLog . warn ( " SERVER " , " could not find: defaults/web.xml or DATA/SETTINGS/web.xml " ) ;
}
}
// as fundamental component leave this hardcoded, other servlets may be defined in web.xml only
2013-12-09 23:45:57 +01:00
ServletHolder sholder = new ServletHolder ( YaCyDefaultServlet . class ) ;
2014-02-27 00:23:34 +01:00
sholder . setInitParameter ( " resourceBase " , htrootpath ) ;
2013-10-09 00:40:48 +02:00
//sholder.setInitParameter("welcomeFile", "index.html"); // default is index.html, welcome.html
2013-09-22 01:57:32 +02:00
htrootContext . addServlet ( sholder , " /* " ) ;
2014-01-23 23:56:45 +01:00
// -----------------------------------------------------------------------------
// here we set and map the mandatory servlets, needed for typical YaCy operation
// to make sure they are available even if removed in individual web.xml
// additional, optional or individual servlets or servlet mappings can be set in web.xml
2014-05-11 01:53:11 +02:00
// in Jetty 9 servlet should be set only once
// therefore only the settings in web.xml is used
2014-01-23 19:01:31 +01:00
//add SolrSelectServlet
2014-05-11 01:53:11 +02:00
//htrootContext.addServlet(SolrSelectServlet.class, "/solr/select"); // uses the default core, collection1
//htrootContext.addServlet(SolrSelectServlet.class, "/solr/collection1/select"); // the same servlet, identifies the collection1 core using the path
//htrootContext.addServlet(SolrSelectServlet.class, "/solr/webgraph/select"); // the same servlet, identifies the webgraph core using the path
2014-01-23 19:01:31 +01:00
2014-05-11 01:53:11 +02:00
//htrootContext.addServlet(SolrServlet.class, "/solr/collection1/admin/luke");
//htrootContext.addServlet(SolrServlet.class, "/solr/webgraph/admin/luke");
2014-01-01 10:20:32 +01:00
2013-10-30 23:11:36 +01:00
// add proxy?url= servlet
2014-03-30 04:04:02 +02:00
//htrootContext.addServlet(YaCyProxyServlet.class,"/proxy.html");
2013-10-27 05:04:24 +01:00
2013-10-30 23:11:36 +01:00
// add GSA servlet
2014-05-11 01:53:11 +02:00
//htrootContext.addServlet(GSAsearchServlet.class,"/gsa/search");
2014-01-23 23:56:45 +01:00
// --- eof default servlet mappings --------------------------------------------
2013-10-30 23:11:36 +01:00
2013-09-30 03:12:52 +02:00
// define list of YaCy specific general handlers
2011-03-16 17:39:31 +01:00
HandlerList handlers = new HandlerList ( ) ;
2013-10-27 19:15:20 +01:00
handlers . setHandlers ( new Handler [ ]
2014-05-22 22:16:39 +02:00
{ new MonitorHandler ( ) , domainHandler , new ProxyCacheHandler ( ) , new ProxyHandler ( ) } ) ;
2013-09-30 03:12:52 +02:00
// context handler for dispatcher and security (hint: dispatcher requires a context)
ContextHandler context = new ContextHandler ( ) ;
2014-03-26 20:01:15 +01:00
context . setServer ( server ) ;
2013-09-30 03:12:52 +02:00
context . setContextPath ( " / " ) ;
context . setHandler ( handlers ) ;
2013-09-11 02:24:47 +02:00
2013-09-30 03:12:52 +02:00
// make YaCy handlers (in context) and servlet context handlers available (both contain root context "/")
// logic: 1. YaCy handlers are called if request not handled (e.g. proxy) then servlets handle it
ContextHandlerCollection allrequesthandlers = new ContextHandlerCollection ( ) ;
2014-03-26 20:01:15 +01:00
allrequesthandlers . setServer ( server ) ;
2013-09-30 03:12:52 +02:00
allrequesthandlers . addHandler ( context ) ;
2013-11-14 01:37:51 +01:00
allrequesthandlers . addHandler ( htrootContext ) ;
2013-09-30 03:12:52 +02:00
allrequesthandlers . addHandler ( new DefaultHandler ( ) ) ; // if not handled by other handler
2014-01-17 00:02:23 +01:00
YaCyLoginService loginService = new YaCyLoginService ( ) ;
// this is very important (as it is part of the user password hash)
// changes will ivalidate all current existing user-password-hashes (from userDB)
loginService . setName ( sb . getConfig ( SwitchboardConstants . ADMIN_REALM , " YaCy " ) ) ;
2014-05-11 01:53:11 +02:00
Jetty9YaCySecurityHandler securityHandler = new Jetty9YaCySecurityHandler ( ) ;
2014-01-05 17:43:34 +01:00
securityHandler . setLoginService ( loginService ) ;
2014-01-06 07:00:16 +01:00
2014-01-10 12:36:42 +01:00
htrootContext . setSecurityHandler ( securityHandler ) ;
2014-01-17 00:02:23 +01:00
// wrap all handlers
2014-03-26 20:01:15 +01:00
Handler crashHandler = new CrashProtectionHandler ( server , allrequesthandlers ) ;
2014-01-06 07:00:16 +01:00
// check server access restriction and add IPAccessHandler if restrictions are needed
// otherwise don't (to save performance)
String white = sb . getConfig ( " serverClient " , " * " ) ;
if ( ! white . equals ( " * " ) ) { // full ip (allowed ranges 0-255 or prefix 10.0-255,0,0-100 or 127.)
final StringTokenizer st = new StringTokenizer ( white , " , " ) ;
IPAccessHandler iphandler = new IPAccessHandler ( ) ;
int i = 0 ;
while ( st . hasMoreTokens ( ) ) {
String ip = st . nextToken ( ) ;
iphandler . addWhite ( ip ) ;
i + + ;
}
if ( i > 0 ) {
iphandler . addWhite ( " 127.0.0.1 " ) ; // allow localhost (loopback addr)
2014-03-26 20:01:15 +01:00
iphandler . setServer ( server ) ;
2014-01-10 12:36:42 +01:00
iphandler . setHandler ( crashHandler ) ;
2014-01-06 07:00:16 +01:00
server . setHandler ( iphandler ) ;
ConcurrentLog . info ( " SERVER " , " activated IP access restriction to: [127.0.0.1, " + white + " ] (this works only correct with start parameter -Djava.net.preferIPv4Stack=true) " ) ;
} else {
2014-01-10 12:36:42 +01:00
server . setHandler ( crashHandler ) ; // iphandler not needed
2014-01-06 07:00:16 +01:00
}
} else {
2014-01-10 12:36:42 +01:00
server . setHandler ( crashHandler ) ; // iphandler not needed
2014-01-06 07:00:16 +01:00
}
2013-09-11 02:24:47 +02:00
}
2013-09-12 22:02:11 +02:00
/ * *
* start http server
* /
2013-10-09 00:40:48 +02:00
@Override
public void startupServer ( ) throws Exception {
2013-10-18 00:42:38 +02:00
// option to finish running requests on shutdown
2014-05-11 01:53:11 +02:00
// server.setGracefulShutdown(3000);
2013-10-18 00:42:38 +02:00
server . setStopAtShutdown ( true ) ;
2011-01-17 12:06:17 +01:00
server . start ( ) ;
2013-09-12 22:02:11 +02:00
}
/ * *
* stop http server and wait for it
* /
2013-10-09 00:40:48 +02:00
@Override
2013-09-12 22:02:11 +02:00
public void stop ( ) throws Exception {
2013-10-18 00:42:38 +02:00
server . stop ( ) ;
2011-01-17 12:06:17 +01:00
server . join ( ) ;
2013-09-12 22:02:11 +02:00
}
2011-01-17 12:06:17 +01:00
2014-01-27 01:09:56 +01:00
/ * *
* @return true if ssl / https connector is available
* /
2013-10-09 00:40:48 +02:00
@Override
2013-12-25 05:20:13 +01:00
public boolean withSSL ( ) {
Connector [ ] clist = server . getConnectors ( ) ;
for ( Connector c : clist ) {
if ( c . getName ( ) . startsWith ( " ssl " ) ) return true ;
}
return false ;
2013-09-12 22:02:11 +02:00
}
2014-01-27 01:09:56 +01:00
/ * *
* The port of actual running ssl connector
* @return the ssl / https port or - 1 if not active
* /
2013-12-25 05:20:13 +01:00
@Override
public int getSslPort ( ) {
2014-01-27 01:09:56 +01:00
Connector [ ] clist = server . getConnectors ( ) ;
for ( Connector c : clist ) {
2014-05-11 01:53:11 +02:00
if ( c . getName ( ) . startsWith ( " ssl " ) ) {
int port = ( ( ServerConnector ) c ) . getLocalPort ( ) ;
return port ;
}
2014-01-27 01:09:56 +01:00
}
return - 1 ;
2013-12-25 05:20:13 +01:00
}
2013-11-03 21:34:21 +01:00
/ * *
* reconnect with new port settings ( after waiting milsec ) - routine returns
* immediately
2014-01-27 01:09:56 +01:00
* checks http and ssl connector for new port settings
2013-11-03 21:34:21 +01:00
* @param milsec wait time
* /
2013-10-09 00:40:48 +02:00
@Override
2013-11-03 21:34:21 +01:00
public void reconnect ( final int milsec ) {
new Thread ( ) {
@Override
public void run ( ) {
2014-02-28 15:02:01 +01:00
this . setName ( " Jetty8HttpServer.reconnect " ) ;
2013-11-03 21:34:21 +01:00
try {
Thread . sleep ( milsec ) ;
} catch ( final InterruptedException e ) {
ConcurrentLog . logException ( e ) ;
} catch ( final Exception e ) {
ConcurrentLog . logException ( e ) ;
}
try { // reconnect with new settings (instead to stop/start server, just manipulate connectors
final Connector [ ] cons = server . getConnectors ( ) ;
2014-10-07 13:10:06 +02:00
final int port = Switchboard . getSwitchboard ( ) . getLocalPort ( " port " , 8090 ) ;
final int sslport = Switchboard . getSwitchboard ( ) . getLocalPort ( " port.ssl " , 8443 ) ;
2013-11-03 21:34:21 +01:00
for ( Connector con : cons ) {
2014-01-27 01:09:56 +01:00
// check http connector
2014-05-11 01:53:11 +02:00
if ( con . getName ( ) . startsWith ( " httpd " ) & & ( ( ServerConnector ) con ) . getPort ( ) ! = port ) {
( ( ServerConnector ) con ) . close ( ) ;
2013-11-03 21:34:21 +01:00
con . stop ( ) ;
if ( ! con . isStopped ( ) ) {
ConcurrentLog . warn ( " SERVER " , " Reconnect: Jetty Connector failed to stop " ) ;
}
2014-05-11 01:53:11 +02:00
( ( ServerConnector ) con ) . setPort ( port ) ;
2013-11-03 21:34:21 +01:00
con . start ( ) ;
2014-01-27 01:09:56 +01:00
ConcurrentLog . info ( " SERVER " , " set new port for Jetty connector " + con . getName ( ) ) ;
continue ;
}
// check https connector
2014-05-11 01:53:11 +02:00
if ( con . getName ( ) . startsWith ( " ssl " ) & & ( ( ServerConnector ) con ) . getPort ( ) ! = sslport ) {
( ( ServerConnector ) con ) . close ( ) ;
2014-01-27 01:09:56 +01:00
con . stop ( ) ;
if ( ! con . isStopped ( ) ) {
ConcurrentLog . warn ( " SERVER " , " Reconnect: Jetty Connector failed to stop " ) ;
}
2014-05-11 01:53:11 +02:00
( ( ServerConnector ) con ) . setPort ( sslport ) ;
2014-01-27 01:09:56 +01:00
con . start ( ) ;
ConcurrentLog . info ( " SERVER " , " set new port for Jetty connector " + con . getName ( ) ) ;
2013-11-03 21:34:21 +01:00
}
}
} catch ( Exception ex ) {
ConcurrentLog . logException ( ex ) ;
}
}
} . start ( ) ;
2013-09-12 22:02:11 +02:00
}
2014-03-05 02:59:27 +01:00
/ * *
* forces loginservice to reload user credentials
* ( used after setting new pwd in cfg file / db )
* @param username
* /
public void resetUser ( String username ) {
2014-05-11 01:53:11 +02:00
Jetty9YaCySecurityHandler hx = this . server . getChildHandlerByClass ( Jetty9YaCySecurityHandler . class ) ;
2014-03-05 02:59:27 +01:00
if ( hx ! = null ) {
YaCyLoginService loginservice = ( YaCyLoginService ) hx . getLoginService ( ) ;
loginservice . loadUser ( username ) ;
}
}
/ * *
* removes user from knowuser cache of loginservice
* @param username
* /
public void removeUser ( String username ) {
2014-05-11 01:53:11 +02:00
Jetty9YaCySecurityHandler hx = this . server . getChildHandlerByClass ( Jetty9YaCySecurityHandler . class ) ;
2014-03-05 02:59:27 +01:00
if ( hx ! = null ) {
YaCyLoginService loginservice = ( YaCyLoginService ) hx . getLoginService ( ) ;
loginservice . removeUser ( username ) ;
}
}
2014-08-31 00:33:05 +02:00
/ * *
* get Jetty version
* @return version_string
* /
2013-10-09 00:40:48 +02:00
@Override
public String getVersion ( ) {
2013-11-03 21:34:21 +01:00
return " Jetty " + Server . getVersion ( ) ;
2013-10-09 00:40:48 +02:00
}
2013-12-25 05:20:13 +01:00
/ * *
* Init SSL Context from config settings
* @param sb Switchboard
* @return default or sslcontext according to config
* /
private SSLContext initSslContext ( Switchboard sb ) {
// getting the keystore file name
String keyStoreFileName = sb . getConfig ( " keyStore " , " " ) . trim ( ) ;
// getting the keystore pwd
String keyStorePwd = sb . getConfig ( " keyStorePassword " , " " ) . trim ( ) ;
// take a look if we have something to import
final String pkcs12ImportFile = sb . getConfig ( " pkcs12ImportFile " , " " ) . trim ( ) ;
// if no keyStore and no import is defined, then set the default key
if ( keyStoreFileName . isEmpty ( ) & & keyStorePwd . isEmpty ( ) & & pkcs12ImportFile . isEmpty ( ) ) {
keyStoreFileName = " defaults/freeworldKeystore " ;
keyStorePwd = " freeworld " ;
sb . setConfig ( " keyStore " , keyStoreFileName ) ;
sb . setConfig ( " keyStorePassword " , keyStorePwd ) ;
}
if ( pkcs12ImportFile . length ( ) > 0 ) {
ConcurrentLog . info ( " SERVER " , " Import certificates from import file ' " + pkcs12ImportFile + " '. " ) ;
try {
// getting the password
final String pkcs12ImportPwd = sb . getConfig ( " pkcs12ImportPwd " , " " ) . trim ( ) ;
// creating tool to import cert
final PKCS12Tool pkcsTool = new PKCS12Tool ( pkcs12ImportFile , pkcs12ImportPwd ) ;
// creating a new keystore file
if ( keyStoreFileName . isEmpty ( ) ) {
// using the default keystore name
keyStoreFileName = " DATA/SETTINGS/myPeerKeystore " ;
// creating an empty java keystore
final KeyStore ks = KeyStore . getInstance ( " JKS " ) ;
ks . load ( null , keyStorePwd . toCharArray ( ) ) ;
final FileOutputStream ksOut = new FileOutputStream ( keyStoreFileName ) ;
ks . store ( ksOut , keyStorePwd . toCharArray ( ) ) ;
ksOut . close ( ) ;
// storing path to keystore into config file
sb . setConfig ( " keyStore " , keyStoreFileName ) ;
}
// importing certificate
pkcsTool . importToJKS ( keyStoreFileName , keyStorePwd ) ;
// removing entries from config file
sb . setConfig ( " pkcs12ImportFile " , " " ) ;
sb . setConfig ( " keyStorePassword " , " " ) ;
// deleting original import file
// TODO: should we do this
} catch ( final Exception e ) {
ConcurrentLog . severe ( " SERVER " , " Unable to import certificate from import file ' " + pkcs12ImportFile + " '. " , e ) ;
}
} else if ( keyStoreFileName . isEmpty ( ) ) return null ;
// get the ssl context
try {
ConcurrentLog . info ( " SERVER " , " Initializing SSL support ... " ) ;
// creating a new keystore instance of type (java key store)
if ( ConcurrentLog . isFine ( " SERVER " ) ) ConcurrentLog . fine ( " SERVER " , " Initializing keystore ... " ) ;
final KeyStore ks = KeyStore . getInstance ( " JKS " ) ;
// loading keystore data from file
if ( ConcurrentLog . isFine ( " SERVER " ) ) ConcurrentLog . fine ( " SERVER " , " Loading keystore file " + keyStoreFileName ) ;
final FileInputStream stream = new FileInputStream ( keyStoreFileName ) ;
ks . load ( stream , keyStorePwd . toCharArray ( ) ) ;
stream . close ( ) ;
// creating a keystore factory
if ( ConcurrentLog . isFine ( " SERVER " ) ) ConcurrentLog . fine ( " SERVER " , " Initializing key manager factory ... " ) ;
final KeyManagerFactory kmf = KeyManagerFactory . getInstance ( KeyManagerFactory . getDefaultAlgorithm ( ) ) ;
kmf . init ( ks , keyStorePwd . toCharArray ( ) ) ;
// initializing the ssl context
if ( ConcurrentLog . isFine ( " SERVER " ) ) ConcurrentLog . fine ( " SERVER " , " Initializing SSL context ... " ) ;
final SSLContext sslcontext = SSLContext . getInstance ( " TLS " ) ;
sslcontext . init ( kmf . getKeyManagers ( ) , null , null ) ;
return sslcontext ;
} catch ( final Exception e ) {
final String errorMsg = " FATAL ERROR: Unable to initialize the SSL Socket factory. " + e . getMessage ( ) ;
ConcurrentLog . severe ( " SERVER " , errorMsg ) ;
System . out . println ( errorMsg ) ;
return null ;
}
}
2011-01-17 12:06:17 +01:00
}