diff options
Diffstat (limited to 'infra/minimal-distribution/src/main/java/io/fd/honeycomb/infra/distro/restconf/HttpsConnectorProvider.groovy')
-rw-r--r-- | infra/minimal-distribution/src/main/java/io/fd/honeycomb/infra/distro/restconf/HttpsConnectorProvider.groovy | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/infra/minimal-distribution/src/main/java/io/fd/honeycomb/infra/distro/restconf/HttpsConnectorProvider.groovy b/infra/minimal-distribution/src/main/java/io/fd/honeycomb/infra/distro/restconf/HttpsConnectorProvider.groovy deleted file mode 100644 index 388aa2bbe..000000000 --- a/infra/minimal-distribution/src/main/java/io/fd/honeycomb/infra/distro/restconf/HttpsConnectorProvider.groovy +++ /dev/null @@ -1,57 +0,0 @@ -package io.fd.honeycomb.infra.distro.restconf - -import com.google.inject.Inject -import io.fd.honeycomb.infra.distro.ProviderTrait -import io.fd.honeycomb.infra.distro.cfgattrs.HoneycombConfiguration -import org.eclipse.jetty.http.HttpVersion -import org.eclipse.jetty.server.Server -import org.eclipse.jetty.server.ServerConnector -import org.eclipse.jetty.server.SslConnectionFactory -import org.eclipse.jetty.util.ssl.SslContextFactory - -class HttpsConnectorProvider extends ProviderTrait<ServerConnector> { - - @Inject - HoneycombConfiguration cfg - @Inject - Server server - - @Override - def create() { - - // SSL Context Factory - // Based on: - // https://github.com/eclipse/jetty.project/blob/jetty-9.3.x/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java - // https://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Loading_Keys_and_Certificates_via_PKCS12 - // Keystore created with: - // openssl genrsa -des3 -out honeycomb.key - // openssl req -new -x509 -key honeycomb.key -out honeycomb.crt - // openssl pkcs12 -inkey honeycomb.key -in honeycomb.crt -export -out honeycomb.pkcs12 - // keytool -importkeystore -srckeystore honeycomb.pkcs12 -srcstoretype PKCS12 -destkeystore honeycomb-keystore - def sslContextFactory = new SslContextFactory() - def keystoreURL = getClass().getResource(cfg.restconfKeystore.get()) - sslContextFactory.setKeyStorePath(keystoreURL.path) - sslContextFactory.setKeyStorePassword(cfg.keystorePassword.get()) - sslContextFactory.setKeyManagerPassword((cfg.keystoreManagerPassword.get())) - def truststoreURL = getClass().getResource(cfg.restconfTruststore.get()) - sslContextFactory.setTrustStorePath(truststoreURL.path) - sslContextFactory.setTrustStorePassword((cfg.truststorePassword.get())) - // TODO make this more configurable - sslContextFactory.setExcludeCipherSuites( - "SSL_RSA_WITH_DES_CBC_SHA", - "SSL_DHE_RSA_WITH_DES_CBC_SHA", - "SSL_DHE_DSS_WITH_DES_CBC_SHA", - "SSL_RSA_EXPORT_WITH_RC4_40_MD5", - "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", - "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", - "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA") - - // SSL Connector - def sslConnector = new ServerConnector(server, cfg.httpsAcceptorsSize.get(), cfg.httpsSelectorsSize.get(), - new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString())) - sslConnector.setHost(cfg.restconfHttpsBindingAddress.get()) - sslConnector.setPort(cfg.restconfHttpsPort.get()) - server.addConnector(sslConnector) - return sslConnector - } -} |