aboutsummaryrefslogtreecommitdiffstats
path: root/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
diff options
context:
space:
mode:
Diffstat (limited to 'jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java')
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java73
1 files changed, 5 insertions, 68 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
index 8a829d33c1b..f9892759fbd 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
@@ -2,18 +2,9 @@
package com.yahoo.jdisc.http.server.jetty;
import com.google.inject.Inject;
-import com.yahoo.config.InnerNode;
import com.yahoo.jdisc.Metric;
import com.yahoo.jdisc.http.ConnectorConfig;
-import com.yahoo.jdisc.http.ConnectorConfig.Ssl;
-import com.yahoo.jdisc.http.ConnectorConfig.Ssl.ExcludeCipherSuite;
-import com.yahoo.jdisc.http.ConnectorConfig.Ssl.ExcludeProtocol;
-import com.yahoo.jdisc.http.ConnectorConfig.Ssl.IncludeCipherSuite;
-import com.yahoo.jdisc.http.ConnectorConfig.Ssl.IncludeProtocol;
-import com.yahoo.jdisc.http.ssl.DefaultSslKeyStoreContext;
-import com.yahoo.jdisc.http.ssl.DefaultSslTrustStoreContext;
-import com.yahoo.jdisc.http.ssl.SslKeyStoreConfigurator;
-import com.yahoo.jdisc.http.ssl.SslTrustStoreConfigurator;
+import com.yahoo.jdisc.http.ssl.SslContextFactoryProvider;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
@@ -24,10 +15,6 @@ import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import java.nio.channels.ServerSocketChannel;
-import java.util.Arrays;
-import java.util.List;
-import java.util.function.BiConsumer;
-import java.util.function.Function;
/**
* @author Einar M R Rosenvinge
@@ -36,16 +23,13 @@ import java.util.function.Function;
public class ConnectorFactory {
private final ConnectorConfig connectorConfig;
- private final SslKeyStoreConfigurator sslKeyStoreConfigurator;
- private final SslTrustStoreConfigurator sslTrustStoreConfigurator;
+ private final SslContextFactoryProvider sslContextFactoryProvider;
@Inject
public ConnectorFactory(ConnectorConfig connectorConfig,
- SslKeyStoreConfigurator sslKeyStoreConfigurator,
- SslTrustStoreConfigurator sslTrustStoreConfigurator) {
+ SslContextFactoryProvider sslContextFactoryProvider) {
this.connectorConfig = connectorConfig;
- this.sslKeyStoreConfigurator = sslKeyStoreConfigurator;
- this.sslTrustStoreConfigurator = sslTrustStoreConfigurator;
+ this.sslContextFactoryProvider = sslContextFactoryProvider;
}
public ConnectorConfig getConnectorConfig() {
@@ -87,55 +71,8 @@ public class ConnectorFactory {
}
private SslConnectionFactory newSslConnectionFactory() {
- Ssl sslConfig = connectorConfig.ssl();
-
- SslContextFactory factory = new JDiscSslContextFactory();
-
- sslKeyStoreConfigurator.configure(new DefaultSslKeyStoreContext(factory));
- sslTrustStoreConfigurator.configure(new DefaultSslTrustStoreContext(factory));
-
- switch (sslConfig.clientAuth()) {
- case NEED_AUTH:
- factory.setNeedClientAuth(true);
- break;
- case WANT_AUTH:
- factory.setWantClientAuth(true);
- break;
- }
-
- if (!sslConfig.prng().isEmpty()) {
- factory.setSecureRandomAlgorithm(sslConfig.prng());
- }
-
- // NOTE: ^TLS_RSA_.*$ ciphers are disabled by default in Jetty 9.4.12+ (https://github.com/eclipse/jetty.project/issues/2807)
- // JDisc will allow these ciphers by default to support older clients (e.g. Java 8u60 and curl 7.29.0)
- String[] excludedCiphersWithoutTlsRsaExclusion = Arrays.stream(factory.getExcludeCipherSuites())
- .filter(cipher -> !cipher.equals("^TLS_RSA_.*$"))
- .toArray(String[]::new);
- factory.setExcludeCipherSuites(excludedCiphersWithoutTlsRsaExclusion);
-
- setStringArrayParameter(
- factory, sslConfig.excludeProtocol(), ExcludeProtocol::name, SslContextFactory::setExcludeProtocols);
- setStringArrayParameter(
- factory, sslConfig.includeProtocol(), IncludeProtocol::name, SslContextFactory::setIncludeProtocols);
- setStringArrayParameter(
- factory, sslConfig.excludeCipherSuite(), ExcludeCipherSuite::name, SslContextFactory::setExcludeCipherSuites);
- setStringArrayParameter(
- factory, sslConfig.includeCipherSuite(), IncludeCipherSuite::name, SslContextFactory::setIncludeCipherSuites);
-
- factory.setKeyManagerFactoryAlgorithm(sslConfig.sslKeyManagerFactoryAlgorithm());
- factory.setProtocol(sslConfig.protocol());
+ SslContextFactory factory = sslContextFactoryProvider.getInstance(connectorConfig.name(), connectorConfig.listenPort());
return new SslConnectionFactory(factory, HttpVersion.HTTP_1_1.asString());
}
- private static <T extends InnerNode> void setStringArrayParameter(SslContextFactory sslContextFactory,
- List<T> configValues,
- Function<T, String> nameProperty,
- BiConsumer<SslContextFactory, String[]> setter) {
- if (!configValues.isEmpty()) {
- String[] nameArray = configValues.stream().map(nameProperty).toArray(String[]::new);
- setter.accept(sslContextFactory, nameArray);
- }
- }
-
}