diff options
Diffstat (limited to 'jdisc_http_service/src/main/java/com/yahoo/jdisc')
2 files changed, 37 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index 981d4219158..1f2fb40f42f 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -94,7 +94,7 @@ public class ConnectorFactory { private SslConnectionFactory newSslConnectionFactory() { Ssl sslConfig = connectorConfig.ssl(); - SslContextFactory factory = new SslContextFactory(); + SslContextFactory factory = new JDiscSslContextFactory(); sslKeyStoreConfigurator.configure(new DefaultSslKeyStoreContext(factory)); sslTrustStoreConfigurator.configure(new DefaultSslTrustStoreContext(factory)); diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscSslContextFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscSslContextFactory.java new file mode 100644 index 00000000000..81a6a0c8048 --- /dev/null +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscSslContextFactory.java @@ -0,0 +1,36 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.jdisc.http.server.jetty; + +import org.eclipse.jetty.util.resource.Resource; +import org.eclipse.jetty.util.security.CertificateUtils; +import org.eclipse.jetty.util.ssl.SslContextFactory; + +import java.security.KeyStore; +import java.util.Objects; + +/** + * A modified {@link SslContextFactory} that allows passwordless truststore in combination with password protected keystore. + * + * @author bjorncs + */ +class JDiscSslContextFactory extends SslContextFactory { + + private String trustStorePassword; + + @Override + public void setTrustStorePassword(String password) { + super.setTrustStorePassword(password); + this.trustStorePassword = password; + } + + + // Overriden to stop Jetty from using the keystore password if no truststore password is specified. + @Override + protected KeyStore loadTrustStore(Resource resource) throws Exception { + return CertificateUtils.getKeyStore( + resource != null ? resource : getKeyStoreResource(), + Objects.toString(getTrustStoreType(), getKeyStoreType()), + Objects.toString(getTrustStoreProvider(), getKeyStoreProvider()), + trustStorePassword); + } +} |