summaryrefslogtreecommitdiffstats
path: root/jdisc_http_service
diff options
context:
space:
mode:
Diffstat (limited to 'jdisc_http_service')
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java2
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscSslContextFactory.java34
2 files changed, 35 insertions, 1 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
index 981d4219158..1f2fb40f42f 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
@@ -94,7 +94,7 @@ public class ConnectorFactory {
private SslConnectionFactory newSslConnectionFactory() {
Ssl sslConfig = connectorConfig.ssl();
- SslContextFactory factory = new SslContextFactory();
+ SslContextFactory factory = new JDiscSslContextFactory();
sslKeyStoreConfigurator.configure(new DefaultSslKeyStoreContext(factory));
sslTrustStoreConfigurator.configure(new DefaultSslTrustStoreContext(factory));
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscSslContextFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscSslContextFactory.java
new file mode 100644
index 00000000000..78c13ed56b0
--- /dev/null
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JDiscSslContextFactory.java
@@ -0,0 +1,34 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.jdisc.http.server.jetty;
+
+import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.util.security.CertificateUtils;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+
+import java.security.KeyStore;
+import java.util.Objects;
+
+/**
+ * @author bjorncs
+ */
+class JDiscSslContextFactory extends SslContextFactory {
+
+ private String trustStorePassword;
+
+ @Override
+ public void setTrustStorePassword(String password) {
+ super.setTrustStorePassword(password);
+ this.trustStorePassword = password;
+ }
+
+
+ // Overriden to stop Jetty from using the keystore password if no truststore password is specified.
+ @Override
+ protected KeyStore loadTrustStore(Resource resource) throws Exception {
+ return CertificateUtils.getKeyStore(
+ resource != null ? resource : getKeyStoreResource(),
+ Objects.toString(getTrustStoreType(), getKeyStoreType()),
+ Objects.toString(getTrustStoreProvider(), getKeyStoreProvider()),
+ trustStorePassword);
+ }
+}