- String keystorePassword = access().getProperty(Config.CADI_KEYSTORE_PASSWORD, null);
- if(keystorePassword==null) {
- throw new CadiException("No Keystore Password configured for " + keystore);
- }
- SslContextFactory sslContextFactory = new SslContextFactory();
- sslContextFactory.setKeyStorePath(keystore);
- String temp;
- sslContextFactory.setKeyStorePassword(temp=access().decrypt(keystorePassword, true)); // don't allow unencrypted
- sslContextFactory.setKeyManagerPassword(temp);
- temp=null; // don't leave lying around
-
- String truststore = access().getProperty(Config.CADI_TRUSTSTORE, null);
- if(truststore!=null) {
- String truststorePassword = access().getProperty(Config.CADI_TRUSTSTORE_PASSWORD, null);
- if(truststorePassword==null) {
- throw new CadiException("No Truststore Password configured for " + truststore);
- }
- sslContextFactory.setTrustStorePath(truststore);
- sslContextFactory.setTrustStorePassword(access().decrypt(truststorePassword, true));
- }
- // Be able to accept only certain protocols, i.e. TLSv1.1+
- final String[] protocols = Split.splitTrim(',', access().getProperty(Config.CADI_PROTOCOLS, SecurityInfo.HTTPS_PROTOCOLS_DEFAULT));
- sslContextFactory.setIncludeProtocols(protocols);
-
- // Want to use Client Certificates, if they exist.
- sslContextFactory.setWantClientAuth(true);
-
- // Optional future checks.
- // sslContextFactory.setValidateCerts(true);
- // sslContextFactory.setValidatePeerCerts(true);
- // sslContextFactory.setEnableCRLDP(false);
- // sslContextFactory.setEnableOCSP(false);
- String certAlias = access().getProperty(Config.CADI_ALIAS, null);
- if(certAlias!=null) {
- sslContextFactory.setCertAlias(certAlias);
- }
-
- HttpConfiguration httpConfig = new HttpConfiguration();
- httpConfig.setSecureScheme(protocol);
- httpConfig.setSecurePort(port);
- httpConfig.addCustomizer(new SecureRequestCustomizer());
- // httpConfig.setOutputBufferSize(32768); Not sure why take this setting
-
- conn = new ServerConnector(server,
- new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()),
- new HttpConnectionFactory(httpConfig)
- );
- }
-
- // Setup JMX
- // TODO trying to figure out how to set up/log ports
-// MBeanServer mbeanServer = ManagementFactory.getPlatformMBeanServer();
-// MBeanContainer mbContainer=new MBeanContainer(mbeanServer);
-// server.addEventListener(mbContainer);
-// server.addBean(mbContainer);
-
- // Add loggers MBean to server (will be picked up by MBeanContainer above)
-// server.addBean(Log.getLog());
-
- conn.setHost(hostname);
- conn.setPort(port);
- conn.setIdleTimeout(IDLE_TIMEOUT);
- server.addConnector(conn);
-
- server.setHandler(new AbstractHandler() {
- private FilterChain fc = buildFilterChain(service,new FilterChain() {
- @Override
- public void doFilter(ServletRequest req, ServletResponse resp) throws IOException, ServletException {
- rserv.service(req, resp);
- }
- });
-
- @Override
- public void handle(String target, Request baseRequest, HttpServletRequest hreq, HttpServletResponse hresp) throws IOException, ServletException {
- try {
- fc.doFilter(hreq,hresp);
- } catch (Exception e) {
- service.access.log(e, "Error Processing " + target);
- hresp.setStatus(500 /* Service Error */);
- }
- baseRequest.setHandled(true);
- }
- }
- );
-
- try {
- access().printf(Level.INIT, "Starting service on %s:%d (%s)",hostname,port,InetAddress.getLocalHost().getHostAddress());
- server.start();
- access().log(Level.INIT,server.dump());
- } catch (Exception e) {
- access().log(e,"Error starting " + service.app_name);
- System.exit(1);
- }
- try {
- register(service.registrants(port));
- access().printf(Level.INIT, "Starting Jetty Service for %s, version %s, on %s://%s:%d", service.app_name,service.app_version,protocol,hostname,port);
- } catch(Exception e) {
- access().log(e,"Error registering " + service.app_name);
- // Question: Should Registered Services terminate?
- }
- server.join();
- }
+ String keystorePassword = access().getProperty(Config.CADI_KEYSTORE_PASSWORD, null);
+ if(keystorePassword==null) {
+ throw new CadiException("No Keystore Password configured for " + keystore);
+ }
+ SslContextFactory sslContextFactory = new SslContextFactory();
+ sslContextFactory.setKeyStorePath(keystore);
+ String temp;
+ sslContextFactory.setKeyStorePassword(temp=access().decrypt(keystorePassword, true)); // don't allow unencrypted
+ sslContextFactory.setKeyManagerPassword(temp);
+ temp=null; // don't leave lying around
+
+ String truststore = access().getProperty(Config.CADI_TRUSTSTORE, null);
+ if(truststore!=null) {
+ String truststorePassword = access().getProperty(Config.CADI_TRUSTSTORE_PASSWORD, null);
+ if(truststorePassword==null) {
+ throw new CadiException("No Truststore Password configured for " + truststore);
+ }
+ sslContextFactory.setTrustStorePath(truststore);
+ sslContextFactory.setTrustStorePassword(access().decrypt(truststorePassword, true));
+ }
+ // Be able to accept only certain protocols, i.e. TLSv1.1+
+ final String[] protocols = Split.splitTrim(',', access().getProperty(Config.CADI_PROTOCOLS, SecurityInfo.HTTPS_PROTOCOLS_DEFAULT));
+ sslContextFactory.setIncludeProtocols(protocols);
+
+ // Want to use Client Certificates, if they exist.
+ sslContextFactory.setWantClientAuth(true);
+
+ // Optional future checks.
+ // sslContextFactory.setValidateCerts(true);
+ // sslContextFactory.setValidatePeerCerts(true);
+ // sslContextFactory.setEnableCRLDP(false);
+ // sslContextFactory.setEnableOCSP(false);
+ String certAlias = access().getProperty(Config.CADI_ALIAS, null);
+ if(certAlias!=null) {
+ sslContextFactory.setCertAlias(certAlias);
+ }
+
+ HttpConfiguration httpConfig = new HttpConfiguration();
+ httpConfig.setSecureScheme(protocol);
+ httpConfig.setSecurePort(port);
+ httpConfig.addCustomizer(new SecureRequestCustomizer());
+ // httpConfig.setOutputBufferSize(32768); Not sure why take this setting
+
+ conn = new ServerConnector(server,
+ new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()),
+ new HttpConnectionFactory(httpConfig)
+ );
+ }
+
+ // Setup JMX
+ // TODO trying to figure out how to set up/log ports
+// MBeanServer mbeanServer = ManagementFactory.getPlatformMBeanServer();
+// MBeanContainer mbContainer=new MBeanContainer(mbeanServer);
+// server.addEventListener(mbContainer);
+// server.addBean(mbContainer);
+
+ // Add loggers MBean to server (will be picked up by MBeanContainer above)
+// server.addBean(Log.getLog());
+
+ conn.setHost(hostname);
+ conn.setPort(port);
+ conn.setIdleTimeout(IDLE_TIMEOUT);
+ server.addConnector(conn);
+
+ server.setHandler(new AbstractHandler() {
+ private FilterChain fc = buildFilterChain(service,new FilterChain() {
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse resp) throws IOException, ServletException {
+ rserv.service(req, resp);
+ }
+ });
+
+ @Override
+ public void handle(String target, Request baseRequest, HttpServletRequest hreq, HttpServletResponse hresp) throws IOException, ServletException {
+ try {
+ fc.doFilter(hreq,hresp);
+ } catch (Exception e) {
+ service.access.log(e, "Error Processing " + target);
+ hresp.setStatus(500 /* Service Error */);
+ }
+ baseRequest.setHandled(true);
+ }
+ }
+ );
+
+ try {
+ access().printf(Level.INIT, "Starting service on %s:%d (%s)",hostname,port,InetAddress.getLocalHost().getHostAddress());
+ server.start();
+ access().log(Level.INIT,server.dump());
+ } catch (Exception e) {
+ access().log(e,"Error starting " + service.app_name);
+ String doExit = access().getProperty("cadi_exitOnFailure", "true");
+ if (doExit == "true") {
+ System.exit(1);
+ } else {
+ throw e;
+ }
+ }
+ try {
+ register(service.registrants(port));
+ access().printf(Level.INIT, "Starting Jetty Service for %s, version %s, on %s://%s:%d", service.app_name,service.app_version,protocol,hostname,port);
+ server.join();
+ } catch(Exception e) {
+ access().log(e,"Error registering " + service.app_name);
+ String doExit = access().getProperty("cadi_exitOnFailure", "true");
+ if (doExit == "true") {
+ System.exit(1);
+ } else {
+ throw e;
+ }
+ }
+ }