if (ssl != null) {
boolean nativeSSL = false;
if (connector.getProtocolHandler() instanceof Http11AprProtocol) {
nativeSSL = true;
} else if ((connector.getProtocolHandler() instanceof AjpProtocol) || (connector.getProtocolHandler() instanceof AjpAprProtocol)) {
throw new StartException(MESSAGES.noSSLWithNonHTTPConnectors());
}
// Enable SSL
try {
Method m = connector.getProtocolHandler().getClass().getMethod("setSSLEnabled", Boolean.TYPE);
m.invoke(connector.getProtocolHandler(), true);
} catch (NoSuchMethodException e) {
// No SSL support
throw new StartException(MESSAGES.failedSSLConfiguration(), e);
}
if (nativeSSL) {
// OpenSSL configuration
try {
if (ssl.hasDefined(Constants.PASSWORD)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setSSLPassword", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.PASSWORD).asString());
}
if (ssl.hasDefined(Constants.CERTIFICATE_KEY_FILE)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setSSLCertificateKeyFile", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.CERTIFICATE_KEY_FILE).asString());
}
if (ssl.hasDefined(Constants.CIPHER_SUITE)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setSSLCipherSuite", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.CIPHER_SUITE).asString());
}
if (ssl.hasDefined(Constants.PROTOCOL)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setSSLProtocol", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.PROTOCOL).asString());
}
if (ssl.hasDefined(Constants.VERIFY_CLIENT)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setSSLVerifyClient", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.VERIFY_CLIENT).asString());
}
if (ssl.hasDefined(Constants.VERIFY_DEPTH)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setSSLVerifyDepth", Integer.TYPE);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.VERIFY_DEPTH).asInt());
}
if (ssl.hasDefined(Constants.CERTIFICATE_FILE)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setSSLCertificateFile", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.CERTIFICATE_FILE).asString());
}
if (ssl.hasDefined(Constants.CA_CERTIFICATE_FILE)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setSSLCACertificateFile", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.CA_CERTIFICATE_FILE).asString());
}
if (ssl.hasDefined(Constants.CA_REVOCATION_URL)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setSSLCARevocationFile", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.CA_REVOCATION_URL).asString());
}
} catch (NoSuchMethodException e) {
throw new StartException(MESSAGES.failedSSLConfiguration(), e);
}
} else {
// JSSE configuration
try {
if (ssl.hasDefined(Constants.KEY_ALIAS)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setKeyAlias", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.KEY_ALIAS).asString());
}
if (ssl.hasDefined(Constants.PASSWORD)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setKeypass", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.PASSWORD).asString());
}
if (ssl.hasDefined(Constants.CERTIFICATE_KEY_FILE)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setKeystore", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.CERTIFICATE_KEY_FILE).asString());
}
if (ssl.hasDefined(Constants.CIPHER_SUITE)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setCiphers", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.CIPHER_SUITE).asString());
}
if (ssl.hasDefined(Constants.PROTOCOL)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setProtocols", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.PROTOCOL).asString());
}
if (ssl.hasDefined(Constants.VERIFY_CLIENT)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setClientauth", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.VERIFY_CLIENT).asString());
}
if (ssl.hasDefined(Constants.SESSION_CACHE_SIZE)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setAttribute", String.class, Object.class);
m.invoke(connector.getProtocolHandler(), "sessionCacheSize", ssl.get(Constants.SESSION_CACHE_SIZE).asString());
}
if (ssl.hasDefined(Constants.SESSION_TIMEOUT)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setAttribute", String.class, Object.class);
m.invoke(connector.getProtocolHandler(), "sessionCacheTimeout", ssl.get(Constants.SESSION_TIMEOUT).asString());
}
/* possible attributes that apply to ssl socket factory
keystoreType -> PKCS12
keystore -> path/to/keystore.p12
keypass -> key password
truststorePass -> trustPassword
truststoreFile -> path/to/truststore.jks
truststoreType -> JKS
*/
if (ssl.hasDefined(Constants.CA_CERTIFICATE_FILE)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setAttribute", String.class, Object.class);
m.invoke(connector.getProtocolHandler(), "truststoreFile", ssl.get(Constants.CA_CERTIFICATE_FILE).asString());
}
if (ssl.hasDefined(Constants.CA_CERTIFICATE_PASSWORD)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setAttribute", String.class, Object.class);
m.invoke(connector.getProtocolHandler(), "truststorePass",ssl.get(Constants.CA_CERTIFICATE_PASSWORD).asString());
}
if (ssl.hasDefined(Constants.TRUSTSTORE_TYPE)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setAttribute", String.class, Object.class);
m.invoke(connector.getProtocolHandler(), "truststoreType",ssl.get(Constants.TRUSTSTORE_TYPE).asString());
}
if (ssl.hasDefined(Constants.KEYSTORE_TYPE)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setKeytype", String.class);
m.invoke(connector.getProtocolHandler(), ssl.get(Constants.KEYSTORE_TYPE).asString());
}
if (ssl.hasDefined(Constants.CA_REVOCATION_URL)) {
Method m = connector.getProtocolHandler().getClass().getMethod("setAttribute", String.class, Object.class);
m.invoke(connector.getProtocolHandler(), "crlFile", ssl.get(Constants.CA_REVOCATION_URL).asString());
}
} catch (NoSuchMethodException e) {
throw new StartException(MESSAGES.failedSSLConfiguration(), e);
}
}
}
getWebServer().addConnector(connector);
connector.init();
connector.start();
this.connector = connector;
} catch (Exception e) {
throw new StartException(MESSAGES.connectorStartError(), e);
}
// Register the binding after the connector is started
binding.getSocketBindings().getNamedRegistry().registerBinding(new ConnectorBinding(binding));
}