private void applySsl(final HttpsConnectorFactory con) { if (con.getKeyStoreProvider() != null || con.getTrustStoreProvider() != null) { logger.warn("Orient auto ssl configuration is impossible because dropwizard " + "configured using provider"); return; } final OServerSocketFactoryConfiguration ssl = new OServerSocketFactoryConfiguration(); ssl.name = AUTO_SSL_SOCKET; ssl.implementation = OServerTLSSocketFactory.class.getName(); ssl.parameters = buildParameters(con); if (conf.network.sockets == null) { conf.network.sockets = new ArrayList<>(); } conf.network.sockets.add(ssl); // apply ssl for both binary and http conf.network.listeners.forEach(this::updateListener); // required for remote connections usage (we know for sure that server use ssl only so safe to configure) OGlobalConfiguration.CLIENT_USE_SSL.setValue(true); logger.info("SSL configuration applied to orient based on dropwizard main context configuration." + "Client SSL (OGlobalConfiguration.CLIENT_USE_SSL) enabled."); }
private static int getPort(Configuration config) { DefaultServerFactory serverFactory = (DefaultServerFactory) config.getServerFactory(); ConnectorFactory connectorFactory = serverFactory.getApplicationConnectors().get(0); if (connectorFactory instanceof HttpsConnectorFactory) { return ((HttpsConnectorFactory) connectorFactory).getPort(); } else if (connectorFactory instanceof HttpConnectorFactory) { return ((HttpConnectorFactory) connectorFactory).getPort(); } throw new IllegalArgumentException("Could not extract main application port from configuration"); }
private void setupAuthentication(ApiServerConfig cfg, Environment env) throws Exception { final Client client = new RestClientBuilder(env, cfg).build(getName()); // Health check for oauth2 server presence final OAuth2HealthCheck healthCheck = new OAuth2HealthCheck(cfg.getOauth2Config(), client); env.healthChecks().register("Oauth2 server", healthCheck); // Setting up the oauth2 authenticator CookieEncrypter cookieEncrypter = new CookieEncrypter(cfg.getOauth2Config().getCookieSecretKey()); boolean https = ((DefaultServerFactory)cfg.getServerFactory()).getApplicationConnectors().get(0) instanceof HttpsConnectorFactory; cookieEncrypter.setSecureFlag(https); OAuth2Authenticator authenticator = new OAuth2Authenticator(cfg.getOauth2Config(), client); // Using cache authenticator CachingAuthenticator<OAuth2Credentials, User> cachingAuthenticator = new CachingAuthenticator<OAuth2Credentials, User>(env.metrics(), authenticator, cfg.getCacheSpec()); final OAuth2AuthFilter<User> oAuth2AuthFilter = new OAuth2AuthFilter.Builder<OAuth2Credentials, User, OAuth2AuthFilter<User>, CachingAuthenticator<OAuth2Credentials, User>>() .setAuthenticator(cachingAuthenticator) .setCookieEncrypter(cookieEncrypter) .build(); env.jersey().register(new AuthDynamicFeature(oAuth2AuthFilter)); env.jersey().register(RolesAllowedDynamicFeature.class); env.jersey().register(new AuthValueFactoryProvider.Binder<User>(User.class)); // Register the oauth2 resource that handles client authentication final OAuth2Resource or = new OAuth2Resource(client, cfg.getOauth2Config(), cookieEncrypter); env.jersey().register(or); }
public RestClientBuilder setupSSL(ApiServerConfig cfg) { SSLContext sslContext; ConnectorFactory factory = cfg.getClientConfig(); if (factory == null || !(factory instanceof HttpsConnectorFactory)) return this; HttpsConnectorFactory hcf = (HttpsConnectorFactory) factory; if (hcf.getKeyStorePath() != null) { keyStore = hcf.getKeyStorePath(); keyStorePassword = hcf.getKeyStorePassword(); trustStore = hcf.getTrustStorePath(); trustStorePassword = hcf.getTrustStorePassword(); sslContext = getSSLContext(); } else { SslConfigurator sslConfig = SslConfigurator.newInstance(); sslContext = sslConfig.createSSLContext(); } SSLConnectionSocketFactory sslConnectionSocketFactory = hcf.isValidateCerts() ? new SSLConnectionSocketFactory(sslContext) : new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", sslConnectionSocketFactory).build(); using(registry); return this; }
public static Integer getPort(ConnectorFactory connectorFactory) { if(connectorFactory instanceof HttpConnectorFactory) { return ((HttpConnectorFactory)connectorFactory).getPort(); } if(connectorFactory instanceof HttpsConnectorFactory) { return ((HttpsConnectorFactory)connectorFactory).getPort(); } throw new RuntimeException("Unable to infer Port of " + connectorFactory); }
private void checkAndConfigure(final ConnectorFactory connector) { if (connector instanceof HttpsConnectorFactory) { final List<OServerSocketFactoryConfiguration> sockets = conf.network.sockets; // no defined sockets already mean no ssl configured, otherwise look listeners // (sockets may be defined but not actually used) if (sockets != null && !sockets.isEmpty() && isSslAlreadyDefined()) { logger.warn("Orient auto ssl configuration not performed because ssl socket is defined " + "manually and used in one of the listeners (see network.listeners section)"); } else { applySsl((HttpsConnectorFactory) connector); } } }
private OServerParameterConfiguration[] buildParameters(final HttpsConnectorFactory con) { final List<OServerParameterConfiguration> res = new ArrayList<>(); addIfSet(res, PARAM_NETWORK_SSL_KEYSTORE, con.getKeyStorePath()); addIfSet(res, PARAM_NETWORK_SSL_KEYSTORE_TYPE, con.getKeyStoreType()); addIfSet(res, PARAM_NETWORK_SSL_KEYSTORE_PASSWORD, con.getKeyStorePassword()); addIfSet(res, PARAM_NETWORK_SSL_TRUSTSTORE, con.getTrustStorePath()); addIfSet(res, PARAM_NETWORK_SSL_TRUSTSTORE_TYPE, con.getTrustStoreType()); addIfSet(res, PARAM_NETWORK_SSL_TRUSTSTORE_PASSWORD, con.getTrustStorePassword()); return res.toArray(new OServerParameterConfiguration[res.size()]); }
private @Nonnull String getProtocol(ExpanderConfiguration config) { return HttpsConnectorFactory.class.isAssignableFrom(getConnectorFactoy(config.getServerFactory()).getClass()) ? "https" : "http"; }
