[feature] Use modular XML config for Jetty SSL and HTTPS

src/org/exist/jetty/JettyStart.java

@@ -66,7 +66,10 @@
  */
 public class JettyStart extends Observable implements LifeCycle.Listener {
 
-    protected static final Logger logger = LogManager.getLogger(JettyStart.class);
+    public static final String JETTY_HOME_PROP = "jetty.home";
+    public static final String JETTY_BASE_PROP = "jetty.base";
+
+    private static final Logger logger = LogManager.getLogger(JettyStart.class);
 
     public static void main(String[] args) {
         final JettyStart start = new JettyStart();
@@ -92,12 +95,12 @@ public JettyStart() {
     }
 
     public void run() {
-        final String jettyProperty = Optional.ofNullable(System.getProperty("jetty.home"))
+        final String jettyProperty = Optional.ofNullable(System.getProperty(JETTY_HOME_PROP))
                 .orElseGet(() -> {
                     final Optional<Path> home = ConfigurationHelper.getExistHome();
                     final Path jettyHome = FileUtils.resolve(home, "tools").resolve("jetty");
                     final String jettyPath = jettyHome.toAbsolutePath().toString();
-                    System.setProperty("jetty.home", jettyPath);
+                    System.setProperty(JETTY_HOME_PROP, jettyPath);
                     return jettyPath;
                 });
 
@@ -112,6 +115,9 @@ public void run(String[] args, Observer observer) {
         }
 
         final Path jettyConfig = Paths.get(args[0]);
+        final Map<String, String> configProperties = new HashMap<>();
+        configProperties.put(JETTY_HOME_PROP, System.getProperty(JETTY_HOME_PROP));
+        configProperties.put(JETTY_BASE_PROP, System.getProperty(JETTY_BASE_PROP, System.getProperty(JETTY_HOME_PROP)));
 
         final String shutdownHookOption = System.getProperty("exist.register-shutdown-hook", "true");
         boolean registerShutdownHook = "true".equals(shutdownHookOption);
@@ -146,8 +152,8 @@ public void run(String[] args, Observer observer) {
                 + System.getProperty("os.arch") + "]");
         logger.info("[log4j.configurationFile : "
                 + System.getProperty("log4j.configurationFile") + "]");
-        logger.info("[jetty.home : " 
-                + System.getProperty("jetty.home") + "]");
+        logger.info("[{} : {}]", JETTY_HOME_PROP, configProperties.get(JETTY_HOME_PROP));
+        logger.info("[{} : {}]", JETTY_BASE_PROP, configProperties.get(JETTY_BASE_PROP));
         logger.info("[jetty configuration : {}]", jettyConfig.toAbsolutePath().toString());
 
         try {
@@ -191,6 +197,7 @@ public void run(String[] args, Observer observer) {
 //            }
 
             final List<Path> configFiles = new ArrayList<>();
+            configFiles.add(jettyConfig.getParent().resolve("jetty-ssl-context.xml"));
             configFiles.add(jettyConfig.getParent().resolve("jetty-jmx.xml"));
             configFiles.add(jettyConfig.getParent().resolve("jetty-annotations.xml"));
             configFiles.add(jettyConfig.getParent().resolve("jetty-jaas.xml"));
@@ -215,6 +222,7 @@ public void run(String[] args, Observer observer) {
                     if (last != null) {
                         configuration.getIdMap().putAll(last.getIdMap());
                     }
+                    configuration.getProperties().putAll(configProperties);
                     configuredObjects.add(configuration.configure());
                     last = configuration;
                 }

tools/jetty/etc/jetty-ssl-context.xml

@@ -0,0 +1,30 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
+
+<!-- ============================================================= -->
+<!-- SSL ContextFactory configuration                              -->
+<!-- ============================================================= -->
+
+<!-- 
+  To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at 
+     https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
+-->
+
+<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+  <Set name="keyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/keystore"/></Set>
+  <Set name="keyStorePassword"><Property name="jetty.sslContext.keyStorePassword" deprecated="jetty.keystore.password" default="OBF:1yta1t331v8w1v9q1t331ytc"/></Set>
+  <Set name="keyStoreType"><Property name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
+  <Set name="keyStoreProvider"><Property name="jetty.sslContext.keyStoreProvider" default="SUN"/></Set>
+
+  <Set name="keyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword" deprecated="jetty.keymanager.password" default="OBF:1yta1t331v8w1v9q1t331ytc"/></Set>
+
+  <Set name="trustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" deprecated="jetty.truststore" default="etc/keystore"/></Set>
+  <Set name="trustStorePassword"><Property name="jetty.sslContext.trustStorePassword" deprecated="jetty.truststore.password" default="OBF:1yta1t331v8w1v9q1t331ytc"/></Set>
+  <Set name="trustStoreProvider"><Property name="jetty.sslContext.trustStoreProvider"/></Set>
+
+  <Set name="needClientAuth"><Property name="jetty.sslContext.needClientAuth" deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
+  <Set name="wantClientAuth"><Property name="jetty.sslContext.wantClientAuth" deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
+  <Set name="useCipherSuitesOrder"><Property name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
+  <Set name="sslSessionCacheSize"><Property name="jetty.sslContext.sslSessionCacheSize" default="-1"/></Set>
+  <Set name="sslSessionTimeout"><Property name="jetty.sslContext.sslSessionTimeout" default="-1"/></Set>
+</Configure>

tools/jetty/etc/jetty.xml

@@ -160,37 +160,6 @@
     </Call>
   </Ref -->
 
-  <!-- =============================================================== -->
-  <!-- Configure SSL for the Jetty Server                              -->
-  <!-- this configuration file should be used in combination with      -->
-  <!-- other configuration files.  e.g.                                -->
-  <!--    java -jar start.jar etc/jetty-ssl.xml                        -->
-  <!--                                                                 -->
-  <!--  alternately, add to the start.ini for easier usage             -->
-  <!-- =============================================================== -->
-
-<!-- TODO(AR) need to check this -->
-<!--
-  <Call name="addConnector">
-    <Arg>
-      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
-        <Arg>
-          <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
-            <Set name="keyStore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set>
-            <Set name="keyStorePassword">secret</Set>
-            <Set name="keyManagerPassword">secret</Set>
-            <Set name="trustStore"><SystemProperty name="jetty.home" default="."
-              />/etc/keystore</Set>
-            <Set name="trustStorePassword">secret</Set>
-          </New>
-        </Arg>
-        <Set name="Port"><SystemProperty name="jetty.port.ssl" default="8443"/></Set>
-        <Set name="maxIdleTime">30000</Set>
-      </New>
-    </Arg>
-  </Call>
--->
-
   <!-- =============================================================== -->
   <!-- Configure request log handler       			                -->
   <!-- http://wiki.eclipse.org/Jetty/Howto/Configure_Request_Logs      -->