Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
neo4j/community/server/src/main/java/org/neo4j/server/security/ssl/SslSocketConnectorFactory.java /
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
109 lines (95 sloc)
4.07 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Copyright (c) "Neo4j" | |
| * Neo4j Sweden AB [http://neo4j.com] | |
| * | |
| * This file is part of Neo4j. | |
| * | |
| * Neo4j is free software: you can redistribute it and/or modify | |
| * it under the terms of the GNU General Public License as published by | |
| * the Free Software Foundation, either version 3 of the License, or | |
| * (at your option) any later version. | |
| * | |
| * This program is distributed in the hope that it will be useful, | |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| * GNU General Public License for more details. | |
| * | |
| * You should have received a copy of the GNU General Public License | |
| * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| */ | |
| package org.neo4j.server.security.ssl; | |
| import org.eclipse.jetty.http.HttpVersion; | |
| import org.eclipse.jetty.io.ByteBufferPool; | |
| import org.eclipse.jetty.server.HttpConfiguration; | |
| import org.eclipse.jetty.server.HttpConfiguration.Customizer; | |
| import org.eclipse.jetty.server.Server; | |
| import org.eclipse.jetty.server.ServerConnector; | |
| import org.eclipse.jetty.server.SslConnectionFactory; | |
| import org.eclipse.jetty.util.ssl.SslContextFactory; | |
| import java.util.List; | |
| import java.util.UUID; | |
| import org.neo4j.configuration.Config; | |
| import org.neo4j.configuration.helpers.SocketAddress; | |
| import org.neo4j.kernel.api.net.NetworkConnectionTracker; | |
| import org.neo4j.server.web.HttpConnectorFactory; | |
| import org.neo4j.server.web.JettyThreadCalculator; | |
| import org.neo4j.ssl.SslPolicy; | |
| public class SslSocketConnectorFactory extends HttpConnectorFactory | |
| { | |
| private static final String NAME = "https"; | |
| private final Customizer requestCustomizer; | |
| public SslSocketConnectorFactory( NetworkConnectionTracker connectionTracker, Config config, ByteBufferPool byteBufferPool ) | |
| { | |
| super( NAME, connectionTracker, config, byteBufferPool ); | |
| requestCustomizer = new HttpsRequestCustomizer( config ); | |
| } | |
| @Override | |
| protected HttpConfiguration createHttpConfig() | |
| { | |
| HttpConfiguration httpConfig = super.createHttpConfig(); | |
| httpConfig.addCustomizer( requestCustomizer ); | |
| return httpConfig; | |
| } | |
| public ServerConnector createConnector( Server server, SslPolicy sslPolicy, SocketAddress address, | |
| JettyThreadCalculator jettyThreadCalculator ) | |
| { | |
| SslConnectionFactory sslConnectionFactory = createSslConnectionFactory( sslPolicy ); | |
| return createConnector( server, address, jettyThreadCalculator, sslConnectionFactory, createHttpConnectionFactory() ); | |
| } | |
| private static SslConnectionFactory createSslConnectionFactory( SslPolicy sslPolicy ) | |
| { | |
| SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); | |
| String password = UUID.randomUUID().toString(); | |
| sslContextFactory.setKeyStore( sslPolicy.getKeyStore( password.toCharArray(), password.toCharArray() ) ); | |
| sslContextFactory.setKeyStorePassword( password ); | |
| sslContextFactory.setKeyManagerPassword( password ); | |
| List<String> ciphers = sslPolicy.getCipherSuites(); | |
| if ( ciphers != null ) | |
| { | |
| sslContextFactory.setIncludeCipherSuites( ciphers.toArray( new String[0] ) ); | |
| sslContextFactory.setExcludeCipherSuites(); | |
| } | |
| String[] protocols = sslPolicy.getTlsVersions(); | |
| if ( protocols != null ) | |
| { | |
| sslContextFactory.setIncludeProtocols( protocols ); | |
| sslContextFactory.setExcludeProtocols(); | |
| } | |
| switch ( sslPolicy.getClientAuth() ) | |
| { | |
| case REQUIRE: | |
| sslContextFactory.setNeedClientAuth( true ); | |
| break; | |
| case OPTIONAL: | |
| sslContextFactory.setWantClientAuth( true ); | |
| break; | |
| case NONE: | |
| sslContextFactory.setWantClientAuth( false ); | |
| sslContextFactory.setNeedClientAuth( false ); | |
| break; | |
| default: | |
| throw new IllegalArgumentException( "Not supported: " + sslPolicy.getClientAuth() ); | |
| } | |
| return new SslConnectionFactory( sslContextFactory, HttpVersion.HTTP_1_1.asString() ); | |
| } | |
| } |