services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java - cloudstack - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package com.cloud.consoleproxy;

 import com.sun.net.httpserver.HttpServer;
 import com.sun.net.httpserver.HttpsConfigurator;
 import com.sun.net.httpserver.HttpsParameters;
 import com.sun.net.httpserver.HttpsServer;
 import org.apache.cloudstack.utils.security.SSLUtils;
 import org.apache.log4j.Logger;

 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLServerSocket;
 import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.TrustManagerFactory;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.security.KeyStore;

 public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFactory {
     private static final Logger s_logger = Logger.getLogger(ConsoleProxySecureServerFactoryImpl.class);

     private SSLContext sslContext = null;

     public ConsoleProxySecureServerFactoryImpl() {
     }

     @Override
     public void init(byte[] ksBits, String ksPassword) {
         s_logger.info("Start initializing SSL");

         if (ksBits == null) {
             // this should not be the case
             s_logger.info("No certificates passed, recheck global configuration and certificates");
         } else {
             char[] passphrase = ksPassword != null ? ksPassword.toCharArray() : null;
             try {
                 s_logger.info("Initializing SSL from passed-in certificate");

                 KeyStore ks = KeyStore.getInstance("JKS");
                 ks.load(new ByteArrayInputStream(ksBits), passphrase);

                 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
                 kmf.init(ks, passphrase);
                 s_logger.info("Key manager factory is initialized");

                 TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
                 tmf.init(ks);
                 s_logger.info("Trust manager factory is initialized");

                 sslContext = SSLUtils.getSSLContext();
                 sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
                 s_logger.info("SSL context is initialized");
             } catch (Exception e) {
                 s_logger.error("Unable to init factory due to exception ", e);
             }
         }

     }

     @Override
     public HttpServer createHttpServerInstance(int port) throws IOException {
         try {
             HttpsServer server = HttpsServer.create(new InetSocketAddress(port), 5);
             server.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
                 @Override
                 public void configure(HttpsParameters params) {

                     // get the remote address if needed
                     InetSocketAddress remote = params.getClientAddress();
                     SSLContext c = getSSLContext();

                     // get the default parameters
                     SSLParameters sslparams = c.getDefaultSSLParameters();

                     params.setSSLParameters(sslparams);
                     params.setProtocols(SSLUtils.getRecommendedProtocols());
                     params.setCipherSuites(SSLUtils.getRecommendedCiphers());
                     // statement above could throw IAE if any params invalid.
                     // eg. if app has a UI and parameters supplied by a user.
                 }
             });

             s_logger.info("create HTTPS server instance on port: " + port);
             return server;
         } catch (Exception ioe) {
             s_logger.error(ioe.toString(), ioe);
         }
         return null;
     }

     @Override
     public SSLServerSocket createSSLServerSocket(int port) throws IOException {
         try {
             SSLServerSocket srvSock = null;
             SSLServerSocketFactory ssf = sslContext.getServerSocketFactory();
             srvSock = (SSLServerSocket)ssf.createServerSocket(port);
             srvSock.setEnabledProtocols(SSLUtils.getRecommendedProtocols());
             srvSock.setEnabledCipherSuites(SSLUtils.getRecommendedCiphers());

             s_logger.info("create SSL server socket on port: " + port);
             return srvSock;
         } catch (Exception ioe) {
             s_logger.error(ioe.toString(), ioe);
         }
         return null;
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	package com.cloud.consoleproxy;

	import com.sun.net.httpserver.HttpServer;
	import com.sun.net.httpserver.HttpsConfigurator;
	import com.sun.net.httpserver.HttpsParameters;
	import com.sun.net.httpserver.HttpsServer;
	import org.apache.cloudstack.utils.security.SSLUtils;
	import org.apache.log4j.Logger;

	import javax.net.ssl.KeyManagerFactory;
	import javax.net.ssl.SSLContext;
	import javax.net.ssl.SSLParameters;
	import javax.net.ssl.SSLServerSocket;
	import javax.net.ssl.SSLServerSocketFactory;
	import javax.net.ssl.TrustManagerFactory;
	import java.io.ByteArrayInputStream;
	import java.io.IOException;
	import java.net.InetSocketAddress;
	import java.security.KeyStore;

	public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFactory {
	private static final Logger s_logger = Logger.getLogger(ConsoleProxySecureServerFactoryImpl.class);

	private SSLContext sslContext = null;

	public ConsoleProxySecureServerFactoryImpl() {
	}

	@Override
	public void init(byte[] ksBits, String ksPassword) {
	s_logger.info("Start initializing SSL");

	if (ksBits == null) {
	// this should not be the case
	s_logger.info("No certificates passed, recheck global configuration and certificates");
	} else {
	char[] passphrase = ksPassword != null ? ksPassword.toCharArray() : null;
	try {
	s_logger.info("Initializing SSL from passed-in certificate");

	KeyStore ks = KeyStore.getInstance("JKS");
	ks.load(new ByteArrayInputStream(ksBits), passphrase);

	KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
	kmf.init(ks, passphrase);
	s_logger.info("Key manager factory is initialized");

	TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
	tmf.init(ks);
	s_logger.info("Trust manager factory is initialized");

	sslContext = SSLUtils.getSSLContext();
	sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
	s_logger.info("SSL context is initialized");
	} catch (Exception e) {
	s_logger.error("Unable to init factory due to exception ", e);
	}
	}

	}

	@Override
	public HttpServer createHttpServerInstance(int port) throws IOException {
	try {
	HttpsServer server = HttpsServer.create(new InetSocketAddress(port), 5);
	server.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
	@Override
	public void configure(HttpsParameters params) {

	// get the remote address if needed
	InetSocketAddress remote = params.getClientAddress();
	SSLContext c = getSSLContext();

	// get the default parameters
	SSLParameters sslparams = c.getDefaultSSLParameters();

	params.setSSLParameters(sslparams);
	params.setProtocols(SSLUtils.getRecommendedProtocols());
	params.setCipherSuites(SSLUtils.getRecommendedCiphers());
	// statement above could throw IAE if any params invalid.
	// eg. if app has a UI and parameters supplied by a user.
	}
	});

	s_logger.info("create HTTPS server instance on port: " + port);
	return server;
	} catch (Exception ioe) {
	s_logger.error(ioe.toString(), ioe);
	}
	return null;
	}

	@Override
	public SSLServerSocket createSSLServerSocket(int port) throws IOException {
	try {
	SSLServerSocket srvSock = null;
	SSLServerSocketFactory ssf = sslContext.getServerSocketFactory();
	srvSock = (SSLServerSocket)ssf.createServerSocket(port);
	srvSock.setEnabledProtocols(SSLUtils.getRecommendedProtocols());
	srvSock.setEnabledCipherSuites(SSLUtils.getRecommendedCiphers());

	s_logger.info("create SSL server socket on port: " + port);
	return srvSock;
	} catch (Exception ioe) {
	s_logger.error(ioe.toString(), ioe);
	}
	return null;
	}
	}