| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.solr.client.solrj.embedded; |
| |
| import org.eclipse.jetty.util.ssl.SslContextFactory; |
| |
| /** |
| * Encapsulates settings related to SSL Configuration. |
| * NOTE: all other settings are ignored if {@link #isSSLMode} is false. |
| * @see #setUseSSL |
| */ |
| public class SSLConfig { |
| private boolean useSsl; |
| private boolean clientAuth; |
| private String keyStore; |
| private String keyStorePassword; |
| private String trustStore; |
| private String trustStorePassword; |
| |
| /** NOTE: all other settings are ignored if useSsl is false; trustStore settings are ignored if clientAuth is false */ |
| public SSLConfig(boolean useSsl, boolean clientAuth, String keyStore, String keyStorePassword, String trustStore, String trustStorePassword) { |
| this.useSsl = useSsl; |
| this.clientAuth = clientAuth; |
| this.keyStore = keyStore; |
| this.keyStorePassword = keyStorePassword; |
| this.trustStore = trustStore; |
| this.trustStorePassword = trustStorePassword; |
| } |
| |
| public void setUseSSL(boolean useSsl) { |
| this.useSsl = useSsl; |
| } |
| |
| public void setClientAuth(boolean clientAuth) { |
| this.clientAuth = clientAuth; |
| } |
| |
| /** All other settings on this object are ignored unless this is true */ |
| public boolean isSSLMode() { |
| return useSsl; |
| } |
| |
| public boolean isClientAuthMode() { |
| return clientAuth; |
| } |
| |
| public String getKeyStore() { |
| return keyStore; |
| } |
| |
| public String getKeyStorePassword() { |
| return keyStorePassword; |
| } |
| |
| public String getTrustStore() { |
| return trustStore; |
| } |
| |
| public String getTrustStorePassword() { |
| return trustStorePassword; |
| } |
| |
| /** |
| * Returns an SslContextFactory.Server that should be used by a jetty server based on the specified |
| * SSLConfig param which may be null. |
| * |
| * if the SSLConfig param is non-null, then this method will return the results of |
| * {@link #createContextFactory()}. |
| * |
| * If the SSLConfig param is null, then this method will return null unless the |
| * <code>tests.jettySsl</code> system property is true, in which case standard "javax.net.ssl.*" |
| * system properties will be used instead, along with "tests.jettySsl.clientAuth". |
| * |
| * @see #createContextFactory() |
| */ |
| public static SslContextFactory.Server createContextFactory(SSLConfig sslConfig) { |
| if (sslConfig != null) { |
| return sslConfig.createContextFactory(); |
| } |
| // else... |
| if (Boolean.getBoolean("tests.jettySsl")) { |
| return configureSslFromSysProps(); |
| } |
| // else... |
| return null; |
| } |
| |
| /** |
| * Returns an SslContextFactory.Server that should be used by a jetty server based on this SSLConfig instance, |
| * or null if SSL should not be used. |
| * |
| * The default implementation generates a simple factory according to the keystore, truststore, |
| * and clientAuth properties of this object. |
| * |
| * @see #getKeyStore |
| * @see #getKeyStorePassword |
| * @see #isClientAuthMode |
| * @see #getTrustStore |
| * @see #getTrustStorePassword |
| */ |
| public SslContextFactory.Server createContextFactory() { |
| if (! isSSLMode()) { |
| return null; |
| } |
| // else... |
| |
| SslContextFactory.Server factory = new SslContextFactory.Server(); |
| if (getKeyStore() != null) |
| factory.setKeyStorePath(getKeyStore()); |
| if (getKeyStorePassword() != null) |
| factory.setKeyStorePassword(getKeyStorePassword()); |
| |
| factory.setNeedClientAuth(isClientAuthMode()); |
| |
| if (isClientAuthMode()) { |
| if (getTrustStore() != null) |
| factory.setTrustStorePath(getTrustStore()); |
| if (getTrustStorePassword() != null) |
| factory.setTrustStorePassword(getTrustStorePassword()); |
| } |
| return factory; |
| } |
| |
| public SslContextFactory.Client createClientContextFactory() { |
| if (! isSSLMode()) { |
| return null; |
| } |
| // else... |
| |
| SslContextFactory.Client factory = new SslContextFactory.Client(); |
| if (getKeyStore() != null) { |
| factory.setKeyStorePath(getKeyStore()); |
| } |
| if (getKeyStorePassword() != null) { |
| factory.setKeyStorePassword(getKeyStorePassword()); |
| } |
| |
| if (isClientAuthMode()) { |
| if (getTrustStore() != null) |
| factory.setTrustStorePath(getTrustStore()); |
| if (getTrustStorePassword() != null) |
| factory.setTrustStorePassword(getTrustStorePassword()); |
| } |
| |
| return factory; |
| } |
| |
| private static SslContextFactory.Server configureSslFromSysProps() { |
| SslContextFactory.Server sslcontext = new SslContextFactory.Server(); |
| |
| if (null != System.getProperty("javax.net.ssl.keyStore")) { |
| sslcontext.setKeyStorePath |
| (System.getProperty("javax.net.ssl.keyStore")); |
| } |
| if (null != System.getProperty("javax.net.ssl.keyStorePassword")) { |
| sslcontext.setKeyStorePassword |
| (System.getProperty("javax.net.ssl.keyStorePassword")); |
| } |
| if (null != System.getProperty("javax.net.ssl.trustStore")) { |
| sslcontext.setTrustStorePath |
| (System.getProperty("javax.net.ssl.trustStore")); |
| } |
| if (null != System.getProperty("javax.net.ssl.trustStorePassword")) { |
| sslcontext.setTrustStorePassword |
| (System.getProperty("javax.net.ssl.trustStorePassword")); |
| } |
| sslcontext.setNeedClientAuth(Boolean.getBoolean("tests.jettySsl.clientAuth")); |
| |
| return sslcontext; |
| } |
| } |