- private static SslContextFactory generateSSLContextFactory()
- throws NoSuchAlgorithmException, KeyStoreException, IOException,
- CertificateException, FileNotFoundException {
- TrustManagerFactory tmFactory = TrustManagerFactory.getInstance("PKIX");
- tmFactory.init((KeyStore) null);
+ private static SslConnectionFactory createConnectionFactory(GigiConfig conf)
+ throws GeneralSecurityException, IOException {
+ final SslContextFactory sslContextFactory = generateSSLContextFactory(
+ conf, "www");
+ final SslContextFactory secureContextFactory = generateSSLContextFactory(
+ conf, "secure");
+ secureContextFactory.setNeedClientAuth(true);
+ final SslContextFactory staticContextFactory = generateSSLContextFactory(
+ conf, "static");
+ try {
+ secureContextFactory.start();
+ staticContextFactory.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return new SslConnectionFactory(sslContextFactory,
+ HttpVersion.HTTP_1_1.asString()) {
+ @Override
+ public boolean shouldRestartSSL() {
+ return true;
+ }
+ @Override
+ public SSLEngine restartSSL(SSLSession sslSession) {
+ SSLEngine e2 = null;
+ if (sslSession instanceof ExtendedSSLSession) {
+ ExtendedSSLSession es = (ExtendedSSLSession) sslSession;
+ List<SNIServerName> names = es.getRequestedServerNames();
+ for (SNIServerName sniServerName : names) {
+ if (sniServerName instanceof SNIHostName) {
+ SNIHostName host = (SNIHostName) sniServerName;
+ String hostname = host.getAsciiName();
+ if (hostname.equals("www.cacert.local")) {
+ e2 = sslContextFactory.newSSLEngine();
+ } else if (hostname.equals("static.cacert.local")) {
+ e2 = staticContextFactory.newSSLEngine();
+ } else if (hostname.equals("secure.cacert.local")) {
+ e2 = secureContextFactory.newSSLEngine();
+ }
+ break;
+ }
+ }
+ }
+ if (e2 == null) {
+ e2 = sslContextFactory.newSSLEngine(
+ sslSession.getPeerHost(), sslSession.getPeerPort());
+ }
+ e2.setUseClientMode(false);
+ return e2;
+ }
+ };
+ }
+
+ private static ContextHandler generateGigiContext(Properties conf) {
+ final ResourceHandler rh = new ResourceHandler();
+ rh.setResourceBase("static/www");
+
+ HandlerWrapper hw = new PolicyRedirector();
+ hw.setHandler(rh);
+
+ ServletContextHandler servlet = new ServletContextHandler(
+ ServletContextHandler.SESSIONS);
+ servlet.setInitParameter(SessionManager.__SessionCookieProperty,
+ "CACert-Session");
+ servlet.addServlet(new ServletHolder(new Gigi(conf)), "/*");
+
+ HandlerList hl = new HandlerList();
+ hl.setHandlers(new Handler[]{servlet, hw});