- private static ServletContextHandler generateGigiContext(Properties conf) {
- ServletContextHandler servlet = new ServletContextHandler(
- ServletContextHandler.SESSIONS);
- servlet.setInitParameter(SessionManager.__SessionCookieProperty,
- "CACert-Session");
- servlet.addServlet(new ServletHolder(new Gigi(conf)), "/*");
- return servlet;
+ private static SslConnectionFactory createConnectionFactory(GigiConfig conf) throws GeneralSecurityException,
+ IOException {
+ final SslContextFactory sslContextFactory = generateSSLContextFactory(conf, "www");
+ final SslContextFactory secureContextFactory = generateSSLContextFactory(conf, "secure");
+ secureContextFactory.setWantClientAuth(true);
+ secureContextFactory.setNeedClientAuth(false);
+ final SslContextFactory staticContextFactory = generateSSLContextFactory(conf, "static");
+ final SslContextFactory apiContextFactory = generateSSLContextFactory(conf, "api");
+ try {
+ secureContextFactory.start();
+ staticContextFactory.start();
+ apiContextFactory.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()) {
+ @Override
+ public boolean shouldRestartSSL() {
+ return true;
+ }
+
+ @Override
+ public SSLEngine restartSSL(SSLSession sslSession) {
+ SSLEngine e2 = null;
+ if (sslSession instanceof ExtendedSSLSession) {
+ ExtendedSSLSession es = (ExtendedSSLSession) sslSession;
+ List<SNIServerName> names = es.getRequestedServerNames();
+ for (SNIServerName sniServerName : names) {
+ if (sniServerName instanceof SNIHostName) {
+ SNIHostName host = (SNIHostName) sniServerName;
+ String hostname = host.getAsciiName();
+ if (hostname.equals(ServerConstants.getWwwHostName())) {
+ e2 = sslContextFactory.newSSLEngine();
+ } else if (hostname.equals(ServerConstants.getStaticHostName())) {
+ e2 = staticContextFactory.newSSLEngine();
+ } else if (hostname.equals(ServerConstants.getSecureHostName())) {
+ e2 = secureContextFactory.newSSLEngine();
+ } else if (hostname.equals(ServerConstants.getApiHostName())) {
+ e2 = apiContextFactory.newSSLEngine();
+ }
+ break;
+ }
+ }
+ }
+ if (e2 == null) {
+ e2 = sslContextFactory.newSSLEngine(sslSession.getPeerHost(), sslSession.getPeerPort());
+ }
+ e2.setUseClientMode(false);
+ return e2;
+ }
+ };