X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FLauncher.java;h=56306a98ba28d0d86c6cc1c0b3343bffca57a1db;hb=d0b9305527ebb160decee391df1d189988b09655;hp=2c8c1f531d67a5e04dcbab21ce7b6a4c40efe359;hpb=ae94dd021e57b0f975f04a94ff9a182bdabbc4db;p=gigi.git diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java index 2c8c1f53..56306a98 100644 --- a/src/org/cacert/gigi/Launcher.java +++ b/src/org/cacert/gigi/Launcher.java @@ -5,21 +5,26 @@ import java.io.IOException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; -import java.security.cert.CRL; import java.security.cert.CertificateException; -import java.util.Collection; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import org.cacert.gigi.natives.SetUID; +import org.cacert.gigi.util.CipherInfo; import org.eclipse.jetty.server.Connector; +import org.eclipse.jetty.server.Handler; import org.eclipse.jetty.server.HttpConfiguration; import org.eclipse.jetty.server.HttpConnectionFactory; import org.eclipse.jetty.server.SecureRequestCustomizer; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.server.SslConnectionFactory; +import org.eclipse.jetty.server.handler.ContextHandler; +import org.eclipse.jetty.server.handler.HandlerList; +import org.eclipse.jetty.server.handler.ResourceHandler; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.log.Log; @@ -30,6 +35,9 @@ public class Launcher { Server s = new Server(); // === SSL HTTP Configuration === HttpConfiguration https_config = new HttpConfiguration(); + https_config.setSendServerVersion(false); + https_config.setSendXPoweredBy(false); + // for client-cert auth https_config.addCustomizer(new SecureRequestCustomizer()); @@ -39,9 +47,11 @@ public class Launcher { connector.setHost("127.0.0.1"); connector.setPort(443); s.setConnectors(new Connector[]{connector}); - ServletContextHandler sh = new ServletContextHandler(); - s.setHandler(sh); - sh.addServlet(new ServletHolder(new TestServlet()), "/"); + + HandlerList hl = new HandlerList(); + hl.setHandlers(new Handler[]{generateStaticContext(), + generateGigiContext()}); + s.setHandler(hl); s.start(); if (connector.getPort() <= 1024 && !System.getProperty("os.name").toLowerCase().contains("win")) { @@ -52,6 +62,22 @@ public class Launcher { } } + private static ServletContextHandler generateGigiContext() { + ServletContextHandler servlet = new ServletContextHandler( + ServletContextHandler.SESSIONS); + servlet.addServlet(new ServletHolder(new Gigi()), "/*"); + return servlet; + } + + private static ContextHandler generateStaticContext() { + ResourceHandler rh = new ResourceHandler(); + rh.setResourceBase("static"); + ContextHandler ch = new ContextHandler(); + ch.setHandler(rh); + ch.setContextPath("/static"); + return ch; + } + private static SslContextFactory generateSSLContextFactory() throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, FileNotFoundException { @@ -61,18 +87,34 @@ public class Launcher { final TrustManager[] tm = tmFactory.getTrustManagers(); SslContextFactory scf = new SslContextFactory() { + + String[] ciphers = null; + @Override - protected TrustManager[] getTrustManagers(KeyStore trustStore, - Collection crls) throws Exception { - return tm; + public void customize(SSLEngine sslEngine) { + super.customize(sslEngine); + + SSLParameters ssl = sslEngine.getSSLParameters(); + ssl.setUseCipherSuitesOrder(true); + if (ciphers == null) { + ciphers = CipherInfo.filter(sslEngine + .getSupportedCipherSuites()); + } + + ssl.setCipherSuites(ciphers); + sslEngine.setSSLParameters(ssl); + } + }; scf.setWantClientAuth(true); KeyStore ks1 = KeyStore.getInstance("pkcs12"); ks1.load(new FileInputStream("config/keystore.pkcs12"), "".toCharArray()); + scf.setTrustStorePath("config/cacerts.jks"); + scf.setTrustStorePassword("changeit"); + scf.setProtocol("TLS"); scf.setKeyStore(ks1); - scf.setProtocol("TLSv1"); return scf; } }