FIX: use better DH keylengths (4096)

[gigi.git] / src / org / cacert / gigi / Launcher.java

diff --git a/src/org/cacert/gigi/Launcher.java b/src/org/cacert/gigi/Launcher.java
index 41ee8ac7551a665ec0800c5d79c5854df695de31..33511ba54826928ea72de54cfa8543a5674a4852 100644 (file)
--- a/src/org/cacert/gigi/Launcher.java
+++ b/src/org/cacert/gigi/Launcher.java
@@ -9,6 +9,7 @@ import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.Certificate;
 import java.util.List;
+import java.util.Locale;
 import java.util.Properties;
 import java.util.TimeZone;
 
@@ -47,7 +48,10 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
 public class Launcher {
 
     public static void main(String[] args) throws Exception {
+        Locale.setDefault(Locale.ENGLISH);
         TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
+        System.setProperty("jdk.tls.ephemeralDHKeySize", "4096");
+
         GigiConfig conf = GigiConfig.parse(System.in);
         ServerConstants.init(conf.getMainProps());
         initEmails(conf);
@@ -66,7 +70,7 @@ public class Launcher {
 
         HandlerList hl = new HandlerList();
         hl.setHandlers(new Handler[] {
-                generateStaticContext(), generateGigiContexts(conf.getMainProps()), generateAPIContext()
+                generateStaticContext(), generateGigiContexts(conf.getMainProps(), conf.getTrustStore()), generateAPIContext()
         });
         s.setHandler(hl);
         s.start();
@@ -83,10 +87,10 @@ public class Launcher {
         if (doHttps) {
             connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(httpConfig));
         } else {
-            connector = new ServerConnector(s);
+            connector = new ServerConnector(s, new HttpConnectionFactory(httpConfig));
         }
         connector.setHost(conf.getMainProps().getProperty("host"));
-        if(doHttps) {
+        if (doHttps) {
             connector.setPort(ServerConstants.getSecurePort());
         } else {
             connector.setPort(ServerConstants.getPort());
@@ -163,8 +167,8 @@ public class Launcher {
         };
     }
 
-    private static Handler generateGigiContexts(Properties conf) {
-        ServletHolder webAppServlet = new ServletHolder(new Gigi(conf));
+    private static Handler generateGigiContexts(Properties conf, KeyStore trust) {
+        ServletHolder webAppServlet = new ServletHolder(new Gigi(conf, trust));
 
         ContextHandler ch = generateGigiServletContext(webAppServlet);
         ch.setVirtualHosts(new String[] {