import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.util.List;
+import java.util.Locale;
import java.util.Properties;
+import java.util.TimeZone;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SNIHostName;
public class Launcher {
public static void main(String[] args) throws Exception {
+ Locale.setDefault(Locale.ENGLISH);
+ TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
+ System.setProperty("jdk.tls.ephemeralDHKeySize", "4096");
+
GigiConfig conf = GigiConfig.parse(System.in);
ServerConstants.init(conf.getMainProps());
initEmails(conf);
Server s = new Server();
- // === SSL HTTP Configuration ===
- HttpConfiguration https_config = new HttpConfiguration();
- https_config.setSendServerVersion(false);
- https_config.setSendXPoweredBy(false);
+ HttpConfiguration httpsConfig = createHttpConfiguration();
// for client-cert auth
- https_config.addCustomizer(new SecureRequestCustomizer());
+ httpsConfig.addCustomizer(new SecureRequestCustomizer());
+
+ HttpConfiguration httpConfig = createHttpConfiguration();
- ServerConnector connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(https_config));
- connector.setHost(conf.getMainProps().getProperty("host"));
- connector.setPort(Integer.parseInt(conf.getMainProps().getProperty("port")));
s.setConnectors(new Connector[] {
- connector
+ createConnector(conf, s, httpsConfig, true), createConnector(conf, s, httpConfig, false)
});
HandlerList hl = new HandlerList();
hl.setHandlers(new Handler[] {
- generateStaticContext(), generateGigiContexts(conf.getMainProps()), generateAPIContext()
+ generateStaticContext(), generateGigiContexts(conf.getMainProps(), conf.getTrustStore()), generateAPIContext()
});
s.setHandler(hl);
s.start();
- if (connector.getPort() <= 1024 && !System.getProperty("os.name").toLowerCase().contains("win")) {
+ if ((ServerConstants.getSecurePort() <= 1024 || ServerConstants.getPort() <= 1024) && !System.getProperty("os.name").toLowerCase().contains("win")) {
SetUID uid = new SetUID();
if ( !uid.setUid(65536 - 2, 65536 - 2).getSuccess()) {
Log.getLogger(Launcher.class).warn("Couldn't set uid!");
}
}
+ private static ServerConnector createConnector(GigiConfig conf, Server s, HttpConfiguration httpConfig, boolean doHttps) throws GeneralSecurityException, IOException {
+ ServerConnector connector;
+ if (doHttps) {
+ connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(httpConfig));
+ } else {
+ connector = new ServerConnector(s, new HttpConnectionFactory(httpConfig));
+ }
+ connector.setHost(conf.getMainProps().getProperty("host"));
+ if (doHttps) {
+ connector.setPort(ServerConstants.getSecurePort());
+ } else {
+ connector.setPort(ServerConstants.getPort());
+ }
+ connector.setAcceptQueueSize(100);
+ return connector;
+ }
+
+ private static HttpConfiguration createHttpConfiguration() {
+ // SSL HTTP Configuration
+ HttpConfiguration httpsConfig = new HttpConfiguration();
+ httpsConfig.setSendServerVersion(false);
+ httpsConfig.setSendXPoweredBy(false);
+ return httpsConfig;
+ }
+
private static void initEmails(GigiConfig conf) throws GeneralSecurityException, IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
KeyStore privateStore = conf.getPrivateStore();
Certificate mail = privateStore.getCertificate("mail");
};
}
- private static Handler generateGigiContexts(Properties conf) {
- ServletHolder webAppServlet = new ServletHolder(new Gigi(conf));
+ private static Handler generateGigiContexts(Properties conf, KeyStore trust) {
+ ServletHolder webAppServlet = new ServletHolder(new Gigi(conf, trust));
ContextHandler ch = generateGigiServletContext(webAppServlet);
ch.setVirtualHosts(new String[] {
projects / gigi.git / blobdiff