I want to create embedded https server that required the clients to present a certificate and I am using this:
http://www.smartjava.org/content/embedded-jetty-client-certificates
Now my question is that how can I provide keystore and truststore file for my code given that my jetty is emedded.
I mean these lines in the code:
// the keystore (with one key) we'll use to make the connection with the
// broker
private final static String KEYSTORE_LOCATION = "src/main/resources/client_keystore.jks";
private final static String KEYSTORE_PASS = "secret";
// the truststore we use for our server. This keystore should contain all the keys
// that are allowed to make a connection to the server
private final static String TRUSTSTORE_LOCATION = "src/main/resources/truststore.jks";
private final static String TRUSTSTORE_PASS = "secret";
Thanks
There are numerous examples of Jetty embedded use on github.com/eclipse/jetty.project
Example: LikeJettyXml.java - Jetty 8, with no XML used, setting up an SSL connector.
SslSelectChannelConnector ssl_connector = new SslSelectChannelConnector();
ssl_connector.setPort(8443);
SslContextFactory cf = ssl_connector.getSslContextFactory();
cf.setKeyStorePath(jetty_home + "/etc/keystore");
cf.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
cf.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
cf.setTrustStore(jetty_home + "/etc/keystore");
cf.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
cf.setExcludeCipherSuites(
new String[] {
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
});
ssl_connector.setStatsOn(false);
server.addConnector(ssl_connector);
ssl_connector.open();
SslSocketConnector ssl2_connector = new SslSocketConnector(cf);
ssl2_connector.setPort(8444);
ssl2_connector.setStatsOn(false);
server.addConnector(ssl2_connector);
ssl2_connector.open();
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 一夜七次 的文章《Embedded Jetty with client certificates》','https://www.manongdao.com/article-430131.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}