in activemq-http/src/main/java/org/apache/activemq/transport/SecureSocketConnectorFactory.java [63:151]
public Connector createConnector(Server server) throws Exception {
if (getTransportOptions() != null) {
IntrospectionSupport.setProperties(this, getTransportOptions());
}
SSLContext sslContext = context == null ? null : context.getSSLContext();
// Get a reference to the current ssl context factory...
SslContextFactory.Server factory;
if (contextFactory == null) {
factory = new SslContextFactory.Server();
if (context != null) {
// Should not be using this method since it does not use all of the values
// from the passed SslContext instance.....
factory.setSslContext(sslContext);
} else {
if (keyStore != null) {
factory.setKeyStorePath(keyStore);
}
if (keyStorePassword != null) {
factory.setKeyStorePassword(keyStorePassword);
}
// if the keyPassword hasn't been set, default it to the
// key store password
if (keyPassword == null && keyStorePassword != null) {
factory.setKeyStorePassword(keyStorePassword);
}
if (keyStoreType != null) {
factory.setKeyStoreType(keyStoreType);
}
if (secureRandomCertficateAlgorithm != null) {
factory.setSecureRandomAlgorithm(secureRandomCertficateAlgorithm);
}
if (keyCertificateAlgorithm != null) {
factory.setKeyManagerFactoryAlgorithm(keyCertificateAlgorithm);
}
if (trustCertificateAlgorithm != null) {
factory.setTrustManagerFactoryAlgorithm(trustCertificateAlgorithm);
}
if (protocol != null) {
factory.setProtocol(protocol);
}
if (trustStore != null) {
setTrustStore(factory, trustStore);
}
if (trustStorePassword != null) {
factory.setTrustStorePassword(trustStorePassword);
}
}
factory.setNeedClientAuth(needClientAuth);
factory.setWantClientAuth(wantClientAuth);
} else {
factory = contextFactory;
}
String sniRequiredPropValue = System.getProperty("jetty.ssl.sniRequired");
if(sniRequiredPropValue != null && !sniRequiredPropValue.isBlank()) {
boolean sniRequired = Boolean.valueOf(sniRequiredPropValue);
factory.setSniRequired(sniRequired);
}
String sniHostCheckPropValue = System.getProperty("jetty.ssl.sniHostCheck");
HttpConnectionFactory httpConnectionFactory = null;
if(sniHostCheckPropValue != null && !sniHostCheckPropValue.isBlank()) {
HttpConfiguration httpConfig = new HttpConfiguration();
SecureRequestCustomizer customizer = new SecureRequestCustomizer();
customizer.setSniHostCheck(false);
httpConfig.addCustomizer(customizer);
httpConnectionFactory = new HttpConnectionFactory(httpConfig);
}
if ("KRB".equals(auth) || "BOTH".equals(auth)
&& Server.getVersion().startsWith("8")) {
//return new Krb5AndCertsSslSocketConnector(factory, auth);
return null;
} else {
ServerConnector connector = null;
if(httpConnectionFactory == null) {
connector = new ServerConnector(server, factory);
} else {
connector = new ServerConnector(server, factory, httpConnectionFactory);
}
server.setStopTimeout(30_000L);
return connector;
}
}