diff options
| author | Aaron Davidson <phacops@gmail.com> | 2013-07-11 12:03:13 -0600 |
|---|---|---|
| committer | Hans-Christoph Steiner <hans@eds.org> | 2015-05-08 16:21:51 -0400 |
| commit | f7eb2ae15b4d921ae23e20cae59f36b21056b2fc (patch) | |
| tree | 71e0cfabdf2c77bfea632d3f4571da4021d4061c /core | |
| parent | 5ab6cd87ebc604c40918e694c47cc51a1af99b6a (diff) | |
| download | nanohttpd-f7eb2ae15b4d921ae23e20cae59f36b21056b2fc.tar.gz | |
Add support for HTTPS
Added an optional makeSecure() method you can call before start() to serve
over HTTPS instead of plaintext HTTP
Diffstat (limited to 'core')
| -rw-r--r-- | core/src/main/java/fi/iki/elonen/NanoHTTPD.java | 49 |
1 files changed, 45 insertions, 4 deletions
diff --git a/core/src/main/java/fi/iki/elonen/NanoHTTPD.java b/core/src/main/java/fi/iki/elonen/NanoHTTPD.java index 4c7a0e4..53ea1b5 100644 --- a/core/src/main/java/fi/iki/elonen/NanoHTTPD.java +++ b/core/src/main/java/fi/iki/elonen/NanoHTTPD.java @@ -72,6 +72,10 @@ import java.util.TimeZone; import java.util.logging.Level; import java.util.logging.Logger; + +import java.security.KeyStore; +import javax.net.ssl.*; + /** * A simple, tiny, nicely embeddable HTTP server in Java * <p/> @@ -145,6 +149,7 @@ public abstract class NanoHTTPD { private final int myPort; private ServerSocket myServerSocket; private Set<Socket> openConnections = new HashSet<Socket>(); + private SSLServerSocketFactory sslServerSocketFactory; private Thread myThread; /** * Pluggable strategy for asynchronously executing requests. @@ -182,16 +187,52 @@ public abstract class NanoHTTPD { } } + /** + * Creates an SSLSocketFactory for HTTPS. + * + * Pass a .jks resource with your certificate and passphrase + */ + public static SSLServerSocketFactory makeSSLSocketFactory(String keyAndTrustStoreClasspathPath, char[] passphrase) throws IOException { + SSLServerSocketFactory res = null; + try { + KeyStore keystore = KeyStore.getInstance("JKS"); + InputStream keystoreStream = NanoHTTPD.class.getResourceAsStream(keyAndTrustStoreClasspathPath); + keystore.load(keystoreStream, passphrase); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + trustManagerFactory.init(keystore); + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + keyManagerFactory.init(keystore, passphrase); + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); + res = ctx.getServerSocketFactory(); + } catch (Exception e) { + throw new IOException(e); + } + return res; + } + + /** + * Call before start() to serve over HTTPS instead of HTTP + */ + public void makeSecure(SSLServerSocketFactory sslServerSocketFactory) { + this.sslServerSocketFactory = sslServerSocketFactory; + } + /** * Start the server. * * @throws IOException if the socket is in use. */ public void start() throws IOException { - myServerSocket = new ServerSocket(); - myServerSocket.setReuseAddress(true); - myServerSocket.bind((hostname != null) ? new InetSocketAddress(hostname, myPort) : new InetSocketAddress(myPort)); - + if (sslServerSocketFactory != null) { + SSLServerSocket ss = (SSLServerSocket) sslServerSocketFactory.createServerSocket(myPort); + ss.setNeedClientAuth(false); + myServerSocket = ss; + } else { + myServerSocket = new ServerSocket(); + myServerSocket.setReuseAddress(true); + myServerSocket.bind((hostname != null) ? new InetSocketAddress(hostname, myPort) : new InetSocketAddress(myPort)); + } myThread = new Thread(new Runnable() { @Override public void run() { |