Hi In our application which leverages the Felix Http Service we have implemented a service which provides custom KeyStore and TrustStores along with their *Managers. Those are not file based hence we cannot simply configure the file paths.
On solution to approach this would be to support custom "org.eclipse.jetty.util.ssl.SslContextFactory" services which the Jetty Service would take into account. For example along these lines: (1) Define a property "org.apache.felix.https.jetty.sslcontextfactory" which is a service selection filter, e.g. "(service.property=some.value)". If this property is set a SSLContextFactory service matching the given filter is required. If this property is not set, the default SSLContextFactory is used and configured from the configuration. If this property is set to the special value "*" a SSLContextFacory is just required. (2) If the property is set but not matching service is available, the Jetty Service will not be started. (3) Any further SSL relevant properties such as cipher enablement and disablement will be configured into the SSLContextFactory service according to configuration (this has an implication on the service implementation). Alternative to (2): (2a) If plain HTTP is enabled, the server could start with HTTP only and HTTPS would dynamically be added, when a service becomes available; If HTTP is disabled, the server would not be started until a service becomes available. Alternative to (3): (3a) Any SSL properties are ignored if the .SslContextFactory service is to be used. WDYT ? Regards Felix
