}
private static ConnectorConfiguration buildSecureConnectorConfiguration(String configDirStr,
HashMap<String, String> serverProperties) {
SSLConfiguration ssl = new SSLConfiguration();
// Because of https://issues.jboss.org/browse/WFLY-1177 we cannot build expressions for key/truststore files.
// Otherwise, we end up with recursive expressions (${${x}:a}) which is what's broken. For now, just use ${x} which is allowed.
// truststore
ssl.setCaCertificateFile(buildExpression("rhq.server.tomcat.security.truststore.file", serverProperties, false));
ssl.setCaCertificationPassword(buildExpression("rhq.server.tomcat.security.truststore.password",
serverProperties, true, true, true));
ssl.setTruststoreType(buildExpression("rhq.server.tomcat.security.truststore.type", serverProperties, true,
true, false));
// keystore
ssl.setCertificateKeyFile(buildExpression("rhq.server.tomcat.security.keystore.file", serverProperties, false));
ssl.setPassword(buildExpression("rhq.server.tomcat.security.keystore.password", serverProperties, true, true,
true));
ssl.setKeyAlias(buildExpression("rhq.server.tomcat.security.keystore.alias", serverProperties, true));
ssl.setKeystoreType(buildExpression("rhq.server.tomcat.security.keystore.type", serverProperties, true));
// SSL protocol config
ssl.setProtocol(buildExpression("rhq.server.tomcat.security.secure-socket-protocol", serverProperties, true));
ssl.setVerifyClient(buildExpression("rhq.server.tomcat.security.client-auth-mode", serverProperties, true));
// note: there doesn't appear to be a way for AS7 to support algorithm, like SunX509 or IbmX509
// so I think it just uses the JVM's default. This means "rhq.server.tomcat.security.algorithm" is unused
ConnectorConfiguration connector = new ConnectorConfiguration();