ServerDaemon: Explicit provider and keystore type in FIPS mode

Author: weizhouapache

client/src/main/java/org/apache/cloudstack/ServerDaemon.java

@@ -261,12 +261,7 @@ private void createHttpsConnector(final HttpConfiguration httpConfig) {
         // Configure SSL
         if (httpsEnable && StringUtils.isNotEmpty(keystoreFile) && new File(keystoreFile).exists()) {
             // SSL Context
-            final SslContextFactory sslContextFactory = new SslContextFactory.Server();
-
-            // Define keystore path and passwords
-            sslContextFactory.setKeyStorePath(keystoreFile);
-            sslContextFactory.setKeyStorePassword(keystorePassword);
-            sslContextFactory.setKeyManagerPassword(keystorePassword);
+            final SslContextFactory sslContextFactory = getSslContextFactory();
 
             // HTTPS config
             final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
@@ -290,6 +285,22 @@ private void createHttpsConnector(final HttpConfiguration httpConfig) {
         }
     }
 
+    private SslContextFactory getSslContextFactory() {
+        final SslContextFactory sslContextFactory = new SslContextFactory.Server();
+
+        // Define keystore path and passwords
+        sslContextFactory.setKeyStorePath(keystoreFile);
+        sslContextFactory.setKeyStorePassword(keystorePassword);
+        sslContextFactory.setKeyManagerPassword(keystorePassword);
+
+        if (CloudStackFipsUtils.FIPS_MODE) {
+            // Explicit provider and keystore type
+            sslContextFactory.setProvider("BCFIPS");
+            sslContextFactory.setKeyStoreType("BCFKS");
+        }
+        return sslContextFactory;
+    }
+
     private Pair<SessionHandler,HandlerCollection> createHandlers() {
         final WebAppContext webApp = new WebAppContext();
         webApp.setContextPath(contextPath);