Skip to content

Commit

Permalink
Updated SSL Configuration for WebServer (#1852)
Browse files Browse the repository at this point in the history 
* Improvements for configuration of TLS.
* TLS Example for webserver.

Signed-off-by: Tomas Langer <tomas.langer@oracle.com>
  • Loading branch information
@tomas-langer
tomas-langer authored May 25, 2020
1 parent 9d9db4e commit 1fc12f4
Show file tree
Hide file tree
Showing 11 changed files with 448 additions and 1 deletion.
33 changes: 33 additions & 0 deletions common/key-util/src/main/java/io/helidon/common/pki/KeyConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -398,6 +398,16 @@ public KeystoreBuilder keystorePassphrase(char[] keystorePassphrase) {
return this;
}

/**
* Pass-phrase of the keystore (supported with JKS and PKCS12 keystores).
*
* @param keystorePassword keystore password to use, calls {@link #keystorePassphrase(char[])}
* @return updated builder instance
*/
public KeystoreBuilder keystorePassphrase(String keystorePassword) {
return keystorePassphrase(keystorePassword.toCharArray());
}

/**
* Alias of the private key in the keystore.
*
Expand Down Expand Up @@ -446,6 +456,18 @@ public KeystoreBuilder keyPassphrase(char[] privateKeyPassphrase) {
return this;
}

/**
* Pass-phrase of the key in the keystore (used for private keys).
* This is (by default) the same as keystore passphrase - only configure
* if it differs from keystore passphrase.
*
* @param privateKeyPassphrase pass-phrase of the key
* @return updated builder instance
*/
public KeystoreBuilder keyPassphrase(String privateKeyPassphrase) {
return keyPassphrase(privateKeyPassphrase.toCharArray());
}

/**
* Create an instance of {@link KeyConfig} based on this builder.
*
Expand Down Expand Up @@ -654,6 +676,17 @@ public PemBuilder keyPassphrase(char[] passphrase) {
return this;
}

/**
* Passphrase for private key. If the key is encrypted (and in PEM PKCS#8 format), this passphrase will be used to
* decrypt it.
*
* @param passphrase passphrase used to encrypt the private key
* @return updated builder instance
*/
public PemBuilder keyPassphrase(String passphrase) {
return keyPassphrase(passphrase.toCharArray());
}

/**
* Load certificate chain from PEM resource.
*
Expand Down
3 changes: 2 additions & 1 deletion examples/webserver/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2017, 2020 Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2017, 2020 Oracle and/or its affiliates.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -40,5 +40,6 @@
<module>opentracing</module>
<module>streaming</module>
<module>websocket</module>
<module>tls</module>
</modules>
</project>
96 changes: 96 additions & 0 deletions examples/webserver/tls/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2020 Oracle and/or its affiliates.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->

<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>io.helidon.applications</groupId>
<artifactId>helidon-se</artifactId>
<version>2.0.0-SNAPSHOT</version>
<relativePath>../../../applications/se/pom.xml</relativePath>
</parent>

<groupId>io.helidon.examples.webserver</groupId>
<artifactId>helidon-examples-webserver-tls</artifactId>
<name>Helidon WebServer Examples TLS</name>

<description>
Application demonstrates TLS configuration using a builder
and config.
</description>

<properties>
<mainClass>io.helidon.webserver.examples.tls.Main</mainClass>
</properties>

<dependencies>
<dependency>
<groupId>io.helidon.webserver</groupId>
<artifactId>helidon-webserver</artifactId>
</dependency>
<dependency>
<groupId>io.helidon.config</groupId>
<artifactId>helidon-config-yaml</artifactId>
</dependency>
<dependency>
<groupId>io.helidon.webclient</groupId>
<artifactId>helidon-webclient</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-api</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter-params</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-all</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.helidon.webserver</groupId>
<artifactId>helidon-webserver-test-support</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.helidon.webclient</groupId>
<artifactId>helidon-webclient</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>copy-libs</id>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
94 changes: 94 additions & 0 deletions examples/webserver/tls/src/main/java/io/helidon/webserver/examples/tls/Main.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
/*
* Copyright (c) 2020 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package io.helidon.webserver.examples.tls;

import java.io.IOException;
import java.io.InputStream;
import java.util.concurrent.CompletionStage;
import java.util.logging.LogManager;

import io.helidon.common.configurable.Resource;
import io.helidon.common.pki.KeyConfig;
import io.helidon.config.Config;
import io.helidon.webserver.Routing;
import io.helidon.webserver.TlsConfig;
import io.helidon.webserver.WebServer;

/**
* Main class of TLS example.
*/
public final class Main {
// utility class
private Main() {
}

/**
* Start the example.
* This will start two Helidon WebServers, both protected by TLS - one configured from config, one using a builder.
* Port of the servers will be configured from config, to be able to switch to an ephemeral port for tests.
*
* @param args start arguments are ignored
*/
public static void main(String[] args) throws IOException {
setupLogging();
Config config = Config.create();
startConfigBasedServer(config.get("config-based"))
.thenAccept(ws -> {
System.out.println("Started config based WebServer on http://localhost:" + ws.port());
});
startBuilderBasedServer(config.get("builder-based"))
.thenAccept(ws -> {
System.out.println("Started builder based WebServer on http://localhost:" + ws.port());
});
}

static CompletionStage<WebServer> startBuilderBasedServer(Config config) {
return WebServer.builder()
.config(config)
.routing(routing())
// now let's configure TLS
.tls(TlsConfig.builder()
.privateKey(KeyConfig.keystoreBuilder()
.keystore(Resource.create("certificate.p12"))
.keystorePassphrase("helidon")))
.build()
.start();
}

static CompletionStage<WebServer> startConfigBasedServer(Config config) {
return WebServer.builder()
.config(config)
.routing(routing())
.build()
.start();
}

private static Routing routing() {
return Routing.builder()
.get("/", (req, res) -> res.send("Hello!"))
.build();
}

/**
* Configure logging from logging.properties file.
*/
private static void setupLogging() throws IOException {
try (InputStream is = Main.class.getResourceAsStream("/logging.properties")) {
LogManager.getLogManager().readConfiguration(is);
}
}
}
20 changes: 20 additions & 0 deletions examples/webserver/tls/src/main/java/io/helidon/webserver/examples/tls/package-info.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
/*
* Copyright (c) 2020 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

/**
* Example of TLS configuration for webserver, using both {@link io.helidon.config.Config} and builder based approach.
*/
package io.helidon.webserver.examples.tls;
25 changes: 25 additions & 0 deletions examples/webserver/tls/src/main/resources/application.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#
# Copyright (c) 2020 Oracle and/or its affiliates.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

config-based:
port: 8080
ssl:
private-key.keystore:
resource.resource-path: "certificate.p12"
passphrase: "helidon"

builder-based:
port: 8081
Binary file added examples/webserver/tls/src/main/resources/certificate.p12
View file
Binary file not shown.
20 changes: 20 additions & 0 deletions examples/webserver/tls/src/main/resources/logging.properties
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#
# Copyright (c) 2020 Oracle and/or its affiliates. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

handlers=io.helidon.common.HelidonConsoleHandler
java.util.logging.SimpleFormatter.format=[%1$tc] %4$s: %2$s - %5$s %6$s%n
.level=INFO
io.helidon.microprofile.server.level=INFO
Loading

0 comments on commit 1fc12f4

Please sign in to comment.