Java Code Examples for io.vertx.core.http.HttpServerOptions#setClientAuth()

The following examples show how to use io.vertx.core.http.HttpServerOptions#setClientAuth() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: EthSigner.java    From ethsigner with Apache License 2.0 6 votes vote down vote up
private static HttpServerOptions applyClientAuthentication(
    final HttpServerOptions input, final ClientAuthConstraints constraints) {
  final HttpServerOptions result = new HttpServerOptions(input);

  result.setClientAuth(ClientAuth.REQUIRED);
  try {
    constraints
        .getKnownClientsFile()
        .ifPresent(
            whitelistFile ->
                result.setTrustOptions(
                    VertxTrustOptions.whitelistClients(
                        whitelistFile.toPath(), constraints.isCaAuthorizedClientAllowed())));
  } catch (final IllegalArgumentException e) {
    throw new InitializationException("Illegally formatted client fingerprint file.");
  }

  return result;
}
 
Example 2
Source File: JsonRpcHttpService.java    From besu with Apache License 2.0 5 votes vote down vote up
private void applyTlsClientAuth(
    final TlsClientAuthConfiguration clientAuthConfiguration,
    final HttpServerOptions httpServerOptions) {
  httpServerOptions.setClientAuth(ClientAuth.REQUIRED);
  clientAuthConfiguration
      .getKnownClientsFile()
      .ifPresent(
          knownClientsFile ->
              httpServerOptions.setTrustOptions(
                  whitelistClients(
                      knownClientsFile, clientAuthConfiguration.isCaClientsEnabled())));
}
 
Example 3
Source File: TlsEnabledHttpServerFactory.java    From ethsigner with Apache License 2.0 4 votes vote down vote up
public HttpServer create(
    final TlsCertificateDefinition serverCert,
    final TlsCertificateDefinition acceptedClientCerts,
    final Path workDir) {
  try {

    final Path serverFingerprintFile = workDir.resolve("server_known_clients");
    populateFingerprintFile(serverFingerprintFile, acceptedClientCerts, Optional.empty());

    final HttpServerOptions web3HttpServerOptions = new HttpServerOptions();
    web3HttpServerOptions.setSsl(true);
    web3HttpServerOptions.setClientAuth(ClientAuth.REQUIRED);
    web3HttpServerOptions.setTrustOptions(
        VertxTrustOptions.whitelistClients(serverFingerprintFile));
    web3HttpServerOptions.setPort(0);
    web3HttpServerOptions.setPfxKeyCertOptions(
        new PfxOptions()
            .setPath(serverCert.getPkcs12File().toString())
            .setPassword(serverCert.getPassword()));

    final Router router = Router.router(vertx);
    final JsonDecoder jsonDecoder = createJsonDecoder();
    final RequestMapper requestMapper = new RequestMapper(new MockBalanceReporter());
    router
        .route(HttpMethod.POST, "/")
        .produces(HttpHeaderValues.APPLICATION_JSON.toString())
        .handler(BodyHandler.create())
        .handler(ResponseContentTypeHandler.create())
        .failureHandler(new JsonRpcErrorHandler(new HttpResponseFactory(), jsonDecoder))
        .handler(new JsonRpcHandler(null, requestMapper, jsonDecoder));

    final HttpServer web3ProviderHttpServer = vertx.createHttpServer(web3HttpServerOptions);

    final CompletableFuture<Boolean> serverConfigured = new CompletableFuture<>();
    web3ProviderHttpServer
        .requestHandler(router)
        .listen(result -> serverConfigured.complete(true));

    serverConfigured.get();

    serversCreated.add(web3ProviderHttpServer);
    return web3ProviderHttpServer;
  } catch (final KeyStoreException
      | NoSuchAlgorithmException
      | CertificateException
      | IOException
      | ExecutionException
      | InterruptedException e) {
    throw new RuntimeException("Failed to construct a TLS Enabled Server", e);
  }
}
 
Example 4
Source File: TlsEnabledHttpServerFactory.java    From besu with Apache License 2.0 4 votes vote down vote up
HttpServer create(
    final TlsCertificateDefinition serverCert,
    final TlsCertificateDefinition acceptedClientCerts,
    final Path workDir,
    final boolean tlsEnabled) {
  try {

    final Path serverFingerprintFile = workDir.resolve("server_known_clients");
    populateFingerprintFile(serverFingerprintFile, acceptedClientCerts, Optional.empty());

    final HttpServerOptions web3HttpServerOptions = new HttpServerOptions();
    web3HttpServerOptions.setPort(0);
    if (tlsEnabled) {
      web3HttpServerOptions.setSsl(true);
      web3HttpServerOptions.setClientAuth(ClientAuth.REQUIRED);
      web3HttpServerOptions.setTrustOptions(
          VertxTrustOptions.whitelistClients(serverFingerprintFile));
      web3HttpServerOptions.setPfxKeyCertOptions(
          new PfxOptions()
              .setPath(serverCert.getPkcs12File().toString())
              .setPassword(serverCert.getPassword()));
    }
    final Router router = Router.router(vertx);
    router
        .route(HttpMethod.GET, "/upcheck")
        .produces(HttpHeaderValues.APPLICATION_JSON.toString())
        .handler(TlsEnabledHttpServerFactory::handleRequest);

    final HttpServer mockOrionHttpServer = vertx.createHttpServer(web3HttpServerOptions);

    final CompletableFuture<Boolean> serverConfigured = new CompletableFuture<>();
    mockOrionHttpServer.requestHandler(router).listen(result -> serverConfigured.complete(true));

    serverConfigured.get();

    serversCreated.add(mockOrionHttpServer);
    return mockOrionHttpServer;
  } catch (final KeyStoreException
      | NoSuchAlgorithmException
      | CertificateException
      | IOException
      | ExecutionException
      | InterruptedException e) {
    throw new RuntimeException("Failed to construct a TLS Enabled Server", e);
  }
}
 
Example 5
Source File: VertxHttpServerFactory.java    From graviteeio-access-management with Apache License 2.0 4 votes vote down vote up
@Override
public HttpServer getObject() throws Exception {
    HttpServerOptions options = new HttpServerOptions();

    // Binding port
    options.setPort(httpServerConfiguration.getPort());
    options.setHost(httpServerConfiguration.getHost());

    // Netty pool buffers must be enabled by default
    options.setUsePooledBuffers(true);

    if (httpServerConfiguration.isSecured()) {
        options.setSsl(httpServerConfiguration.isSecured());
        options.setUseAlpn(httpServerConfiguration.isAlpn());

        if (httpServerConfiguration.getClientAuth() == VertxHttpServerConfiguration.ClientAuthMode.NONE) {
            options.setClientAuth(ClientAuth.NONE);
        } else if (httpServerConfiguration.getClientAuth() == VertxHttpServerConfiguration.ClientAuthMode.REQUEST) {
            options.setClientAuth(ClientAuth.REQUEST);
        } else if (httpServerConfiguration.getClientAuth() == VertxHttpServerConfiguration.ClientAuthMode.REQUIRED) {
            options.setClientAuth(ClientAuth.REQUIRED);
        }

        if (httpServerConfiguration.getTrustStorePath() != null) {
            if (httpServerConfiguration.getTrustStoreType() == null || httpServerConfiguration.getTrustStoreType().isEmpty() ||
                    httpServerConfiguration.getTrustStoreType().equalsIgnoreCase(CERTIFICATE_FORMAT_JKS)) {
                options.setTrustStoreOptions(new JksOptions()
                        .setPath(httpServerConfiguration.getTrustStorePath())
                        .setPassword(httpServerConfiguration.getTrustStorePassword()));
            } else if (httpServerConfiguration.getTrustStoreType().equalsIgnoreCase(CERTIFICATE_FORMAT_PEM)) {
                options.setPemTrustOptions(new PemTrustOptions()
                        .addCertPath(httpServerConfiguration.getTrustStorePath()));
            } else if (httpServerConfiguration.getTrustStoreType().equalsIgnoreCase(CERTIFICATE_FORMAT_PKCS12)) {
                options.setPfxTrustOptions(new PfxOptions()
                        .setPath(httpServerConfiguration.getTrustStorePath())
                        .setPassword(httpServerConfiguration.getTrustStorePassword()));
            }
        }

        if (httpServerConfiguration.getKeyStorePath() != null) {
            if (httpServerConfiguration.getKeyStoreType() == null || httpServerConfiguration.getKeyStoreType().isEmpty() ||
                    httpServerConfiguration.getKeyStoreType().equalsIgnoreCase(CERTIFICATE_FORMAT_JKS)) {
                options.setKeyStoreOptions(new JksOptions()
                        .setPath(httpServerConfiguration.getKeyStorePath())
                        .setPassword(httpServerConfiguration.getKeyStorePassword()));
            } else if (httpServerConfiguration.getKeyStoreType().equalsIgnoreCase(CERTIFICATE_FORMAT_PEM)) {
                options.setPemKeyCertOptions(new PemKeyCertOptions()
                        .addCertPath(httpServerConfiguration.getKeyStorePath()));
            } else if (httpServerConfiguration.getKeyStoreType().equalsIgnoreCase(CERTIFICATE_FORMAT_PKCS12)) {
                options.setPfxKeyCertOptions(new PfxOptions()
                        .setPath(httpServerConfiguration.getKeyStorePath())
                        .setPassword(httpServerConfiguration.getKeyStorePassword()));
            }
        }
    }

    // Customizable configuration
    options.setCompressionSupported(httpServerConfiguration.isCompressionSupported());
    options.setIdleTimeout(httpServerConfiguration.getIdleTimeout());
    options.setTcpKeepAlive(httpServerConfiguration.isTcpKeepAlive());

    return vertx.createHttpServer(options);
}
 
Example 6
Source File: VertxHttpServerFactory.java    From gravitee-gateway with Apache License 2.0 4 votes vote down vote up
@Override
public HttpServer getObject() throws Exception {
    HttpServerOptions options = new HttpServerOptions();

    // Binding port
    options.setPort(httpServerConfiguration.getPort());
    options.setHost(httpServerConfiguration.getHost());

    // Netty pool buffers must be enabled by default
    options.setUsePooledBuffers(true);

    if (httpServerConfiguration.isSecured()) {
        options.setSsl(httpServerConfiguration.isSecured());
        options.setUseAlpn(httpServerConfiguration.isAlpn());

        if (httpServerConfiguration.isClientAuth() == VertxHttpServerConfiguration.ClientAuthMode.NONE) {
            options.setClientAuth(ClientAuth.NONE);
        } else if (httpServerConfiguration.isClientAuth() == VertxHttpServerConfiguration.ClientAuthMode.REQUEST) {
            options.setClientAuth(ClientAuth.REQUEST);
        } else if (httpServerConfiguration.isClientAuth() == VertxHttpServerConfiguration.ClientAuthMode.REQUIRED) {
            options.setClientAuth(ClientAuth.REQUIRED);
        }

        if (httpServerConfiguration.getTrustStorePath() != null) {
            if (httpServerConfiguration.getTrustStoreType() == null || httpServerConfiguration.getTrustStoreType().isEmpty() ||
                    httpServerConfiguration.getTrustStoreType().equalsIgnoreCase(CERTIFICATE_FORMAT_JKS)) {
                options.setTrustStoreOptions(new JksOptions()
                        .setPath(httpServerConfiguration.getTrustStorePath())
                        .setPassword(httpServerConfiguration.getTrustStorePassword()));
            } else if (httpServerConfiguration.getTrustStoreType().equalsIgnoreCase(CERTIFICATE_FORMAT_PEM)) {
                options.setPemTrustOptions(new PemTrustOptions()
                        .addCertPath(httpServerConfiguration.getTrustStorePath()));
            } else if (httpServerConfiguration.getTrustStoreType().equalsIgnoreCase(CERTIFICATE_FORMAT_PKCS12)) {
                options.setPfxTrustOptions(new PfxOptions()
                        .setPath(httpServerConfiguration.getTrustStorePath())
                        .setPassword(httpServerConfiguration.getTrustStorePassword()));
            }
        }

        if (httpServerConfiguration.getKeyStorePath() != null) {
            if (httpServerConfiguration.getKeyStoreType() == null || httpServerConfiguration.getKeyStoreType().isEmpty() ||
                    httpServerConfiguration.getKeyStoreType().equalsIgnoreCase(CERTIFICATE_FORMAT_JKS)) {
                options.setKeyStoreOptions(new JksOptions()
                        .setPath(httpServerConfiguration.getKeyStorePath())
                        .setPassword(httpServerConfiguration.getKeyStorePassword()));
            } else if (httpServerConfiguration.getKeyStoreType().equalsIgnoreCase(CERTIFICATE_FORMAT_PEM)) {
                options.setPemKeyCertOptions(new PemKeyCertOptions()
                        .addCertPath(httpServerConfiguration.getKeyStorePath()));
            } else if (httpServerConfiguration.getKeyStoreType().equalsIgnoreCase(CERTIFICATE_FORMAT_PKCS12)) {
                options.setPfxKeyCertOptions(new PfxOptions()
                        .setPath(httpServerConfiguration.getKeyStorePath())
                        .setPassword(httpServerConfiguration.getKeyStorePassword()));
            }
        }
    }

    options.setHandle100ContinueAutomatically(true);
    
    // Customizable configuration
    options.setCompressionSupported(httpServerConfiguration.isCompressionSupported());
    options.setIdleTimeout(httpServerConfiguration.getIdleTimeout());
    options.setTcpKeepAlive(httpServerConfiguration.isTcpKeepAlive());
    options.setMaxChunkSize(httpServerConfiguration.getMaxChunkSize());
    options.setMaxHeaderSize(httpServerConfiguration.getMaxHeaderSize());

    // Configure websocket
    System.setProperty("vertx.disableWebsockets", Boolean.toString(!httpServerConfiguration.isWebsocketEnabled()));

    return vertx.createHttpServer(options);
}
 
Example 7
Source File: Server.java    From wisdom with Apache License 2.0 4 votes vote down vote up
private void bind(int p, Handler<AsyncResult<Void>> completion) {
    // Get port number.
    final int thePort = pickAPort(port);
    HttpServerOptions options = new HttpServerOptions();
    if (ssl) {
        options.setSsl(true);
        options.setTrustStoreOptions(SSLServerContext.getTrustStoreOption(accessor));
        options.setKeyStoreOptions(SSLServerContext.getKeyStoreOption(accessor));
        if (authentication) {
            options.setClientAuth(ClientAuth.REQUIRED);
        }
    }

    if (hasCompressionEnabled()) {
        options.setCompressionSupported(true);
    }

    if (configuration.getIntegerWithDefault("vertx.acceptBacklog", -1) != -1) {
        options.setAcceptBacklog(configuration.getInteger("vertx.acceptBacklog"));
    }
    if (configuration.getIntegerWithDefault("vertx.maxWebSocketFrameSize", -1) != -1) {
        options.setMaxWebsocketFrameSize(configuration.getInteger("vertx.maxWebSocketFrameSize"));
    }
    if (configuration.getStringArray("wisdom.websocket.subprotocols").length > 0) {
        options.setWebsocketSubProtocols(configuration.get("wisdom.websocket.subprotocols"));
    }
    if (configuration.getStringArray("vertx.websocket-subprotocols").length > 0) {
        options.setWebsocketSubProtocols(configuration.get("vertx.websocket-subprotocols"));
    }
    if (configuration.getIntegerWithDefault("vertx.receiveBufferSize", -1) != -1) {
        options.setReceiveBufferSize(configuration.getInteger("vertx.receiveBufferSize"));
    }
    if (configuration.getIntegerWithDefault("vertx.sendBufferSize", -1) != -1) {
        options.setSendBufferSize(configuration.getInteger("vertx.sendBufferSize"));
    }

    http = vertx.createHttpServer(options)
            .requestHandler(new HttpHandler(vertx, accessor, this))
            .websocketHandler(new WebSocketHandler(accessor, this));

    http.listen(thePort, host, event -> {
        if (event.succeeded()) {
            logger.info("Wisdom is going to serve HTTP requests on port {}.", thePort);
            port = thePort;
            completion.handle(Future.succeededFuture());
        } else if (port == 0) {
            logger.debug("Cannot bind on port {} (port already used probably)", thePort, event.cause());
            bind(0, completion);
        } else {
            logger.error("Cannot bind on port {} (port already used probably)", thePort, event.cause());
            completion.handle(Future.failedFuture("Cannot bind on port " + thePort));
        }
    });
}