Java Code Examples for org.springframework.boot.web.server.Ssl

The following examples show how to use org.springframework.boot.web.server.Ssl. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Override
protected String getManagementBaseUrl() {
	String baseUrl = instance.getManagementBaseUrl();

	if (!StringUtils.isEmpty(baseUrl)) {
		return baseUrl;
	}

	if (isManagementPortEqual()) {
		return UriComponentsBuilder.fromHttpUrl(getServiceUrl()).path("/").path(getDispatcherServletPrefix())
				.path(getManagementContextPath()).toUriString();
	}

	Ssl ssl = (management.getSsl() != null) ? management.getSsl() : server.getSsl();
	return UriComponentsBuilder.newInstance().scheme(getScheme(ssl)).host(getManagementHost())
			.port(getLocalManagementPort()).path(getManagementContextPath()).toUriString();
}
 
Example 2
Source Project: vertx-spring-boot   Source File: SslCustomizer.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public HttpServerOptions apply(HttpServerOptions options) {
    Ssl ssl = factory.getSsl();

    if (ssl == null) {
        return options;
    }

    options.setSsl(ssl.isEnabled());
    options.setKeyCertOptions(keyCertOptionsAdapter(ssl));
    options.setTrustOptions(trustOptionsAdapter(ssl));

    propertyMapper.from(ssl.getClientAuth())
        .whenNonNull()
        .as(this::clientAuthAdapter)
        .to(options::setClientAuth);

    propertyMapper.from(ssl.getEnabledProtocols())
        .whenNonNull()
        .as(Arrays::asList)
        .as(LinkedHashSet::new)
        .to(options::setEnabledSecureTransportProtocols);

    propertyMapper.from(ssl.getCiphers())
        .whenNonNull()
        .as(Arrays::stream)
        .to(stream -> stream.forEach(options::addEnabledCipherSuite));

    return options;
}
 
Example 3
Source Project: vertx-spring-boot   Source File: SslCustomizer.java    License: Apache License 2.0 5 votes vote down vote up
private ClientAuth clientAuthAdapter(Ssl.ClientAuth clientAuth) {
    switch (clientAuth) {
        case WANT:
            return ClientAuth.REQUEST;
        case NEED:
            return ClientAuth.REQUIRED;
        default:
            return ClientAuth.NONE;
    }
}
 
Example 4
Source Project: vertx-spring-boot   Source File: SslCustomizer.java    License: Apache License 2.0 5 votes vote down vote up
private KeyCertOptions keyCertOptionsAdapter(Ssl ssl) {
    if ("JKS".equalsIgnoreCase(ssl.getKeyStoreType())) {
        return getJksOptions(ssl.getKeyStore(), ssl.getKeyStorePassword());
    } else if ("PKCS12".equalsIgnoreCase(ssl.getKeyStoreType())) {
        return getPfxOptions(ssl.getKeyStore(), ssl.getKeyStorePassword());
    }

    return null;
}
 
Example 5
Source Project: vertx-spring-boot   Source File: SslCustomizer.java    License: Apache License 2.0 5 votes vote down vote up
private TrustOptions trustOptionsAdapter(Ssl ssl) {
    if ("JKS".equalsIgnoreCase(ssl.getTrustStoreType())) {
        return getJksOptions(ssl.getTrustStore(), ssl.getTrustStorePassword());
    } else if ("PKCS12".equalsIgnoreCase(ssl.getTrustStoreType())) {
        return getPfxOptions(ssl.getTrustStore(), ssl.getTrustStorePassword());
    }

    return null;
}
 
Example 6
Source Project: vertx-spring-boot   Source File: SslCustomizerTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSetNoneClientAuth() {
    given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.NONE);

    customizer.apply(mockHttpServerOptions);

    verify(mockHttpServerOptions).setClientAuth(ClientAuth.NONE);
}
 
Example 7
Source Project: vertx-spring-boot   Source File: SslCustomizerTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSetWantClientAuth() {
    given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.WANT);

    customizer.apply(mockHttpServerOptions);

    verify(mockHttpServerOptions).setClientAuth(ClientAuth.REQUEST);
}
 
Example 8
Source Project: vertx-spring-boot   Source File: SslCustomizerTest.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSetNeedClientAuth() {
    given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.NEED);

    customizer.apply(mockHttpServerOptions);

    verify(mockHttpServerOptions).setClientAuth(ClientAuth.REQUIRED);
}
 
Example 9
Source Project: nifi-registry   Source File: JettyITServerCustomizer.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void customize(final JettyServletWebServerFactory factory) {
    LOGGER.info("Customizing Jetty server for integration tests...");

    factory.addServerCustomizers((server) -> {
        final Ssl sslProperties = serverProperties.getSsl();
        if (sslProperties != null) {
            createSslContextFactory(sslProperties);
            ServerConnector con = (ServerConnector) server.getConnectors()[0];
            int existingConnectorPort = con.getLocalPort();

            // create the http configuration
            final HttpConfiguration httpConfiguration = new HttpConfiguration();
            httpConfiguration.setRequestHeaderSize(HEADER_BUFFER_SIZE);
            httpConfiguration.setResponseHeaderSize(HEADER_BUFFER_SIZE);

            // add some secure config
            final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
            httpsConfiguration.setSecureScheme("https");
            httpsConfiguration.setSecurePort(existingConnectorPort);
            httpsConfiguration.addCustomizer(new SecureRequestCustomizer());

            // build the connector with the endpoint identification algorithm set to null
            final ServerConnector httpsConnector = new ServerConnector(server,
                    new SslConnectionFactory(createSslContextFactory(sslProperties), "http/1.1"),
                    new HttpConnectionFactory(httpsConfiguration));
            server.removeConnector(con);
            server.addConnector(httpsConnector);
        }
    });

    LOGGER.info("JettyServer is customized");
}
 
Example 10
Source Project: armeria   Source File: ArmeriaReactiveWebServerFactory.java    License: Apache License 2.0 5 votes vote down vote up
private static com.linecorp.armeria.spring.Ssl toArmeriaSslConfiguration(Ssl ssl) {
    if (!ssl.isEnabled()) {
        return new com.linecorp.armeria.spring.Ssl();
    }

    ClientAuth clientAuth = null;
    if (ssl.getClientAuth() != null) {
        switch (ssl.getClientAuth()) {
            case NEED:
                clientAuth = ClientAuth.REQUIRE;
                break;
            case WANT:
                clientAuth = ClientAuth.OPTIONAL;
                break;
        }
    }
    return new com.linecorp.armeria.spring.Ssl()
            .setEnabled(ssl.isEnabled())
            .setClientAuth(clientAuth)
            .setCiphers(ssl.getCiphers() != null ? ImmutableList.copyOf(ssl.getCiphers()) : null)
            .setEnabledProtocols(ssl.getEnabledProtocols() != null ? ImmutableList.copyOf(
                    ssl.getEnabledProtocols()) : null)
            .setKeyAlias(ssl.getKeyAlias())
            .setKeyPassword(ssl.getKeyPassword())
            .setKeyStore(ssl.getKeyStore())
            .setKeyStorePassword(ssl.getKeyStorePassword())
            .setKeyStoreType(ssl.getKeyStoreType())
            .setKeyStoreProvider(ssl.getKeyStoreProvider())
            .setTrustStore(ssl.getTrustStore())
            .setTrustStorePassword(ssl.getTrustStorePassword())
            .setTrustStoreType(ssl.getTrustStoreType())
            .setTrustStoreProvider(ssl.getTrustStoreProvider());
}
 
Example 11
@Test
void shouldConfigureTlsWithSelfSignedCertificate() {
    final ArmeriaReactiveWebServerFactory factory = factory();
    final Ssl ssl = new Ssl();
    ssl.setEnabled(true);
    factory.setSsl(ssl);
    runEchoServer(factory, server -> validateEchoResponse(sendPostRequest(httpsClient(server))));
}
 
Example 12
Source Project: micro-service   Source File: HttpsServerConfig.java    License: MIT License 5 votes vote down vote up
private Ssl getSsl() {
    Ssl ssl = new Ssl();
    ssl.setKeyStore("/root/.keystore");
    ssl.setKeyStorePassword("123456");
    ssl.setKeyStoreType("PKCS12");
    ssl.setKeyAlias("tomcat");
    return ssl;
}
 
Example 13
protected String getManagementBaseUrl() {
	String baseUrl = instance.getManagementBaseUrl();

	if (!StringUtils.isEmpty(baseUrl)) {
		return baseUrl;
	}

	if (isManagementPortEqual()) {
		return this.getServiceUrl();
	}

	Ssl ssl = (management.getSsl() != null) ? management.getSsl() : server.getSsl();
	return UriComponentsBuilder.newInstance().scheme(getScheme(ssl)).host(getManagementHost())
			.port(getLocalManagementPort()).toUriString();
}
 
Example 14
@Test
public void test_ssl() {
	server.setSsl(new Ssl());
	server.getSsl().setEnabled(true);
	when(pathMappedEndpoints.getPath(EndpointId.of("health"))).thenReturn("/actuator/health");
	publishApplicationReadyEvent(factory, 8080, null);

	Application app = factory.createApplication();
	assertThat(app.getManagementUrl()).isEqualTo("https://" + getHostname() + ":8080/actuator");
	assertThat(app.getHealthUrl()).isEqualTo("https://" + getHostname() + ":8080/actuator/health");
	assertThat(app.getServiceUrl()).isEqualTo("https://" + getHostname() + ":8080/");
}
 
Example 15
@Test
public void test_ssl_management() {
	management.setSsl(new Ssl());
	management.getSsl().setEnabled(true);
	when(pathMappedEndpoints.getPath(EndpointId.of("health"))).thenReturn("/actuator/alive");
	publishApplicationReadyEvent(factory, 8080, 9090);

	Application app = factory.createApplication();
	assertThat(app.getManagementUrl()).isEqualTo("https://" + getHostname() + ":9090/actuator");
	assertThat(app.getHealthUrl()).isEqualTo("https://" + getHostname() + ":9090/actuator/alive");
	assertThat(app.getServiceUrl()).isEqualTo("http://" + getHostname() + ":8080/");
}
 
Example 16
Source Project: tutorials   Source File: NettyWebServerFactorySslCustomizer.java    License: MIT License 5 votes vote down vote up
@Override
public void customize(NettyReactiveWebServerFactory serverFactory) {
    Ssl ssl = new Ssl();
    ssl.setEnabled(true);
    ssl.setKeyStore("classpath:sample.jks");
    ssl.setKeyAlias("alias");
    ssl.setKeyPassword("password");
    ssl.setKeyStorePassword("secret");
    Http2 http2 = new Http2();
    http2.setEnabled(false);
    serverFactory.addServerCustomizers(new SslServerCustomizer(ssl, http2, null));
    serverFactory.setPort(8443);
}
 
Example 17
Source Project: nifi-registry   Source File: JettyITServerCustomizer.java    License: Apache License 2.0 4 votes vote down vote up
private SslContextFactory createSslContextFactory(Ssl properties) {
    // Calling SslContextFactory.Server() calls setEndpointIdentificationAlgorithm(null).
    // This ensures that Jetty server does not attempt to validate a hostname in the client certificate's SAN.
    final SslContextFactory.Server contextFactory = new SslContextFactory.Server();

    // if needClientAuth is false then set want to true so we can optionally use certs
    if(properties.getClientAuth() == Ssl.ClientAuth.NEED) {
        LOGGER.info("Setting Jetty's SSLContextFactory needClientAuth to true");
        contextFactory.setNeedClientAuth(true);
    } else {
        LOGGER.info("Setting Jetty's SSLContextFactory wantClientAuth to true");
        contextFactory.setWantClientAuth(true);
    }

    /* below code sets JSSE system properties when values are provided */
    // keystore properties
    if (StringUtils.isNotBlank(properties.getKeyStore())) {
        contextFactory.setKeyStorePath(properties.getKeyStore());
    }
    if (StringUtils.isNotBlank(properties.getKeyStoreType())) {
        contextFactory.setKeyStoreType(properties.getKeyStoreType());
    }
    final String keystorePassword = properties.getKeyStorePassword();
    final String keyPassword = properties.getKeyPassword();
    if (StringUtils.isNotBlank(keystorePassword)) {
        // if no key password was provided, then assume the keystore password is the same as the key password.
        final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword;
        contextFactory.setKeyManagerPassword(keystorePassword);
        contextFactory.setKeyStorePassword(defaultKeyPassword);
    } else if (StringUtils.isNotBlank(keyPassword)) {
        // since no keystore password was provided, there will be no keystore integrity check
        contextFactory.setKeyStorePassword(keyPassword);
    }

    // truststore properties
    if (StringUtils.isNotBlank(properties.getTrustStore())) {
        contextFactory.setTrustStorePath(properties.getTrustStore());
    }
    if (StringUtils.isNotBlank(properties.getTrustStoreType())) {
        contextFactory.setTrustStoreType(properties.getTrustStoreType());
    }
    if (StringUtils.isNotBlank(properties.getTrustStorePassword())) {
        contextFactory.setTrustStorePassword(properties.getTrustStorePassword());
    }

    return contextFactory;
}
 
Example 18
protected String getScheme(@Nullable Ssl ssl) {
	return ((ssl != null) && ssl.isEnabled()) ? "https" : "http";
}