Java Code Examples for com.linecorp.armeria.server.ServerBuilder#tlsSelfSigned()

The following examples show how to use com.linecorp.armeria.server.ServerBuilder#tlsSelfSigned() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ArmeriaConfigurationUtilTest.java    From armeria with Apache License 2.0 5 votes vote down vote up
@Test
void configureServer() throws Exception {
    final File yml = new File(resourceFilePath("armeria-settings.yaml"));
    final ArmeriaSettings armeriaSettings = configFactory.build(yml);
    armeriaSettings.setSsl(null);
    final ServerBuilder serverBuilder = Server.builder()
            .service("/foo", (ctx, req) -> HttpResponse.of(200));
    serverBuilder.tlsSelfSigned();
    ArmeriaConfigurationUtil.configureServer(serverBuilder, armeriaSettings);
    final Server server = serverBuilder.build();
    assertThat(server.defaultHostname()).isEqualTo("host.name.com");
    assertThat(server.config().maxNumConnections()).isEqualTo(5000);
    assertThat(server.config().isDateHeaderEnabled()).isFalse();
    assertThat(server.config().isServerHeaderEnabled()).isTrue();
    assertThat(server.config().defaultVirtualHost().maxRequestLength()).isEqualTo(10485761);

    assertThat(server.config().ports()).hasSize(3);
    assertThat(server.config().ports()).containsExactly(
            new ServerPort(8080, SessionProtocol.HTTP),
            new ServerPort(new InetSocketAddress("127.0.0.1", 8081), SessionProtocol.HTTPS),
            new ServerPort(8443, SessionProtocol.HTTPS, SessionProtocol.PROXY)
    );
    assertThat(server.config().http1MaxChunkSize()).isEqualTo(4000);
    assertThat(server.config().http1MaxInitialLineLength()).isEqualTo(4096);
    assertThat(server.config().http1MaxInitialLineLength()).isEqualTo(4096);
    assertThat(server.config().http2InitialConnectionWindowSize()).isEqualTo(1024 * 1024 * 2);
    assertThat(server.config().http2InitialStreamWindowSize()).isEqualTo(1024 * 1024 * 2);
    assertThat(server.config().http2MaxFrameSize()).isEqualTo(16385);
    assertThat(server.config().http2MaxHeaderListSize()).isEqualTo(8193);
    assertThat(server.config().proxyProtocolMaxTlvSize()).isEqualTo(65320);
}
 
Example 2
Source File: MockWebServerExtension.java    From armeria with Apache License 2.0 5 votes vote down vote up
@Override
protected final void configure(ServerBuilder sb) throws Exception {
    sb.http(0);
    sb.https(0);
    sb.tlsSelfSigned();

    sb.serviceUnder("/", new MockWebService());

    configureServer(sb);
}
 
Example 3
Source File: ManagedTomcatServiceTest.java    From armeria with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(ServerBuilder sb) throws Exception {
    sb.http(0);
    sb.https(0);
    sb.tlsSelfSigned();

    sb.serviceUnder(
            "/jsp/",
            TomcatService.builder(webAppRoot())
                         .serviceName(SERVICE_NAME)
                         .configurator(s -> Collections.addAll(tomcatServices, s.findServices()))
                         .build()
                         .decorate(LoggingService.newDecorator()));

    sb.serviceUnder(
            "/jar/",
            TomcatService.builder(AppRootFinder.find(Future.class))
                         .serviceName("TomcatServiceTest-JAR")
                         .build()
                         .decorate(LoggingService.newDecorator()));

    sb.serviceUnder(
            "/jar_altroot/",
            TomcatService.builder(AppRootFinder.find(Future.class), "/io/netty/util/concurrent")
                         .serviceName("TomcatServiceTest-JAR-AltRoot")
                         .build()
                         .decorate(LoggingService.newDecorator()));
}
 
Example 4
Source File: JettyServiceTest.java    From armeria with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(ServerBuilder sb) throws Exception {
    sb.http(0);
    sb.https(0);
    sb.tlsSelfSigned();

    sb.serviceUnder(
            "/jsp/",
            JettyService.builder()
                        .handler(newWebAppContext())
                        .configurator(s -> jettyBeans.addAll(s.getBeans()))
                        .build()
                        .decorate(LoggingService.newDecorator()));

    sb.serviceUnder(
            "/default/",
            JettyService.builder()
                        .handler(new DefaultHandler())
                        .build());

    final ResourceHandler resourceHandler = new ResourceHandler();
    resourceHandler.setResourceBase(webAppRoot().getPath());
    sb.serviceUnder(
            "/resources/",
            JettyService.builder()
                        .handler(resourceHandler)
                        .build());
}
 
Example 5
Source File: JettyServiceStartupTest.java    From armeria with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(ServerBuilder sb) throws Exception {
    sb.http(0);
    sb.https(0);
    sb.tlsSelfSigned();

    sb.serviceUnder(
            "/jsp/",
            JettyService.builder()
                        .handler(newWebAppContext())
                        .configurator(s -> jettyBeans.addAll(s.getBeans()))
                        .build()
                        .decorate(LoggingService.newDecorator()));

    sb.serviceUnder(
            "/default/",
            JettyService.builder()
                        .handler(new DefaultHandler())
                        .build());

    final ResourceHandler resourceHandler = new ResourceHandler();
    resourceHandler.setResourceBase(WebAppContainerTest.webAppRoot().getPath());
    sb.serviceUnder(
            "/resources/",
            JettyService.builder()
                        .handler(resourceHandler)
                        .build());
}
 
Example 6
Source File: UnmanagedJettyServiceTest.java    From armeria with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(ServerBuilder sb) throws Exception {
    sb.http(0);
    sb.https(0);
    sb.tlsSelfSigned();

    jetty = new Server(0);
    jetty.setHandler(JettyServiceTest.newWebAppContext());
    jetty.start();
    sb.serviceUnder(
            "/jsp/",
            JettyService.of(jetty).decorate(LoggingService.newDecorator()));
}
 
Example 7
Source File: HealthCheckedEndpointGroupIntegrationTest.java    From armeria with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(ServerBuilder sb) throws Exception {
    sb.http(0);
    sb.https(0);
    sb.tlsSelfSigned();
    sb.service(HEALTH_CHECK_PATH, HealthCheckService.builder().longPolling(0).build());
}
 
Example 8
Source File: CentralDogma.java    From centraldogma with Apache License 2.0 4 votes vote down vote up
private Server startServer(ProjectManager pm, CommandExecutor executor,
                           PrometheusMeterRegistry meterRegistry, @Nullable SessionManager sessionManager) {
    final ServerBuilder sb = Server.builder();
    sb.verboseResponses(true);
    cfg.ports().forEach(sb::port);

    if (cfg.ports().stream().anyMatch(ServerPort::hasTls)) {
        try {
            final TlsConfig tlsConfig = cfg.tls();
            if (tlsConfig != null) {
                sb.tls(tlsConfig.keyCertChainFile(), tlsConfig.keyFile(), tlsConfig.keyPassword());
            } else {
                logger.warn(
                        "Missing TLS configuration. Generating a self-signed certificate for TLS support.");
                sb.tlsSelfSigned();
            }
        } catch (Exception e) {
            Exceptions.throwUnsafely(e);
        }
    }

    sb.clientAddressSources(cfg.clientAddressSourceList());
    sb.clientAddressTrustedProxyFilter(cfg.trustedProxyAddressPredicate());

    cfg.numWorkers().ifPresent(
            numWorkers -> sb.workerGroup(EventLoopGroups.newEventLoopGroup(numWorkers), true));
    cfg.maxNumConnections().ifPresent(sb::maxNumConnections);
    cfg.idleTimeoutMillis().ifPresent(sb::idleTimeoutMillis);
    cfg.requestTimeoutMillis().ifPresent(sb::requestTimeoutMillis);
    cfg.maxFrameLength().ifPresent(sb::maxRequestLength);
    cfg.gracefulShutdownTimeout().ifPresent(
            t -> sb.gracefulShutdownTimeoutMillis(t.quietPeriodMillis(), t.timeoutMillis()));

    final MetadataService mds = new MetadataService(pm, executor);
    final WatchService watchService = new WatchService(meterRegistry);
    final AuthProvider authProvider = createAuthProvider(executor, sessionManager, mds);

    configureThriftService(sb, pm, executor, watchService, mds);

    sb.service("/title", webAppTitleFile(cfg.webAppTitle(), SystemInfo.hostname()).asService());

    sb.service(HEALTH_CHECK_PATH, HealthCheckService.of());

    // TODO(hyangtack): This service is temporarily added to support redirection from '/docs' to '/docs/'.
    //                  It would be removed if this kind of redirection is handled by Armeria.
    sb.service("/docs", new AbstractHttpService() {
        @Override
        protected HttpResponse doGet(ServiceRequestContext ctx, HttpRequest req)
                throws Exception {
            return HttpResponse.of(
                    ResponseHeaders.of(HttpStatus.TEMPORARY_REDIRECT, HttpHeaderNames.LOCATION, "/docs/"));
        }
    });
    sb.serviceUnder("/docs/",
                    DocService.builder()
                              .exampleHttpHeaders(CentralDogmaService.class,
                                                  HttpHeaders.of(HttpHeaderNames.AUTHORIZATION,
                                                                 "Bearer " + CsrfToken.ANONYMOUS))
                              .build());

    configureHttpApi(sb, pm, executor, watchService, mds, authProvider, sessionManager);

    configureMetrics(sb, meterRegistry);

    // Configure access log format.
    final String accessLogFormat = cfg.accessLogFormat();
    if (isNullOrEmpty(accessLogFormat)) {
        sb.accessLogWriter(AccessLogWriter.disabled(), true);
    } else if ("common".equals(accessLogFormat)) {
        sb.accessLogWriter(AccessLogWriter.common(), true);
    } else if ("combined".equals(accessLogFormat)) {
        sb.accessLogWriter(AccessLogWriter.combined(), true);
    } else {
        sb.accessLogFormat(accessLogFormat);
    }

    final Server s = sb.build();
    s.start().join();
    return s;
}
 
Example 9
Source File: ArmeriaConfigurationUtil.java    From armeria with Apache License 2.0 4 votes vote down vote up
/**
 * Adds SSL/TLS context to the specified {@link ServerBuilder}.
 */
private static void configureTls(ServerBuilder sb, ArmeriaSettings.Ssl ssl,
                                 @Nullable Supplier<KeyStore> keyStoreSupplier,
                                 @Nullable Supplier<KeyStore> trustStoreSupplier) {
    if (!ssl.isEnabled()) {
        return;
    }
    try {
        if (keyStoreSupplier == null && trustStoreSupplier == null &&
            ssl.getKeyStore() == null && ssl.getTrustStore() == null) {
            logger.warn("Configuring TLS with a self-signed certificate " +
                        "because no key or trust store was specified");
            sb.tlsSelfSigned();
            return;
        }

        final KeyManagerFactory keyManagerFactory = getKeyManagerFactory(ssl, keyStoreSupplier);
        final TrustManagerFactory trustManagerFactory = getTrustManagerFactory(ssl, trustStoreSupplier);

        sb.tls(keyManagerFactory);
        sb.tlsCustomizer(sslContextBuilder -> {
            sslContextBuilder.trustManager(trustManagerFactory);

            final SslProvider sslProvider = ssl.getProvider();
            if (sslProvider != null) {
                sslContextBuilder.sslProvider(sslProvider);
            }
            final List<String> enabledProtocols = ssl.getEnabledProtocols();
            if (enabledProtocols != null) {
                sslContextBuilder.protocols(enabledProtocols.toArray(EMPTY_PROTOCOL_NAMES));
            }
            final List<String> ciphers = ssl.getCiphers();
            if (ciphers != null) {
                sslContextBuilder.ciphers(ImmutableList.copyOf(ciphers),
                                          SupportedCipherSuiteFilter.INSTANCE);
            }
            final ClientAuth clientAuth = ssl.getClientAuth();
            if (clientAuth != null) {
                sslContextBuilder.clientAuth(clientAuth);
            }
        });
    } catch (Exception e) {
        throw new IllegalStateException("Failed to configure TLS: " + e, e);
    }
}
 
Example 10
Source File: ArmeriaConfigurationUtil.java    From armeria with Apache License 2.0 4 votes vote down vote up
/**
 * Adds SSL/TLS context to the specified {@link ServerBuilder}.
 */
public static void configureTls(ServerBuilder sb, Ssl ssl,
                                @Nullable Supplier<KeyStore> keyStoreSupplier,
                                @Nullable Supplier<KeyStore> trustStoreSupplier) {
    if (!ssl.isEnabled()) {
        return;
    }
    try {
        if (keyStoreSupplier == null && trustStoreSupplier == null &&
            ssl.getKeyStore() == null && ssl.getTrustStore() == null) {
            logger.warn("Configuring TLS with a self-signed certificate " +
                        "because no key or trust store was specified");
            sb.tlsSelfSigned();
            return;
        }

        final KeyManagerFactory keyManagerFactory = getKeyManagerFactory(ssl, keyStoreSupplier);
        final TrustManagerFactory trustManagerFactory = getTrustManagerFactory(ssl, trustStoreSupplier);

        sb.tls(keyManagerFactory);
        sb.tlsCustomizer(sslContextBuilder -> {
            sslContextBuilder.trustManager(trustManagerFactory);

            final SslProvider sslProvider = ssl.getProvider();
            if (sslProvider != null) {
                sslContextBuilder.sslProvider(sslProvider);
            }
            final List<String> enabledProtocols = ssl.getEnabledProtocols();
            if (enabledProtocols != null) {
                sslContextBuilder.protocols(enabledProtocols.toArray(EMPTY_PROTOCOL_NAMES));
            }
            final List<String> ciphers = ssl.getCiphers();
            if (ciphers != null) {
                sslContextBuilder.ciphers(ImmutableList.copyOf(ciphers),
                                          SupportedCipherSuiteFilter.INSTANCE);
            }
            final ClientAuth clientAuth = ssl.getClientAuth();
            if (clientAuth != null) {
                sslContextBuilder.clientAuth(clientAuth);
            }
        });
    } catch (Exception e) {
        throw new IllegalStateException("Failed to configure TLS: " + e, e);
    }
}
 
Example 11
Source File: GrpcClientTest.java    From armeria with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(ServerBuilder sb) {
    sb.workerGroup(EventLoopGroups.newEventLoopGroup(1), true);
    sb.maxRequestLength(MAX_MESSAGE_SIZE);
    sb.idleTimeoutMillis(0);
    sb.http(0);
    sb.https(0);
    sb.tlsSelfSigned();

    final ServerServiceDefinition interceptService =
            ServerInterceptors.intercept(
                    new TestServiceImpl(Executors.newSingleThreadScheduledExecutor()),
                    new ServerInterceptor() {
                        @Override
                        public <REQ, RESP> Listener<REQ> interceptCall(
                                ServerCall<REQ, RESP> call,
                                Metadata requestHeaders,
                                ServerCallHandler<REQ, RESP> next) {
                            final HttpHeadersBuilder fromClient = HttpHeaders.builder();
                            MetadataUtil.fillHeaders(requestHeaders, fromClient);
                            CLIENT_HEADERS_CAPTURE.set(fromClient.build());
                            return next.startCall(
                                    new SimpleForwardingServerCall<REQ, RESP>(call) {
                                        @Override
                                        public void close(Status status, Metadata trailers) {
                                            trailers.merge(requestHeaders);
                                            super.close(status, trailers);
                                        }
                                    }, requestHeaders);
                        }
                    });

    sb.serviceUnder("/",
                    GrpcService.builder()
                               .addService(interceptService)
                               .setMaxInboundMessageSizeBytes(MAX_MESSAGE_SIZE)
                               .setMaxOutboundMessageSizeBytes(MAX_MESSAGE_SIZE)
                               .useClientTimeoutHeader(false)
                               .build()
                               .decorate((client, ctx, req) -> {
                                   final HttpResponse res = client.serve(ctx, req);
                                   return new FilteredHttpResponse(res) {
                                       private boolean headersReceived;

                                       @Override
                                       protected HttpObject filter(HttpObject obj) {
                                           if (obj instanceof HttpHeaders) {
                                               if (!headersReceived) {
                                                   headersReceived = true;
                                               } else {
                                                   SERVER_TRAILERS_CAPTURE.set((HttpHeaders) obj);
                                               }
                                           }
                                           return obj;
                                       }
                                   };
                               }));
}