org.springframework.boot.web.server.Ssl Java Examples

The following examples show how to use org.springframework.boot.web.server.Ssl. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ServletApplicationFactory.java    From spring-boot-admin with Apache License 2.0 6 votes vote down vote up
@Override
protected String getManagementBaseUrl() {
	String baseUrl = instance.getManagementBaseUrl();

	if (!StringUtils.isEmpty(baseUrl)) {
		return baseUrl;
	}

	if (isManagementPortEqual()) {
		return UriComponentsBuilder.fromHttpUrl(getServiceUrl()).path("/").path(getDispatcherServletPrefix())
				.path(getManagementContextPath()).toUriString();
	}

	Ssl ssl = (management.getSsl() != null) ? management.getSsl() : server.getSsl();
	return UriComponentsBuilder.newInstance().scheme(getScheme(ssl)).host(getManagementHost())
			.port(getLocalManagementPort()).path(getManagementContextPath()).toUriString();
}
 
Example #2
Source File: ArmeriaReactiveWebServerFactory.java    From armeria with Apache License 2.0 5 votes vote down vote up
private static com.linecorp.armeria.spring.Ssl toArmeriaSslConfiguration(Ssl ssl) {
    if (!ssl.isEnabled()) {
        return new com.linecorp.armeria.spring.Ssl();
    }

    ClientAuth clientAuth = null;
    if (ssl.getClientAuth() != null) {
        switch (ssl.getClientAuth()) {
            case NEED:
                clientAuth = ClientAuth.REQUIRE;
                break;
            case WANT:
                clientAuth = ClientAuth.OPTIONAL;
                break;
        }
    }
    return new com.linecorp.armeria.spring.Ssl()
            .setEnabled(ssl.isEnabled())
            .setClientAuth(clientAuth)
            .setCiphers(ssl.getCiphers() != null ? ImmutableList.copyOf(ssl.getCiphers()) : null)
            .setEnabledProtocols(ssl.getEnabledProtocols() != null ? ImmutableList.copyOf(
                    ssl.getEnabledProtocols()) : null)
            .setKeyAlias(ssl.getKeyAlias())
            .setKeyPassword(ssl.getKeyPassword())
            .setKeyStore(ssl.getKeyStore())
            .setKeyStorePassword(ssl.getKeyStorePassword())
            .setKeyStoreType(ssl.getKeyStoreType())
            .setKeyStoreProvider(ssl.getKeyStoreProvider())
            .setTrustStore(ssl.getTrustStore())
            .setTrustStorePassword(ssl.getTrustStorePassword())
            .setTrustStoreType(ssl.getTrustStoreType())
            .setTrustStoreProvider(ssl.getTrustStoreProvider());
}
 
Example #3
Source File: NettyWebServerFactorySslCustomizer.java    From tutorials with MIT License 5 votes vote down vote up
@Override
public void customize(NettyReactiveWebServerFactory serverFactory) {
    Ssl ssl = new Ssl();
    ssl.setEnabled(true);
    ssl.setKeyStore("classpath:sample.jks");
    ssl.setKeyAlias("alias");
    ssl.setKeyPassword("password");
    ssl.setKeyStorePassword("secret");
    Http2 http2 = new Http2();
    http2.setEnabled(false);
    serverFactory.addServerCustomizers(new SslServerCustomizer(ssl, http2, null));
    serverFactory.setPort(8443);
}
 
Example #4
Source File: DefaultApplicationFactoryTest.java    From spring-boot-admin with Apache License 2.0 5 votes vote down vote up
@Test
public void test_ssl_management() {
	management.setSsl(new Ssl());
	management.getSsl().setEnabled(true);
	when(pathMappedEndpoints.getPath(EndpointId.of("health"))).thenReturn("/actuator/alive");
	publishApplicationReadyEvent(factory, 8080, 9090);

	Application app = factory.createApplication();
	assertThat(app.getManagementUrl()).isEqualTo("https://" + getHostname() + ":9090/actuator");
	assertThat(app.getHealthUrl()).isEqualTo("https://" + getHostname() + ":9090/actuator/alive");
	assertThat(app.getServiceUrl()).isEqualTo("http://" + getHostname() + ":8080/");
}
 
Example #5
Source File: DefaultApplicationFactoryTest.java    From spring-boot-admin with Apache License 2.0 5 votes vote down vote up
@Test
public void test_ssl() {
	server.setSsl(new Ssl());
	server.getSsl().setEnabled(true);
	when(pathMappedEndpoints.getPath(EndpointId.of("health"))).thenReturn("/actuator/health");
	publishApplicationReadyEvent(factory, 8080, null);

	Application app = factory.createApplication();
	assertThat(app.getManagementUrl()).isEqualTo("https://" + getHostname() + ":8080/actuator");
	assertThat(app.getHealthUrl()).isEqualTo("https://" + getHostname() + ":8080/actuator/health");
	assertThat(app.getServiceUrl()).isEqualTo("https://" + getHostname() + ":8080/");
}
 
Example #6
Source File: DefaultApplicationFactory.java    From spring-boot-admin with Apache License 2.0 5 votes vote down vote up
protected String getManagementBaseUrl() {
	String baseUrl = instance.getManagementBaseUrl();

	if (!StringUtils.isEmpty(baseUrl)) {
		return baseUrl;
	}

	if (isManagementPortEqual()) {
		return this.getServiceUrl();
	}

	Ssl ssl = (management.getSsl() != null) ? management.getSsl() : server.getSsl();
	return UriComponentsBuilder.newInstance().scheme(getScheme(ssl)).host(getManagementHost())
			.port(getLocalManagementPort()).toUriString();
}
 
Example #7
Source File: HttpsServerConfig.java    From micro-service with MIT License 5 votes vote down vote up
private Ssl getSsl() {
    Ssl ssl = new Ssl();
    ssl.setKeyStore("/root/.keystore");
    ssl.setKeyStorePassword("123456");
    ssl.setKeyStoreType("PKCS12");
    ssl.setKeyAlias("tomcat");
    return ssl;
}
 
Example #8
Source File: ArmeriaReactiveWebServerFactoryTest.java    From armeria with Apache License 2.0 5 votes vote down vote up
@Test
void shouldConfigureTlsWithSelfSignedCertificate() {
    final ArmeriaReactiveWebServerFactory factory = factory();
    final Ssl ssl = new Ssl();
    ssl.setEnabled(true);
    factory.setSsl(ssl);
    runEchoServer(factory, server -> validateEchoResponse(sendPostRequest(httpsClient(server))));
}
 
Example #9
Source File: SslCustomizer.java    From vertx-spring-boot with Apache License 2.0 5 votes vote down vote up
@Override
public HttpServerOptions apply(HttpServerOptions options) {
    Ssl ssl = factory.getSsl();

    if (ssl == null) {
        return options;
    }

    options.setSsl(ssl.isEnabled());
    options.setKeyCertOptions(keyCertOptionsAdapter(ssl));
    options.setTrustOptions(trustOptionsAdapter(ssl));

    propertyMapper.from(ssl.getClientAuth())
        .whenNonNull()
        .as(this::clientAuthAdapter)
        .to(options::setClientAuth);

    propertyMapper.from(ssl.getEnabledProtocols())
        .whenNonNull()
        .as(Arrays::asList)
        .as(LinkedHashSet::new)
        .to(options::setEnabledSecureTransportProtocols);

    propertyMapper.from(ssl.getCiphers())
        .whenNonNull()
        .as(Arrays::stream)
        .to(stream -> stream.forEach(options::addEnabledCipherSuite));

    return options;
}
 
Example #10
Source File: JettyITServerCustomizer.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Override
public void customize(final JettyServletWebServerFactory factory) {
    LOGGER.info("Customizing Jetty server for integration tests...");

    factory.addServerCustomizers((server) -> {
        final Ssl sslProperties = serverProperties.getSsl();
        if (sslProperties != null) {
            createSslContextFactory(sslProperties);
            ServerConnector con = (ServerConnector) server.getConnectors()[0];
            int existingConnectorPort = con.getLocalPort();

            // create the http configuration
            final HttpConfiguration httpConfiguration = new HttpConfiguration();
            httpConfiguration.setRequestHeaderSize(HEADER_BUFFER_SIZE);
            httpConfiguration.setResponseHeaderSize(HEADER_BUFFER_SIZE);

            // add some secure config
            final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
            httpsConfiguration.setSecureScheme("https");
            httpsConfiguration.setSecurePort(existingConnectorPort);
            httpsConfiguration.addCustomizer(new SecureRequestCustomizer());

            // build the connector with the endpoint identification algorithm set to null
            final ServerConnector httpsConnector = new ServerConnector(server,
                    new SslConnectionFactory(createSslContextFactory(sslProperties), "http/1.1"),
                    new HttpConnectionFactory(httpsConfiguration));
            server.removeConnector(con);
            server.addConnector(httpsConnector);
        }
    });

    LOGGER.info("JettyServer is customized");
}
 
Example #11
Source File: SslCustomizerTest.java    From vertx-spring-boot with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSetNeedClientAuth() {
    given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.NEED);

    customizer.apply(mockHttpServerOptions);

    verify(mockHttpServerOptions).setClientAuth(ClientAuth.REQUIRED);
}
 
Example #12
Source File: SslCustomizerTest.java    From vertx-spring-boot with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSetWantClientAuth() {
    given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.WANT);

    customizer.apply(mockHttpServerOptions);

    verify(mockHttpServerOptions).setClientAuth(ClientAuth.REQUEST);
}
 
Example #13
Source File: SslCustomizerTest.java    From vertx-spring-boot with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldSetNoneClientAuth() {
    given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.NONE);

    customizer.apply(mockHttpServerOptions);

    verify(mockHttpServerOptions).setClientAuth(ClientAuth.NONE);
}
 
Example #14
Source File: SslCustomizer.java    From vertx-spring-boot with Apache License 2.0 5 votes vote down vote up
private TrustOptions trustOptionsAdapter(Ssl ssl) {
    if ("JKS".equalsIgnoreCase(ssl.getTrustStoreType())) {
        return getJksOptions(ssl.getTrustStore(), ssl.getTrustStorePassword());
    } else if ("PKCS12".equalsIgnoreCase(ssl.getTrustStoreType())) {
        return getPfxOptions(ssl.getTrustStore(), ssl.getTrustStorePassword());
    }

    return null;
}
 
Example #15
Source File: SslCustomizer.java    From vertx-spring-boot with Apache License 2.0 5 votes vote down vote up
private KeyCertOptions keyCertOptionsAdapter(Ssl ssl) {
    if ("JKS".equalsIgnoreCase(ssl.getKeyStoreType())) {
        return getJksOptions(ssl.getKeyStore(), ssl.getKeyStorePassword());
    } else if ("PKCS12".equalsIgnoreCase(ssl.getKeyStoreType())) {
        return getPfxOptions(ssl.getKeyStore(), ssl.getKeyStorePassword());
    }

    return null;
}
 
Example #16
Source File: SslCustomizer.java    From vertx-spring-boot with Apache License 2.0 5 votes vote down vote up
private ClientAuth clientAuthAdapter(Ssl.ClientAuth clientAuth) {
    switch (clientAuth) {
        case WANT:
            return ClientAuth.REQUEST;
        case NEED:
            return ClientAuth.REQUIRED;
        default:
            return ClientAuth.NONE;
    }
}
 
Example #17
Source File: JettyITServerCustomizer.java    From nifi-registry with Apache License 2.0 4 votes vote down vote up
private SslContextFactory createSslContextFactory(Ssl properties) {
    // Calling SslContextFactory.Server() calls setEndpointIdentificationAlgorithm(null).
    // This ensures that Jetty server does not attempt to validate a hostname in the client certificate's SAN.
    final SslContextFactory.Server contextFactory = new SslContextFactory.Server();

    // if needClientAuth is false then set want to true so we can optionally use certs
    if(properties.getClientAuth() == Ssl.ClientAuth.NEED) {
        LOGGER.info("Setting Jetty's SSLContextFactory needClientAuth to true");
        contextFactory.setNeedClientAuth(true);
    } else {
        LOGGER.info("Setting Jetty's SSLContextFactory wantClientAuth to true");
        contextFactory.setWantClientAuth(true);
    }

    /* below code sets JSSE system properties when values are provided */
    // keystore properties
    if (StringUtils.isNotBlank(properties.getKeyStore())) {
        contextFactory.setKeyStorePath(properties.getKeyStore());
    }
    if (StringUtils.isNotBlank(properties.getKeyStoreType())) {
        contextFactory.setKeyStoreType(properties.getKeyStoreType());
    }
    final String keystorePassword = properties.getKeyStorePassword();
    final String keyPassword = properties.getKeyPassword();
    if (StringUtils.isNotBlank(keystorePassword)) {
        // if no key password was provided, then assume the keystore password is the same as the key password.
        final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword;
        contextFactory.setKeyManagerPassword(keystorePassword);
        contextFactory.setKeyStorePassword(defaultKeyPassword);
    } else if (StringUtils.isNotBlank(keyPassword)) {
        // since no keystore password was provided, there will be no keystore integrity check
        contextFactory.setKeyStorePassword(keyPassword);
    }

    // truststore properties
    if (StringUtils.isNotBlank(properties.getTrustStore())) {
        contextFactory.setTrustStorePath(properties.getTrustStore());
    }
    if (StringUtils.isNotBlank(properties.getTrustStoreType())) {
        contextFactory.setTrustStoreType(properties.getTrustStoreType());
    }
    if (StringUtils.isNotBlank(properties.getTrustStorePassword())) {
        contextFactory.setTrustStorePassword(properties.getTrustStorePassword());
    }

    return contextFactory;
}
 
Example #18
Source File: DefaultApplicationFactory.java    From spring-boot-admin with Apache License 2.0 4 votes vote down vote up
protected String getScheme(@Nullable Ssl ssl) {
	return ((ssl != null) && ssl.isEnabled()) ? "https" : "http";
}