@Test public void testbuildHttpServerOptionsRequest() { SSLOption option = SSLOption.buildFromYaml("rest.provider"); SSLCustom custom = SSLCustom.createSSLCustom(option.getSslCustomClass()); HttpServerOptions serverOptions = new HttpServerOptions(); new MockUp<SSLOption>() { @Mock public boolean isAuthPeer() { return false; } }; VertxTLSBuilder.buildNetServerOptions(option, custom, serverOptions); Assert.assertEquals(serverOptions.getEnabledSecureTransportProtocols().toArray().length, 1); Assert.assertEquals(serverOptions.getClientAuth(), ClientAuth.REQUEST); }
private HttpServerOptions configSSL(JsonObject conf) { String ssl_keystore= conf.getString("ssl.keystore"); String keystore_pass = conf.getString("ssl.keystore.pass"); String ssl_client_keystore= conf.getString("ssl.client.keystore"); String client_keystore_pass = conf.getString("ssl.client.keystore.pass"); HttpServerOptions options = new HttpServerOptions(); options.setCompressionSupported(true); if(S.isNotBlank(ssl_keystore) && S.isNotBlank(keystore_pass)){ options.setSsl(true).setKeyStoreOptions( new JksOptions().setPath(ssl_keystore).setPassword(keystore_pass)); if(S.isNotBlank(ssl_client_keystore) && S.isNotBlank(client_keystore_pass)) options.setClientAuth(ClientAuth.REQUIRED).setTrustStoreOptions( new JksOptions().setPath(ssl_client_keystore).setPassword(client_keystore_pass)); } return options; }
private void setSsl(HttpServerOptions httpServerOptions) { ApiConfig.SslConfig sslConfig = config.getSsl(); if (!sslConfig.isEnable()) { return; } httpServerOptions.setSsl(true); PemKeyCertOptions pemKeyCertOptions = new PemKeyCertOptions() .setKeyValue(Buffer.buffer(sslConfig.getSslKey())) .setCertValue(Buffer.buffer(sslConfig.getSslCert())); httpServerOptions.setPemKeyCertOptions(pemKeyCertOptions); PemTrustOptions pemTrustOptions = new PemTrustOptions(); Arrays.stream(sslConfig.getSslTrustCerts()) .map(Object::toString) .forEach(trustKey -> pemTrustOptions.addCertValue(Buffer.buffer(trustKey))); if (!pemTrustOptions.getCertValues().isEmpty()) { httpServerOptions.setPemTrustOptions(pemTrustOptions); ClientAuth clientAuth = sslConfig.isSslRequireClientAuth() ? ClientAuth.REQUIRED : ClientAuth.REQUEST; httpServerOptions.setClientAuth(clientAuth); } }
public TCPSyslogServer(int port, String clientAuth, String trustStorePath, String trustStorePassword, String keyStorePath, String keyStorePassword, Async async){ this.port = port; this.async = async; nsOptions = new NetServerOptions() .setReuseAddress(true) .setHost("localhost") .setClientAuth(ClientAuth.valueOf(clientAuth)) .setTrustStoreOptions(trustStorePath != null? new JksOptions(). setPath(trustStorePath). setPassword(trustStorePassword): null) .setKeyStoreOptions(keyStorePath != null? new JksOptions(). setPath(keyStorePath). setPassword(keyStorePassword): null) .setSsl(true); }
public static NetServerOptions buildNetServerOptions(SSLOption sslOption, SSLCustom sslCustom, NetServerOptions netServerOptions) { buildTCPSSLOptions(sslOption, sslCustom, netServerOptions); if (sslOption.isAuthPeer()) { netServerOptions.setClientAuth(ClientAuth.REQUIRED); } else { netServerOptions.setClientAuth(ClientAuth.REQUEST); } return netServerOptions; }
@Test public void testbuildHttpServerOptions() { SSLOption option = SSLOption.buildFromYaml("rest.provider"); SSLCustom custom = SSLCustom.createSSLCustom(option.getSslCustomClass()); HttpServerOptions serverOptions = new HttpServerOptions(); VertxTLSBuilder.buildNetServerOptions(option, custom, serverOptions); Assert.assertEquals(serverOptions.getEnabledSecureTransportProtocols().toArray().length, 1); Assert.assertEquals(serverOptions.getClientAuth(), ClientAuth.REQUEST); }
/** * Copies TLS trust store configuration to a given set of server options. * <p> * The trust store configuration is taken from <em>config</em> and will * be added only if the <em>ssl</em> flag is set on the given server options. * * @param serverOptions The options to add configuration to. */ protected final void addTlsTrustOptions(final NetServerOptions serverOptions) { if (serverOptions.isSsl() && serverOptions.getTrustOptions() == null) { TrustOptions trustOptions = getConfig().getTrustOptions(); if (trustOptions != null) { serverOptions.setTrustOptions(trustOptions).setClientAuth(ClientAuth.REQUEST); LOG.info("enabling TLS for client authentication"); } } }
private static ProtonServerOptions createOptionsForTls(final String certDir) { ProtonServerOptions options = new ProtonServerOptions(); PemKeyCertOptions pemKeyCertOptions = new PemKeyCertOptions(); pemKeyCertOptions.setCertPath(certDir + File.separator + "tls.crt"); pemKeyCertOptions.setKeyPath(certDir + File.separator + "tls.key"); options.setPemKeyCertOptions(pemKeyCertOptions); options.setClientAuth(ClientAuth.REQUIRED); options.setSsl(true); PemTrustOptions pemTrustOptions = new PemTrustOptions(); pemTrustOptions.addCertPath(certDir + File.separator + "ca.crt"); options.setPemTrustOptions(pemTrustOptions); return options; }
@Override public HttpServer getObject() throws Exception { HttpServerOptions options = new HttpServerOptions(); // Binding port options.setPort(httpServerConfiguration.getPort()); options.setHost(httpServerConfiguration.getHost()); // Netty pool buffers must be enabled by default options.setUsePooledBuffers(true); if (httpServerConfiguration.isSecured()) { options.setSsl(httpServerConfiguration.isSecured()); options.setUseAlpn(httpServerConfiguration.isAlpn()); if (httpServerConfiguration.isClientAuth()) { options.setClientAuth(ClientAuth.REQUIRED); } if (httpServerConfiguration.getTrustStorePath() != null) { options.setTrustStoreOptions(new JksOptions() .setPath(httpServerConfiguration.getTrustStorePath()) .setPassword(httpServerConfiguration.getTrustStorePassword())); } if (httpServerConfiguration.getKeyStorePath() != null) { options.setKeyStoreOptions(new JksOptions() .setPath(httpServerConfiguration.getKeyStorePath()) .setPassword(httpServerConfiguration.getKeyStorePassword())); } } // Customizable configuration options.setCompressionSupported(httpServerConfiguration.isCompressionSupported()); options.setIdleTimeout(httpServerConfiguration.getIdleTimeout()); options.setTcpKeepAlive(httpServerConfiguration.isTcpKeepAlive()); return vertx.createHttpServer(options); }
private void doClientCertificateTestImpl(TestContext context, boolean supplyClientCert) throws InterruptedException, ExecutionException { Async async = context.async(); // Create a server that accept a connection and expects a client connection+session+receiver ProtonServerOptions serverOptions = new ProtonServerOptions(); serverOptions.setSsl(true); serverOptions.setClientAuth(ClientAuth.REQUIRED); PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD); serverOptions.setPfxKeyCertOptions(serverPfxOptions); PfxOptions pfxOptions = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD); serverOptions.setPfxTrustOptions(pfxOptions); protonServer = createServer(serverOptions, this::handleClientConnectionSessionReceiverOpen); // Try to connect the client ProtonClientOptions clientOptions = new ProtonClientOptions(); clientOptions.setSsl(true); clientOptions.setPfxTrustOptions(pfxOptions); if (supplyClientCert) { PfxOptions clientKeyPfxOptions = new PfxOptions().setPath(KEYSTORE_CLIENT).setPassword(PASSWORD); clientOptions.setPfxKeyCertOptions(clientKeyPfxOptions); } ProtonClient client = ProtonClient.create(vertx); client.connect(clientOptions, "localhost", protonServer.actualPort(), res -> { if (supplyClientCert) { // Expect connect to succeed context.assertTrue(res.succeeded()); } else { // Expect connect to fail context.assertFalse(res.succeeded()); } async.complete(); }); async.awaitSuccess(); }
@Override public void start() { ProtonServerOptions options = new ProtonServerOptions(); if (certDir != null) { options.setSsl(true) .setClientAuth(ClientAuth.REQUIRED) .setPemKeyCertOptions(new PemKeyCertOptions() .setKeyPath(new File(certDir, "tls.key").getAbsolutePath()) .setCertPath(new File(certDir, "tls.crt").getAbsolutePath())) .setPemTrustOptions(new PemTrustOptions() .addCertPath(new File(certDir, "ca.crt").getAbsolutePath())); } server = ProtonServer.create(vertx, options); server.saslAuthenticatorFactory(saslAuthenticatorFactory); server.connectHandler(connection -> { connection.setContainer("queue-scheduler"); connection.openHandler(result -> { connection.open(); connectionOpened(connection); }).closeHandler(conn -> { log.info("Broker connection " + connection.getRemoteContainer() + " closed"); executeBlocking(() -> schedulerState.brokerRemoved(getGroupId(connection), connection.getRemoteContainer()), "Error removing broker"); connection.close(); connection.disconnect(); }).disconnectHandler(protonConnection -> { log.info("Broker connection " + connection.getRemoteContainer() + " disconnected"); executeBlocking(() -> schedulerState.brokerRemoved(getGroupId(connection), connection.getRemoteContainer()), "Error removing broker"); connection.disconnect(); }); }); server.listen(port, event -> { if (event.succeeded()) { log.info("QueueScheduler is up and running"); } else { log.error("Error starting queue scheduler", event.cause()); } }); }
@Override public HttpTermOptions setClientAuth(ClientAuth clientAuth) { return (HttpTermOptions) super.setClientAuth(clientAuth); }
private void doClientCertificateTestImpl(TestContext context, boolean supplyClientCert) throws InterruptedException, ExecutionException { Async async = context.async(); ProtonServerOptions serverOptions = new ProtonServerOptions(); serverOptions.setSsl(true); serverOptions.setClientAuth(ClientAuth.REQUIRED); PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD); serverOptions.setPfxKeyCertOptions(serverPfxOptions); PfxOptions pfxOptions = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD); serverOptions.setPfxTrustOptions(pfxOptions); mockServer = new MockServer(vertx, conn -> { handleBridgeStartupProcess(conn, context); }, serverOptions); // Try to start the bridge AmqpBridgeOptions bridgeOptions = new AmqpBridgeOptions(); bridgeOptions.setSsl(true); bridgeOptions.setPfxTrustOptions(pfxOptions); if (supplyClientCert) { PfxOptions clientKeyPfxOptions = new PfxOptions().setPath(KEYSTORE_CLIENT).setPassword(PASSWORD); bridgeOptions.setPfxKeyCertOptions(clientKeyPfxOptions); } AmqpBridge bridge = AmqpBridge.create(vertx, bridgeOptions); bridge.start("localhost", mockServer.actualPort(), res -> { if (supplyClientCert) { // Expect start to succeed context.assertTrue(res.succeeded(), "expected start to suceed due to supplying client certs"); } else { // Expect start to fail context.assertFalse(res.succeeded(), "expected start to fail due to withholding client cert"); } async.complete(); }); async.awaitSuccess(); }
@Override public ProtonServerOptions setClientAuth(ClientAuth clientAuth) { super.setClientAuth(clientAuth); return this; }
@Override public void start() throws Exception { address = MQTTSession.ADDRESS; JsonObject conf = config(); localBridgePort = conf.getInteger("local_bridge_port", 7007); idleTimeout = conf.getInteger("socket_idle_timeout", 120); ssl_cert_key = conf.getString("ssl_cert_key"); ssl_cert = conf.getString("ssl_cert"); ssl_trust = conf.getString("ssl_trust"); // [TCP -> BUS] listen TCP publish to BUS NetServerOptions opt = new NetServerOptions() .setTcpKeepAlive(true) .setIdleTimeout(idleTimeout) .setPort(localBridgePort) ; if(ssl_cert_key != null && ssl_cert != null && ssl_trust != null) { opt.setSsl(true).setClientAuth(ClientAuth.REQUIRED) .setPemKeyCertOptions(new PemKeyCertOptions() .setKeyPath(ssl_cert_key) .setCertPath(ssl_cert) ) .setPemTrustOptions(new PemTrustOptions() .addCertPath(ssl_trust) ) ; } netServer = vertx.createNetServer(opt); netServer.connectHandler(sock -> { final EventBusNetBridge ebnb = new EventBusNetBridge(sock, vertx.eventBus(), address); sock.closeHandler(aVoid -> { logger.info("Bridge Server - closed connection from client ip: " + sock.remoteAddress()); ebnb.stop(); }); sock.exceptionHandler(throwable -> { logger.error("Bridge Server - Exception: " + throwable.getMessage(), throwable); ebnb.stop(); }); logger.info("Bridge Server - new connection from client ip: " + sock.remoteAddress()); RecordParser parser = ebnb.initialHandhakeProtocolParser(); sock.handler(parser::handle); }).listen(); }
@Override public void start() throws Exception { address = MQTTSession.ADDRESS; JsonObject conf = config(); localBridgePort = conf.getInteger("local_bridge_port", 7007); idleTimeout = conf.getInteger("socket_idle_timeout", 120); ssl_cert_key = conf.getString("ssl_cert_key"); ssl_cert = conf.getString("ssl_cert"); ssl_trust = conf.getString("ssl_trust"); // [WebSocket -> BUS] listen WebSocket publish to BUS HttpServerOptions opt = new HttpServerOptions() .setTcpKeepAlive(true) .setIdleTimeout(idleTimeout) .setPort(localBridgePort) ; if(ssl_cert_key != null && ssl_cert != null && ssl_trust != null) { opt.setSsl(true).setClientAuth(ClientAuth.REQUIRED) .setPemKeyCertOptions(new PemKeyCertOptions() .setKeyPath(ssl_cert_key) .setCertPath(ssl_cert) ) .setPemTrustOptions(new PemTrustOptions() .addCertPath(ssl_trust) ) ; } netServer = vertx.createHttpServer(opt); netServer.websocketHandler(sock -> { final EventBusWebsocketBridge ebnb = new EventBusWebsocketBridge(sock, vertx.eventBus(), address); sock.closeHandler(aVoid -> { logger.info("Bridge Server - closed connection from client ip: " + sock.remoteAddress()); ebnb.stop(); }); sock.exceptionHandler(throwable -> { logger.error("Bridge Server - Exception: " + throwable.getMessage(), throwable); ebnb.stop(); }); logger.info("Bridge Server - new connection from client ip: " + sock.remoteAddress()); RecordParser parser = ebnb.initialHandhakeProtocolParser(); sock.handler(parser::handle); }).listen(); }
private void bind(int p, Handler<AsyncResult<Void>> completion) { // Get port number. final int thePort = pickAPort(port); HttpServerOptions options = new HttpServerOptions(); if (ssl) { options.setSsl(true); options.setTrustStoreOptions(SSLServerContext.getTrustStoreOption(accessor)); options.setKeyStoreOptions(SSLServerContext.getKeyStoreOption(accessor)); if (authentication) { options.setClientAuth(ClientAuth.REQUIRED); } } if (hasCompressionEnabled()) { options.setCompressionSupported(true); } if (configuration.getIntegerWithDefault("vertx.acceptBacklog", -1) != -1) { options.setAcceptBacklog(configuration.getInteger("vertx.acceptBacklog")); } if (configuration.getIntegerWithDefault("vertx.maxWebSocketFrameSize", -1) != -1) { options.setMaxWebsocketFrameSize(configuration.getInteger("vertx.maxWebSocketFrameSize")); } if (configuration.getStringArray("wisdom.websocket.subprotocols").length > 0) { options.setWebsocketSubProtocols(configuration.get("wisdom.websocket.subprotocols")); } if (configuration.getStringArray("vertx.websocket-subprotocols").length > 0) { options.setWebsocketSubProtocols(configuration.get("vertx.websocket-subprotocols")); } if (configuration.getIntegerWithDefault("vertx.receiveBufferSize", -1) != -1) { options.setReceiveBufferSize(configuration.getInteger("vertx.receiveBufferSize")); } if (configuration.getIntegerWithDefault("vertx.sendBufferSize", -1) != -1) { options.setSendBufferSize(configuration.getInteger("vertx.sendBufferSize")); } http = vertx.createHttpServer(options) .requestHandler(new HttpHandler(vertx, accessor, this)) .websocketHandler(new WebSocketHandler(accessor, this)); http.listen(thePort, host, event -> { if (event.succeeded()) { logger.info("Wisdom is going to serve HTTP requests on port {}.", thePort); port = thePort; completion.handle(Future.succeededFuture()); } else if (port == 0) { logger.debug("Cannot bind on port {} (port already used probably)", thePort, event.cause()); bind(0, completion); } else { logger.error("Cannot bind on port {} (port already used probably)", thePort, event.cause()); completion.handle(Future.failedFuture("Cannot bind on port " + thePort)); } }); }
