Add an example of using Dropwizard with Conscrypt

Conscrypt is used as the JCE provider for a HTTP/2 app.
dropwizard · Dec 13, 2017 · 6050574 · 6050574
1 parent 1736fc1
commit 6050574
Show file tree

Hide file tree

Showing 8 changed files with 131 additions and 42 deletions.
diff --git a/docs/source/manual/core.rst b/docs/source/manual/core.rst
@@ -322,6 +322,49 @@ connection similar to pre-Dropwizard 1.0.
 
 .. _man-core-bootstrapping:
 
+Since the version 9.4.8 (Dropwizard 1.2.3) Jetty supports native SSL via Google's `Conscrypt`_ which uses `BoringSSL`_
+(Google's fork of OpenSSL) for handling cryptography. You can enable it in Dropwizard by registering the provider
+in your app:
+
+.. code-block:: xml
+
+    <dependency>
+        <groupId>org.conscrypt</groupId>
+        <artifactId>conscrypt-openjdk-uber</artifactId>
+        <version>${conscrypt.version}</version>
+    </dependency>
+
+.. code-block:: java
+
+    static {
+        Security.addProvider(new OpenSSLProvider());
+    }
+
+and setting the JCE provider in the configuration:
+
+.. code-block:: yaml
+
+    server:
+      type: simple
+      connector:
+        type: https
+        jceProvider: Conscrypt
+
+For HTTP/2 servers you need to add an ALPN Conscrypt provider as a dependency.
+
+.. code-block:: xml
+
+    <dependency>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-alpn-conscrypt-server</artifactId>
+        <version>${jetty.version}</version>
+        <scope>test</scope>
+    </dependency>
+
+.. _`Conscrypt`: https://github.com/google/conscrypt
+.. _`BoringSSL`: https://github.com/google/boringssl
+
+
 Bootstrapping
 =============
 

diff --git a/dropwizard-bom/pom.xml b/dropwizard-bom/pom.xml
@@ -282,6 +282,11 @@
                 <artifactId>jetty-alpn-openjdk8-client</artifactId>
                 <version>${jetty.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.eclipse.jetty</groupId>
+                <artifactId>jetty-alpn-conscrypt-server</artifactId>
+                <version>${jetty.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.eclipse.jetty.toolchain.setuid</groupId>
                 <artifactId>jetty-setuid-java</artifactId>

diff --git a/dropwizard-http2/pom.xml b/dropwizard-http2/pom.xml
@@ -82,6 +82,12 @@
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-alpn-conscrypt-server</artifactId>
+            <scope>test</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-alpn-openjdk8-server</artifactId>

diff --git a/dropwizard-http2/src/test/java/io/dropwizard/http2/AbstractHttp2Test.java b/dropwizard-http2/src/test/java/io/dropwizard/http2/AbstractHttp2Test.java
@@ -2,11 +2,17 @@
 
 import com.google.common.base.Charsets;
 import io.dropwizard.logging.BootstrapLogging;
+import io.dropwizard.testing.ResourceHelpers;
 import org.eclipse.jetty.client.HttpClient;
 import org.eclipse.jetty.client.api.ContentResponse;
 import org.eclipse.jetty.client.api.Result;
 import org.eclipse.jetty.client.util.BufferingResponseListener;
 import org.eclipse.jetty.http.HttpVersion;
+import org.eclipse.jetty.http2.client.HTTP2Client;
+import org.eclipse.jetty.http2.client.http.HttpClientTransportOverHTTP2;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.junit.After;
+import org.junit.Before;
 
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
@@ -22,6 +28,24 @@ public class AbstractHttp2Test {
         BootstrapLogging.bootstrap();
     }
 
+    final SslContextFactory sslContextFactory = new SslContextFactory();
+    HttpClient client;
+
+    @Before
+    public void setUp() throws Exception {
+        sslContextFactory.setTrustStorePath(ResourceHelpers.resourceFilePath("stores/http2_client.jts"));
+        sslContextFactory.setTrustStorePassword("http2_client");
+        sslContextFactory.start();
+
+        client = new HttpClient(new HttpClientTransportOverHTTP2(new HTTP2Client()), sslContextFactory);
+        client.start();
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        client.stop();
+    }
+
     protected static void assertResponse(ContentResponse response) {
         assertThat(response.getVersion()).isEqualTo(HttpVersion.HTTP_2);
         assertThat(response.getStatus()).isEqualTo(200);

diff --git a/dropwizard-http2/src/test/java/io/dropwizard/http2/Http2IntegrationTest.java b/dropwizard-http2/src/test/java/io/dropwizard/http2/Http2IntegrationTest.java
@@ -5,14 +5,8 @@
 import io.dropwizard.testing.ConfigOverride;
 import io.dropwizard.testing.ResourceHelpers;
 import io.dropwizard.testing.junit.DropwizardAppRule;
-import org.eclipse.jetty.client.HttpClient;
-import org.eclipse.jetty.http2.client.HTTP2Client;
-import org.eclipse.jetty.http2.client.http.HttpClientTransportOverHTTP2;
-import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.glassfish.jersey.client.JerseyClient;
 import org.glassfish.jersey.client.JerseyClientBuilder;
-import org.junit.After;
-import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 
@@ -34,24 +28,6 @@ public class Http2IntegrationTest extends AbstractHttp2Test {
                     ResourceHelpers.resourceFilePath("stores/http2_client.jts"))
     );
 
-    private final SslContextFactory sslContextFactory = new SslContextFactory();
-    private HttpClient client;
-
-    @Before
-    public void setUp() throws Exception {
-        sslContextFactory.setTrustStorePath(ResourceHelpers.resourceFilePath("stores/http2_client.jts"));
-        sslContextFactory.setTrustStorePassword("http2_client");
-        sslContextFactory.start();
-
-        client = new HttpClient(new HttpClientTransportOverHTTP2(new HTTP2Client()), sslContextFactory);
-        client.start();
-    }
-
-    @After
-    public void tearDown() throws Exception {
-        client.stop();
-    }
-
     @Test
     public void testHttp11() throws Exception {
         final String hostname = "localhost";

diff --git a/dropwizard-http2/src/test/java/io/dropwizard/http2/Http2WithConscrypt.java b/dropwizard-http2/src/test/java/io/dropwizard/http2/Http2WithConscrypt.java
@@ -0,0 +1,42 @@
+package io.dropwizard.http2;
+
+import io.dropwizard.Configuration;
+import io.dropwizard.testing.junit.DropwizardAppRule;
+import org.conscrypt.OpenSSLProvider;
+import org.eclipse.jetty.client.HttpClient;
+import org.eclipse.jetty.http2.client.HTTP2Client;
+import org.eclipse.jetty.http2.client.http.HttpClientTransportOverHTTP2;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+
+import java.security.Security;
+import java.util.Optional;
+
+import static io.dropwizard.testing.ConfigOverride.config;
+import static io.dropwizard.testing.ResourceHelpers.resourceFilePath;
+
+public class Http2WithConscrypt extends AbstractHttp2Test {
+
+    static {
+        Security.addProvider(new OpenSSLProvider());
+    }
+
+    private static final String PREFIX = "tls_conscrypt";
+
+    @Rule
+    public final DropwizardAppRule<Configuration> appRule = new DropwizardAppRule<>(
+        FakeApplication.class, resourceFilePath("test-http2-with-conscrypt.yml"),
+        Optional.of(PREFIX),
+        config(PREFIX, "server.connector.keyStorePath", resourceFilePath("stores/http2_server.jks")),
+        config(PREFIX, "server.connector.trustStorePath", resourceFilePath("stores/http2_client.jts"))
+    );
+
+    @Test
+    public void testHttp2WithCustomCipher() throws Exception {
+        assertResponse(client.GET("https://localhost:" + appRule.getLocalPort() + "/api/test"));
+    }
+
+}
diff --git a/dropwizard-http2/src/test/java/io/dropwizard/http2/Http2WithCustomCipherTest.java b/dropwizard-http2/src/test/java/io/dropwizard/http2/Http2WithCustomCipherTest.java
@@ -28,24 +28,6 @@ FakeApplication.class, resourceFilePath("test-http2-with-custom-cipher.yml"),
         config(PREFIX, "server.connector.trustStorePath", resourceFilePath("stores/http2_client.jts"))
     );
 
-    private final SslContextFactory sslContextFactory = new SslContextFactory();
-    private HttpClient client;
-
-    @Before
-    public void setUp() throws Exception {
-        sslContextFactory.setTrustStorePath(resourceFilePath("stores/http2_client.jts"));
-        sslContextFactory.setTrustStorePassword("http2_client");
-        sslContextFactory.start();
-
-        client = new HttpClient(new HttpClientTransportOverHTTP2(new HTTP2Client()), sslContextFactory);
-        client.start();
-    }
-
-    @After
-    public void tearDown() throws Exception {
-        client.stop();
-    }
-
     @Test
     public void testHttp2WithCustomCipher() throws Exception {
         assertResponse(client.GET("https://localhost:" + appRule.getLocalPort() + "/api/test"));

diff --git a/dropwizard-http2/src/test/resources/test-http2-with-conscrypt.yml b/dropwizard-http2/src/test/resources/test-http2-with-conscrypt.yml
@@ -0,0 +1,11 @@
+server:
+  type: simple
+  connector:
+    type: h2
+    port: 0
+    keyStorePassword: http2_server
+    trustStorePassword: http2_client
+    validateCerts: false
+    jceProvider: Conscrypt
+  applicationContextPath: /api
+  adminContextPath: /admin