Skip to content

Commit

Permalink
Fixes issue #3497 - Add trust store support to HttpsFeature (#3498)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mnriem
mnriem committed Jul 22, 2023
1 parent 0bfc9ca commit ecaac61
Show file tree
Hide file tree
Showing 24 changed files with 693 additions and 329 deletions.
2 changes: 2 additions & 0 deletions dist/coreprofile/src/main/java/cloud/piranha/dist/coreprofile/CoreProfilePiranha.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,8 @@ public void run() {
httpsFeature.setHttpsKeystoreFile(configuration.getString("httpsKeystoreFile"));
httpsFeature.setHttpsKeystorePassword(configuration.getString("httpsKeystorePassword"));
httpsFeature.setHttpsServerClass(configuration.getString("httpsServerClass"));
httpsFeature.setHttpsTruststoreFile(configuration.getString("httpsTruststoreFile"));
httpsFeature.setHttpsTruststorePassword(configuration.getString("httpsTruststorePassword"));
httpsFeature.setPort(configuration.getInteger("httpsPort"));
httpsFeature.init();
httpsFeature.getHttpsServer().setHttpServerProcessor(webAppFeature.getHttpServerProcessor());
Expand Down
53 changes: 39 additions & 14 deletions dist/coreprofile/src/main/java/cloud/piranha/dist/coreprofile/CoreProfilePiranhaBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,28 @@ public CoreProfilePiranhaBuilder httpsServerClass(String httpsServerClass) {
return this;
}

/**
* Set the HTTPS truststore file.
*
* @param httpsTruststoreFile the HTTPS truststore file.
* @return the builder.
*/
public CoreProfilePiranhaBuilder httpsTruststoreFile(String httpsTruststoreFile) {
piranha.getConfiguration().setString("httpsTruststoreFile", httpsTruststoreFile);
return this;
}

/**
* Set the HTTPS truststore password.
*
* @param httpsTruststorePassword the HTTPS truststore password.
* @return the builder.
*/
public CoreProfilePiranhaBuilder httpsTruststorePassword(String httpsTruststorePassword) {
piranha.getConfiguration().setString("httpsTruststorePassword", httpsTruststorePassword);
return this;
}

/**
* Enable/disable JPMS.
*
Expand Down Expand Up @@ -220,19 +242,21 @@ private void showArguments() {
Arguments
=========
Context path : %s
Extension class : %s
Exit on stop : %s
HTTP port : %s
HTTP server class : %s
HTTPS keystore file : %s
HTTPS keystore password : ****
HTTPS port : %s
HTTPS server class : %s
JPMS enabled : %s
PID : %s
WAR filename : %s
Web application dir : %s
Context path : %s
Extension class : %s
Exit on stop : %s
HTTP port : %s
HTTP server class : %s
HTTPS keystore file : %s
HTTPS keystore password : ****
HTTPS port : %s
HTTPS server class : %s
HTTPS truststore file : %s
HTTPS truststore password : ****
JPMS enabled : %s
PID : %s
WAR filename : %s
Web application dir : %s
""".formatted(
configuration.getString("contextPath"),
Expand All @@ -243,14 +267,15 @@ private void showArguments() {
configuration.getString("httpsKeystoreFile"),
configuration.getInteger("httpsPort"),
configuration.getString("httpsServerClass"),
configuration.getString("httpsTruststoreFile"),
configuration.getBoolean("jpms", false),
configuration.getLong("pid"),
configuration.getFile("warFile"),
configuration.getFile("webAppDir")
)
);
}

/**
* Set the verbose flag.
*
Expand Down
49 changes: 30 additions & 19 deletions dist/coreprofile/src/main/java/cloud/piranha/dist/coreprofile/CoreProfilePiranhaMain.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,12 @@ private CoreProfilePiranhaBuilder processArguments(String[] arguments) {
if (arguments[i].equals("--https-server-class")) {
builder = builder.httpsServerClass(arguments[i + 1]);
}
if (arguments[i].equals("--https-truststore-file")) {
builder = builder.httpsTruststoreFile(arguments[i + 1]);
}
if (arguments[i].equals("--https-truststore-password")) {
builder = builder.httpsTruststorePassword(arguments[i + 1]);
}
if (arguments[i].equals("--jpms")) {
builder = builder.jpms(true);
}
Expand Down Expand Up @@ -136,25 +142,30 @@ private static void showHelp() {
LOGGER.log(Level.INFO, "");
LOGGER.log(Level.INFO,
"""
--extension-class <className> - Set the extension to use
--help - Show this help
--context-path <string> - Set the Servlet context path
--http-port <integer> - Set the HTTP port (use -1 to disable)
--http-server-class <className> - Set the HTTP server class to use
--https-keystore-file <file> - Set the HTTPS keystore file (applies to
the whole JVM)
--https-keystore-password <string> - Set the HTTPS keystore password (applies
to the whole JVM)
--https-port <integer> - Set the HTTPS port (disabled by default)
--https-server-class <className> - Set the HTTPS server class to use
--jpms - Enable Java Platform Module System
--verbose - Shows the runtime parameters
--war-file <file> - The WAR file to deploy
--webapp-dir <directory> - The directory to use for the web
application (auto creates when it does
not exist, if omitted runtime will use
the filename portion of --war-file)
--write-pid - Write out a PID file
--extension-class <className> - Set the extension to use
--help - Show this help
--context-path <string> - Set the Servlet context path
--http-port <integer> - Set the HTTP port (use -1 to disable)
--http-server-class <className> - Set the HTTP server class to use
--https-keystore-file <file> - Set the HTTPS keystore file (applies to
the whole JVM)
--https-keystore-password <string> - Set the HTTPS keystore password
(applies to the whole JVM)
--https-port <integer> - Set the HTTPS port (disabled by
default)
--https-server-class <className> - Set the HTTPS server class to use
--https-truststore-file <file> - Set the HTTPS keystore file (applies to
the whole JVM)
--https-truststore-password <string> - Set the HTTPS keystore password
(applies to the whole JVM)
--jpms - Enable Java Platform Module System
--verbose - Shows the runtime parameters
--war-file <file> - The WAR file to deploy
--webapp-dir <directory> - The directory to use for the web
application (auto creates when it does
not exist, if omitted runtime will use
the filename portion of --war-file)
--write-pid - Write out a PID file
""");
}
}
2 changes: 2 additions & 0 deletions dist/microprofile/src/main/java/cloud/piranha/dist/microprofile/MicroProfilePiranha.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,8 @@ public void run() {
httpsFeature.setHttpsKeystoreFile(configuration.getString("httpsKeystoreFile"));
httpsFeature.setHttpsKeystorePassword(configuration.getString("httpsKeystorePassword"));
httpsFeature.setHttpsServerClass(configuration.getString("httpsServerClass"));
httpsFeature.setHttpsTruststoreFile(configuration.getString("httpsTruststoreFile"));
httpsFeature.setHttpsTruststorePassword(configuration.getString("httpsTruststorePassword"));
httpsFeature.setPort(configuration.getInteger("httpsPort"));
httpsFeature.init();
httpsFeature.getHttpsServer().setHttpServerProcessor(webAppFeature.getHttpServerProcessor());
Expand Down
80 changes: 55 additions & 25 deletions ...icroprofile/src/main/java/cloud/piranha/dist/microprofile/MicroProfilePiranhaBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
*/
package cloud.piranha.dist.microprofile;

import cloud.piranha.core.api.PiranhaConfiguration;
import cloud.piranha.core.api.WebApplicationExtension;
import java.io.File;
import java.lang.System.Logger;
Expand Down Expand Up @@ -183,6 +184,28 @@ public MicroProfilePiranhaBuilder httpsServerClass(String httpsServerClass) {
return this;
}

/**
* Set the HTTPS truststore file.
*
* @param httpsTruststoreFile the HTTPS truststore file.
* @return the builder.
*/
public MicroProfilePiranhaBuilder httpsTruststoreFile(String httpsTruststoreFile) {
piranha.getConfiguration().setString("httpsTruststoreFile", httpsTruststoreFile);
return this;
}

/**
* Set the HTTPS truststore password.
*
* @param httpsTruststorePassword the HTTPS truststore password.
* @return the builder.
*/
public MicroProfilePiranhaBuilder httpsTruststorePassword(String httpsTruststorePassword) {
piranha.getConfiguration().setString("httpsTruststorePassword", httpsTruststorePassword);
return this;
}

/**
* Enable/disable JPMS.
*
Expand All @@ -198,6 +221,8 @@ public MicroProfilePiranhaBuilder jpms(boolean jpms) {
* Show the arguments used.
*/
private void showArguments() {
PiranhaConfiguration configuration = piranha.getConfiguration();

LOGGER.log(Level.INFO,
"""
Expand All @@ -206,33 +231,38 @@ private void showArguments() {
Arguments
=========
Context path : %s
Extension class : %s
Exit on stop : %s
HTTP port : %s
HTTP server class : %s
HTTPS keystore file : %s
HTTPS keystore password : ****
HTTPS port : %s
HTTPS server class : %s
JPMS enabled : %s
PID : %s
WAR filename : %s
Web application dir : %s
Context path : %s
Extension class : %s
Exit on stop : %s
HTTP port : %s
HTTP server class : %s
HTTPS keystore file : %s
HTTPS keystore password : ****
HTTPS port : %s
HTTPS server class : %s
HTTPS truststore file : %s
HTTPS truststore password : ****
JPMS enabled : %s
PID : %s
WAR filename : %s
Web application dir : %s
""".formatted(
piranha.getConfiguration().getString("contextPath"),
piranha.getConfiguration().getClass("extensionClass"),
piranha.getConfiguration().getBoolean("exitOnStop", false),
piranha.getConfiguration().getInteger("httpPort"),
piranha.getConfiguration().getString("httpServerClass"),
piranha.getConfiguration().getString("httpsKeystoreFile"),
piranha.getConfiguration().getInteger("httpsPort"),
piranha.getConfiguration().getString("httpsServerClass"),
piranha.getConfiguration().getBoolean("jpmsEnabled", false),
piranha.getConfiguration().getLong("pid"),
piranha.getConfiguration().getFile("warFile"),
piranha.getConfiguration().getFile("webappDir")));
configuration.getString("contextPath"),
configuration.getClass("extensionClass"),
configuration.getBoolean("exitOnStop", false),
configuration.getInteger("httpPort"),
configuration.getString("httpServerClass"),
configuration.getString("httpsKeystoreFile"),
configuration.getInteger("httpsPort"),
configuration.getString("httpsServerClass"),
configuration.getString("httpsTruststoreFile"),
configuration.getBoolean("jpms", false),
configuration.getLong("pid"),
configuration.getFile("warFile"),
configuration.getFile("webAppDir")
)
);
}

/**
Expand Down
49 changes: 30 additions & 19 deletions dist/microprofile/src/main/java/cloud/piranha/dist/microprofile/MicroProfilePiranhaMain.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,12 @@ private MicroProfilePiranhaBuilder processArguments(String[] arguments) {
if (arguments[i].equals("--https-server-class")) {
builder = builder.httpsServerClass(arguments[i + 1]);
}
if (arguments[i].equals("--https-truststore-file")) {
builder = builder.httpsTruststoreFile(arguments[i + 1]);
}
if (arguments[i].equals("--https-truststore-password")) {
builder = builder.httpsTruststorePassword(arguments[i + 1]);
}
if (arguments[i].equals("--jpms")) {
builder = builder.jpms(true);
}
Expand Down Expand Up @@ -138,25 +144,30 @@ private static void showHelp() {
LOGGER.log(Level.INFO, "");
LOGGER.log(Level.INFO,
"""
--extension-class <className> - Set the extension to use
--help - Show this help
--context-path <string> - Set the Servlet context path
--http-port <integer> - Set the HTTP port (use -1 to disable)
--http-server-class <className> - Set the HTTP server class to use
--https-port <integer> - Set the HTTPS port (disabled by default)
--https-server-class <className> - Set the HTTPS server class to use
--jpms - Enable Java Platform Module System
--https-keystore-file <file> - Set the HTTPS keystore file (applies to
the whole JVM)
--https-keystore-password <string> - Set the HTTPS keystore password (applies
to the whole JVM
--verbose - Shows the runtime parameters
--war-file <file> - The WAR file to deploy
--webapp-dir <directory> - The directory to use for the web
application (auto creates when it does
not exist, if omitted runtime will use
the filename portion of --war-file)
--write-pid - Write out a PID file
--extension-class <className> - Set the extension to use
--help - Show this help
--context-path <string> - Set the Servlet context path
--http-port <integer> - Set the HTTP port (use -1 to disable)
--http-server-class <className> - Set the HTTP server class to use
--https-keystore-file <file> - Set the HTTPS keystore file (applies to
the whole JVM)
--https-keystore-password <string> - Set the HTTPS keystore password
(applies to the whole JVM)
--https-port <integer> - Set the HTTPS port (disabled by
default)
--https-server-class <className> - Set the HTTPS server class to use
--https-truststore-file <file> - Set the HTTPS keystore file (applies to
the whole JVM)
--https-truststore-password <string> - Set the HTTPS keystore password
(applies to the whole JVM)
--jpms - Enable Java Platform Module System
--verbose - Shows the runtime parameters
--war-file <file> - The WAR file to deploy
--webapp-dir <directory> - The directory to use for the web
application (auto creates when it does
not exist, if omitted runtime will use
the filename portion of --war-file)
--write-pid - Write out a PID file
""");
}
}
45 changes: 2 additions & 43 deletions dist/platform/src/main/java/cloud/piranha/dist/platform/PlatformPiranha.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,8 @@ public void run() {
httpsFeature.setHttpsKeystoreFile(configuration.getString("httpsKeystoreFile"));
httpsFeature.setHttpsKeystorePassword(configuration.getString("httpsKeystorePassword"));
httpsFeature.setHttpsServerClass(configuration.getString("httpsServerClass"));
httpsFeature.setHttpsTruststoreFile(configuration.getString("httpsTruststoreFile"));
httpsFeature.setHttpsTruststorePassword(configuration.getString("httpsTruststorePassword"));
httpsFeature.setPort(configuration.getInteger("httpsPort"));
httpsFeature.init();
httpsFeature.getHttpsServer().setHttpServerProcessor(webAppsFeature.getHttpServerProcessor());
Expand Down Expand Up @@ -268,49 +270,6 @@ public void run() {
featureManager.stop();
}

/**
* Set the HTTPS truststore file.
*
* <p>
* Convenience wrapper around the <code>javax.net.ssl.trustStore</code>
* system property. Note using this method sets the property for the entire
* JVM.
* </p>
*
* @param httpsTruststoreFile the HTTPS truststore file.
*/
public void setHttpsTruststoreFile(String httpsTruststoreFile) {
if (httpsTruststoreFile != null) {
System.setProperty("javax.net.ssl.trustStore", httpsTruststoreFile);
}
}

/**
* Set the HTTPS truststore password.
*
* <p>
* Convenience wrapper around the
* <code>javax.net.ssl.trustStorePassword</code> system property. Note using
* this method sets the property for the entire JVM.
* </p>
*
* @param httpsTruststorePassword the HTTPS truststore password.
*/
void setHttpsTruststorePassword(String httpsTruststorePassword) {
if (httpsTruststorePassword != null) {
System.setProperty("javax.net.ssl.trustStorePassword", httpsTruststorePassword);
}
}

/**
* Set the web applications directory.
*
* @param webAppsDir the web applications directory.
*/
public void setWebAppsDir(File webAppsDir) {
this.configuration.setFile("webAppsDir", webAppsDir);
}

/**
* Start the server.
*/
Expand Down

0 comments on commit ecaac61

Please sign in to comment.