#34 Completed the TLS implementation.

bin/build.sh

@@ -1,2 +1,5 @@
 #!/usr/bin/env bash
+
+export RAPIDOID_TEST_TLS=true
+
 mvn clean install

bin/hotspot-build.sh

@@ -2,4 +2,4 @@
 
 export JAVA_HOME=/usr/lib/jvm/jdk1.8.0_131
 
-mvn clean install
+./build.sh

rapidoid-commons/src/main/java/org/rapidoid/config/Conf.java

@@ -65,6 +65,7 @@ public Config map(String name) throws Exception {
 	public static final Config HTTP = section("http");
 	public static final Config REVERSE_PROXY = section("reverse-proxy");
 	public static final Config NET = section("net");
+	public static final Config TLS = section("tls");
 	public static final Config ON = section("on");
 	public static final Config ADMIN = section("admin");
 	public static final Config TOKEN = section("token");

rapidoid-commons/src/main/java/org/rapidoid/env/Environment.java

@@ -10,7 +10,6 @@
 import org.rapidoid.u.U;
 import org.rapidoid.util.LazyInit;
 import org.rapidoid.util.Msc;
-import org.rapidoid.util.MscOpts;
 
 import java.util.Collections;
 import java.util.List;
@@ -139,10 +138,6 @@ private void initModeAndProfiles() {
 		RapidoidEnv.touch();
 
 		if (!silent()) Log.info("Initialized environment", "!mode", mode, "!profiles", profiles);
-
-		if (mode != EnvMode.TEST) {
-			U.must(!MscOpts.isTestingHttps(), "The HTTPS testing can only be activated in TEST mode!");
-		}
 	}
 
 	private static boolean silent() {

rapidoid-commons/src/main/java/org/rapidoid/io/IO.java

@@ -275,22 +275,10 @@ private static void writeToFile(String filename, byte[] content, boolean append,
 		}
 	}
 
-	public static void close(OutputStream out, boolean quiet) {
+	public static void close(Closeable closeable, boolean quiet) {
 		try {
-			if (out != null) {
-				out.close();
-			}
-		} catch (IOException e) {
-			if (!quiet) {
-				throw U.rte(e);
-			}
-		}
-	}
-
-	public static void close(InputStream in, boolean quiet) {
-		try {
-			if (in != null) {
-				in.close();
+			if (closeable != null) {
+				closeable.close();
 			}
 		} catch (IOException e) {
 			if (!quiet) {

rapidoid-commons/src/main/java/org/rapidoid/util/Msc.java

@@ -26,17 +26,17 @@
 import org.rapidoid.io.IO;
 import org.rapidoid.io.Res;
 import org.rapidoid.job.Jobs;
-import org.rapidoid.lambda.*;
+import org.rapidoid.lambda.Dynamic;
+import org.rapidoid.lambda.Lmbd;
+import org.rapidoid.lambda.Mapper;
+import org.rapidoid.lambda.Operation;
 import org.rapidoid.log.GlobalCfg;
 import org.rapidoid.log.Log;
 import org.rapidoid.u.U;
 import org.rapidoid.validation.InvalidData;
 import org.rapidoid.wrap.BoolWrap;
 import org.rapidoid.writable.ReusableWritable;
 
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
 import javax.validation.ConstraintViolation;
 import javax.validation.ConstraintViolationException;
 import java.io.*;
@@ -46,7 +46,6 @@
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
 import java.lang.reflect.Proxy;
-import java.net.Socket;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
 import java.nio.ByteBuffer;
@@ -168,80 +167,6 @@ public static String stackTraceOf(Throwable e) {
 		return output.toString();
 	}
 
-	public static <T> T connect(String address, int port, F3<T, InputStream, BufferedReader, DataOutputStream> protocol) {
-		return connect(address, port, 0, protocol);
-	}
-
-	public static <T> T connect(String address, int port, int timeout, F3<T, InputStream, BufferedReader, DataOutputStream> protocol) {
-		return MscOpts.isTestingHttps()
-			? connectSSL(address, port, timeout, protocol)
-			: connectNoSSL(address, port, timeout, protocol);
-	}
-
-	private static SSLSocket sslSocket(String address, int port, int timeout) throws Exception {
-		SSLContext sc = SSLUtil.createTrustingContext();
-		SSLSocketFactory ssf = sc.getSocketFactory();
-		SSLSocket socket = (SSLSocket) ssf.createSocket(address, port);
-		socket.setSoTimeout(timeout);
-		socket.startHandshake();
-		return socket;
-	}
-
-	private static <T> T connectSSL(String address, int port, int timeout, F3<T, InputStream, BufferedReader, DataOutputStream> protocol) {
-		T resp;
-
-		try (SSLSocket socket = sslSocket(address, port, timeout)) {
-			socket.setSoTimeout(timeout);
-
-			resp = communicate(protocol, socket);
-
-			socket.close();
-
-		} catch (Exception e) {
-			throw U.rte(e);
-		}
-
-		return resp;
-	}
-
-	private static <T> T connectNoSSL(String address, int port, int timeout, F3<T, InputStream, BufferedReader, DataOutputStream> protocol) {
-		T resp;
-
-		try (Socket socket = new Socket(address, port)) {
-			socket.setSoTimeout(timeout);
-
-			resp = communicate(protocol, socket);
-
-			socket.close();
-
-		} catch (Exception e) {
-			throw U.rte(e);
-		}
-
-		return resp;
-	}
-
-	private static <T> T communicate(F3<T, InputStream, BufferedReader, DataOutputStream> protocol, Socket socket) throws Exception {
-
-		DataOutputStream out = new DataOutputStream(socket.getOutputStream());
-		InputStream inputStream = socket.getInputStream();
-		BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
-
-		return protocol.execute(inputStream, reader, out);
-	}
-
-	public static byte[] writeAndRead(String address, int port, final byte[] req, final int timeout) {
-		return Msc.connect(address, port, timeout, new F3<byte[], InputStream, BufferedReader, DataOutputStream>() {
-
-			@Override
-			public byte[] execute(InputStream in, BufferedReader reader, DataOutputStream out) throws Exception {
-				out.write(req);
-				return IO.readWithTimeout(in);
-			}
-
-		});
-	}
-
 	public static short bytesToShort(String s) {
 		ByteBuffer buf = Bufs.buf(s);
 		U.must(buf.limit() == 2);
@@ -1387,7 +1312,7 @@ public static String semiSpecialUri(String... suffixes) {
 	}
 
 	public static String http() {
-		return MscOpts.isTestingHttps() ? "https" : "http";
+		return MscOpts.isTestingTLS() ? "https" : "http";
 	}
 
 	public static String urlWithProtocol(String url) {
@@ -1430,5 +1355,4 @@ public static String mainAppJar() {
 		U.must(isPlatform());
 		return "/app/app.jar";
 	}
-
 }

rapidoid-commons/src/main/java/org/rapidoid/util/MscOpts.java

@@ -4,6 +4,8 @@
 import org.rapidoid.annotation.Authors;
 import org.rapidoid.annotation.Since;
 import org.rapidoid.cls.Cls;
+import org.rapidoid.config.Conf;
+import org.rapidoid.log.GlobalCfg;
 
 /*
  * #%L
@@ -50,7 +52,7 @@ public class MscOpts extends RapidoidThing {
 
 	private static final boolean isRestOnly = !hasRapidoidHTML();
 
-	private static final boolean isTestingHttps = "true".equals(System.getProperty("RAPIDOID_TEST_HTTPS"));
+	private static final boolean isTestingTLS = GlobalCfg.is("RAPIDOID_TEST_TLS") || Conf.TLS.is("enabled");
 
 	public static boolean hasValidation() {
 		return hasValidation;
@@ -112,7 +114,7 @@ public static String appsPath() {
 		return appsPath;
 	}
 
-	public static boolean isTestingHttps() {
-		return isTestingHttps;
+	public static boolean isTestingTLS() {
+		return isTestingTLS;
 	}
 }

rapidoid-commons/src/main/resources/built-in-config.yml

@@ -152,3 +152,11 @@ token:
 log:
   level: info
   fancy: false # auto
+
+tls:
+  enabled: false
+  keystore: ''
+  keystorePassword: ''
+  keyManagerPassword: ''
+  truststore: ''
+  truststorePassword: ''

rapidoid-commons/src/main/resources/rapidoid-classes.txt

@@ -637,14 +637,16 @@ org.rapidoid.net.impl.RapidoidChannel
 org.rapidoid.net.impl.RapidoidConnection
 org.rapidoid.net.impl.RapidoidHelper
 org.rapidoid.net.impl.RapidoidServerLoop
-org.rapidoid.net.impl.RapidoidTLS
 org.rapidoid.net.impl.RapidoidWorker
 org.rapidoid.net.impl.RapidoidWorkerThread
 org.rapidoid.net.Protocol
 org.rapidoid.net.Server
 org.rapidoid.net.ServerBuilder
 org.rapidoid.net.TCP
 org.rapidoid.net.TCPServerInfo
+org.rapidoid.net.tls.RapidoidTLS
+org.rapidoid.net.tls.TLSUtil
+org.rapidoid.net.util.NetUtil
 org.rapidoid.oauth.DefaultOAuthStateCheck
 org.rapidoid.oauth.OAuth
 org.rapidoid.oauth.OAuthLoginHandler
@@ -797,7 +799,6 @@ org.rapidoid.util.SimpleList
 org.rapidoid.util.SimpleMap
 org.rapidoid.util.SimplePersisterProvider
 org.rapidoid.util.SlidingWindowList
-org.rapidoid.util.SSLUtil
 org.rapidoid.util.TokenAuthData
 org.rapidoid.util.Tokens
 org.rapidoid.util.TUUID

rapidoid-http-client/pom.xml

@@ -14,7 +14,7 @@
 	<dependencies>
 		<dependency>
 			<groupId>org.rapidoid</groupId>
-			<artifactId>rapidoid-commons</artifactId>
+			<artifactId>rapidoid-net</artifactId>
 			<version>${project.version}</version>
 		</dependency>
 		<dependency>

rapidoid-http-client/src/main/java/org/rapidoid/http/HttpClient.java

@@ -58,7 +58,7 @@ public class HttpClient extends RapidoidThing {
 
 	private volatile int maxRedirects = 5;
 
-	private volatile boolean validateSSL = !MscOpts.isTestingHttps();
+	private volatile boolean validateSSL = !MscOpts.isTestingTLS();
 
 	private volatile int timeout = 5000;
 

rapidoid-http-client/src/main/java/org/rapidoid/http/HttpClientUtil.java

@@ -28,9 +28,9 @@
 import org.rapidoid.io.IO;
 import org.rapidoid.io.Upload;
 import org.rapidoid.log.Log;
+import org.rapidoid.net.tls.TLSUtil;
 import org.rapidoid.u.U;
 import org.rapidoid.util.Msc;
-import org.rapidoid.util.SSLUtil;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -95,7 +95,7 @@ static CloseableHttpAsyncClient client(HttpClient client) throws KeyStoreExcepti
 			.setRedirectStrategy(client.followRedirects() ? new DefaultRedirectStrategy() : NO_REDIRECTS);
 
 		if (!client.validateSSL()) {
-			builder.setSSLContext(SSLUtil.createTrustingContext());
+			builder.setSSLContext(TLSUtil.createTrustingContext());
 			builder.setSSLHostnameVerifier(new AllowAllHostnameVerifier());
 		}
 

rapidoid-integration-tests/src/test/java/org/rapidoid/docs/revproxyself/Main.java

@@ -23,13 +23,14 @@
 import org.rapidoid.reverseproxy.Reverse;
 import org.rapidoid.setup.App;
 import org.rapidoid.setup.On;
+import org.rapidoid.util.Msc;
 
 public class Main {
 
 	public static void main(String[] args) {
 		App.bootstrap(args);
 
-		String fooUpstream = "http://localhost:8080/foo";
+		String fooUpstream = Msc.http() + "://localhost:8080/foo";
 
 		Reverse.proxy("/bar").to(fooUpstream).add();
 		Reverse.proxy("/").to(fooUpstream).add();

rapidoid-integration-tests/src/test/java/org/rapidoid/http/IsolatedIntegrationTest.java

@@ -37,6 +37,7 @@
 import org.rapidoid.jpa.JPAUtil;
 import org.rapidoid.lambda.F3;
 import org.rapidoid.log.Log;
+import org.rapidoid.net.util.NetUtil;
 import org.rapidoid.reverseproxy.Reverse;
 import org.rapidoid.scan.ClasspathUtil;
 import org.rapidoid.setup.Admin;
@@ -396,6 +397,6 @@ protected void proxy(String match, String upstreams) {
 	}
 
 	protected <T> T connect(F3<T, InputStream, BufferedReader, DataOutputStream> protocol) {
-		return Msc.connect("localhost", 8080, 1000, protocol);
+		return NetUtil.connect("localhost", 8080, 1000, protocol);
 	}
 }

rapidoid-integration-tests/src/test/java/org/rapidoid/httpfast/InvalidUrlDecodedParamsTest.java

@@ -5,9 +5,9 @@
 import org.rapidoid.annotation.Since;
 import org.rapidoid.fluent.Flow;
 import org.rapidoid.http.IsolatedIntegrationTest;
+import org.rapidoid.net.util.NetUtil;
 import org.rapidoid.setup.On;
 import org.rapidoid.u.U;
-import org.rapidoid.util.Msc;
 
 /*
  * #%L
@@ -37,7 +37,7 @@ public class InvalidUrlDecodedParamsTest extends IsolatedIntegrationTest {
 	public void testWithInvalidEncoding() {
 		On.get("/").json(req -> U.map("uri", req.uri(), "query", req.query(), "data", req.data()));
 
-		String resp = Msc.connect("localhost", 8080, (in, reader, out) -> {
+		String resp = NetUtil.connect("localhost", 8080, (in, reader, out) -> {
 			out.writeBytes("GET /?a=[%A%]&b=bb!&c=%&d=%% HTTP/1.0\n\n");
 			return Flow.of(reader.lines()).findLast().get();
 		});