micro server ssl support

kewangie · kewangie · commit 14bf4f60a040 · 2016-10-29T17:01:21.000+01:00
diff --git a/micro-core/src/main/java/com/aol/micro/server/MicroserverApp.java b/micro-core/src/main/java/com/aol/micro/server/MicroserverApp.java
@@ -146,15 +146,9 @@ private ServerApplication createServer(Module module) {
         }
 
         ServerApplication app = applications.get(0)
-                                            .createApp(module, springContext);
-
-        if (Config.instance()
-                  .getSslProperties() != null)
-            return app.withSSLProperties(Config.instance()
-                                               .getSslProperties());
-        else
-            return app;
-    }
+                                            .createApp(module, springContext);        
+        return app;
+    }    
 
     private void join(Thread thread) {
         try {
diff --git a/micro-core/src/main/java/com/aol/micro/server/config/Classes.java b/micro-core/src/main/java/com/aol/micro/server/config/Classes.java
@@ -5,6 +5,7 @@
 
 import lombok.Getter;
 import nonautoscan.com.aol.micro.server.AopConfig;
+import nonautoscan.com.aol.micro.server.SSLConfig;
 import nonautoscan.com.aol.micro.server.ScheduleAndAsyncConfig;
 
 import com.aol.micro.server.module.ConfigureEnviroment;
@@ -28,7 +29,7 @@ public class Classes {
 	 * Codahale Metrics, Event tracking etc
 	 */
 	public static final  Classes CORE_CLASSES = new Classes(PropertyFileConfig.class, AopConfig.class,
-			 ScheduleAndAsyncConfig.class,  ConfigureEnviroment.class, AccessLogConfig.class);
+			 ScheduleAndAsyncConfig.class,  ConfigureEnviroment.class, AccessLogConfig.class, SSLConfig.class);
 	
 	
 	@Getter
diff --git a/micro-core/src/main/java/com/aol/micro/server/config/Config.java b/micro-core/src/main/java/com/aol/micro/server/config/Config.java
@@ -36,7 +36,6 @@ public class Config {
     private final String instancePropertiesName;
     private final String serviceTypePropertiesName;
     private final PMap<String, List<String>> dataSources;
-    private final SSLProperties sslProperties;
     private final boolean allowCircularReferences;
     private final String[] basePackages;
 
@@ -48,7 +47,6 @@ public Config() {
         propertiesName = "application.properties";
         instancePropertiesName = "instance.properties";
         serviceTypePropertiesName = "service-type.properties";
-        sslProperties = null;
         allowCircularReferences = false;
         basePackages = new String[0];
 
diff --git a/micro-core/src/main/java/com/aol/micro/server/config/SSLProperties.java b/micro-core/src/main/java/com/aol/micro/server/config/SSLProperties.java
@@ -44,4 +44,10 @@ public AnyM<String> getCiphers() {
 	public AnyM<String> getProtocol() {
 		return AnyM.ofNullable(protocol);
 	}
+	public AnyM<String> getTrustStoreFile() {
+		return AnyM.ofNullable(trustStoreFile);
+	}
+	public AnyM<String> getTrustStorePass() {
+		return AnyM.ofNullable(trustStorePass);
+	}
 }
diff --git a/micro-core/src/main/java/com/aol/micro/server/servers/ServerApplication.java b/micro-core/src/main/java/com/aol/micro/server/servers/ServerApplication.java
@@ -6,8 +6,6 @@
 import com.aol.micro.server.servers.model.ServerData;
 
 public interface ServerApplication {
-
 	void run(CompletableFuture start, JaxRsServletConfigurer jaxRsConfigurer, CompletableFuture end);
-	ServerData getServerData();
-	ServerApplication withSSLProperties(SSLProperties sslProperties);
+	ServerData getServerData();	
 }
diff --git a/micro-core/src/main/java/nonautoscan/com/aol/micro/server/SSLConfig.java b/micro-core/src/main/java/nonautoscan/com/aol/micro/server/SSLConfig.java
@@ -0,0 +1,54 @@
+package nonautoscan.com.aol.micro.server;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.Properties;
+
+import org.springframework.beans.factory.config.PropertiesFactoryBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.UrlResource;
+
+import com.aol.micro.server.config.SSLProperties;
+
+@Configuration
+public class SSLConfig {
+
+	private static String keyStoreFile = "keyStoreFile";
+	private static String keyStorePass = "keyStorePass";
+	private static String trustStoreFile = "trustStoreFile";
+	private static String trustStorePass = "trustStorePass";
+	private static String keyStoreType = "keyStoreType";
+	private static String keyStoreProvider = "keyStoreProvider";
+	private static String trustStoreType = "trustStoreType";
+	private static String trustStoreProvider = "trustStoreProvider";
+	private static String clientAuth = "clientAuth";
+	private static String ciphers = "ciphers";
+	private static String protocol = "protocol";
+
+	@Bean
+	public static SSLProperties sslProperties() throws IOException {
+		PropertiesFactoryBean factory = new PropertiesFactoryBean();
+		URL url = SSLConfig.class.getClassLoader().getResource("ssl.properties");
+		if (url != null) {
+			Resource reource = new UrlResource(url);
+			factory.setLocation(reource);
+			factory.afterPropertiesSet();
+			Properties properties = factory.getObject();
+			return SSLProperties.builder()
+					.keyStoreFile(properties.getProperty(keyStoreFile))
+					.keyStorePass(properties.getProperty(keyStorePass))
+					.trustStoreFile(properties.getProperty(trustStoreFile))
+					.trustStorePass(properties.getProperty(trustStorePass))
+					.keyStoreType(properties.getProperty(keyStoreType))
+					.keyStoreProvider(properties.getProperty(keyStoreProvider))
+					.trustStoreType(properties.getProperty(trustStoreType))
+					.trustStoreProvider(properties.getProperty(trustStoreProvider))
+					.clientAuth(properties.getProperty(clientAuth))
+					.ciphers(properties.getProperty(ciphers))
+					.protocol(properties.getProperty(protocol)).build();
+		}
+		return null;
+	}
+}
diff --git a/micro-grizzly/src/main/java/com/aol/micro/server/servers/grizzly/GrizzlyApplication.java b/micro-grizzly/src/main/java/com/aol/micro/server/servers/grizzly/GrizzlyApplication.java
@@ -7,11 +7,6 @@
 import javax.servlet.ServletContextListener;
 import javax.servlet.ServletRequestListener;
 
-import lombok.AccessLevel;
-import lombok.AllArgsConstructor;
-import lombok.Getter;
-import lombok.experimental.Wither;
-
 import org.glassfish.grizzly.http.server.HttpServer;
 import org.glassfish.grizzly.http.server.NetworkListener;
 import org.glassfish.grizzly.http.server.accesslog.AccessLogBuilder;
@@ -35,6 +30,10 @@
 import com.aol.micro.server.servers.model.ServerData;
 import com.aol.micro.server.servers.model.ServletData;
 
+import lombok.AccessLevel;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
 @AllArgsConstructor(access = AccessLevel.PRIVATE)
 public class GrizzlyApplication implements ServerApplication {
 
@@ -47,16 +46,13 @@ public class GrizzlyApplication implements ServerApplication {
 	private final PStack<ServletData> servletData;
 	private final PStack<ServletContextListener> servletContextListenerData;
 	private final PStack<ServletRequestListener> servletRequestListenerData;
-	@Wither
-	private final SSLProperties SSLProperties;
-
+	
 	public GrizzlyApplication(AllData serverData) {
 		this.serverData = serverData.getServerData();
 		this.filterData = serverData.getFilterDataList();
 		this.servletData = serverData.getServletDataList();
 		this.servletContextListenerData = serverData.getServletContextListeners();
-		this.servletRequestListenerData = serverData.getServletRequestListeners();
-		this.SSLProperties = null;
+		this.servletRequestListenerData = serverData.getServletRequestListeners();		
 	}
 
 	public void run(CompletableFuture start,  JaxRsServletConfigurer jaxRsConfigurer, CompletableFuture end) {
@@ -77,11 +73,17 @@ public void run(CompletableFuture start,  JaxRsServletConfigurer jaxRsConfigurer
 		HttpServer httpServer = HttpServer.createSimpleServer(null, "0.0.0.0", serverData.getPort());
 		serverData.getModule().getServerConfigManager().accept(new WebServerProvider(httpServer));
 		addAccessLog(httpServer);
-		if (SSLProperties != null)
-			this.createSSLListener(serverData.getPort());
+		addSSL(httpServer);
 
 		startServer(webappContext, httpServer, start, end);
 	}
+	
+	private void addSSL(HttpServer httpServer) {
+		SSLProperties sslProperties = serverData.getRootContext().getBean(SSLProperties.class);
+		if (sslProperties != null) {
+			httpServer.addListener(this.createSSLListener(serverData.getPort(), sslProperties));
+		}
+	}
 
 	private void startServer(WebappContext webappContext, HttpServer httpServer, CompletableFuture start, CompletableFuture end) {
 		webappContext.deploy(httpServer);
@@ -124,18 +126,17 @@ private void addAccessLog(HttpServer httpServer) {
 				logger.error("CAUSED BY: " + InternalErrorCode.SERVER_STARTUP_FAILED_TO_CREATE_ACCESS_LOG.toString() + ": " + e.getCause().getMessage());
 
 		}
-
 	}
 	
 
-	private NetworkListener createSSLListener(int port) {
+	private NetworkListener createSSLListener(int port, SSLProperties sslProperties) {
 
 		SSLConfigurationBuilder sslBuilder = new SSLConfigurationBuilder();
 		NetworkListener listener = new NetworkListener("grizzly", "0.0.0.0", Integer.valueOf(port));
 		listener.getFileCache().setEnabled(false);
 
 		listener.setSecure(true);
-		listener.setSSLEngineConfig(sslBuilder.build(SSLProperties));
+		listener.setSSLEngineConfig(sslBuilder.build(sslProperties));
 
 		return listener;
 	}
diff --git a/micro-grizzly/src/main/java/com/aol/micro/server/servers/grizzly/SSLConfigurationBuilder.java b/micro-grizzly/src/main/java/com/aol/micro/server/servers/grizzly/SSLConfigurationBuilder.java
@@ -14,8 +14,13 @@ public SSLEngineConfigurator build(SSLProperties sslProperties) {
 
         sslContext.setKeyStoreFile(sslProperties.getKeyStoreFile()); // contains server keypair
         sslContext.setKeyStorePass(sslProperties.getKeyStorePass());
-        sslContext.setTrustStoreFile(sslProperties.getTrustStoreFile()); // contains client certificate
-        sslContext.setTrustStorePass(sslProperties.getTrustStorePass());
+        
+        /**
+         * trustStore stores public key or certificates from CA (Certificate Authorities) 
+         * which is used to trust remote party or SSL connection. So should be optional
+         */
+        sslProperties.getTrustStoreFile().peek(file->sslContext.setTrustStoreFile(file)); // contains client certificate
+        sslProperties.getTrustStorePass().peek(pass->sslContext.setTrustStorePass(pass));
         
         
         

Original file line number	Diff line number	Diff line change
`@@ -44,4 +44,10 @@ public AnyM<String> getCiphers() {`
`44`	`44`	`public AnyM<String> getProtocol() {`
`45`	`45`	`return AnyM.ofNullable(protocol);`
`46`	`46`	`}`
	`47`	`+ public AnyM<String> getTrustStoreFile() {`
	`48`	`+ return AnyM.ofNullable(trustStoreFile);`
	`49`	`+ }`
	`50`	`+ public AnyM<String> getTrustStorePass() {`
	`51`	`+ return AnyM.ofNullable(trustStorePass);`
	`52`	`+ }`
`47`	`53`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,8 +6,6 @@`
`6`	`6`	`import com.aol.micro.server.servers.model.ServerData;`
`7`	`7`
`8`	`8`	`public interface ServerApplication {`
`9`		`-`
`10`	`9`	`void run(CompletableFuture start, JaxRsServletConfigurer jaxRsConfigurer, CompletableFuture end);`
`11`		`- ServerData getServerData();`
`12`		`- ServerApplication withSSLProperties(SSLProperties sslProperties);`
	`10`	`+ ServerData getServerData();`
`13`	`11`	`}`