From: Mathieu Baudier Date: Wed, 12 Feb 2020 09:19:24 +0000 (+0100) Subject: Simplify setting up HTTPS only. X-Git-Tag: argeo-commons-2.1.86~25 X-Git-Url: https://git.argeo.org/?p=lgpl%2Fargeo-commons.git;a=commitdiff_plain;h=18fb25d72021e334696dd068cf5ef0470fafbfef Simplify setting up HTTPS only. --- diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java index 2d193fe7d..2a58d94c6 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java @@ -74,38 +74,48 @@ class InitUtils { final Hashtable props = new Hashtable(); // try { if (httpPort != null || httpsPort != null) { - if (httpPort != null) { + boolean httpEnabled = httpPort != null; + props.put(HttpConstants.HTTP_ENABLED, httpEnabled); + boolean httpsEnabled = httpsPort != null; + props.put(HttpConstants.HTTPS_ENABLED, httpsEnabled); + + if (httpEnabled) { props.put(HttpConstants.HTTP_PORT, httpPort); - props.put(HttpConstants.HTTP_ENABLED, true); + if (httpHost != null) + props.put(HttpConstants.HTTP_HOST, httpHost); } - if (httpsPort != null) { + + if (httpsEnabled) { props.put(HttpConstants.HTTPS_PORT, httpsPort); - props.put(HttpConstants.HTTPS_ENABLED, true); + if (httpsHost != null) + props.put(HttpConstants.HTTPS_HOST, httpsHost); + + // server certificate Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH); String keyStorePassword = getFrameworkProp( HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_PASSWORD); if (keyStorePassword == null) keyStorePassword = "changeit"; if (!Files.exists(keyStorePath)) - createSelfSignedKeyStore(keyStorePath, keyStorePassword); - props.put(HttpConstants.SSL_KEYSTORETYPE, "PKCS12"); + createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12); + props.put(HttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12); props.put(HttpConstants.SSL_KEYSTORE, keyStorePath.toString()); props.put(HttpConstants.SSL_PASSWORD, keyStorePassword); - props.put(HttpConstants.SSL_WANTCLIENTAUTH, true); + + // client certificate authentication + String wantClientAuth = getFrameworkProp( + HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_WANTCLIENTAUTH); + if (wantClientAuth != null) + props.put(HttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(wantClientAuth)); String needClientAuth = getFrameworkProp( HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_NEEDCLIENTAUTH); - if (needClientAuth != null) { + if (needClientAuth != null) props.put(HttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth)); - } } - if (httpHost != null) - props.put(HttpConstants.HTTP_HOST, httpHost); - if (httpsHost != null) - props.put(HttpConstants.HTTPS_HOST, httpsHost); - if (webSocketEnabled != null) - if (webSocketEnabled.equals("true")) - props.put(HttpConstants.WEB_SOCKET_ENABLED, true); + // web socket + if (webSocketEnabled != null && webSocketEnabled.equals("true")) + props.put(HttpConstants.WEB_SOCKET_ENABLED, true); props.put(NodeConstants.CN, NodeConstants.DEFAULT); } @@ -240,7 +250,7 @@ class InitUtils { } } - private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword) { + private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword, String keyStoreType) { // for (Provider provider : Security.getProviders()) // System.out.println(provider.getName()); File keyStoreFile = keyStorePath.toFile(); @@ -249,7 +259,7 @@ class InitUtils { if (!keyStoreFile.exists()) { try { keyStoreFile.getParentFile().mkdirs(); - KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd); + KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd, keyStoreType); PkiUtils.generateSelfSignedCertificate(keyStore, new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"), 1024, keyPwd); diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java index e92198495..3e2f25146 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java @@ -233,7 +233,8 @@ public class NodeHttp implements KernelConstants { } private String httpPortsMsg(Object httpPort, Object httpsPort) { - return "HTTP " + httpPort + (httpsPort != null ? " - HTTPS " + httpsPort : ""); + return (httpPort != null ? "HTTP " + httpPort + " " : " ") + + (httpsPort != null ? "HTTPS " + httpsPort : ""); } } diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/PkiUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/PkiUtils.java index 031515caa..94a9b1f45 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/PkiUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/PkiUtils.java @@ -28,6 +28,8 @@ import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; * implementations. */ class PkiUtils { + final static String PKCS12 = "PKCS12"; + private final static String SECURITY_PROVIDER; static { Security.addProvider(new BouncyCastleProvider()); @@ -59,9 +61,9 @@ class PkiUtils { } } - public static KeyStore getKeyStore(File keyStoreFile, char[] keyStorePassword) { + public static KeyStore getKeyStore(File keyStoreFile, char[] keyStorePassword, String keyStoreType) { try { - KeyStore store = KeyStore.getInstance("PKCS12", SECURITY_PROVIDER); + KeyStore store = KeyStore.getInstance(keyStoreType, SECURITY_PROVIDER); if (keyStoreFile.exists()) { try (FileInputStream fis = new FileInputStream(keyStoreFile)) { store.load(fis, keyStorePassword);