Skip to content

Commit

Permalink
Added option for ssl-context to AddUndertowListener command
Browse files Browse the repository at this point in the history
  • Loading branch information
honza-kasik committed Oct 5, 2021
1 parent ebfdd8a commit 3adc2c9
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,12 @@ public final class AddUndertowListener implements OnlineCommand {
private Boolean enableSpdy;
private String enabledCipherSuites;
private String enabledProtocols;
/**
* @deprecated Use sslContext
*/
private String securityRealm;
private SslVerifyClient verifyClient;
private String sslContext;

// ajp
private String scheme;
Expand All @@ -81,6 +85,7 @@ private AddUndertowListener(HttpsBuilder builder) {
this.enabledCipherSuites = builder.enabledCipherSuites;
this.enabledProtocols = builder.enabledProtocols;
this.securityRealm = builder.securityRealm;
this.sslContext = builder.sslContext;
this.verifyClient = builder.verifyClient;
initCommonOptions(builder);
}
Expand Down Expand Up @@ -175,10 +180,14 @@ public void apply(OnlineCommandContext ctx) throws CommandFailedException, IOExc
.andOptional("proxy-address-forwarding", proxyAddressForwarding);
break;
case HTTPS_LISTENER:
if (securityRealm == null && sslContext == null) {
throw new CommandFailedException("Either SSL context or security realm must be set!");
}
params = params.andOptional("enable-spdy", enableSpdy)
.andOptional("enabled-cipher-suites", enabledCipherSuites)
.andOptional("enabled-protocols", enabledProtocols)
.and("security-realm", securityRealm)
.andOptional("security-realm", securityRealm)
.andOptional("ssl-context", sslContext)
.andOptional("verify-client", verifyClient != null ? verifyClient.name() : null);
break;
case AJP_LISTENER:
Expand Down Expand Up @@ -562,7 +571,11 @@ public static final class HttpsBuilder extends UndertowListenerBuilder<HttpsBuil
private Boolean enableSpdy;
private String enabledCipherSuites;
private String enabledProtocols;
/**
* @deprecated use sslContext
*/
private String securityRealm;
private String sslContext;
private SslVerifyClient verifyClient;

public HttpsBuilder(String listenerName, String serverName, String socketBinding) {
Expand Down Expand Up @@ -617,12 +630,24 @@ public HttpsBuilder enabledProtocols(String enabledProtocols) {
* Note, there is also created {@link AddHttpsSecurityRealm} allowing to easily create security realm with
* specified name
* </p>
* @deprecated Use {@link #sslContext(String sslContext)} instead
*/
public HttpsBuilder securityRealm(String securityRealm) {
this.securityRealm = securityRealm;
return this;
}

/**
* Defines which {@code org.wildfly.security.ssl-context} should be used by this HTTPS listener. Note you can
* use {@link org.wildfly.extras.creaper.commands.elytron.CreateServerSSLContext} to create this capability.
* @param sslContext ssl context name
* @return instance of this builder
*/
public HttpsBuilder sslContext(String sslContext) {
this.sslContext = sslContext;
return this;
}

/**
* Defines desired SSL client authentication mode for SSL channels
*/
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@
<version.java>1.6</version.java>

<!-- All versions. Keep in alphabetical order. Name format: version.${groupId}.${artifactIdOrWildcard}. -->
<version.com.google.code.cookcc>0.3.3</version.com.google.code.cookcc>
<version.com.google.code.cookcc>0.3.3-redhat-1</version.com.google.code.cookcc>
<version.com.google.guava.guava>20.0</version.com.google.guava.guava>
<version.com.puppycrawl.tools.checkstyle>6.1.1</version.com.puppycrawl.tools.checkstyle>
<version.junit.junit>4.13.1</version.junit.junit>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import org.junit.experimental.categories.Category;
import org.junit.rules.TemporaryFolder;
import org.junit.runner.RunWith;
import org.wildfly.extras.creaper.commands.elytron.CreateServerSSLContext;
import org.wildfly.extras.creaper.commands.socketbindings.AddSocketBinding;
import org.wildfly.extras.creaper.commands.socketbindings.RemoveSocketBinding;
import org.wildfly.extras.creaper.core.ManagementClient;
Expand Down Expand Up @@ -113,6 +114,41 @@ public void addHttpsConnector_commandSucceeds() throws Exception {
admin.reloadIfRequired();
}

@Test
public void addHttpsConnectorElytron_commandSucceeds() throws Exception {
String alias = "creaper";
File keystoreFile = tmp.newFile();
KeyStore keyStore = KeyPairAndCertificate.generateSelfSigned("Creaper").toKeyStore(alias, TEST_PASSWORD);
keyStore.store(new FileOutputStream(keystoreFile), TEST_PASSWORD.toCharArray());

String sslContextName = "CreaperSslContext";

client.apply(new CreateServerSSLContext.Builder(sslContextName)
.keyStorePath(keystoreFile.getAbsolutePath())
.keyStorePassword(TEST_PASSWORD)
.keyStoreAlias(alias)
.keyPassword(TEST_PASSWORD)
.trustStorePath(keystoreFile.getAbsolutePath())
.trustStorePassword(TEST_PASSWORD)
.build());

client.apply(new AddUndertowListener.HttpsBuilder(TEST_LISTENER_NAME, TEST_SOCKET_BINDING)
.sslContext(sslContextName)
.build());

assertTrue(ops.exists(DEFAULT_SERVER_ADDRESS.and("https-listener", TEST_LISTENER_NAME)));
ops.readAttribute(DEFAULT_SERVER_ADDRESS.and("https-listener", TEST_LISTENER_NAME), "socket-binding")
.assertSuccess();

client.apply(new RemoveUndertowListener.Builder(UndertowListenerType.HTTPS_LISTENER, TEST_LISTENER_NAME)
.forDefaultServer());
admin.reloadIfRequired();
assertFalse(ops.exists(DEFAULT_SERVER_ADDRESS.and("https-listener", TEST_LISTENER_NAME)));

ops.remove(Address.subsystem("elytron").and("server-ssl-context", sslContextName)).assertSuccess();
admin.reloadIfRequired();
}

@Test
public void addSecurityRealm_withoutTruststore_commandSucceeds() throws Exception {
String alias = "creaper";
Expand Down

0 comments on commit 3adc2c9

Please sign in to comment.