From 4e88c94119df9ebf1d36a0c977fe8b0b48835377 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Ka=C5=A1=C3=ADk?= Date: Tue, 5 Oct 2021 13:59:09 +0200 Subject: [PATCH] Added option for ssl-context to AddUndertowListener command --- .../undertow/AddUndertowListener.java | 27 +++++++++++++- .../AddUndertowListenerOnlineTest.java | 36 +++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) diff --git a/commands/src/main/java/org/wildfly/extras/creaper/commands/undertow/AddUndertowListener.java b/commands/src/main/java/org/wildfly/extras/creaper/commands/undertow/AddUndertowListener.java index afe97c4a..21c7b37e 100644 --- a/commands/src/main/java/org/wildfly/extras/creaper/commands/undertow/AddUndertowListener.java +++ b/commands/src/main/java/org/wildfly/extras/creaper/commands/undertow/AddUndertowListener.java @@ -59,8 +59,12 @@ public final class AddUndertowListener implements OnlineCommand { private Boolean enableSpdy; private String enabledCipherSuites; private String enabledProtocols; + /** + * @deprecated Use sslContext + */ private String securityRealm; private SslVerifyClient verifyClient; + private String sslContext; // ajp private String scheme; @@ -81,6 +85,7 @@ private AddUndertowListener(HttpsBuilder builder) { this.enabledCipherSuites = builder.enabledCipherSuites; this.enabledProtocols = builder.enabledProtocols; this.securityRealm = builder.securityRealm; + this.sslContext = builder.sslContext; this.verifyClient = builder.verifyClient; initCommonOptions(builder); } @@ -175,10 +180,14 @@ public void apply(OnlineCommandContext ctx) throws CommandFailedException, IOExc .andOptional("proxy-address-forwarding", proxyAddressForwarding); break; case HTTPS_LISTENER: + if (securityRealm == null && sslContext == null) { + throw new CommandFailedException("Either SSL context or security realm must be set!"); + } params = params.andOptional("enable-spdy", enableSpdy) .andOptional("enabled-cipher-suites", enabledCipherSuites) .andOptional("enabled-protocols", enabledProtocols) - .and("security-realm", securityRealm) + .andOptional("security-realm", securityRealm) + .andOptional("ssl-context", sslContext) .andOptional("verify-client", verifyClient != null ? verifyClient.name() : null); break; case AJP_LISTENER: @@ -562,7 +571,11 @@ public static final class HttpsBuilder extends UndertowListenerBuilder + * @deprecated Use {@link #sslContext(String sslContext)} instead */ public HttpsBuilder securityRealm(String securityRealm) { this.securityRealm = securityRealm; return this; } + /** + * Defines which {@code org.wildfly.security.ssl-context} should be used by this HTTPS listener. Note you can + * use {@link org.wildfly.extras.creaper.commands.elytron.CreateServerSSLContext} to create this capability. + * @param sslContext ssl context name + * @return instance of this builder + */ + public HttpsBuilder sslContext(String sslContext) { + this.sslContext = sslContext; + return this; + } + /** * Defines desired SSL client authentication mode for SSL channels */ diff --git a/testsuite/standalone/src/test/java/org/wildfly/extras/creaper/commands/undertow/AddUndertowListenerOnlineTest.java b/testsuite/standalone/src/test/java/org/wildfly/extras/creaper/commands/undertow/AddUndertowListenerOnlineTest.java index ff2edff3..3ab3ec48 100644 --- a/testsuite/standalone/src/test/java/org/wildfly/extras/creaper/commands/undertow/AddUndertowListenerOnlineTest.java +++ b/testsuite/standalone/src/test/java/org/wildfly/extras/creaper/commands/undertow/AddUndertowListenerOnlineTest.java @@ -8,6 +8,7 @@ import org.junit.experimental.categories.Category; import org.junit.rules.TemporaryFolder; import org.junit.runner.RunWith; +import org.wildfly.extras.creaper.commands.elytron.CreateServerSSLContext; import org.wildfly.extras.creaper.commands.socketbindings.AddSocketBinding; import org.wildfly.extras.creaper.commands.socketbindings.RemoveSocketBinding; import org.wildfly.extras.creaper.core.ManagementClient; @@ -113,6 +114,41 @@ public void addHttpsConnector_commandSucceeds() throws Exception { admin.reloadIfRequired(); } + @Test + public void addHttpsConnectorElytron_commandSucceeds() throws Exception { + String alias = "creaper"; + File keystoreFile = tmp.newFile(); + KeyStore keyStore = KeyPairAndCertificate.generateSelfSigned("Creaper").toKeyStore(alias, TEST_PASSWORD); + keyStore.store(new FileOutputStream(keystoreFile), TEST_PASSWORD.toCharArray()); + + String sslContextName = "CreaperSslContext"; + + client.apply(new CreateServerSSLContext.Builder(sslContextName) + .keyStorePath(keystoreFile.getAbsolutePath()) + .keyStorePassword(TEST_PASSWORD) + .keyStoreAlias(alias) + .keyPassword(TEST_PASSWORD) + .trustStorePath(keystoreFile.getAbsolutePath()) + .trustStorePassword(TEST_PASSWORD) + .build()); + + client.apply(new AddUndertowListener.HttpsBuilder(TEST_LISTENER_NAME, TEST_SOCKET_BINDING) + .sslContext(sslContextName) + .build()); + + assertTrue(ops.exists(DEFAULT_SERVER_ADDRESS.and("https-listener", TEST_LISTENER_NAME))); + ops.readAttribute(DEFAULT_SERVER_ADDRESS.and("https-listener", TEST_LISTENER_NAME), "socket-binding") + .assertSuccess(); + + client.apply(new RemoveUndertowListener.Builder(UndertowListenerType.HTTPS_LISTENER, TEST_LISTENER_NAME) + .forDefaultServer()); + admin.reloadIfRequired(); + assertFalse(ops.exists(DEFAULT_SERVER_ADDRESS.and("https-listener", TEST_LISTENER_NAME))); + + ops.remove(Address.subsystem("elytron").and("server-ssl-context", sslContextName)).assertSuccess(); + admin.reloadIfRequired(); + } + @Test public void addSecurityRealm_withoutTruststore_commandSucceeds() throws Exception { String alias = "creaper";