@Override public void start() throws Exception { // Start an SSL/TLS http server vertx.createHttpServer(new HttpServerOptions().setKeyStoreOptions(new JksOptions() .setPath("server-keystore.jks") .setPassword("wibble")) .setSsl(true) ).requestHandler(req -> { req.response().end(); }).listen(8443, listenResult -> { if (listenResult.failed()) { System.out.println("Could not start HTTP server"); listenResult.cause().printStackTrace(); } else { System.out.println("Server started"); } }); } }
@Override public void start() throws Exception { HttpServer server = vertx.createHttpServer(new HttpServerOptions().setSsl(true).setKeyStoreOptions( new JksOptions().setPath("server-keystore.jks").setPassword("wibble") )); server.requestHandler(req -> { req.response().putHeader("content-type", "text/html").end("<html><body><h1>Hello from vert.x!</h1></body></html>"); }).listen(4443); } }
@Override public void start() throws Exception { VertxServer server = VertxServerBuilder.forPort(vertx, 8080) .addService(new GreeterGrpc.GreeterVertxImplBase() { @Override public void sayHello(HelloRequest request, Future<HelloReply> future) { System.out.println("Hello " + request.getName()); future.complete(HelloReply.newBuilder().setMessage(request.getName()).build()); } }) .useSsl(options -> options .setSsl(true) .setUseAlpn(true) .setKeyStoreOptions(new JksOptions() .setPath("tls/server-keystore.jks") .setPassword("wibble"))) .build(); server.start(ar -> { if (ar.succeeded()) { System.out.println("gRPC service started"); } else { System.out.println("Could not start server " + ar.cause().getMessage()); } }); } }
static HttpServerOptions createHttp2ServerOptions(int port, String host) { return new HttpServerOptions() .setPort(port) .setHost(host) .setUseAlpn(true) .setSsl(true) .addEnabledCipherSuite("TLS_RSA_WITH_AES_128_CBC_SHA") // Non Diffie-helman -> debuggable in wireshark .setKeyStoreOptions(Cert.SERVER_JKS.get()); };
@Test public void testRedirectFromSSL() throws Exception { HttpServer redirectServer = vertx.createHttpServer(new HttpServerOptions() .setSsl(true) .setKeyStoreOptions(Cert.SERVER_JKS.get()) .setHost(DEFAULT_HTTP_HOST) .setPort(DEFAULT_HTTP_PORT) ).requestHandler(req -> { req.response().setStatusCode(303).putHeader("location", "http://" + DEFAULT_HTTP_HOST + ":4043/" + DEFAULT_TEST_URI).end(); }); startServer(redirectServer); RequestOptions options = new RequestOptions().setHost(DEFAULT_HTTP_HOST).setURI(DEFAULT_TEST_URI).setPort(4043); testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.NONE, Trust.NONE) .clientSSL(true) .serverSSL(false) .requestOptions(options) .followRedirects(true) .pass(); } }
@Test public void testNetClientInternalTLS() throws Exception { client.close(); client = vertx.createNetClient(new NetClientOptions().setSsl(true).setTrustStoreOptions(Trust.SERVER_JKS.get())); testNetClientInternal_(new HttpServerOptions() .setHost("localhost") .setPort(1234) .setSsl(true) .setKeyStoreOptions(Cert.SERVER_JKS.get()), true); }
@Override public HttpTermOptions setKeyStoreOptions(JksOptions options) { return (HttpTermOptions) super.setKeyStoreOptions(options); }
static HttpServerOptions createHttp2ServerOptions(int port, String host) { return new HttpServerOptions() .setPort(port) .setHost(host) .setUseAlpn(true) .setSsl(true) .addEnabledCipherSuite("TLS_RSA_WITH_AES_128_CBC_SHA") // Non Diffie-helman -> debuggable in wireshark .setKeyStoreOptions(Cert.SERVER_JKS.get()); };
assertEquals(options, options.setKeyStoreOptions(keyStoreOptions)); assertEquals(keyStoreOptions, options.getKeyCertOptions());
@Test public void testRedirectFromSSL() throws Exception { HttpServer redirectServer = vertx.createHttpServer(new HttpServerOptions() .setSsl(true) .setKeyStoreOptions(Cert.SERVER_JKS.get()) .setHost(DEFAULT_HTTP_HOST) .setPort(DEFAULT_HTTP_PORT) ).requestHandler(req -> { req.response().setStatusCode(303).putHeader("location", "http://" + DEFAULT_HTTP_HOST + ":4043/" + DEFAULT_TEST_URI).end(); }); startServer(redirectServer); RequestOptions options = new RequestOptions().setHost(DEFAULT_HTTP_HOST).setURI(DEFAULT_TEST_URI).setPort(4043); testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.NONE, Trust.NONE) .clientSSL(true) .serverSSL(false) .requestOptions(options) .followRedirects(true) .pass(); } }
@Test public void testNetClientInternalTLS() throws Exception { client.close(); client = vertx.createNetClient(new NetClientOptions().setSsl(true).setTrustStoreOptions(Trust.SERVER_JKS.get())); testNetClientInternal_(new HttpServerOptions() .setHost("localhost") .setPort(1234) .setSsl(true) .setKeyStoreOptions(Cert.SERVER_JKS.get()), true); }
options.setKeyStoreOptions(new JksOptions() .setPath(httpServerConfiguration.getKeyStorePath()) .setPassword(httpServerConfiguration.getKeyStorePassword()));
public VertxHttpServer(MapWrap config) { port = config.asInt("port", DEFAULT_PORT); observableListenersByTag = new HashMap<>(); // Setup vertx vertx = Vertx.vertx(); vertx.deployVerticle(this); if (config.exists("keyStorePath") ) { httpServer = vertx.createHttpServer(new HttpServerOptions().setSsl(true) .setKeyStoreOptions( new JksOptions(). setPath(config.asString("keyStorePath")). setPassword(config.asString("keyStorePassword")) )); } else { httpServer = vertx.createHttpServer(); } router = Router.router(vertx); }
protected HttpServerOptions createServerOptions() { // Setup the http server options HttpServerOptions serverOptions = new HttpServerOptions() .setHost(getHost()) .setPort(getPort()) .setAcceptBacklog(getAcceptBacklog()) // Performance tweak .setCompressionSupported(getCompressionSupported()); // Enable https if (getSSL()) { serverOptions.setSsl(true); } if (getKeyStoreOptions() != null) { serverOptions.setKeyStoreOptions(getKeyStoreOptions()); } Integer receiveBufferSize = getReceiveBufferSize(); if (receiveBufferSize != null && receiveBufferSize > 0) { // TODO: This doesn't seem to actually affect buffer size for dataHandler. Is this being used correctly or is it a Vertx bug? serverOptions.setReceiveBufferSize(receiveBufferSize); } return serverOptions; }
@Test public void testTrustAll(TestContext ctx) throws Exception { testSimple(options -> options .setTrustAll(true) .setSsl(true) .setUseAlpn(true), options -> options .setSsl(true) .setUseAlpn(true) .setKeyStoreOptions(new JksOptions() .setPath("tls/server-keystore.jks") .setPassword("wibble")), ctx, true); }
assertEquals(options, options.setKeyStoreOptions(keyStoreOptions)); assertEquals(keyStoreOptions, options.getKeyCertOptions());
private void testTLS(boolean clientSSL, boolean serverSSL, Function<WebClient, HttpRequest<Buffer>> requestProvider, Consumer<HttpServerRequest> serverAssertions) throws Exception { WebClientOptions clientOptions = new WebClientOptions() .setSsl(clientSSL) .setTrustAll(true) .setDefaultHost(DEFAULT_HTTPS_HOST) .setDefaultPort(DEFAULT_HTTPS_PORT); HttpServerOptions serverOptions = new HttpServerOptions() .setSsl(serverSSL) .setKeyStoreOptions(Cert.SERVER_JKS.get()) .setPort(DEFAULT_HTTPS_PORT) .setHost(DEFAULT_HTTPS_HOST); testTLS(clientOptions, serverOptions, requestProvider, serverAssertions); }
@Test public void testConnect(TestContext ctx) throws Exception { testSimple(options -> options.setSsl(true) .setUseAlpn(true) .setTrustStoreOptions(new JksOptions() .setPath("tls/client-truststore.jks") .setPassword("wibble")), options -> options .setSsl(true) .setUseAlpn(true) .setKeyStoreOptions(new JksOptions() .setPath("tls/server-keystore.jks") .setPassword("wibble")), ctx, true); }
@Test public void testVirtualHostSNI() throws Exception { WebClientOptions clientOptions = new WebClientOptions() .setTrustAll(true) .setDefaultHost(DEFAULT_HTTPS_HOST) .setDefaultPort(DEFAULT_HTTPS_PORT); HttpServerOptions serverOptions = new HttpServerOptions() .setSsl(true) .setSni(true) .setKeyStoreOptions(Cert.SNI_JKS.get()) .setPort(DEFAULT_HTTPS_PORT) .setHost(DEFAULT_HTTPS_HOST); testTLS(clientOptions, serverOptions, req -> req.get("/").virtualHost("host2.com").ssl(true), req -> { assertEquals("host2.com", req.connection().indicatedServerName()); System.out.println(req.host()); }); }
@Test public void testClientAuthFail(TestContext ctx) throws Exception { testSimple(options -> options .setTrustAll(true) .setSsl(true) .setUseAlpn(true), options -> options .setSsl(true) .setUseAlpn(true) .setKeyStoreOptions(new JksOptions() .setPath("tls/server-keystore.jks") .setPassword("wibble")) .setClientAuth(ClientAuth.REQUIRED) .setTrustStoreOptions(new JksOptions() .setPath("tls/client-truststore.jks") .setPassword("wibble")), ctx, false); }