Merge branch 'ssl-integration'

Author: gdaniel

core/src/main/java/com/xatkit/core/server/XatkitServer.java

@@ -12,9 +12,11 @@
 import org.apache.http.config.SocketConfig;
 import org.apache.http.impl.bootstrap.HttpServer;
 import org.apache.http.impl.bootstrap.ServerBootstrap;
+import org.apache.http.ssl.SSLContexts;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
+import javax.net.ssl.SSLContext;
 import java.io.File;
 import java.io.IOException;
 import java.net.BindException;
@@ -23,6 +25,11 @@
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
 import java.text.MessageFormat;
 import java.util.Collection;
 import java.util.Collections;
@@ -117,11 +124,21 @@ public XatkitServer(Configuration configuration) {
                 (), Configuration.class.getSimpleName(), configuration);
         Log.info("Creating {0}", this.getClass().getSimpleName());
         this.isStarted = false;
+        if (configuration.containsKey(XatkitServerUtils.SERVER_KEYSTORE_LOCATION_KEY)
+                && !configuration.containsKey(XatkitServerUtils.SERVER_PUBLIC_URL_KEY)) {
+            /*
+             * We could automatically set the default URL to https://localhost, but it doesn't really make sense. If
+             * this is an issue we can update XatkitServer's behavior to adapt the default public URL when there is
+             * an SSL context.
+             */
+            throw new XatkitException(MessageFormat.format("Cannot start the {0}: the configuration contains a " +
+                            "keystore location but does not contain the server''s public_url ({1}))",
+                    this.getClass().getSimpleName(), XatkitServerUtils.SERVER_PUBLIC_URL_KEY));
+        }
         String publicUrl = configuration.getString(XatkitServerUtils.SERVER_PUBLIC_URL_KEY,
                 XatkitServerUtils.DEFAULT_SERVER_LOCATION);
         this.port = configuration.getInt(XatkitServerUtils.SERVER_PORT_KEY, XatkitServerUtils.DEFAULT_SERVER_PORT);
         this.baseURL = publicUrl + ":" + Integer.toString(this.port);
-        Log.info("{0} started on {1}", this.getClass().getSimpleName(), this.getBaseURL());
         this.restEndpoints = new HashMap<>();
         this.contentDirectory = FileUtils.getFile(XatkitServerUtils.PUBLIC_DIRECTORY_NAME, configuration);
         this.contentDirectory.mkdirs();
@@ -131,6 +148,8 @@ public XatkitServer(Configuration configuration) {
         } catch (IOException e) {
             throw new XatkitException("Cannot initialize the Xatkit server, see the attached exception", e);
         }
+        SSLContext sslContext = createSSLContext(configuration);
+
         SocketConfig socketConfig = SocketConfig.custom()
                 .setSoTimeout(15000)
                 .setTcpNoDelay(true)
@@ -139,6 +158,10 @@ public XatkitServer(Configuration configuration) {
         server = ServerBootstrap.bootstrap()
                 .setListenerPort(port)
                 .setServerInfo("Xatkit/1.1")
+                /*
+                 * createSSLContext is @Nullable: setting a null SSLContext is similar to not setting it.
+                 */
+                .setSslContext(sslContext)
                 .setSocketConfig(socketConfig)
                 .setExceptionLogger(e -> {
                     if (e instanceof SocketTimeoutException) {
@@ -157,6 +180,53 @@ public XatkitServer(Configuration configuration) {
                 .create();
     }
 
+    /**
+     * Creates a {@link SSLContext} from the provided {@code configuration}.
+     *
+     * @param configuration the {@link Configuration} containing the SSL configuration
+     * @return the {@link SSLContext}, or {@code null} if the provided {@code configuration} does not contain an SSL
+     * configuration
+     * @throws XatkitException      if the provided keystore does not exist of if an error occurred when loading the
+     *                              keystore content
+     * @throws NullPointerException if the {@code configuration} contains a keystore location but does not contain a
+     *                              store/key password
+     */
+    private @Nullable
+    SSLContext createSSLContext(@Nonnull Configuration configuration) {
+        checkNotNull(configuration, "Cannot get the %s from the provided %s %s", SSLContext.class.getSimpleName(),
+                Configuration.class.getSimpleName(), configuration);
+        String keystorePath = configuration.getString(XatkitServerUtils.SERVER_KEYSTORE_LOCATION_KEY);
+        if (isNull(keystorePath)) {
+            Log.info("No SSL context to load");
+            return null;
+        }
+        File keystoreFile = FileUtils.getFile(keystorePath, configuration);
+        if (keystoreFile.exists()) {
+            String storePassword = configuration.getString(XatkitServerUtils.SERVER_KEYSTORE_STORE_PASSWORD_KEY);
+            String keyPassword = configuration.getString(XatkitServerUtils.SERVER_KEYSTORE_KEY_PASSWORD_KEY);
+            checkNotNull(storePassword, "Cannot load the provided keystore, property %s not set",
+                    XatkitServerUtils.SERVER_KEYSTORE_STORE_PASSWORD_KEY);
+            checkNotNull(keyPassword, "Cannot load the provided keystore, property %s not set",
+                    XatkitServerUtils.SERVER_KEYSTORE_KEY_PASSWORD_KEY);
+            SSLContext sslContext = null;
+
+            try {
+                sslContext = SSLContexts.custom().loadKeyMaterial(keystoreFile,
+                        storePassword.toCharArray(),
+                        keyPassword.toCharArray())
+                        .build();
+                return sslContext;
+            } catch (NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException | CertificateException | IOException | KeyManagementException e) {
+                throw new XatkitException(MessageFormat.format("Cannot get the {0}: an error occurred when loading " +
+                        "the keystore, see attached exception", SSLContext.class.getSimpleName()));
+
+            }
+        } else {
+            throw new XatkitException(MessageFormat.format("Cannot get the {0} from the provided keystore location " +
+                    "{1}: the file does not exist", SSLContext.class.getSimpleName(), keystorePath));
+        }
+    }
+
     /**
      * Returns the port the server is listening to.
      *
@@ -650,8 +720,9 @@ private static EndpointEntry of(HttpMethod httpMethod, String uri) {
 
         /**
          * Constructs an {@link EndpointEntry} with the provided {@code httpMethod} and {@code uri}.
+         *
          * @param httpMethod the Http method of the entry
-         * @param uri the URI of the entry
+         * @param uri        the URI of the entry
          */
         private EndpointEntry(HttpMethod httpMethod, String uri) {
             this.httpMethod = httpMethod;

core/src/main/java/com/xatkit/core/server/XatkitServerUtils.java

@@ -52,4 +52,24 @@ public interface XatkitServerUtils {
      * The directory name used to store Xatkit public content.
      */
     String PUBLIC_DIRECTORY_NAME = "public";
+
+    /**
+     * The {@link Configuration} key used to specify the location of the keystore to create the SSL context from.
+     * <p>
+     * This property can contain an absolute path to the keystore, or a relative path that will be resolved from the
+     * location of the configuration file.
+     */
+    String SERVER_KEYSTORE_LOCATION_KEY = "xatkit.server.ssl.keystore";
+
+    /**
+     * The {@link Configuration} key used to specify the {@code store password} of the SSL keystore.
+     */
+    String SERVER_KEYSTORE_STORE_PASSWORD_KEY = "xatkit.server.ssl.keystore.store.password";
+
+    /**
+     * The {@link Configuration} key used to specify the {@code key password} of the SSL keystore.
+     * <p>
+     * The value of this property is usually equal to {@link #SERVER_KEYSTORE_STORE_PASSWORD_KEY}.
+     */
+    String SERVER_KEYSTORE_KEY_PASSWORD_KEY = "xatkit.server.ssl.keystore.key.password";
 }

core/src/test/java/com/xatkit/core/server/XatkitServerTest.java

@@ -108,6 +108,28 @@ public void constructConfigurationWithPort() {
         this.server = new XatkitServer(configuration);
     }
 
+    @Test(expected = XatkitException.class)
+    public void constructConfigurationWithKeystoreNullPublicURL() {
+        Configuration configuration = new BaseConfiguration();
+        /*
+         * test.jks doesn't exist, but the exception should be thrown anyway.
+         */
+        configuration.setProperty(XatkitServerUtils.SERVER_KEYSTORE_LOCATION_KEY, "test.jks");
+        this.server = new XatkitServer(configuration);
+    }
+
+    @Test(expected = XatkitException.class)
+    public void constructConfigurationInvalidKeystoreLocation() {
+        Configuration configuration = new BaseConfiguration();
+        configuration.setProperty(XatkitServerUtils.SERVER_KEYSTORE_LOCATION_KEY, "test.jks");
+        configuration.setProperty(XatkitServerUtils.SERVER_PUBLIC_URL_KEY, "https://localhost");
+        this.server = new XatkitServer(configuration);
+    }
+
+    /*
+     * TODO test cases with valid keystore
+     */
+
     @Test
     public void startEmptyConfiguration() {
         this.server = new XatkitServer(new BaseConfiguration());
@@ -198,7 +220,8 @@ public void notifyNotAcceptedContentType() {
         this.server = getValidXatkitServer();
         StubJsonWebhookEventProvider stubJsonWebhookEventProvider = getStubWebhookEventProvider();
         this.server.registerWebhookEventProvider(stubJsonWebhookEventProvider);
-        this.server.notifyRestHandler(HttpMethod.POST, stubJsonWebhookEventProvider.getEndpointURI(), Collections.emptyList(),
+        this.server.notifyRestHandler(HttpMethod.POST, stubJsonWebhookEventProvider.getEndpointURI(),
+                Collections.emptyList(),
                 Collections.emptyList(), "test", "not valid");
         assertThat(stubJsonWebhookEventProvider.hasReceivedEvent()).as("WebhookEventProvider hasn't received an " +
                 "event").isFalse();
@@ -256,7 +279,8 @@ public void isRestEndpointRegisteredUriTrailingSlash() {
         // See https://github.com/xatkit-bot-platform/xatkit-runtime/issues/254
         this.server = getValidXatkitServer();
         this.server.registerRestEndpoint(HttpMethod.POST, VALID_REST_URI, VALID_REST_HANDLER);
-        assertThat(this.server.isRestEndpoint(HttpMethod.POST, VALID_REST_URI + "/")).as("The URI is valid even with a trailing /").isTrue();
+        assertThat(this.server.isRestEndpoint(HttpMethod.POST, VALID_REST_URI + "/")).as("The URI is valid even with " +
+                "a trailing /").isTrue();
     }
 
     @Test
@@ -273,7 +297,7 @@ public void isRestEndpointNotRegisteredMethod() {
         assertThat(result).as("Provided URI + Method is not a rest endpoint").isFalse();
     }
 
-    @Test (expected = NullPointerException.class)
+    @Test(expected = NullPointerException.class)
     public void notifyRestHandlerNullMethod() {
         this.server = getValidXatkitServer();
         this.server.registerRestEndpoint(HttpMethod.POST, VALID_REST_URI, VALID_REST_HANDLER);
@@ -285,7 +309,8 @@ public void notifyRestHandlerNullMethod() {
     public void notifyRestHandlerNullUri() {
         this.server = getValidXatkitServer();
         this.server.registerRestEndpoint(HttpMethod.POST, VALID_REST_URI, VALID_REST_HANDLER);
-        this.server.notifyRestHandler(HttpMethod.POST, null, Collections.emptyList(), Collections.emptyList(), new JsonObject(),
+        this.server.notifyRestHandler(HttpMethod.POST, null, Collections.emptyList(), Collections.emptyList(),
+                new JsonObject(),
                 ContentType.APPLICATION_JSON.getMimeType());
     }
 
@@ -336,7 +361,8 @@ public void notifyRestHandlerTrailingSlash() {
     @Test(expected = XatkitException.class)
     public void notifyRestHandlerNotRegisteredUri() {
         this.server = getValidXatkitServer();
-        this.server.notifyRestHandler(HttpMethod.POST, VALID_REST_URI, Collections.emptyList(), Collections.emptyList(), null,
+        this.server.notifyRestHandler(HttpMethod.POST, VALID_REST_URI, Collections.emptyList(),
+                Collections.emptyList(), null,
                 ContentType.APPLICATION_JSON.getMimeType());
     }