From 3d371e9e92be6c171fed0cb4ee7ac63a72a9be35 Mon Sep 17 00:00:00 2001 From: John Jiang Date: Tue, 16 Jan 2024 11:33:28 +0800 Subject: [PATCH] TKSS-637: JettyServer supports client authentication --- .../java/com/tencent/kona/demo/AppConfig.java | 22 +++++++++++++++++++ .../com/tencent/kona/demo/JettyServer.java | 3 +++ kona-demo/src/main/resources/application.yml | 4 ++++ 3 files changed, 29 insertions(+) diff --git a/kona-demo/src/main/java/com/tencent/kona/demo/AppConfig.java b/kona-demo/src/main/java/com/tencent/kona/demo/AppConfig.java index e6953d59..a440e772 100644 --- a/kona-demo/src/main/java/com/tencent/kona/demo/AppConfig.java +++ b/kona-demo/src/main/java/com/tencent/kona/demo/AppConfig.java @@ -31,6 +31,9 @@ public class AppConfig { @Value("${server.ssl.enabled}") private boolean sslEnabled; + @Value("${server.ssl.provider}") + private String provider; + @Value("${server.ssl.trust-store-provider}") private String trustStoreProvider; @@ -58,6 +61,9 @@ public class AppConfig { @Value("${server.ssl.protocol}") private String contextProtocol; + @Value("${server.ssl.client-auth-enabled}") + private boolean clientAuthEnabled; + @Value("${server.http2.enabled}") private boolean http2Enabled; @@ -77,6 +83,14 @@ public void setSslEnabled(String sslEnabled) { this.sslEnabled = Boolean.parseBoolean(sslEnabled); } + public String getProvider() { + return provider; + } + + public void setProvider(String provider) { + this.provider = provider; + } + public String getTrustStoreProvider() { return trustStoreProvider; } @@ -149,6 +163,14 @@ public void setContextProtocol(String contextProtocol) { this.contextProtocol = contextProtocol; } + public boolean isClientAuthEnabled() { + return clientAuthEnabled; + } + + public void setClientAuthEnabled(boolean clientAuthEnabled) { + this.clientAuthEnabled = clientAuthEnabled; + } + public boolean isHttp2Enabled() { return http2Enabled; } diff --git a/kona-demo/src/main/java/com/tencent/kona/demo/JettyServer.java b/kona-demo/src/main/java/com/tencent/kona/demo/JettyServer.java index cdcd37d4..d16e9a21 100644 --- a/kona-demo/src/main/java/com/tencent/kona/demo/JettyServer.java +++ b/kona-demo/src/main/java/com/tencent/kona/demo/JettyServer.java @@ -97,6 +97,8 @@ public SSLParameters customize(SSLParameters sslParams) { } }; + contextFactory.setProvider(appConfig.getProvider()); + contextFactory.setTrustStoreProvider(appConfig.getTrustStoreProvider()); contextFactory.setTrustStoreType(appConfig.getTrustStoreType()); contextFactory.setTrustStorePath(getAbsolutePath(appConfig.getTrustStorePath())); @@ -109,6 +111,7 @@ public SSLParameters customize(SSLParameters sslParams) { contextFactory.setKeyManagerPassword(appConfig.getKeyStorePassword()); contextFactory.setProtocol(appConfig.getContextProtocol()); + contextFactory.setNeedClientAuth(appConfig.isClientAuthEnabled()); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.setSecureScheme("https"); diff --git a/kona-demo/src/main/resources/application.yml b/kona-demo/src/main/resources/application.yml index 299149ad..d71faaa3 100644 --- a/kona-demo/src/main/resources/application.yml +++ b/kona-demo/src/main/resources/application.yml @@ -23,6 +23,8 @@ server: ssl: enabled: true + provider: Kona + trust-store-provider: Kona trust-store-type: PKCS12 trust-store: classpath:ssl/truststore.p12 @@ -37,5 +39,7 @@ server: # and will take the providers from TencentKonaSMSuite to work. protocol: TLCP + client-auth-enabled: false + http2: enabled: true