Applying SSL to the webserver (WIP)
This commit is contained in:
parent
2f4786dbdc
commit
861d1b6598
1 changed files with 95 additions and 6 deletions
|
@ -1,22 +1,98 @@
|
||||||
package buttondevteam.website;
|
package buttondevteam.website;
|
||||||
|
|
||||||
|
import java.io.*;
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
|
import java.nio.file.Files;
|
||||||
|
import java.security.KeyFactory;
|
||||||
|
import java.security.KeyStore;
|
||||||
|
import java.security.PrivateKey;
|
||||||
|
import java.security.cert.CertificateFactory;
|
||||||
|
import java.security.spec.PKCS8EncodedKeySpec;
|
||||||
|
import java.util.Calendar;
|
||||||
|
|
||||||
|
import javax.net.ssl.*;
|
||||||
|
import java.security.cert.Certificate;
|
||||||
|
|
||||||
import org.bukkit.Bukkit;
|
import org.bukkit.Bukkit;
|
||||||
import org.bukkit.plugin.java.JavaPlugin;
|
import org.bukkit.plugin.java.JavaPlugin;
|
||||||
import com.sun.net.httpserver.HttpServer;
|
|
||||||
|
import com.sun.net.httpserver.HttpsConfigurator;
|
||||||
|
import com.sun.net.httpserver.HttpsParameters;
|
||||||
|
import com.sun.net.httpserver.HttpsServer;
|
||||||
|
|
||||||
import buttondevteam.lib.TBMCCoreAPI;
|
import buttondevteam.lib.TBMCCoreAPI;
|
||||||
import buttondevteam.website.page.*;
|
import buttondevteam.website.page.*;
|
||||||
|
|
||||||
public class ButtonWebsiteModule extends JavaPlugin {
|
public class ButtonWebsiteModule extends JavaPlugin {
|
||||||
public static final int PORT = 8080;
|
public static final int PORT = 8080;
|
||||||
private static HttpServer server;
|
private static HttpsServer server;
|
||||||
|
|
||||||
public ButtonWebsiteModule() {
|
public ButtonWebsiteModule() {
|
||||||
try {
|
try {
|
||||||
server = HttpServer.create(new InetSocketAddress((InetAddress) null, PORT), 10);
|
server = HttpsServer.create(new InetSocketAddress((InetAddress) null, PORT), 10);
|
||||||
|
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||||
|
|
||||||
|
// initialise the keystore
|
||||||
|
char[] password = "password".toCharArray();
|
||||||
|
KeyStore ks = KeyStore.getInstance("JKS");
|
||||||
|
String certfile = "domain-chain.crt"; /* your cert path */
|
||||||
|
File keystoreFile = new File("keystore.keystore");
|
||||||
|
FileInputStream is = new FileInputStream(keystoreFile);
|
||||||
|
|
||||||
|
ks.load(is, "somepass".toCharArray());
|
||||||
|
|
||||||
|
String alias = "chroma";
|
||||||
|
|
||||||
|
//////
|
||||||
|
|
||||||
|
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
||||||
|
InputStream certstream = fullStream(certfile);
|
||||||
|
Certificate[] certs = cf.generateCertificates(certstream).stream().toArray(Certificate[]::new);
|
||||||
|
|
||||||
|
byte[] keyBytes = Files.readAllBytes(new File("domain.key").toPath());
|
||||||
|
|
||||||
|
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
|
||||||
|
KeyFactory kf = KeyFactory.getInstance("RSA");
|
||||||
|
PrivateKey pk = kf.generatePrivate(spec);
|
||||||
|
|
||||||
|
// Add the certificate
|
||||||
|
ks.setKeyEntry(alias, pk, password, certs); // TODO: Only set if updated
|
||||||
|
|
||||||
|
// Save the new keystore contents
|
||||||
|
FileOutputStream out = new FileOutputStream(keystoreFile);
|
||||||
|
ks.store(out, password);
|
||||||
|
out.close();
|
||||||
|
|
||||||
|
// setup the key manager factory
|
||||||
|
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
|
||||||
|
kmf.init(ks, password);
|
||||||
|
|
||||||
|
// setup the trust manager factory
|
||||||
|
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
|
||||||
|
tmf.init(ks);
|
||||||
|
|
||||||
|
// setup the HTTPS context and parameters
|
||||||
|
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
|
||||||
|
server.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
|
||||||
|
public void configure(HttpsParameters params) {
|
||||||
|
try {
|
||||||
|
// initialise the SSL context
|
||||||
|
SSLContext c = SSLContext.getDefault();
|
||||||
|
SSLEngine engine = c.createSSLEngine();
|
||||||
|
params.setNeedClientAuth(false);
|
||||||
|
params.setCipherSuites(engine.getEnabledCipherSuites());
|
||||||
|
params.setProtocols(engine.getEnabledProtocols());
|
||||||
|
|
||||||
|
// get the default parameters
|
||||||
|
SSLParameters defaultSSLParameters = c.getDefaultSSLParameters();
|
||||||
|
params.setSSLParameters(defaultSSLParameters);
|
||||||
|
|
||||||
|
} catch (Exception ex) {
|
||||||
|
System.out.println("Failed to create HTTPS port");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
TBMCCoreAPI.SendException("An error occured while starting the webserver!", e);
|
TBMCCoreAPI.SendException("An error occured while starting the webserver!", e);
|
||||||
}
|
}
|
||||||
|
@ -29,9 +105,12 @@ public class ButtonWebsiteModule extends JavaPlugin {
|
||||||
this.getLogger().info("Starting webserver...");
|
this.getLogger().info("Starting webserver...");
|
||||||
((Runnable) server::start).run(); // Totally normal way of calling a method
|
((Runnable) server::start).run(); // Totally normal way of calling a method
|
||||||
this.getLogger().info("Webserver started");
|
this.getLogger().info("Webserver started");
|
||||||
Thread t = new Thread(() -> AcmeClient.main("server.figytuna.com"));
|
final Calendar calendar = Calendar.getInstance();
|
||||||
t.setContextClassLoader(getClass().getClassLoader());
|
if (calendar.get(Calendar.DAY_OF_WEEK) == Calendar.FRIDAY) { // Only update every week
|
||||||
t.start();
|
Thread t = new Thread(() -> AcmeClient.main("server.figytuna.com"));
|
||||||
|
t.setContextClassLoader(getClass().getClassLoader());
|
||||||
|
t.start();
|
||||||
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -41,4 +120,14 @@ public class ButtonWebsiteModule extends JavaPlugin {
|
||||||
public static void addPage(Page page) {
|
public static void addPage(Page page) {
|
||||||
server.createContext("/" + page.GetName(), page);
|
server.createContext("/" + page.GetName(), page);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static InputStream fullStream(String fname) throws IOException {
|
||||||
|
FileInputStream fis = new FileInputStream(fname);
|
||||||
|
DataInputStream dis = new DataInputStream(fis);
|
||||||
|
byte[] bytes = new byte[dis.available()];
|
||||||
|
dis.readFully(bytes);
|
||||||
|
dis.close();
|
||||||
|
ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
|
||||||
|
return bais;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue