This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push:
new c9d218e Allow enabling http tls (#2995)
c9d218e is described below
commit c9d218e5f381bbe8901520377e511bccf882e0bb
Author: ZhangJian He <[email protected]>
AuthorDate: Fri Feb 25 14:36:05 2022 +0800
Allow enabling http tls (#2995)
---
.../org/apache/bookkeeper/http/HttpServer.java | 5 +
.../bookkeeper/http/HttpServerConfiguration.java | 89 +++++++++++++
.../http/servlet/BookieServletHttpServer.java | 6 +
.../bookkeeper/http/vertx/VertxHttpServer.java | 24 +++-
.../http/vertx/TestVertxHttpsServer.java | 143 +++++++++++++++++++++
.../src/test/resources/vertx_client_key.jks | Bin 0 -> 2195 bytes
.../src/test/resources/vertx_client_trust.jks | Bin 0 -> 905 bytes
.../test/resources/vertx_client_wrong_trust.jks | Bin 0 -> 905 bytes
.../src/test/resources/vertx_server_key.jks | Bin 0 -> 2195 bytes
.../src/test/resources/vertx_server_trust.jks | Bin 0 -> 905 bytes
.../bookkeeper/conf/ServerConfiguration.java | 107 +++++++++++++++
.../bookkeeper/server/service/HttpService.java | 8 +-
conf/bk_server.conf | 10 ++
13 files changed, 390 insertions(+), 2 deletions(-)
diff --git
a/bookkeeper-http/http-server/src/main/java/org/apache/bookkeeper/http/HttpServer.java
b/bookkeeper-http/http-server/src/main/java/org/apache/bookkeeper/http/HttpServer.java
index 233a8b9..486ecc8 100644
---
a/bookkeeper-http/http-server/src/main/java/org/apache/bookkeeper/http/HttpServer.java
+++
b/bookkeeper-http/http-server/src/main/java/org/apache/bookkeeper/http/HttpServer.java
@@ -111,6 +111,11 @@ public interface HttpServer {
boolean startServer(int port, String host);
/**
+ * Start the HTTP server on given port and host.
+ */
+ boolean startServer(int port, String host, HttpServerConfiguration
httpServerConfiguration);
+
+ /**
* Stop the HTTP server.
*/
void stopServer();
diff --git
a/bookkeeper-http/http-server/src/main/java/org/apache/bookkeeper/http/HttpServerConfiguration.java
b/bookkeeper-http/http-server/src/main/java/org/apache/bookkeeper/http/HttpServerConfiguration.java
new file mode 100644
index 0000000..f0959ef
--- /dev/null
+++
b/bookkeeper-http/http-server/src/main/java/org/apache/bookkeeper/http/HttpServerConfiguration.java
@@ -0,0 +1,89 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.bookkeeper.http;
+
+/**
+ * class to describe http server configuration. Like tls, etc.
+ */
+public class HttpServerConfiguration {
+
+ private boolean tlsEnable;
+
+ private String keyStorePath;
+
+ private String keyStorePassword;
+
+ private String trustStorePath;
+
+ private String trustStorePassword;
+
+ public HttpServerConfiguration() {
+ }
+
+ public HttpServerConfiguration(boolean tlsEnable, String keyStorePath,
String keyStorePassword,
+ String trustStorePath, String
trustStorePassword) {
+ this.tlsEnable = tlsEnable;
+ this.keyStorePath = keyStorePath;
+ this.keyStorePassword = keyStorePassword;
+ this.trustStorePath = trustStorePath;
+ this.trustStorePassword = trustStorePassword;
+ }
+
+ public boolean isTlsEnable() {
+ return tlsEnable;
+ }
+
+ public void setTlsEnable(boolean tlsEnable) {
+ this.tlsEnable = tlsEnable;
+ }
+
+ public String getKeyStorePath() {
+ return keyStorePath;
+ }
+
+ public void setKeyStorePath(String keyStorePath) {
+ this.keyStorePath = keyStorePath;
+ }
+
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ public String getTrustStorePath() {
+ return trustStorePath;
+ }
+
+ public void setTrustStorePath(String trustStorePath) {
+ this.trustStorePath = trustStorePath;
+ }
+
+ public String getTrustStorePassword() {
+ return trustStorePassword;
+ }
+
+ public void setTrustStorePassword(String trustStorePassword) {
+ this.trustStorePassword = trustStorePassword;
+ }
+}
diff --git
a/bookkeeper-http/servlet-http-server/src/main/java/org/apache/bookkeeper/http/servlet/BookieServletHttpServer.java
b/bookkeeper-http/servlet-http-server/src/main/java/org/apache/bookkeeper/http/servlet/BookieServletHttpServer.java
index c1de3a0..c2471bd 100644
---
a/bookkeeper-http/servlet-http-server/src/main/java/org/apache/bookkeeper/http/servlet/BookieServletHttpServer.java
+++
b/bookkeeper-http/servlet-http-server/src/main/java/org/apache/bookkeeper/http/servlet/BookieServletHttpServer.java
@@ -21,6 +21,7 @@
package org.apache.bookkeeper.http.servlet;
import org.apache.bookkeeper.http.HttpServer;
+import org.apache.bookkeeper.http.HttpServerConfiguration;
import org.apache.bookkeeper.http.HttpServiceProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -81,6 +82,11 @@ public class BookieServletHttpServer implements HttpServer {
}
@Override
+ public boolean startServer(int port, String host, HttpServerConfiguration
httpServerConfiguration) {
+ return startServer(port, host);
+ }
+
+ @Override
public void stopServer() {
}
diff --git
a/bookkeeper-http/vertx-http-server/src/main/java/org/apache/bookkeeper/http/vertx/VertxHttpServer.java
b/bookkeeper-http/vertx-http-server/src/main/java/org/apache/bookkeeper/http/vertx/VertxHttpServer.java
index 46f5617..537ef8b 100644
---
a/bookkeeper-http/vertx-http-server/src/main/java/org/apache/bookkeeper/http/vertx/VertxHttpServer.java
+++
b/bookkeeper-http/vertx-http-server/src/main/java/org/apache/bookkeeper/http/vertx/VertxHttpServer.java
@@ -23,6 +23,9 @@ package org.apache.bookkeeper.http.vertx;
import io.vertx.core.AbstractVerticle;
import io.vertx.core.AsyncResult;
import io.vertx.core.Vertx;
+import io.vertx.core.http.ClientAuth;
+import io.vertx.core.http.HttpServerOptions;
+import io.vertx.core.net.JksOptions;
import io.vertx.ext.web.Router;
import io.vertx.ext.web.handler.BodyHandler;
@@ -33,6 +36,7 @@ import java.util.concurrent.ExecutionException;
import org.apache.bookkeeper.http.HttpRouter;
import org.apache.bookkeeper.http.HttpServer;
+import org.apache.bookkeeper.http.HttpServerConfiguration;
import org.apache.bookkeeper.http.HttpServiceProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -69,6 +73,11 @@ public class VertxHttpServer implements HttpServer {
@Override
public boolean startServer(int port, String host) {
+ return startServer(port, host, new HttpServerConfiguration());
+ }
+
+ @Override
+ public boolean startServer(int port, String host, HttpServerConfiguration
httpServerConfiguration) {
CompletableFuture<AsyncResult<io.vertx.core.http.HttpServer>> future =
new CompletableFuture<>();
VertxHttpHandlerFactory handlerFactory = new
VertxHttpHandlerFactory(httpServiceProvider);
Router router = Router.router(vertx);
@@ -86,8 +95,21 @@ public class VertxHttpServer implements HttpServer {
vertx.deployVerticle(new AbstractVerticle() {
@Override
public void start() throws Exception {
+ HttpServerOptions httpServerOptions = new HttpServerOptions();
+ if (httpServerConfiguration.isTlsEnable()) {
+ httpServerOptions.setSsl(true);
+ httpServerOptions.setClientAuth(ClientAuth.REQUIRED);
+ JksOptions keyStoreOptions = new JksOptions();
+
keyStoreOptions.setPath(httpServerConfiguration.getKeyStorePath());
+
keyStoreOptions.setPassword(httpServerConfiguration.getKeyStorePassword());
+ httpServerOptions.setKeyStoreOptions(keyStoreOptions);
+ JksOptions trustStoreOptions = new JksOptions();
+
trustStoreOptions.setPath(httpServerConfiguration.getTrustStorePath());
+
trustStoreOptions.setPassword(httpServerConfiguration.getTrustStorePassword());
+ httpServerOptions.setTrustStoreOptions(trustStoreOptions);
+ }
LOG.info("Starting Vertx HTTP server on port {}", port);
- vertx.createHttpServer().requestHandler(router).listen(port,
host, future::complete);
+
vertx.createHttpServer(httpServerOptions).requestHandler(router).listen(port,
host, future::complete);
}
});
try {
diff --git
a/bookkeeper-http/vertx-http-server/src/test/java/org/apache/bookkeeper/http/vertx/TestVertxHttpsServer.java
b/bookkeeper-http/vertx-http-server/src/test/java/org/apache/bookkeeper/http/vertx/TestVertxHttpsServer.java
new file mode 100644
index 0000000..5d4dd1b
--- /dev/null
+++
b/bookkeeper-http/vertx-http-server/src/test/java/org/apache/bookkeeper/http/vertx/TestVertxHttpsServer.java
@@ -0,0 +1,143 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.bookkeeper.http.vertx;
+
+
+import java.io.FileInputStream;
+import java.net.URL;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.bookkeeper.http.HttpServerConfiguration;
+import org.apache.bookkeeper.http.HttpServiceProvider;
+import org.apache.bookkeeper.http.NullHttpServiceProvider;
+import org.junit.Test;
+
+/**
+ * Unit test {@link VertxHttpServer}.
+ */
+public class TestVertxHttpsServer {
+
+ private static final String CLIENT_KEYSTORE_PATH =
"./src/test/resources/vertx_client_key.jks";
+
+ private static final String CLIENT_TRUSTSTORE_PATH =
"./src/test/resources/vertx_client_trust.jks";
+
+ private static final String CLIENT_WRONG_TRUSTSTORE_PATH =
"./src/test/resources/vertx_client_wrong_trust.jks";
+
+ private static final String CLIENT_KEYSTORE_PASSWORD = "vertx_client_pwd";
+
+ private static final String CLIENT_TRUSTSTORE_PASSWORD =
"vertx_client_pwd";
+
+ private static final String SERVER_KEYSTORE_PATH =
"./src/test/resources/vertx_server_key.jks";
+
+ private static final String SERVER_TRUSTSTORE_PATH =
"./src/test/resources/vertx_server_trust.jks";
+
+ private static final String SERVER_KEYSTORE_PASSWORD = "vertx_server_pwd";
+
+ private static final String SERVER_TRUSTSTORE_PASSWORD =
"vertx_server_pwd";
+
+ @Test(timeout = 60_000)
+ public void testVertxServerTls() throws Exception {
+ VertxHttpServer httpServer = new VertxHttpServer();
+ HttpServiceProvider httpServiceProvider =
NullHttpServiceProvider.getInstance();
+ httpServer.initialize(httpServiceProvider);
+ HttpServerConfiguration httpServerConfiguration = new
HttpServerConfiguration();
+ httpServerConfiguration.setTlsEnable(true);
+ httpServerConfiguration.setKeyStorePath(SERVER_KEYSTORE_PATH);
+ httpServerConfiguration.setKeyStorePassword(SERVER_KEYSTORE_PASSWORD);
+ httpServerConfiguration.setTrustStorePath(SERVER_TRUSTSTORE_PATH);
+
httpServerConfiguration.setTrustStorePassword(SERVER_TRUSTSTORE_PASSWORD);
+ httpServer.startServer(0, "localhost", httpServerConfiguration);
+ int actualPort = httpServer.getListeningPort();
+ SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
+ // key store
+ KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+ try (FileInputStream inputStream = new
FileInputStream(CLIENT_KEYSTORE_PATH)) {
+ keyStore.load(inputStream, CLIENT_KEYSTORE_PASSWORD.toCharArray());
+ }
+ keyManagerFactory.init(keyStore, "vertx_client_pwd".toCharArray());
+ KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
+ // trust store
+ TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(
+ TrustManagerFactory.getDefaultAlgorithm());
+ KeyStore trustStore = KeyStore.getInstance("JKS");
+ try (FileInputStream inputStream = new
FileInputStream(CLIENT_TRUSTSTORE_PATH)) {
+ trustStore.load(inputStream,
CLIENT_TRUSTSTORE_PASSWORD.toCharArray());
+ }
+ trustManagerFactory.init(trustStore);
+ sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(),
new SecureRandom());
+ URL url = new URL("https://localhost:"; + actualPort);
+ HttpsURLConnection urlConnection = (HttpsURLConnection)
url.openConnection();
+ urlConnection.setHostnameVerifier((s, sslSession) -> true);
+ SSLSocketFactory socketFactory = sslContext.getSocketFactory();
+ urlConnection.setSSLSocketFactory(socketFactory);
+ urlConnection.setRequestMethod("GET");
+ urlConnection.getResponseCode();
+ httpServer.stopServer();
+ }
+
+ @Test(timeout = 60_000, expected = SSLHandshakeException.class)
+ public void testVertxServerTlsFailByCertNotMatch() throws Exception {
+ VertxHttpServer httpServer = new VertxHttpServer();
+ HttpServerConfiguration httpServerConfiguration = new
HttpServerConfiguration();
+ httpServerConfiguration.setTlsEnable(true);
+ httpServerConfiguration.setKeyStorePath(SERVER_KEYSTORE_PATH);
+ httpServerConfiguration.setKeyStorePassword(SERVER_KEYSTORE_PASSWORD);
+ httpServerConfiguration.setTrustStorePath(SERVER_TRUSTSTORE_PATH);
+
httpServerConfiguration.setTrustStorePassword(SERVER_TRUSTSTORE_PASSWORD);
+ httpServer.startServer(0, "localhost", httpServerConfiguration);
+ int actualPort = httpServer.getListeningPort();
+ SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
+ // key store
+ KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+ try (FileInputStream inputStream = new
FileInputStream(CLIENT_KEYSTORE_PATH)) {
+ keyStore.load(inputStream, CLIENT_KEYSTORE_PASSWORD.toCharArray());
+ }
+ keyManagerFactory.init(keyStore, "vertx_client_pwd".toCharArray());
+ KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
+ // trust store
+ TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(
+ TrustManagerFactory.getDefaultAlgorithm());
+ KeyStore trustStore = KeyStore.getInstance("JKS");
+ try (FileInputStream inputStream = new
FileInputStream(CLIENT_WRONG_TRUSTSTORE_PATH)) {
+ trustStore.load(inputStream,
CLIENT_TRUSTSTORE_PASSWORD.toCharArray());
+ }
+ trustManagerFactory.init(trustStore);
+ sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(),
new SecureRandom());
+ URL url = new URL("https://localhost:"; + actualPort);
+ HttpsURLConnection urlConnection = (HttpsURLConnection)
url.openConnection();
+ urlConnection.setHostnameVerifier((s, sslSession) -> true);
+ SSLSocketFactory socketFactory = sslContext.getSocketFactory();
+ urlConnection.setSSLSocketFactory(socketFactory);
+ urlConnection.setRequestMethod("GET");
+ urlConnection.getResponseCode();
+ }
+
+}
diff --git
a/bookkeeper-http/vertx-http-server/src/test/resources/vertx_client_key.jks
b/bookkeeper-http/vertx-http-server/src/test/resources/vertx_client_key.jks
new file mode 100644
index 0000000..a6594d1
Binary files /dev/null and
b/bookkeeper-http/vertx-http-server/src/test/resources/vertx_client_key.jks
differ
diff --git
a/bookkeeper-http/vertx-http-server/src/test/resources/vertx_client_trust.jks
b/bookkeeper-http/vertx-http-server/src/test/resources/vertx_client_trust.jks
new file mode 100644
index 0000000..dd4821f
Binary files /dev/null and
b/bookkeeper-http/vertx-http-server/src/test/resources/vertx_client_trust.jks
differ
diff --git
a/bookkeeper-http/vertx-http-server/src/test/resources/vertx_client_wrong_trust.jks
b/bookkeeper-http/vertx-http-server/src/test/resources/vertx_client_wrong_trust.jks
new file mode 100644
index 0000000..46ef37a
Binary files /dev/null and
b/bookkeeper-http/vertx-http-server/src/test/resources/vertx_client_wrong_trust.jks
differ
diff --git
a/bookkeeper-http/vertx-http-server/src/test/resources/vertx_server_key.jks
b/bookkeeper-http/vertx-http-server/src/test/resources/vertx_server_key.jks
new file mode 100644
index 0000000..bef5712
Binary files /dev/null and
b/bookkeeper-http/vertx-http-server/src/test/resources/vertx_server_key.jks
differ
diff --git
a/bookkeeper-http/vertx-http-server/src/test/resources/vertx_server_trust.jks
b/bookkeeper-http/vertx-http-server/src/test/resources/vertx_server_trust.jks
new file mode 100644
index 0000000..f9ba564
Binary files /dev/null and
b/bookkeeper-http/vertx-http-server/src/test/resources/vertx_server_trust.jks
differ
diff --git
a/bookkeeper-server/src/main/java/org/apache/bookkeeper/conf/ServerConfiguration.java
b/bookkeeper-server/src/main/java/org/apache/bookkeeper/conf/ServerConfiguration.java
index 3f099eb..73901a3 100644
---
a/bookkeeper-server/src/main/java/org/apache/bookkeeper/conf/ServerConfiguration.java
+++
b/bookkeeper-server/src/main/java/org/apache/bookkeeper/conf/ServerConfiguration.java
@@ -266,6 +266,11 @@ public class ServerConfiguration extends
AbstractConfiguration<ServerConfigurati
protected static final String HTTP_SERVER_ENABLED = "httpServerEnabled";
protected static final String HTTP_SERVER_PORT = "httpServerPort";
protected static final String HTTP_SERVER_HOST = "httpServerHost";
+ protected static final String HTTP_SERVER_TLS_ENABLE =
"httpServerTlsEnable";
+ protected static final String HTTP_SERVER_KEY_STORE_PATH =
"httpServerKeyStorePath";
+ protected static final String HTTP_SERVER_KEY_STORE_PASSWORD =
"httpServerKeyStorePassword";
+ protected static final String HTTP_SERVER_TRUST_STORE_PATH =
"httpServerTrustStorePath";
+ protected static final String HTTP_SERVER_TRUST_STORE_PASSWORD =
"httpServerTrustStorePassword";
// Lifecycle Components
protected static final String EXTRA_SERVER_COMPONENTS =
"extraServerComponents";
@@ -3482,6 +3487,108 @@ public class ServerConfiguration extends
AbstractConfiguration<ServerConfigurati
}
/**
+ * Get if Http Server Tls enable.
+ * @return
+ */
+ public boolean isHttpServerTlsEnable() {
+ return getBoolean(HTTP_SERVER_TLS_ENABLE, false);
+ }
+
+ /**
+ * Set if Http Server Tls enable.
+ * @param tlsEnable
+ * @return server configuration
+ */
+ public ServerConfiguration setHttpServerTlsEnable(boolean tlsEnable) {
+ setProperty(HTTP_SERVER_TLS_ENABLE, tlsEnable);
+ return this;
+ }
+
+ /**
+ * Get the http server keystore path.
+ *
+ * @return http server keystore path
+ */
+ public String getHttpServerKeystorePath() {
+ return getString(HTTP_SERVER_KEY_STORE_PATH);
+ }
+
+ /**
+ * Set Http server keystore path.
+ *
+ * @param keystorePath
+ * http server keystore path
+ * @return server configuration
+ */
+ public ServerConfiguration setHttpServerKeystorePath(String keystorePath) {
+ setProperty(HTTP_SERVER_KEY_STORE_PATH, keystorePath);
+ return this;
+ }
+
+ /**
+ * Get the http server keyStore password.
+ *
+ * @return http server keyStore password
+ */
+ public String getHttpServerKeystorePassword() {
+ return getString(HTTP_SERVER_KEY_STORE_PASSWORD);
+ }
+
+ /**
+ * Set Http server keyStore password.
+ *
+ * @param keyStorePassword
+ * http server keyStore password
+ * @return server configuration
+ */
+ public ServerConfiguration setHttpServerKeyStorePassword(String
keyStorePassword) {
+ setProperty(HTTP_SERVER_KEY_STORE_PASSWORD, keyStorePassword);
+ return this;
+ }
+
+ /**
+ * Get the http server trustStore path.
+ *
+ * @return http server trustStore path
+ */
+ public String getHttpServerTrustStorePath() {
+ return getString(HTTP_SERVER_TRUST_STORE_PATH);
+ }
+
+ /**
+ * Set Http server trustStore path.
+ *
+ * @param trustStorePath
+ * http server trustStore path
+ * @return server configuration
+ */
+ public ServerConfiguration setHttpServerTrustStorePath(String
trustStorePath) {
+ setProperty(HTTP_SERVER_TRUST_STORE_PATH, trustStorePath);
+ return this;
+ }
+
+ /**
+ * Get the http server trustStore password.
+ *
+ * @return http server trustStore password
+ */
+ public String getHttpServerTrustStorePassword() {
+ return getString(HTTP_SERVER_KEY_STORE_PASSWORD);
+ }
+
+ /**
+ * Set Http server trustStore password.
+ *
+ * @param trustStorePassword
+ * http server trustStore password
+ * @return server configuration
+ */
+ public ServerConfiguration setHttpServerTrustStorePasswordPassword(String
trustStorePassword) {
+ setProperty(HTTP_SERVER_TRUST_STORE_PASSWORD, trustStorePassword);
+ return this;
+ }
+
+ /**
* Get the extra list of server lifecycle components to enable on a bookie
server.
*
* @return the extra list of server lifecycle components to enable on a
bookie server.
diff --git
a/bookkeeper-server/src/main/java/org/apache/bookkeeper/server/service/HttpService.java
b/bookkeeper-server/src/main/java/org/apache/bookkeeper/server/service/HttpService.java
index 5268337..d7a1b32 100644
---
a/bookkeeper-server/src/main/java/org/apache/bookkeeper/server/service/HttpService.java
+++
b/bookkeeper-server/src/main/java/org/apache/bookkeeper/server/service/HttpService.java
@@ -24,7 +24,9 @@ import java.io.IOException;
import org.apache.bookkeeper.common.component.ComponentInfoPublisher;
import
org.apache.bookkeeper.common.component.ComponentInfoPublisher.EndpointInfo;
+import org.apache.bookkeeper.conf.ServerConfiguration;
import org.apache.bookkeeper.http.HttpServer;
+import org.apache.bookkeeper.http.HttpServerConfiguration;
import org.apache.bookkeeper.http.HttpServerLoader;
import org.apache.bookkeeper.server.component.ServerLifecycleComponent;
import org.apache.bookkeeper.server.conf.BookieConfiguration;
@@ -54,7 +56,11 @@ public class HttpService extends ServerLifecycleComponent {
@Override
protected void doStart() {
- server.startServer(conf.getServerConf().getHttpServerPort(),
conf.getServerConf().getHttpServerHost());
+ ServerConfiguration serverConf = conf.getServerConf();
+ HttpServerConfiguration tlsOption = new
HttpServerConfiguration(serverConf.isHttpServerTlsEnable(),
+ serverConf.getHttpServerKeystorePath(),
serverConf.getHttpServerKeystorePassword(),
+ serverConf.getHttpServerTrustStorePath(),
serverConf.getHttpServerTrustStorePassword());
+ server.startServer(serverConf.getHttpServerPort(),
serverConf.getHttpServerHost(), tlsOption);
}
@Override
diff --git a/conf/bk_server.conf b/conf/bk_server.conf
index f83a46e..f619f84 100755
--- a/conf/bk_server.conf
+++ b/conf/bk_server.conf
@@ -225,6 +225,16 @@ httpServerHost=0.0.0.0
# The http server class
httpServerClass=org.apache.bookkeeper.http.vertx.VertxHttpServer
+httpServerTlsEnable=false
+
+httpServerKeyStorePath=
+
+httpServerKeyStorePassword=
+
+httpServerTrustStorePath=
+
+httpServerTrustStorePassword=
+
############################################## Security
##############################################
# The bookie authentication provider factory class name.
