Should I use SSL-Config or SSLContext? in Akka Http SSL Java
I am using my SSL certificate from a third party - I created a .p12 store using the following command
openssl pkcs12 -export -CAfile Geotrust_EV_Intermediate_Bundle.crt -in www_domainName_in.crt -inkey domainName.in.key -out wtkeystore1.p12 -name CompanyName -passout pass:SomePassWord
I submitted Akka HTTPS Support Docs and coded after
public HttpsConnectionContext useHttps(ActorSystem system) {
HttpsConnectionContext https = null;
try {
final char[] password = properties.keystorePassword().toCharArray();
final KeyStore ks = KeyStore.getInstance("PKCS12");
final InputStream keystore = WDService.class.getClassLoader().getResourceAsStream("wtkeystore.p12");
if (keystore == null) {
throw new RuntimeException("Keystore required!");
}
ks.load(keystore, password);
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(ks, password);
final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
final AkkaSSLConfig sslConfig = AkkaSSLConfig.get(system);
https = ConnectionContext.https(sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
system.log().error(e.getCause() + " while configuring HTTPS.", e);
} catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
system.log().error(e.getCause() + " while ", e);
}
return https;
}
My main file looks like this
final Http http = Http.get(system);
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
http.setDefaultServerHttpContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
now I can bind to Akka Http and the error is NOT reported at all, but my https request is rejected on the server (and it doesn't even get to akka / http so no error is logged on the akka system) and http://domainName.in works fine.
Problem:
-
Am I missing any step above?
-
I only use SSLContext - is that good, or should I also use SSLConfig? if yes - then how should i use SSLConfig as no proper documentation appears
- Is using Java Keystore by default with keytool? because I believe the wtkeystore.p12 file generated with openssl is also a keystore and is good enough to use.
Updated Code 1: as suggested:
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
Http.get(system).bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
and also Make sure Firewall / Network is open for port 443 but netstat still shows "ESTABLISHED" status and I telnet to it, this port connection is closed
When I debug I get SSLConfig and other objects as None besides SSLContext Object. This is normal??
source to share
Try something like this:
if (properties.useSSL()) {
ConnectHttp connect =
ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(useHttps(system));
Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
source to share
At last! it was solved ...
I was doing 2 new Http.get (system) objects instead of one object so my updated code looks like this
final Http http = Http.get(system); // Created Once Only
log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());
http.bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());
if (properties.useSSL()) {
HttpsConnectionContext https = useHttps(system);
ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
.withCustomHttpsContext(https);
http.bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}
See also Thanx to jrudolph for help with the code ... I also had to open port 443 of the firewall and make the domain point the server IP
Using SSLContext as per the Akka Http docs is ok ... and no need to use SSLConfig if you are using SSLContext as per the docs shown - I'm on Akka v2.4.7 now.
source to share