/** * Gets the insecure port number that this service has bound to. * <p> * The port number is determined as follows: * <ol> * <li>if this service is already listening on an insecure port, the corresponding socket's actual port number is returned, else</li> * <li>if this service has been configured to listen on an insecure port, the configured port number is returned, else</li> * <li>{@link Constants#PORT_UNCONFIGURED} is returned.</li> * </ol> * * @return The port number. */ public final int getInsecurePort() { if (getActualInsecurePort() != Constants.PORT_UNCONFIGURED) { return getActualInsecurePort(); } else if (isInsecurePortEnabled()) { return getConfig().getInsecurePort(getInsecurePortDefaultValue()); } else { return Constants.PORT_UNCONFIGURED; } }
/** * Gets the secure port number that this service has bound to. * <p> * The port number is determined as follows: * <ol> * <li>if this service is already listening on a secure port, the corresponding socket's actual port number is returned, else</li> * <li>if this service has been configured to listen on a secure port, the configured port number is returned, else</li> * <li>{@link Constants#PORT_UNCONFIGURED} is returned.</li> * </ol> * * @return The port number. */ public final int getPort() { if (getActualPort() != Constants.PORT_UNCONFIGURED) { return getActualPort(); } else if (isSecurePortEnabled()) { return getConfig().getPort(getPortDefaultValue()); } else { return Constants.PORT_UNCONFIGURED; } };
/** * Determines the secure port to bind to. * <p> * The port is determined by invoking {@code HonoConfigProperties#getPort(int)} * with the value returned by {@link #getPortDefaultValue()}. * * @return The port. */ protected final int determineSecurePort() { final int port = getConfig().getPort(getPortDefaultValue()); if (port == getPortDefaultValue()) { LOG.info("Server uses secure standard port {}", port); } else if (port == 0) { LOG.info("Server found secure port number configured for ephemeral port selection (port chosen automatically)."); } return port; }
/** * Verifies that a Hono server will bind to the default insecure port only * when using a default configuration with the insecure port being enabled. */ @Test public void checkInsecureOnlyPort() { // GIVEN a default configuration with insecure port being enabled but no key store being set final ServiceConfigProperties configProperties = new ServiceConfigProperties(); configProperties.setInsecurePortEnabled(true); // WHEN using this configuration to determine the server's port configuration final AbstractServiceBase<ServiceConfigProperties> server = createService(configProperties); final Future<Void> portConfigurationTracker = server.checkPortConfiguration(); // THEN the server will bind to the default insecure port only assertTrue(portConfigurationTracker.succeeded()); assertFalse(server.isSecurePortEnabled()); assertTrue(server.isInsecurePortEnabled()); assertThat(server.getInsecurePort(), is(INSECURE_PORT_NR)); }
/** * Determines the insecure port to bind to. * <p> * The port is determined by invoking {@code HonoConfigProperties#getInsecurePort(int)} * with the value returned by {@link #getInsecurePortDefaultValue()}. * * @return The port. */ protected final int determineInsecurePort() { final int insecurePort = getConfig().getInsecurePort(getInsecurePortDefaultValue()); if (insecurePort == 0) { LOG.info("Server found insecure port number configured for ephemeral port selection (port chosen automatically)."); } else if (insecurePort == getInsecurePortDefaultValue()) { LOG.info("Server uses standard insecure port {}", insecurePort); } else if (insecurePort == getPortDefaultValue()) { LOG.warn("Server found insecure port number configured to standard port for secure connections {}", getConfig().getInsecurePort()); LOG.warn("Possibly misconfigured?"); } return insecurePort; }
/** * Gets the host name or IP address this server's insecure port is bound to. * * @return The address. */ public final String getInsecurePortBindAddress() { return getConfig().getInsecurePortBindAddress(); }
/** * Verifies that a Hono server will not be able to start * when using a default configuration with not key store being set. */ @Test public void checkNoPortsSet() { // GIVEN a default configuration with no key store being set final ServiceConfigProperties configProperties = new ServiceConfigProperties(); // WHEN using this configuration to determine the server's port configuration final AbstractServiceBase<ServiceConfigProperties> server = createService(configProperties); final Future<Void> portConfigurationTracker = server.checkPortConfiguration(); // THEN the port configuration fails assertTrue(portConfigurationTracker.failed()); }
/** * Verifies that only the configured TLS protocols are enabled. * */ @Test public void testAddTlsKeyCertOptionsDisablesTlsProtocolVersions() { // GIVEN a configuration with only TLS 1 and TLS 1.1 enabled final ServiceConfigProperties config = new ServiceConfigProperties(); config.setKeyStorePath(PREFIX_KEY_PATH + "/honoKeyStore.p12"); config.setSecureProtocols(Arrays.asList("TLSv1", "TLSv1.1")); // WHEN configuring a service using the configuration final AbstractServiceBase<ServiceConfigProperties> service = createService(config); final NetServerOptions options = new NetServerOptions(); service.addTlsKeyCertOptions(options); // THEN SSL is enabled and only TLSv1 and TLSv1.1 are supported assertTrue(options.isSsl()); assertTrue(options.getEnabledSecureTransportProtocols().size() == 2); assertTrue(options.getEnabledSecureTransportProtocols().contains("TLSv1")); assertTrue(options.getEnabledSecureTransportProtocols().contains("TLSv1.1")); } }
/** * Verifies that a Hono server will bind to both the default insecure and secure ports * when using a default configuration with the insecure port being enabled and the * key store property being set. */ @Test public void checkBothPortsOpen() { // GIVEN a default configuration with insecure port being enabled and a key store being set. final ServiceConfigProperties configProperties = new ServiceConfigProperties(); configProperties.setInsecurePortEnabled(true); configProperties.setKeyStorePath(PREFIX_KEY_PATH + "/honoKeyStore.p12"); // WHEN using this configuration to determine the server's port configuration final AbstractServiceBase<ServiceConfigProperties> server = createService(configProperties); final Future<Void> portConfigurationTracker = server.checkPortConfiguration(); // THEN the server will bind to both the default insecure and secure ports assertTrue(portConfigurationTracker.succeeded()); assertTrue(server.isSecurePortEnabled()); assertThat(server.getPort(), is(PORT_NR)); assertTrue(server.isInsecurePortEnabled()); assertThat(server.getInsecurePort(), is(INSECURE_PORT_NR)); }
/** * Determines the insecure port to bind to. * <p> * The port is determined by invoking {@code HonoConfigProperties#getInsecurePort(int)} * with the value returned by {@link #getInsecurePortDefaultValue()}. * * @return The port. */ protected final int determineInsecurePort() { final int insecurePort = getConfig().getInsecurePort(getInsecurePortDefaultValue()); if (insecurePort == 0) { LOG.info("Server found insecure port number configured for ephemeral port selection (port chosen automatically)."); } else if (insecurePort == getInsecurePortDefaultValue()) { LOG.info("Server uses standard insecure port {}", insecurePort); } else if (insecurePort == getPortDefaultValue()) { LOG.warn("Server found insecure port number configured to standard port for secure connections {}", getConfig().getInsecurePort()); LOG.warn("Possibly misconfigured?"); } return insecurePort; }
/** * Gets the host name or IP address this server's secure port is bound to. * * @return The address. */ public final String getBindAddress() { return getConfig().getBindAddress(); }
/** * Determines the secure port to bind to. * <p> * The port is determined by invoking {@code HonoConfigProperties#getPort(int)} * with the value returned by {@link #getPortDefaultValue()}. * * @return The port. */ protected final int determineSecurePort() { final int port = getConfig().getPort(getPortDefaultValue()); if (port == getPortDefaultValue()) { LOG.info("Server uses secure standard port {}", port); } else if (port == 0) { LOG.info("Server found secure port number configured for ephemeral port selection (port chosen automatically)."); } return port; }
/** * Verifies that a Hono server will only bind to the secure port * when using a default configuration with both secure and insecure ports being enabled and * set to the same port number. */ @Test public void checkBothPortsSetToSame() { // GIVEN a default configuration with both the insecure port and the secure port // being set to the same value. final ServiceConfigProperties configProperties = new ServiceConfigProperties(); configProperties.setInsecurePortEnabled(true); configProperties.setKeyStorePath(PREFIX_KEY_PATH + "/honoKeyStore.p12"); configProperties.setInsecurePort(8888); configProperties.setPort(8888); // WHEN using this configuration to determine the server's port configuration final AbstractServiceBase<ServiceConfigProperties> server = createService(configProperties); final Future<Void> portConfigurationTracker = server.checkPortConfiguration(); // THEN port configuration fails assertTrue(portConfigurationTracker.failed()); }
/** * Verifies that only TLSv1.2 is enabled by default. * */ @Test public void testAddTlsKeyCertOptionsDisablesAllProtocolVersionsButTls12() { // GIVEN a default configuration for TLS final ServiceConfigProperties config = new ServiceConfigProperties(); config.setKeyStorePath(PREFIX_KEY_PATH + "/honoKeyStore.p12"); // WHEN configuring a service using the configuration final AbstractServiceBase<ServiceConfigProperties> service = createService(config); final NetServerOptions options = new NetServerOptions(); service.addTlsKeyCertOptions(options); // THEN SSL is enabled and only TLSv1.2 is enabled assertTrue(options.isSsl()); assertTrue(options.getEnabledSecureTransportProtocols().contains("TLSv1.2")); assertTrue(options.getEnabledSecureTransportProtocols().size() == 1); }
/** * Verifies that a Hono server will bind to the default port only * when using a default configuration with only the key store property being set. */ @Test public void checkSecurePortAutoSelect() { // GIVEN a configuration with a key store set final ServiceConfigProperties configProperties = new ServiceConfigProperties(); configProperties.setKeyStorePath(PREFIX_KEY_PATH + "/honoKeyStore.p12"); // WHEN using this configuration to determine the server's port configuration // secure port config: no port set -> secure IANA port selected final AbstractServiceBase<ServiceConfigProperties> server = createService(configProperties); final Future<Void> portConfigurationTracker = server.checkPortConfiguration(); // THEN the default secure port is selected and no insecure port will be opened assertTrue(portConfigurationTracker.succeeded()); assertTrue(server.isSecurePortEnabled()); assertThat(server.getPort(), is(PORT_NR)); assertFalse(server.isInsecurePortEnabled()); }
/** * Gets the insecure port number that this service has bound to. * <p> * The port number is determined as follows: * <ol> * <li>if this service is already listening on an insecure port, the corresponding socket's actual port number is returned, else</li> * <li>if this service has been configured to listen on an insecure port, the configured port number is returned, else</li> * <li>{@link Constants#PORT_UNCONFIGURED} is returned.</li> * </ol> * * @return The port number. */ public final int getInsecurePort() { if (getActualInsecurePort() != Constants.PORT_UNCONFIGURED) { return getActualInsecurePort(); } else if (isInsecurePortEnabled()) { return getConfig().getInsecurePort(getInsecurePortDefaultValue()); } else { return Constants.PORT_UNCONFIGURED; } }
/** * Gets the secure port number that this service has bound to. * <p> * The port number is determined as follows: * <ol> * <li>if this service is already listening on a secure port, the corresponding socket's actual port number is returned, else</li> * <li>if this service has been configured to listen on a secure port, the configured port number is returned, else</li> * <li>{@link Constants#PORT_UNCONFIGURED} is returned.</li> * </ol> * * @return The port number. */ public final int getPort() { if (getActualPort() != Constants.PORT_UNCONFIGURED) { return getActualPort(); } else if (isSecurePortEnabled()) { return getConfig().getPort(getPortDefaultValue()); } else { return Constants.PORT_UNCONFIGURED; } };
if (getConfig().getKeyCertOptions() == null) { if (getConfig().getPort() >= 0) { LOG.warn("Secure port number configured, but the certificate setup is not correct. No secure port will be opened - please check your configuration!"); if (!getConfig().isInsecurePortEnabled()) { LOG.error("configuration must have at least one of key & certificate or insecure port set to start up"); result.fail("no ports configured"); result.complete(); } else if (getConfig().isInsecurePortEnabled()) { if (getConfig().getPort(getPortDefaultValue()) == getConfig().getInsecurePort(getInsecurePortDefaultValue())) { LOG.error("secure and insecure ports must be configured to bind to different port numbers"); result.fail("secure and insecure ports configured to bind to same port number");
/** * Checks if this service has been configured to bind to the secure port during startup. * <p> * Subclasses may override this method in order to do more sophisticated checks. * * @return {@code true} if <em>config</em> contains a valid key and certificate. */ protected boolean isSecurePortEnabled() { return getConfig().getKeyCertOptions() != null; }
/** * Verifies that a Hono server will bind to a configured insecure port only * when using a default configuration with the insecure port property being set. */ @Test public void checkInsecureOnlyPortExplicitlySet() { // GIVEN a default configuration with insecure port being set to a specific port. final ServiceConfigProperties configProperties = new ServiceConfigProperties(); configProperties.setInsecurePortEnabled(true); configProperties.setInsecurePort(8888); // WHEN using this configuration to determine the server's port configuration final AbstractServiceBase<ServiceConfigProperties> server = createService(configProperties); final Future<Void> portConfigurationTracker = server.checkPortConfiguration(); // THEN the server will bind to the configured insecure port only assertTrue(portConfigurationTracker.succeeded()); assertFalse(server.isSecurePortEnabled()); assertTrue(server.isInsecurePortEnabled()); assertThat(server.getInsecurePort(), is(8888)); }