SSL-Config or SSLContext to be used ? in Akka Http SSL Java

Question

I am using my SSL Certificate from third Party - I created a .p12 keystore using following command

openssl pkcs12 -export -CAfile Geotrust_EV_Intermediate_Bundle.crt -in www_domainName_in.crt -inkey domainName.in.key -out wtkeystore1.p12 -name CompanyName -passout pass:SomePassWord

I have referred Akka HTTPS Support Docs and coded following

public HttpsConnectionContext useHttps(ActorSystem system) {
HttpsConnectionContext https = null;
try {
  final char[] password = properties.keystorePassword().toCharArray();

  final KeyStore ks = KeyStore.getInstance("PKCS12");
  final InputStream keystore = WDService.class.getClassLoader().getResourceAsStream("wtkeystore.p12");
  if (keystore == null) {
    throw new RuntimeException("Keystore required!");
  }
  ks.load(keystore, password);
  final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
  keyManagerFactory.init(ks, password);

  final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
  tmf.init(ks);

  final SSLContext sslContext = SSLContext.getInstance("TLS");
  sslContext.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
  final AkkaSSLConfig sslConfig = AkkaSSLConfig.get(system);
  https = ConnectionContext.https(sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
  system.log().error(e.getCause() + " while configuring HTTPS.", e);
} catch (CertificateException | KeyStoreException | UnrecoverableKeyException | IOException e) {
  system.log().error(e.getCause() + " while ", e);
}

return https;

}

My Main file code is as follows

final Http http = Http.get(system);

log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());

Http.get(system).bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());

if (properties.useSSL()) {

  HttpsConnectionContext https = useHttps(system);
  http.setDefaultServerHttpContext(https);

  Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
      ConnectHttp.toHost(properties.urlSSL(), properties.portSSL()), materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

now I am able to bind to Akka Http, and error is NOT reported at all, but my https request are rejected on server (and its doesnt even reach to akka/http - so no error log in akka system) and http://domainName.in is working fine.

Problem:

Am I missing any step above ??
I am only using SSLContext - is that Okay, or Shall I be using SSLConfig as well ? if yes - Then how shall I use SSLConfig as no proper documentation seems to be given
Is using Java default Keystore via keytool necessary ? because I believe wtkeystore.p12 file generated using openssl is also a keystore and good enough to be used.

Updated Code 1: as suggested:

if (properties.useSSL()) {

  HttpsConnectionContext https = useHttps(system);
  ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
      .withCustomHttpsContext(https);

  Http.get(system).bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

and also Made sure that Firewall/Network is open for port 443 but netstat is still showing status as 'ESTABLISHED' and i do telnet to it, this port connection is then closed

When I debug I get SSLConfig and other objects as None, Except SSLContext Object. Is this Normal ??

You need to use `Connect.toHostHttps` to create an HTTPS server. — jrudolph, Apr 18 '17 at 15:11

score 1 · Accepted Answer · answered Apr 18 '17 at 15:13

1

Try something like that:

if (properties.useSSL()) {
  ConnectHttp connect =
    ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
      .withCustomHttpsContext(useHttps(system));

  Http.get(system).bindAndHandle(appRoute().flow(system, materializer),
      connect, materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

answered Apr 18 '17 at 15:13

jrudolph

8,307
4
32
50

Thanx jrudolph ... Now when I debug its shows the port and hostname to used for https in ConnectHttp - but SSL isnt still working at my end... – Abdeali Chandanwala Apr 19 '17 at 09:44

score 1 · Answer 2 · answered Apr 26 '17 at 14:06

Finally! it got solved ...

I was making 2 new Http.get(system) object instead of one single object so My updated code is as follows

final Http http = Http.get(system); // Created Once Only

log.info("Starting on " + properties.url() + ":" + properties.port());
final ConnectHttp host = ConnectHttp.toHost(properties.url(), properties.port());

http.bindAndHandle(appRoute().flow(system, materializer), host, materializer);
log.info("Started on " + properties.url() + ":" + properties.port());

if (properties.useSSL()) {

  HttpsConnectionContext https = useHttps(system);
  ConnectHttp connect = ConnectHttp.toHostHttps(properties.urlSSL(), properties.portSSL())
      .withCustomHttpsContext(https);

  http.bindAndHandle(appRoute().flow(system, materializer), connect, materializer);
  log.info("Started on " + properties.urlSSL() + ":" + properties.portSSL());
}

also Thanx to jrudolph for helping code ... I also had to open firewall port 443 and make the domain point to the IP Address of the Server

Using SSLContext as per the Akka Http Docs is okay ... and no need to use SSLConfig if you are using SSLContext as per the docs have shown - I am currently on Akka v2.4.7.

SSL-Config or SSLContext to be used ? in Akka Http SSL Java

2 Answers2