HTTPS: get back self-signed certificate, document mkcrt for localhost certificates

Author: jknack

docs/asciidoc/servers.adoc

@@ -101,9 +101,19 @@ server.ssl.type = self-signed
 === SSL
 
 Jooby supports HTTPS out of the box. By default HTTPS is disabled and all requests are served using 
-HTTP. To enable HTTPS support, modify your configuration.
+HTTP. Jooby supports two certificate formats:
 
-.SSL Options
+- PKCS12 (this is the default format)
+- X.509
+
+The javadoc:SslOptions[] class provides options to configure SSL:
+
+- cert: A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.
+- key:  A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.
+- password: Password to use (if any). Optional. Default is: null/empty.
+
+
+.Hello HTTPS
 [source,java,role="primary"]
 ----
 {
@@ -133,22 +143,30 @@ listening on:
   https://localhost:8443/
 ----
 
-The `self-signed` certificate is useful for development and only works for `localhost`.
+[IMPORTANT]
+====
+The `self-signed` certificate is useful for development but keep in mind it will generate a warning on the browser.
+====
 
-Jooby supports two certificate formats:
+image::self-signed-not-secure.png[Not Secure]
 
-- PKCS12 (this is the default format)
-- X.509
+A better option for development is the https://mkcert.dev[mkcert] tool:
 
-The javadoc:SslOptions[] class provides options to configure SSL:
+.Generates a PKCS12 certificate
+[source,bash,role="primary]
+----
+mkcrt -pkcs12 localhost
+----
 
-- cert: A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.
-- key:  A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.
-- password: Password to use (if any). Optional. Default is: null/empty.
+.Generates a X.509 certificate
+[source,bash,role="secondary"]
+----
+mkcrt localhost
+----
 
 ==== Using X.509
 
-It is also possible to configure Jooby to use a X.509 certificate, for example one created with https://letsencrypt.org/[Let’s Encrypt]. You will need the `*.crt` and `*.key` files:
+To use a valid X.509 certificate, for example one created with https://letsencrypt.org/[Let’s Encrypt]. You will need the `*.crt` and `*.key` files:
 
 .X509
 [source,java,role="primary"]
@@ -211,7 +229,7 @@ server {
 
 ==== Using PKCS12
 
-It is also possible to configure Jooby to use a PKCS12 certificate:
+To use a valid PKCS12 certificate:
 
 .PKCS12
 [source,java,role="primary"]

docs/images/self-signed-not-secure.png

@@ -15,7 +15,7 @@ public class HttpsApp extends Jooby {
     before(new SSLHandler(true));
     setServerOptions(new ServerOptions().setSecurePort(8443));
 
-    get("/secure", ctx -> {
+    get("/", ctx -> {
       return ctx.getScheme() + "; secure: " + ctx.isSecure();
     });
   }

examples/src/main/java/examples/HttpsApp.java

@@ -1,24 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIIEFzCCAn+gAwIBAgIQA3YJ+Gd4FXMkJneG0oKK/DANBgkqhkiG9w0BAQsFADBd
-MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExGTAXBgNVBAsMEGVkZ2Fy
-QG1lbWEubG9jYWwxIDAeBgNVBAMMF21rY2VydCBlZGdhckBtZW1hLmxvY2FsMB4X
-DTE5MDYwMTAwMDAwMFoXDTI5MTAwOTIxNDI0N1owRDEnMCUGA1UEChMebWtjZXJ0
-IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMRkwFwYDVQQLDBBlZGdhckBtZW1hLmxv
-Y2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5SgWtnDUUViRrdZw
-FtveKe6Uf8hMSC/vo/0EktsfaBnc5+Ze8wU15glbByAfdn4nz0Y37BmPA4304hCO
-lVPCa+OOLTA9Wy2ThccsVKaevtvuETnIoIqGTK8hRzNhpR7yw0wfwGMJZM22tVGj
-5zZrJNEzo+pe4iPSDw84hEEhMwpAf9QZRPpuxysD9j6n559nSgH9qAUa4B6PZf56
-LL4bCo+/J4UHrWnc+8HHFpc4FYpOlrMx0xtHWdXsL+v3O1hfaxY9sbLs8ey6tgiK
-RmJP3PhslJkxbMLsZR62NP7t9/ij70A6OnPJ1rDm44veqHNqIWSWAk++J6WEoijI
-yyP3qwIDAQABo2wwajAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH
-AwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSgkoZtu34X+bqFqlZefmV9WyWU
-ZjAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggGBAJ533IdG
-m+KLAcO5OmmQjSLUj+r10VU0+YpqCDSTu0SPzzSTfQK5C91tZaEIDekI2TA5rgoy
-lcMsMCDypFuUSAvcqRmCFBbdLGmbhKtOY6/ty98IWMHA/xpX3SryPTELQGVTfH+4
-8/PSkARWfwhyNlVclQYMX5SDoM49U7XEDxTd1UesvBEk2LRxZ5YH4J8nJRMMI1ST
-PJntCSaD05wo703lrxvLXU7eLQAWbRrUz/sxjEaam2lf9kvtUtvJdI9hEnTL9Pd8
-Nn+EIngTYVqR5pYxpdzzwzRR2lzwWL5My+z4NwcZweGlksLaow/dglpeu68t/jOp
-DC/eBVOok+vUGPX3+Jf6D/VBSzDfYnnWAI/0eukljENfaa3A+T39NG9gTtCORxin
-0syJWhqvdwPyaPNVQiJrPsHKWFmrcOMNutijy9gqnLC6F+JBBOvyHLHNWUW6iGai
-oMQenJE0oeSifW5dZ0WWuq+qcsXJuddEhQKsi8wK41cAwyIc4nTXYjPkAw==
+MIICqzCCAZOgAwIBAgIJANequC4DK++VMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMTCWxvY2Fs
+aG9zdDAgFw0xODExMDUyMzM3MTVaGA85OTk5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJbG9jYWxo
+b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjsyE1+40JMEXTeZ58ffSc5zaYPF
+32UMU7tYLubwajh4uARcEDczM8FqdiakwhUozRuW6KfTnR/awdFE099UHhW0/imd7HQrKQFlunTe
+UlfJ2ERZuN7ohIcYaTUSDAhYHEtZPv6m3rvE8xYuq2QCK7GCHhDe07FcIyIx92Gf6pWkmNDIgBlS
+EzYSbwwS8M4dm7kQATAT4MDvn9dx0Cr7UejasHRs9idlg3xwjj8UMqYC/Al+Hmk0SSgsRCEPELZu
+MqfXjZhOAXOs9Tgc+DMwfsCZM+X7X1gAoGalUxctdRLFnS13DUNoEUMh0uyDTO0btWnueDMPhttP
+kR8v5QqmzwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBbWgJjr+nbt/dd9w/MfY0Szsrz4Tscu1p+
+A+WxpWLMNjKztCWGtMo+PcUl3vNERIykefx70wDlfsaYPoOMBJU05BDCSMEkVpX8VZeV8YWaDLSp
+KG+RtWwk8PRihe/ADODZwRGVcDhQq2/wsFM28Rd1GcnD54+IvkV46WPUYwPthd0Kfj38Cx3S9tN4
+mUC2AzVcvmJl9Aj+YdAJ6BQ5MemgLaWIJwiPgCbGg8AIXFi51aq6xJNX6jFfcYgSFHD25mMuEWEz
+sbAj5kjKQUZLhXVDYoNfSCU3K5uYyDFUa7uyhvxVHjJWdlLRB8IsuPSncXgXNot4kp/0W19xaF4j
+xwtm
 -----END CERTIFICATE-----

jooby/src/main/resources/io/jooby/ssl/localhost.crt

@@ -1,28 +1,24 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDlKBa2cNRRWJGt
-1nAW294p7pR/yExIL++j/QSS2x9oGdzn5l7zBTXmCVsHIB92fifPRjfsGY8DjfTi
-EI6VU8Jr444tMD1bLZOFxyxUpp6+2+4ROcigioZMryFHM2GlHvLDTB/AYwlkzba1
-UaPnNmsk0TOj6l7iI9IPDziEQSEzCkB/1BlE+m7HKwP2Pqfnn2dKAf2oBRrgHo9l
-/nosvhsKj78nhQetadz7wccWlzgVik6WszHTG0dZ1ewv6/c7WF9rFj2xsuzx7Lq2
-CIpGYk/c+GyUmTFswuxlHrY0/u33+KPvQDo6c8nWsObji96oc2ohZJYCT74npYSi
-KMjLI/erAgMBAAECggEBAJAb29yzq/HUHxkRZ8AYWOhJzz1kuwQSkUOxlDS+dEvF
-J/T2HPP7bN/TNlmOy/p6b5Kb+AMUN6nmlf+spd4mpHewzPKCCbPTP5i7npdFiUNB
-j79pdU/wjXCgGe9q0pdClSxYLQeRwJCSBbqVMtvujwbCQRVuCGlyWWF7EvGo+7Xa
-JdeRtkoxzE1wRjEUke0XkyZMtt8sCd4XQ4bPJJRmYodSO0V+RXa2mb3i2iGYWcv7
-/eOKVGlRG1yRD0czEb7SuWLH/rSAnJsibRUMa4TcGaG287B9mcRxZRvNBKNMrSjN
-2e1Fep6YTgKLOyTYdIZtg24JaUddcrgvECAsxHFWNCECgYEA+gdbjN93Ocd1xI8L
-fJhLxh/eAbJVsYuOAh9gFAvko+l2NVeAjoAThaN+Q6iE9Til2dEgfN4dE9VQ9XhC
-iAFAMiK4vVQw8bUmJtwa3LcTD86n506aJlpONPt5E6Su+UKQbHM1y2CGBc2uCA75
-qlGmt35G4cvP1vPXr+g7nC993fkCgYEA6qEfIPnK3zxHXm1hvJLcatPNQ8CyE2/p
-uexsgxn8avTk5gepqv/ea2R1mkkSoA7PJsu1artkBAB5HPqB9fq/MJ13ZOHw1kfZ
-vq0vGy87lOS7M0XdMGcfpZQLuWUowjM4eIMDg5wOgkmgtMQGtf32dvXF8KIj3GJd
-3GIwoInXu8MCgYB1GZkRI2ANmZNYmb5BfnqOskIh/UoRO1EpQVSYTvGoqyEH3pGB
-LA74mhf6zCRpTTywBTf4A3cO4Otn7AkM9bkBQi3PzmyV58eUj6WtFblBwAH3XWLo
-74aNXfHY91pTt484m8ToGa7rbOdDMvBPiqpQaj38Zp5TCCVOZ6/zeHK00QKBgQC9
-O8/4b57g5yQEk6HFTol5m3OtFmhJZvSSII3wOvArb3KB2GJOaWmBIhf7pL3h26/V
-cWzTNWnYFG2aIqzYsDCtTAM0mUn9+Rs0P0eD3FdoogYdt1ZLKJEMoVfHYkA6SMdd
-4wTdi+rjx/BWeteSxs6WaWkIyCy2HZvoGEVx5VraswKBgQD2+8g3Cn3hUdg4FyfV
-gT/iX61THI6U+dbYVw+ELVNqh3zuThHwk9uiJantdS8a+fk80/ZW27VIkHXnC+3X
-3nOa6B1cUiItVCNF2S0kkuXec//+2Em0Ps9PP4jjJsg3GhztOUT7IMwG2Q7gFr1t
-8V+FHUhosyxgWpnkh0nIQSuniQ==
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCqOzITX7jQkwRdN5nnx99JznNp
+g8XfZQxTu1gu5vBqOHi4BFwQNzMzwWp2JqTCFSjNG5bop9OdH9rB0UTT31QeFbT+KZ3sdCspAWW6
+dN5SV8nYRFm43uiEhxhpNRIMCFgcS1k+/qbeu8TzFi6rZAIrsYIeEN7TsVwjIjH3YZ/qlaSY0MiA
+GVITNhJvDBLwzh2buRABMBPgwO+f13HQKvtR6NqwdGz2J2WDfHCOPxQypgL8CX4eaTRJKCxEIQ8Q
+tm4yp9eNmE4Bc6z1OBz4MzB+wJkz5ftfWACgZqVTFy11EsWdLXcNQ2gRQyHS7INM7Ru1ae54Mw+G
+20+RHy/lCqbPAgMBAAECggEAc0ITPKTiCG6SVN8xmIput5VN9VIgJopPV14Qbek1PGYx7j4da2lE
+hLVfdNHjWfljn8QfYDVJhSgtQG+Fj4K1fI0r966L264oDuKAU0ePw+bmpkRZD1/1xM2HjKw/JOB9
+b+LgcVOP/lzaE9CgFrFm+th8BglcJa7/eFZNyHZUBUri/IBWuPczFlIrc5HKIlPVM8Bf4E9nLtLj
+90Gg5zuNHvmN4+gIig8kEhTbWFKL/L+8adElOO22jvJMC3cBMhrbtD5K73wQ50MbSglhHP7PY4Uq
+asR0CQu6tKhLyLni4tlWMiEAs8b7IsG7BIkeD7UUKX7PVoCay9vJLvYL9qOyMQKBgQDilmnfAK/J
+mVVWCRfj1kgkBAIgswH49c+UCz0U6EzpNFXxhkEnuP0yvMrFCKEXXOP6J8WqgDJ3bWJQHARLbhfd
+p4VzWbwHH0V+4IaoYdX8uhxoyW/PNoqvla8233REWMQcbYBVvPtlygmbswgBmNMA2t6cIGcdmxkY
+P+fTWUkNtwKBgQDAVAqHBSxd8SZ+WG9fCjJM1Yjo3908ANNCucDw7cXHs0zJOrB2DV5FZG6iZNev
+MjfKSvVx7qe55SGpJWl8aDpvJ/df6tPD1SLRLuM54IdN3c3B0bt8Vn77mMASPz3hnK8SKsJ9LFoh
+dPbbAaHJjhlVIymIjhX6+dx11CvzSBQvqQKBgQCtRH3zBHBoBfPGla+KDzsdJ1+FJ72zZiz0tV9h
+FH5zugyaY6KBQKmF2e5omz+sQOEoUq+JwPxWbPPH9JSoJajkW4zl91GcVKJs8j6mliHvX1YIHzl7
+x+ZnfFv+5wLenM5iOq3vYlMPtF6CjHXr2rRHrBacZv7TGd4nt/6LlHQTowKBgQCXt/RSDOex99Eo
+7DR3IcEKUYzeP/LzKad+RLCKntddsPjK6UxY5DTQwuhvnON0ZkYSg81Zoi2X/MPv/f5X0JUAKOQB
+O2rwWktL/xPrDU9PQsDUu9GNxWIIsbga7N6xAnws9aRVQE6dg/pUS9ZH/JvJSKK0AXofcUnTfZtq
+IBskeQKBgQCerwVey5BIjiePoeikal/BiNwLgjeOSPax6qs4/9wRDXnN/Qj3q486pXy4OohhIeXc
+G7aeI3PACO/a680Mtbzi3q/1PsHWuuWrIzin3kF0ri8X3pYrzyV2rwmJqe1HmmBKOVPEg/KtHwpW
+ORBoSiB2Hz9RmSdyBUK1grLz3GJNXQ==
 -----END PRIVATE KEY-----

jooby/src/main/resources/io/jooby/ssl/localhost.key

@@ -5,7 +5,6 @@
  */
 package io.jooby.internal.jetty;
 
-import com.typesafe.config.Config;
 import io.jooby.Body;
 import io.jooby.ByteRange;
 import io.jooby.Context;
@@ -27,7 +26,6 @@
 import io.jooby.Value;
 import io.jooby.ValueNode;
 import io.jooby.WebSocket;
-import org.eclipse.jetty.http.HttpContent;
 import org.eclipse.jetty.http.HttpFields;
 import org.eclipse.jetty.http.HttpHeader;
 import org.eclipse.jetty.http.HttpHeaderValue;
@@ -39,8 +37,6 @@
 import org.eclipse.jetty.util.BufferUtil;
 import org.eclipse.jetty.util.Callback;
 import org.eclipse.jetty.util.MultiMap;
-import org.eclipse.jetty.websocket.api.WebSocketBehavior;
-import org.eclipse.jetty.websocket.api.WebSocketPolicy;
 import org.eclipse.jetty.websocket.server.WebSocketServerFactory;
 import org.slf4j.Logger;
 
@@ -49,7 +45,6 @@
 import javax.servlet.AsyncContext;
 import javax.servlet.MultipartConfigElement;
 import javax.servlet.ServletException;
-import javax.servlet.ServletOutputStream;
 import javax.servlet.WriteListener;
 import javax.servlet.http.Part;
 import java.io.FileInputStream;
@@ -71,8 +66,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.Executor;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicBoolean;
 
 import static org.eclipse.jetty.http.HttpHeader.CONTENT_TYPE;
 import static org.eclipse.jetty.http.HttpHeader.SET_COOKIE;

jooby/src/main/resources/io/jooby/ssl/localhost.p12

@@ -19,6 +19,7 @@
 import okhttp3.Response;
 import okhttp3.ResponseBody;
 import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.RepeatedTest;
 import org.junit.jupiter.api.Test;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
@@ -1890,6 +1891,7 @@ public void sessionIdMultiple() {
         assertNotNull(sid);
         String header = rsp.header("TOKEN");
         assertNotNull(header);
+        assertEquals(sid, header);
 
         client.header("Cookie", "jooby.sid=" + sid);
         client.get("/session", sessionCookie -> {
@@ -1905,7 +1907,7 @@ public void sessionIdMultiple() {
           assertNull(headerCookie.header("Set-Cookie"));
         });
       });
-    });
+    }, Jetty::new);
   }
 
   @Test
@@ -2916,7 +2918,8 @@ public void jsonwebtokenSession() {
       });
 
       app.get("/destroy", ctx -> {
-        ctx.session().destroy();;
+        ctx.session().destroy();
+        ;
         return "destroy";
       });
     }).ready(client -> {
@@ -2981,7 +2984,7 @@ private byte[][] partition(byte[] bytes, int size) {
     List<byte[]> result = new ArrayList<>();
     int offset = 0;
     while (offset < bytes.length) {
-      int len = Math.min(size,bytes.length - offset);
+      int len = Math.min(size, bytes.length - offset);
       byte[] b = new byte[len];
       System.arraycopy(bytes, offset, b, 0, len);
       result.add(b);

modules/jooby-jetty/src/main/java/io/jooby/internal/jetty/JettyContext.java

@@ -1,5 +1,6 @@
 package io.jooby;
 
+import okhttp3.Cache;
 import okhttp3.Headers;
 import okhttp3.OkHttpClient;
 import okhttp3.RequestBody;