添加 solon-server-tomcat-jakarta ssl 支持

Author: noear

solon-jakarta-projects/solon-server/solon-server-tomcat-jakarta/src/main/java/org/noear/solon/server/tomcat/TomcatServer.java

@@ -19,17 +19,25 @@
 import org.apache.catalina.Wrapper;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
+import org.apache.coyote.http11.Http11NioProtocol;
+import org.apache.tomcat.util.net.SSLHostConfig;
+import org.apache.tomcat.util.net.SSLHostConfigCertificate;
 import org.noear.solon.core.util.IoUtil;
 import org.noear.solon.server.ServerProps;
 import org.noear.solon.server.handle.SessionProps;
 import org.noear.solon.server.prop.impl.HttpServerProps;
 import org.noear.solon.server.tomcat.http.TCHttpContextHandler;
 
 import jakarta.servlet.MultipartConfigElement;
+import org.noear.solon.server.tomcat.ssl.TomcatSslContext;
+
+import javax.net.ssl.SSLContext;
 
 /**
  * @author Yukai
+ * @author noear
  * @since 2019/3/28 15:49
+ * @since 3.6
  */
 public class TomcatServer extends TomcatServerBase {
     protected boolean isSecure;
@@ -81,32 +89,59 @@ protected Context initContext() {
 
     @Override
     protected void addConnector(int port, boolean isMain) throws Throwable {
-        Connector connector = new Connector("HTTP/1.1");
+        //::protocol
+        final Http11NioProtocol protocol = new Http11NioProtocol();
+
+        if (ServerProps.request_maxHeaderSize > 0) {
+            protocol.setMaxHttpHeaderSize(ServerProps.request_maxHeaderSize);
+        }
+
+        if (ServerProps.request_maxBodySize > 0) {
+            protocol.setMaxSwallowSize(ServerProps.request_maxBodySizeAsInt());
+        }
+
+        protocol.setRelaxedQueryChars("[]|{}");
+
+        if (isMain) {
+            //for protocol ssl
+            if (sslConfig.isSslEnable()) {
+                protocol.setSSLEnabled(true);
+                protocol.setSecure(true);
+                protocol.addSslHostConfig(createSSLHostConfig(sslConfig.getSslContext()));
+                isSecure = true;
+            }
+        }
+
+
+        //::connector
+        final Connector connector = new Connector(protocol);
 
         connector.setPort(port);
 
         if (isMain) {
-            //for ssl
+            //for connector ssl
             if (sslConfig.isSslEnable()) {
-                // 1. 标识 ssl
                 connector.setSecure(true);
                 connector.setScheme("https");
-
-                isSecure = true;
             }
         }
 
         connector.setMaxPostSize(ServerProps.request_maxBodySizeAsInt());
         connector.setMaxPartHeaderSize(ServerProps.request_maxHeaderSize);
-
-        connector.setProperty("maxHttpHeaderSize", String.valueOf(ServerProps.request_maxHeaderSize));
-        connector.setProperty("maxSwallowSize", String.valueOf(ServerProps.request_maxBodySize));
-
-        connector.setProperty("relaxedQueryChars", "[]|{}");
         connector.setURIEncoding(ServerProps.request_encoding);
         connector.setUseBodyEncodingForURI(true);
 
-
         _server.getService().addConnector(connector);
     }
+
+    private static SSLHostConfig createSSLHostConfig(final SSLContext sslContext) {
+        final SSLHostConfig sslHostConfig = new SSLHostConfig();
+
+        final SSLHostConfigCertificate sslHostConfigCertificate =
+                new SSLHostConfigCertificate(sslHostConfig, SSLHostConfigCertificate.Type.RSA);
+        sslHostConfigCertificate.setSslContext(new TomcatSslContext(sslContext));
+
+        sslHostConfig.addCertificate(sslHostConfigCertificate);
+        return sslHostConfig;
+    }
 }

solon-jakarta-projects/solon-server/solon-server-tomcat-jakarta/src/main/java/org/noear/solon/server/tomcat/TomcatServerBase.java

@@ -16,7 +16,6 @@
 package org.noear.solon.server.tomcat;
 
 import org.apache.catalina.Context;
-import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
 import org.noear.solon.Utils;
 import org.noear.solon.lang.Nullable;
@@ -33,9 +32,12 @@
 import java.util.Set;
 import java.util.concurrent.Executor;
 
+
 /**
  * @author Yukai
+ * @author noear
  * @since 2022/8/26 17:01
+ * @since 3.6
  **/
 public abstract class TomcatServerBase implements ServerLifecycle, HttpServerConfigure {
     static final Logger log = LoggerFactory.getLogger(TomcatServerBase.class);

solon-jakarta-projects/solon-server/solon-server-tomcat-jakarta/src/main/java/org/noear/solon/server/tomcat/ssl/TomcatSslContext.java

@@ -0,0 +1,106 @@
+/*
+ * Copyright 2017-2025 noear.org and authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.noear.solon.server.tomcat.ssl;
+
+import org.apache.tomcat.util.net.SSLContext;
+
+import javax.net.ssl.*;
+import java.security.KeyManagementException;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * Tomcat SSLContext 实现
+ *
+ * @author Looly
+ * @since 3.6.0
+ */
+public class TomcatSslContext implements SSLContext {
+    private final javax.net.ssl.SSLContext context;
+    private KeyManager[] kms;
+    private TrustManager[] tms;
+
+    /**
+     * 构造
+     *
+     * @param context SSLContext
+     */
+    public TomcatSslContext(final javax.net.ssl.SSLContext context) {
+        this.context = context;
+    }
+
+    @Override
+    public void init(final KeyManager[] kms, final TrustManager[] tms, final SecureRandom sr)
+            throws KeyManagementException {
+        this.kms = kms;
+        this.tms = tms;
+        context.init(kms, tms, sr);
+    }
+
+    @Override
+    public void destroy() {
+    }
+
+    @Override
+    public SSLSessionContext getServerSessionContext() {
+        return context.getServerSessionContext();
+    }
+
+    @Override
+    public SSLEngine createSSLEngine() {
+        return context.createSSLEngine();
+    }
+
+    @Override
+    public SSLServerSocketFactory getServerSocketFactory() {
+        return context.getServerSocketFactory();
+    }
+
+    @Override
+    public SSLParameters getSupportedSSLParameters() {
+        return context.getSupportedSSLParameters();
+    }
+
+    @Override
+    public X509Certificate[] getCertificateChain(final String alias) {
+        X509Certificate[] result = null;
+        if (kms != null) {
+            for (int i = 0; i < kms.length && result == null; i++) {
+                if (kms[i] instanceof X509KeyManager) {
+                    result = ((X509KeyManager) kms[i]).getCertificateChain(alias);
+                }
+            }
+        }
+        return result;
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+        final Set<X509Certificate> certs = new HashSet<>();
+        if (tms != null) {
+            for (final TrustManager tm : tms) {
+                if (tm instanceof X509TrustManager) {
+                    final X509Certificate[] accepted = ((X509TrustManager) tm).getAcceptedIssuers();
+                    certs.addAll(Arrays.asList(accepted));
+                }
+            }
+        }
+        return certs.toArray(new X509Certificate[0]);
+    }
+}