SSLHostConfig implementation for Connector (#110)

* SSLHostConfig implementation for Connector

Co-authored-by: Thanos Ploumis <[email protected]>

Author: thanosploumis

core/src/main/groovy/noe/tomcat/configure/ConnectorAttributesTransformer.groovy

@@ -86,8 +86,7 @@ class ConnectorAttributesTransformer {
           attributes.put('secret', connector.getSecret())
         }
 
-        if (connector.getAllowedRequestAttributesPattern() != null
-                && !connector.getAllowedRequestAttributesPattern().isEmpty()) {
+        if (connector.getAllowedRequestAttributesPattern() != null && !connector.getAllowedRequestAttributesPattern().isEmpty()) {
           attributes.put('allowedRequestAttributesPattern', connector.getAllowedRequestAttributesPattern())
         }
       }
@@ -169,7 +168,7 @@ class ConnectorAttributesTransformer {
       if (connector.getSslPassword() != null && !connector.getSslPassword().isEmpty()) {
         attributes.put('SSLPassword', connector.getSslPassword())
       }
-      if (connector.getSslEnabledProtocols() != null) {
+      if (connector.getSslEnabledProtocols() != null && !connector.getSslEnabledProtocols().isEmpty()) {
         attributes.put('sslEnabledProtocols', connector.getSslEnabledProtocols())
       }
       // ---------------------
@@ -178,6 +177,87 @@ class ConnectorAttributesTransformer {
         node.appendNode("UpgradeProtocol", ['className': connector.getUpgradeProtocol().getClassName()])
       }
 
+      if (connector.getSSLHostConfigs() != null) {
+        for (ConnectorSSLHostConfigTomcat sslHostConfig : connector.getSSLHostConfigs()) {
+
+          Map<String, Object> sslHostConfigAttributes = [:]
+
+          if (sslHostConfig.getHostName() != null && !sslHostConfig.getHostName().isEmpty()) {
+            sslHostConfigAttributes.put('hostName', sslHostConfig.getHostName())
+          }
+          if (sslHostConfig.getCertificateVerification() != null && !sslHostConfig.getCertificateVerification().isEmpty()) {
+            sslHostConfigAttributes.put('certificateVerification', sslHostConfig.getCertificateVerification())
+          }
+          if (sslHostConfig.getCaCertificateFile() != null && !sslHostConfig.getCaCertificateFile().isEmpty()) {
+            sslHostConfigAttributes.put('caCertificateFile', sslHostConfig.getCaCertificateFile())
+          }
+          if (sslHostConfig.getCaCertificatePath() != null && !sslHostConfig.getCaCertificatePath().isEmpty()) {
+            sslHostConfigAttributes.put('caCertificatePath', sslHostConfig.getCaCertificatePath())
+          }
+          if (sslHostConfig.getCiphers() != null && !sslHostConfig.getCiphers().isEmpty()) {
+            sslHostConfigAttributes.put('ciphers', sslHostConfig.getCiphers())
+          }
+          if (sslHostConfig.getSslProtocol() != null && !sslHostConfig.getSslProtocol().isEmpty()) {
+            sslHostConfigAttributes.put('sslProtocol', sslHostConfig.getSslProtocol())
+          }
+          if (sslHostConfig.getProtocols() != null && !sslHostConfig.getProtocols().isEmpty()) {
+            sslHostConfigAttributes.put('protocols', sslHostConfig.getProtocols())
+          }
+          if (sslHostConfig.getTruststoreFile() != null && !sslHostConfig.getTruststoreFile().isEmpty()) {
+            sslHostConfigAttributes.put('truststoreFile', sslHostConfig.getTruststoreFile())
+          }
+          if (sslHostConfig.getTruststorePassword() != null && !sslHostConfig.getTruststorePassword().isEmpty()) {
+            sslHostConfigAttributes.put('truststorePassword', sslHostConfig.getTruststorePassword())
+          }
+          if (sslHostConfig.getTruststoreProvider() != null && !sslHostConfig.getTruststoreProvider().isEmpty()) {
+            sslHostConfigAttributes.put('truststoreProvider', sslHostConfig.getTruststoreProvider())
+          }
+          if (sslHostConfig.getTruststoreType() != null && !sslHostConfig.getTruststoreType().isEmpty()) {
+            sslHostConfigAttributes.put('truststoreType', sslHostConfig.getTruststoreType())
+          }
+
+          Node sslHostConfigNode = node.appendNode("SSLHostConfig", sslHostConfigAttributes)
+
+          if (sslHostConfig.getCertificate() != null ) {
+            Map<String, Object> certificateAttributes = [:]
+            ConnectorCertificateTomcat certificate = sslHostConfig.getCertificate()
+
+            if (certificate.getCertificateFile() != null && !certificate.getCertificateFile().isEmpty()) {
+              certificateAttributes.put('certificateFile', certificate.getCertificateFile())
+            }
+            if (certificate.getCertificateChainFile() != null && !certificate.getCertificateChainFile().isEmpty()) {
+              certificateAttributes.put('certificateChainFile', certificate.getCertificateChainFile())
+            }
+            if (certificate.getCertificateKeyAlias() != null && !certificate.getCertificateKeyAlias().isEmpty()) {
+              certificateAttributes.put('certificateKeyAlias', certificate.getCertificateKeyAlias())
+            }
+            if (certificate.getCertificateKeyFile() != null && !certificate.getCertificateKeyFile().isEmpty()) {
+              certificateAttributes.put('certificateKeyFile', certificate.getCertificateKeyFile())
+            }
+            if (certificate.getCertificateKeyPassword() != null && !certificate.getCertificateKeyPassword().isEmpty()) {
+              certificateAttributes.put('certificateKeyPassword', certificate.getCertificateKeyPassword())
+            }
+            if (certificate.getCertificateKeystoreFile() != null && !certificate.getCertificateKeystoreFile().isEmpty()) {
+              certificateAttributes.put('certificateKeystoreFile', certificate.getCertificateKeystoreFile())
+            }
+            if (certificate.getCertificateKeystorePassword() != null && !certificate.getCertificateKeystorePassword().isEmpty()) {
+              certificateAttributes.put('certificateKeystorePassword', certificate.getCertificateKeystorePassword())
+            }
+            if (certificate.getCertificateKeystoreProvider() != null && !certificate.getCertificateKeystoreProvider().isEmpty()) {
+              certificateAttributes.put('certificateKeystoreProvider', certificate.getCertificateKeystoreProvider())
+            }
+            if (certificate.getCertificateKeystoreType() != null && !certificate.getCertificateKeystoreType().isEmpty()) {
+              certificateAttributes.put('certificateKeystoreType', certificate.getCertificateKeystoreType())
+            }
+            if (certificate.getCertificateType() != null && !certificate.getCertificateType().isEmpty()) {
+              certificateAttributes.put('certificateType', certificate.getCertificateType())
+            }
+
+            sslHostConfigNode.appendNode("Certificate", certificateAttributes)
+          }
+        }
+      }
+
       return node
     }
   }

core/src/main/groovy/noe/tomcat/configure/ConnectorCertificateTomcat.groovy

@@ -0,0 +1,120 @@
+package noe.tomcat.configure
+
+/**
+ * Abstraction for Certificate inside SSLHostConfig tag of either Secure or Non-Secure Connector in Tomcat server.xml.
+ * It is used for transfer data from user to `TomcatConfigurator`.
+ * Provides default values if needed.
+ * *
+ * IMPORTANT
+ * <ul>
+ *   <li>Not all Certificate attributes are supported. Only the most used ones.</li>
+ *   <li>It is user responsibility to set values semantically, no validation is performed.</li>
+ * <ul>
+ *
+ * @link https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_Certificate
+ */
+
+class ConnectorCertificateTomcat {
+
+  public String certificateFile
+  public String certificateChainFile
+  public String certificateKeyAlias
+  public String certificateKeyFile
+  public String certificateKeyPassword
+  public String certificateKeystoreFile
+  public String certificateKeystorePassword
+  public String certificateKeystoreProvider
+  public String certificateKeystoreType
+  public String certificateType
+
+  public String getCertificateFile() {
+    return this.certificateFile
+  }
+
+  public String getCertificateChainFile() {
+    return this.certificateChainFile
+  }
+
+  public String getCertificateKeyAlias() {
+    return this.certificateKeyAlias
+  }
+
+  public String getCertificateKeyFile() {
+    return this.certificateKeyFile
+  }
+
+  public String getCertificateKeyPassword() {
+    return this.certificateKeyPassword
+  }
+
+  public String getCertificateKeystoreFile() {
+    return this.certificateKeystoreFile
+  }
+
+  public String getCertificateKeystorePassword() {
+    return this.certificateKeystorePassword
+  }
+
+  public String getCertificateKeystoreProvider() {
+    return this.certificateKeystoreProvider
+  }
+
+  public String getCertificateKeystoreType() {
+    return this.certificateKeystoreType
+  }
+
+  public String getCertificateType() {
+    return this.certificateType
+  }
+
+  public ConnectorCertificateTomcat setCertificateFile(String certificateFile) {
+    this.certificateFile = certificateFile
+    return this
+  }
+
+  public ConnectorCertificateTomcat setCertificateChainFile(String certificateChainFile) {
+    this.certificateChainFile = certificateChainFile
+    return this
+  }
+
+  public ConnectorCertificateTomcat setCertificateKeyAlias(String certificateKeyAlias) {
+    this.certificateKeyAlias = certificateKeyAlias
+    return this
+  }
+
+  public ConnectorCertificateTomcat setCertificateKeyFile(String certificateKeyFile) {
+    this.certificateKeyFile = certificateKeyFile
+    return this
+  }
+
+  public ConnectorCertificateTomcat setCertificateKeyPassword(String certificateKeyPassword) {
+    this.certificateKeyPassword = certificateKeyPassword
+    return this
+  }
+
+  public ConnectorCertificateTomcat setCertificateKeystoreFile(String certificateKeystoreFile) {
+    this.certificateKeystoreFile = certificateKeystoreFile
+    return this
+  }
+
+  public ConnectorCertificateTomcat setCertificateKeystorePassword(String certificateKeystorePassword) {
+    this.certificateKeystorePassword = certificateKeystorePassword
+    return this
+  }
+
+  public ConnectorCertificateTomcat setCertificateKeystoreType(String certificateKeystoreType) {
+    this.certificateKeystoreType = certificateKeystoreType
+    return this
+  }
+
+  public ConnectorCertificateTomcat setCertificateKeystoreProvider(String certificateKeystoreProvider) {
+    this.certificateKeystoreProvider = certificateKeystoreProvider
+    return this
+  }
+
+  public ConnectorCertificateTomcat setCertificateType(String certificateType) {
+    this.certificateType = certificateType
+    return this
+  }
+
+}

core/src/main/groovy/noe/tomcat/configure/ConnectorConfiguratorTomcat.groovy

@@ -124,29 +124,32 @@ class ConnectorConfiguratorTomcat {
   }
 
   private void updateExistingConnector(Node connector, Node newConnector) {
-    // update attributes
+    // update connector attributes
     newConnector.attributes().each { attribute ->
       connector.@"${attribute.key}" = attribute.value
     }
 
-    // update nodes
     newConnector.each { Node newSubelement ->
-      String UpgradeProtocol = ConnectorUpgradeProtocolTomcat.ELEMENT_NAME
-
-      if (newSubelement.name() == UpgradeProtocol) {
-        if (connector.find { it.name() == UpgradeProtocol } == null) {
-          // create new element
-          connector.appendNode(newSubelement, newSubelement.attributes(), newSubelement.value())
-        } else {
-          // upgrade existing element
-          connector.findAll { it.name() == UpgradeProtocol }.each { upgradeProtocol ->
-            newSubelement.attributes() { attribute ->
-              upgradeProtocol.@"${attribute.key}" = attribute.value
-            }
-          }
-        }
+      replaceInnerElements(connector, newSubelement)
+    }
+  }
+
+  /**
+   *
+   * @param connector
+   * @param newSubElement
+   *
+   * Search for existing inner element to remove and replace with new one
+   */
+  private void replaceInnerElements(Node connector, Node newSubElement) {
+    if (connector.find { it.name() == newSubElement.name() } != null) {
+      List<Node> innerElements = connector.findAll { it.name() == newSubElement.name()}
+      innerElements.each { element ->
+        connector.remove(element)
       }
     }
+
+    connector.appendNode(newSubElement, newSubElement.attributes(), newSubElement.value())
   }
 
   /**