docs: Use the new akka-http cert loading utils in quickstarts (#1948)

johanandren · web-flow · commit ae870418124e · 2024-05-30T16:48:18.000+02:00
diff --git a/samples/akka-grpc-quickstart-java/src/main/java/com/example/helloworld/GreeterServer.java b/samples/akka-grpc-quickstart-java/src/main/java/com/example/helloworld/GreeterServer.java
@@ -5,6 +5,7 @@
 import akka.actor.typed.ActorSystem;
 import akka.actor.typed.javadsl.Behaviors;
 import akka.http.javadsl.*;
+import akka.http.javadsl.common.SSLContextFactory;
 import akka.http.javadsl.model.HttpRequest;
 import akka.http.javadsl.model.HttpResponse;
 import akka.japi.function.Function;
@@ -16,6 +17,7 @@
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Paths;
 import java.security.KeyFactory;
 import java.security.KeyStore;
 import java.security.PrivateKey;
@@ -52,10 +54,16 @@ public CompletionStage<ServerBinding> run() throws Exception {
             new GreeterServiceImpl(system),
             system);
 
+    HttpsConnectionContext httpsConnectionContext = ConnectionContext.httpsServer(SSLContextFactory.createSSLContextFromPem(
+            // Note: filesystem paths, not classpath
+            Paths.get("src/main/resources/certs/server1.pem"),
+            Paths.get("src/main/resources/certs/server1.key")
+    ));
+
     CompletionStage<ServerBinding> bound =
             Http.get(system)
                     .newServerAt("127.0.0.1", 8080)
-                    .enableHttps(serverHttpContext())
+                    .enableHttps(httpsConnectionContext)
                     .bind(service);
 
     bound.thenAccept(binding ->
@@ -64,52 +72,5 @@ public CompletionStage<ServerBinding> run() throws Exception {
 
     return bound;
   }
-  // #server
-
-
-  // FIXME this will be replaced by a more convenient utility, see https://github.com/akka/akka-grpc/issues/89
-  private static HttpsConnectionContext serverHttpContext() throws Exception {
-    String keyEncoded = read(GreeterServer.class.getResourceAsStream("/certs/server1.key"))
-        .replace("-----BEGIN PRIVATE KEY-----\n", "")
-        .replace("-----END PRIVATE KEY-----\n", "")
-        .replace("\n", "");
-
-    byte[] decodedKey = Base64.getDecoder().decode(keyEncoded);
-
-    PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(decodedKey);
-
-    KeyFactory kf = KeyFactory.getInstance("RSA");
-    PrivateKey privateKey = kf.generatePrivate(spec);
-
-    CertificateFactory fact = CertificateFactory.getInstance("X.509");
-    Certificate cer =
-        fact.generateCertificate(GreeterServer.class.getResourceAsStream("/certs/server1.pem"));
-
-    KeyStore ks = KeyStore.getInstance("PKCS12");
-    ks.load(null);
-    ks.setKeyEntry("private", privateKey, new char[0], new Certificate[]{ cer });
-
-    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
-    keyManagerFactory.init(ks, null);
-
-    SSLContext context = SSLContext.getInstance("TLS");
-    context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
-
-    return ConnectionContext.httpsServer(context);
-  }
-
-  private static String read(InputStream in) throws IOException {
-    ByteArrayOutputStream baos = new ByteArrayOutputStream(Math.max(64, in.available()));
-    byte[] buffer = new byte[32 * 1024];
-
-    int bytesRead = in.read(buffer);
-    while (bytesRead >= 0) {
-      baos.write(buffer, 0, bytesRead);
-      bytesRead = in.read(buffer);
-    }
-
-    return new String(baos.toByteArray(), "UTF-8");
-  }
-  //#server
 }
 //#server
diff --git a/samples/akka-grpc-quickstart-scala/src/main/scala/com/example/helloworld/GreeterServer.scala b/samples/akka-grpc-quickstart-scala/src/main/scala/com/example/helloworld/GreeterServer.scala
@@ -2,42 +2,30 @@ package com.example.helloworld
 
 //#import
 
-
-import java.security.KeyStore
-import java.security.SecureRandom
-import java.security.cert.Certificate
-import java.security.cert.CertificateFactory
-
-import scala.io.Source
-
 import akka.actor.typed.ActorSystem
 import akka.actor.typed.scaladsl.Behaviors
 import akka.http.scaladsl.ConnectionContext
 import akka.http.scaladsl.Http
-import akka.http.scaladsl.HttpsConnectionContext
+import akka.http.scaladsl.common.SSLContextFactory
 import akka.http.scaladsl.model.HttpRequest
 import akka.http.scaladsl.model.HttpResponse
-import akka.pki.pem.DERPrivateKeyLoader
-import akka.pki.pem.PEMDecoder
 import com.typesafe.config.ConfigFactory
-import javax.net.ssl.KeyManagerFactory
-import javax.net.ssl.SSLContext
 
+import java.nio.file.Paths
 import scala.concurrent.ExecutionContext
 import scala.concurrent.Future
+import scala.concurrent.duration._
 import scala.util.Failure
 import scala.util.Success
-import scala.concurrent.duration._
 //#import
 
-
 //#server
 object GreeterServer {
 
   def main(args: Array[String]): Unit = {
     // important to enable HTTP/2 in ActorSystem's config
-    val conf = ConfigFactory.parseString("akka.http.server.enable-http2 = on")
-      .withFallback(ConfigFactory.defaultApplication())
+    val conf =
+      ConfigFactory.parseString("akka.http.server.enable-http2 = on").withFallback(ConfigFactory.defaultApplication())
     val system = ActorSystem[Nothing](Behaviors.empty[Nothing], "GreeterServer", conf)
     new GreeterServer(system).run()
   }
@@ -52,6 +40,12 @@ class GreeterServer(system: ActorSystem[_]) {
     val service: HttpRequest => Future[HttpResponse] =
       GreeterServiceHandler(new GreeterServiceImpl(system))
 
+    val serverHttpContext = ConnectionContext.httpsServer(
+      SSLContextFactory.createSSLContextFromPem(
+        // Note: filesystem paths, not classpath
+        Paths.get("src/main/resources/certs/server1.pem"),
+        Paths.get("src/main/resources/certs/server1.key")))
+
     val bound: Future[Http.ServerBinding] = Http()(system)
       .newServerAt(interface = "127.0.0.1", port = 8080)
       .enableHttps(serverHttpContext)
@@ -70,34 +64,5 @@ class GreeterServer(system: ActorSystem[_]) {
 
     bound
   }
-  //#server
-
-
-  private def serverHttpContext: HttpsConnectionContext = {
-    val privateKey =
-      DERPrivateKeyLoader.load(PEMDecoder.decode(readPrivateKeyPem()))
-    val fact = CertificateFactory.getInstance("X.509")
-    val cer = fact.generateCertificate(
-      classOf[GreeterServer].getResourceAsStream("/certs/server1.pem")
-    )
-    val ks = KeyStore.getInstance("PKCS12")
-    ks.load(null)
-    ks.setKeyEntry(
-      "private",
-      privateKey,
-      new Array[Char](0),
-      Array[Certificate](cer)
-    )
-    val keyManagerFactory = KeyManagerFactory.getInstance("SunX509")
-    keyManagerFactory.init(ks, null)
-    val context = SSLContext.getInstance("TLS")
-    context.init(keyManagerFactory.getKeyManagers, null, new SecureRandom)
-    ConnectionContext.httpsServer(context)
-  }
-
-  private def readPrivateKeyPem(): String =
-    Source.fromResource("certs/server1.key").mkString
-  //#server
-
 }
 //#server
