From 1f8e27c6d2f312dd01b7e15e82cdd47ca24f031c Mon Sep 17 00:00:00 2001 From: Pushkar N Kulkarni Date: Thu, 2 May 2019 16:27:41 +0000 Subject: [PATCH] Add SSL certificate and key --- .../SSLConfig/SSLConfig.swift | 83 ++++++++++++++++++ .../SSLConfig/certificate.pem | 24 +++++ .../SSLConfig/certificateChain.pfx | Bin 0 -> 2637 bytes Tests/KituraWebSocketTests/SSLConfig/key.pem | 27 ++++++ 4 files changed, 134 insertions(+) create mode 100644 Tests/KituraWebSocketTests/SSLConfig/SSLConfig.swift create mode 100644 Tests/KituraWebSocketTests/SSLConfig/certificate.pem create mode 100644 Tests/KituraWebSocketTests/SSLConfig/certificateChain.pfx create mode 100644 Tests/KituraWebSocketTests/SSLConfig/key.pem diff --git a/Tests/KituraWebSocketTests/SSLConfig/SSLConfig.swift b/Tests/KituraWebSocketTests/SSLConfig/SSLConfig.swift new file mode 100644 index 0000000..69aa86e --- /dev/null +++ b/Tests/KituraWebSocketTests/SSLConfig/SSLConfig.swift @@ -0,0 +1,83 @@ +/* + * Copyright IBM Corporation 2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import SSLService + +// MARK: SSLConfig +/// A struct that allows you to configure your SSL using a CA certificate file (Linux), a CA certificate directory (Linux) or a certificate chain file (MacOS). +public struct SSLConfig { + + /// :nodoc: + public private(set) var config: SSLService.Configuration + + // MARK: Lifecycle + + #if os(Linux) + // MARK: For Linux + /// Initialize an `SSLService.Configuration` instance using a CA certificate file. + /// + /// - Parameter caCertificateFilePath: Path to the PEM formatted CA certificate file. + /// - Parameter certificateFilePath: Path to the PEM formatted certificate file. + /// - Parameter keyFilePath: Path to the PEM formatted key file. If nil, `certificateFilePath` will be used. + /// - Parameter selfSigned: True if certs are *self-signed*, false otherwise. Defaults to true. + /// - Parameter cipherSuite: Unused. + /// - Returns: New `SSLConfig` instance. + public init(withCACertificateFilePath caCertificateFilePath: String?, usingCertificateFile certificateFilePath: String?, withKeyFile keyFilePath: String? = nil, usingSelfSignedCerts selfSigned: Bool = true, cipherSuite: String? = nil) { + + config = SSLService.Configuration(withCACertificateFilePath: caCertificateFilePath, usingCertificateFile: certificateFilePath, withKeyFile: keyFilePath, usingSelfSignedCerts: selfSigned, cipherSuite: cipherSuite) + } + + /// Initialize an `SSLService.Configuration` instance using a CA certificate directory. + /// + /// *Note:* `caCertificateDirPath` - all certificates in the specified directory **must** be hashed using the NIOSSL Certificate Tool. + /// + /// - Parameter caCertificateDirPath: Path to a directory containing CA certificates. *(see note above)* + /// - Parameter certificateFilePath: Path to the PEM formatted certificate file. If nil, `certificateFilePath` will be used. + /// - Parameter keyFilePath: Path to the PEM formatted key file (optional). If nil, `certificateFilePath` is used. + /// - Parameter selfSigned: True if certs are *self-signed*, false otherwise. Defaults to true. + /// - Parameter cipherSuite: Unused. + /// - Returns: New `SSLConfig` instance. + public init(withCACertificateDirectory caCertificateDirPath: String?, usingCertificateFile certificateFilePath: String?, withKeyFile keyFilePath: String? = nil, usingSelfSignedCerts selfSigned: Bool = true, cipherSuite: String? = nil) { + + config = SSLService.Configuration(withCACertificateDirectory: caCertificateDirPath, usingCertificateFile: certificateFilePath, withKeyFile: keyFilePath, usingSelfSignedCerts: selfSigned, cipherSuite: cipherSuite) + } + #endif // os(Linux) + // MARK: For MacOS + /// Initialize an `SSLService.Configuration` instance using a certificate chain file. + /// + /// *Note:* If using a certificate chain file, the certificates must be in PEM format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA. + /// + /// For testing purposes you will most likely want to create and use some self-signed certificates. Follow the + /// instructions in our [Enabling SSL/TLS On Your Kitura Server](http://www.kitura.io/en/resources/tutorials/ssl.html) tutorial. + /// ### Usage Example: ### + /// This example initializes an `SSLConfig` instance and then associates this SSL configuration with the Kitura HTTP + /// server registration. + /// ```swift + /// let mySSLConfig = SSLConfig(withChainFilePath: "/tmp/Creds/Self-Signed/cert.pfx", + /// withPassword: "password", + /// usingSelfSignedCerts: true) + /// Kitura.addHTTPServer(onPort: 8080, with: router, withSSL: mySSLConfig) + /// ``` + /// - Parameter chainFilePath: Path to the certificate chain file (optional). *(See note above)* + /// - Parameter password: Export password for the chain file (optional). This is required if using a certificate chain file. + /// - Parameter selfSigned: True if certs are *self-signed*, false otherwise. Defaults to true. + /// - Parameter cipherSuite: Unused. + /// - Returns: New `SSLConfig` instance. + public init(withChainFilePath chainFilePath: String? = nil, withPassword password: String? = nil, usingSelfSignedCerts selfSigned: Bool = true, cipherSuite: String? = nil) { + + config = SSLService.Configuration(withChainFilePath: chainFilePath, withPassword: password, usingSelfSignedCerts: selfSigned, cipherSuite: cipherSuite) + } +} diff --git a/Tests/KituraWebSocketTests/SSLConfig/certificate.pem b/Tests/KituraWebSocketTests/SSLConfig/certificate.pem new file mode 100644 index 0000000..d39a777 --- /dev/null +++ b/Tests/KituraWebSocketTests/SSLConfig/certificate.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIJAOztRzGO7IBlMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEPMA0GA1UEBxMGQXVzdGluMQwwCgYDVQQK +EwNJQk0xDjAMBgNVBAsTBVN3aWZ0MRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTcw +MTEwMjAzMjM0WhcNMjcwMTA4MjAzMjM0WjBgMQswCQYDVQQGEwJVUzEOMAwGA1UE +CBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjEMMAoGA1UEChMDSUJNMQ4wDAYDVQQL +EwVTd2lmdDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAyEKi6MV6ABBCl9hyTztcXNElkI3JBWpKROWt4ReNauvKrdA7 +vD50o3MCfkDPOBCsx+mKxL66Nw4CquWk720fXoKZ8X8JFYJfkK6yEViw/wSnBb3A +XH7j2jrXBXK8ccY2yJy3XBNMNinMI969PItRysYhJO+yJG7/SyNAnnyvrIxmAgZX +qD7VaJq/XB8liynnxfdl08FprJDBjeXNHRNU5FtB9fastnVORQSKYOQRHk3vEArV +GX2BwBzQM8uXcXiRwDk7vrtusPrNqdyCJfD8HccNYB2AomZb5zukXrt8c3/fveke +kgqnWxVdOh0nFZGyq9PAQ9YTsarH/zVY4YoXbQIDAQABo4HFMIHCMB0GA1UdDgQW +BBQbyz6NOaU+R1f0OqfbN6KoFQT3WDCBkgYDVR0jBIGKMIGHgBQbyz6NOaU+R1f0 +OqfbN6KoFQT3WKFkpGIwYDELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMQ8w +DQYDVQQHEwZBdXN0aW4xDDAKBgNVBAoTA0lCTTEOMAwGA1UECxMFU3dpZnQxEjAQ +BgNVBAMTCWxvY2FsaG9zdIIJAOztRzGO7IBlMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAJ8iFApNhHlhDM+VREPRbXRGP34MeCh3kJgQV10fKM5knpdu +TMG9HBq0yEM4bQUkj6ebK12FktdTAM9FNr0WdUCjW9mTqWDYHTuTIRVOmdywT2be +TVRwGmTFjGJM6BWvzlFIgV7bR+m/GXhbUzllvGqv4YqVCB2UKPlr3XSRzlF2s0pG +OfSa9Rj7d5S4RgVeoGkz/mhHgf8iUopjqOvehESPI+WRR/RppK0WJVah04VcY4tC +OLnLBLqUM/YmYWolO126qszz0kFPh33MFknHlAuFnXEhOp8PAf+yE/9fRaOHcGHP +ttQVP8ozLPje39zOuo0Zv1Zp3V0ElX5sv7ImdC8= +-----END CERTIFICATE----- diff --git a/Tests/KituraWebSocketTests/SSLConfig/certificateChain.pfx b/Tests/KituraWebSocketTests/SSLConfig/certificateChain.pfx new file mode 100644 index 0000000000000000000000000000000000000000..0e01bff33d274691a4ac4f581250629f2e6ab01a GIT binary patch literal 2637 zcmY+^cQhM}8U}EQ2(kD4)GAstVz!^Q)Qml5i53m#AwZ^T0!g@v5J~i zVzd=|Z$;It+n#gp{qFtaJ?}ZsbI$YU4~n9O0|Dev6g2}FA{MP3{euob3CKrLlYvl> z3n&V50!4wU{;9zEC{X^dC>sbM`}HvYGyv!yVCsJ_&;r0vdJvVbw7Opk*i{b*q#_GL zfgZ26tbd`4Dmk|9Mz_Ej-CPJ#KQH{O8U2}p5Opw(zGX}R);GeMJ|yXFA0=7daIv-l z*V@B<)sY?`4{oVHunzp^?2P7URS1S1>X;N+`7Abd(#8b+w=!p4&Nc?@<1tYrDVvPP zZ4ewly(hHVGasGlgybL*gIy*tImUikl{X?k7C@`qm@Ecj*t;e*jnBzNQf2;z*7gt4 z{e{A|wVa{ZE*VSDn>OTc+uG~k?kCMPpKd)v6vFQiYIW^z`bj*uRdo#%PIGF#{ZUAc zVX*vfA{uA5Sg#JV(N*yFjvlQE$_PP*%p^gLuc1!|;0H?gQrlOU z!vA#r$}BfY4+!Ms)h;kz}B(3&MC4#t4{EqZy#(k}{xu2oaEQ%!0QASK!yhtlrm z%5AAG7mU3JlbeYxm6DJ-VqAELFe8%7>V${0SwqI|93f~K4t8y-mn)}Wz%ov~c%f_$z^#4e5BG?QjFV@C0_7gLhPs1D_HG*LV+C{b#X z*()V11txmEN&b2bB4r`*;%r9ZNG!VFbdg#QtYTN0Uu}$(ge_|&p$&H|C2M4{b$wQ4 zd3DuMBpKqT1jZ_N4iBeI_p5J>hw+Oy)J{LY7%&tWiKe1%c=<+Ay<{d_aoufZ!X}C^ z>0hi$_@+8&?f2xCsj1aWimk7&TM4BibGR4mmAZduF#G5Bv+oxe$6?7mJT~HHV~N>e z4@!||5fAG96Bo795&YA^bB;jLA-spR8sj+dYt=Zn<@I-3ib$`7v&bbm4@-VTGMDVu z!0w4GhMs*Emz!#P*<6t!q!k6wHwZX&aa>_^OMW`gZHH?q>0aZsbJbkRH8tUn35KZ^ z9K}T@aFgOdp%NipoC%6pu2Cm%ZEX6tZH$DrxKdo~n6aYVFe%l##sUdH$Y`D$^=$({ zo+TG6pITcSt)Lfd;f2=0D9X7?U$a;aWai5plR|sv9T^@dibC~&V9G~Pz(6Ppsb8_! zuM+{&{D&!O0PvS*yT2gY{6D?Of9oY_ffg(YCA0pm7YGIFBbx%$5UYxwJEIM*2IpJ^ z7mT#E*yJ|}m&t=a?N9u^D;&2>J7myDVb40Oebej<<*Sw*7|65B(s?`yOBm-Fg%p-% zU0nIie6vGI7zJ);u=dQvjh}XCXaa)#lr*XtWUYw_AH- z-y+8}>KI9``lao5@0qqo?~PT{;E!%^YJ`wxyPk;K7sDp9%448;E0jZbM^`m}@IFRo zw1Re3G(Gy=9*uO-b+auAG{$bZUiJA^2;80Z0aOWP?&az{pEi9Oxu^1n!UWCFj(R2( zGk%@#b)=82B`q%MR)d4lLG9mCFg)XZS#EhWxY{MPVVs`ku}$oTP$Zwmb2|S@@>KE zr3QAk-bZuD=*c9nusk2%wAPc_$OdUa(I8_VBWvhvAH3_E65jdNZxH3H z4BjgB`E3>M5{{_+`>($O3_H>QTIYGjK)~k>URI+T4W+B9H*eCq2~3;5f8qByTfEu! z+FB;ITp`2mjR$4QJ9%R|+G>(3AcL5m);P>O^w2xYugRa}LO<%Wsxm;DY6 zicW_efo3%x&6KSMse~I)GvO>J!-2)A691l2X5s~8!wnqgs6>~iRpj3 zdwoO^9iMsGUODewi9p~(na`@IJP~5FMDly0IR}Aao?POhrtU^+F?2631!`b-$Sb}J z3iKBeS?P?NqwEId5fz&$6dgWZ)eV<5Co0W6Nql0DjnU;^tm#uO#2UjwXx*6Z@gU3@ z3*I|tprvxPBfgIpR?6{H;AelNZxM?AbS2tc{;a6pE7+h(r(s)f51=t~TVLYVPu3#u z3e`=~MV;FQ(woIjYFq>SdQQB<<4t;Sky{&F;TNmk=U*h$t7h!ZX4p3(^S;;q@c=8W zPrX-I=E0;SrP_Lb)$ps~gHs8S0?+1Jqe$ME(t)NeG)ItQCd;n+bYt%(Rb;8A<`E6o z)GIbqjLD#&Rp*_THgAs)EmST9*BlCa**;t`k6l`&3KPTiDEc(#jFH;M!Z(R(@)^Cs z>3miBj`d}iQUpcBkC5ecCBcq^GVu%Ff;Ow~X$bt>7xES1-i;&5>PO?H(_Nl;V4t6v z5d!XYvt_h$Gfs9nd!r&{-b{OydEW-S`C=`6|7#D&DF8ccQ$(L&n8`+yb#6W@O1CZsfcM~U|({oA0ZZa*|0?;L_CVIqNb-b`wHHj z^8?%Wv0_=QH=@X8grP$J)e*ub!wzDNx05U_-rh7Y*RWi>Mo+BA<607+GEf011WX}L sPY&d!AOo=y-(rCy(VbdT9L{;~to5qHY&S+hR9YRQcRs9BjsI5iUnHs4qyPW_ literal 0 HcmV?d00001 diff --git a/Tests/KituraWebSocketTests/SSLConfig/key.pem b/Tests/KituraWebSocketTests/SSLConfig/key.pem new file mode 100644 index 0000000..d7e1679 --- /dev/null +++ b/Tests/KituraWebSocketTests/SSLConfig/key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyEKi6MV6ABBCl9hyTztcXNElkI3JBWpKROWt4ReNauvKrdA7 +vD50o3MCfkDPOBCsx+mKxL66Nw4CquWk720fXoKZ8X8JFYJfkK6yEViw/wSnBb3A +XH7j2jrXBXK8ccY2yJy3XBNMNinMI969PItRysYhJO+yJG7/SyNAnnyvrIxmAgZX +qD7VaJq/XB8liynnxfdl08FprJDBjeXNHRNU5FtB9fastnVORQSKYOQRHk3vEArV +GX2BwBzQM8uXcXiRwDk7vrtusPrNqdyCJfD8HccNYB2AomZb5zukXrt8c3/fveke +kgqnWxVdOh0nFZGyq9PAQ9YTsarH/zVY4YoXbQIDAQABAoIBAF7L5HAJouHK0Ksu +g5XsBKHPQ1f1NhZBJV0N2Ex4KLJXYb77lntamT4SIDkBltX0VsXfUJgnrOCI2kxp +nrTT1AiaDCNcPkGXUIOdnp9Fe6uMWUAHfbqLOnLAba6fjILTEHXQcZ+9ZtMw3/iO +5Md3L8WsGl5wtMQ4YtL/ogQkA8jKamVMMVloRDR6H0gZ7EagL91MMmlGfmJq6l6F +V0e3ac8n+IYq61/wKx3X+/uzoOS0cETxHfcUdbVb4aiOCDGWun6XNLjGs6tQHDuQ +27rrAiH9CL2lLnKJZ0EHIkd6zCO/N+oaqRlTAzCHc7mL7t+7iGImk+khBdko0P2C +hl3vC6UCgYEA8Wp6Yoeez3yi/yNH58d/PoK8KvWf6RtPkXaDLw26MVfL64VqY5vY +8ibirx8rd6sYS4g6Vejh9LHMd1rGsPaaeMCU9Wtr5LU1HyACG5/4RKqrV1tv92hc +mLNJD9vTMlBIGaQVSmfA4IWWYrhmak9ByLALH6wQh2RDGarCukEHY4MCgYEA1Fuu +qOyO+lJWsx/V8U44n6DsZK9E1OLwKe6KXmEWEiyM5dDk3Z2F+ujjz8GQOdtWihyE +/gl/h3ZselBi03RACg08ML0OS6PTJxgCMnjP1ggHmFJ6Ut+dVW6ZY/49grM8bkO5 +3+69wwJECGcpcbWhsrK4qMf9AnGkXVFfrrTMdk8CgYEAoZ3o5MFqPflwnWGfJ7nU +o6KeGhxpu4K/F+DBHeUQuyvNppSgjqKs8B+8LgSt8uUl1JsUgqLvcgL9oQGydpIB +A8nZbxtFFc2CDJ4/CwNjD4U6Q7dBE95X7xpHVUiS8OHyAshoQHGJHEYSUXClj5IT +tii0qbVlM16Z1TsONeaG7cUCgYBLykT16SfGU2i6GVyj+MTgw/BapussB6qrbIVZ +1dCov9mxk/J63eOZf1D/Lxgobg3e0PruJ7mqQSvKI7KBwXWxoLOguXjGqjuMMldm +aBPVUZxUUutxdHmUqhp4w550bT/eIrHOKEj1tnNNhHQYLzj8rCiXpHi6TJDa9VXu +5nwqpQKBgBiJ/EZgHrgZgUQaN5/1bgXgBZkjm3AUsKdmuA+JvEd5+fvL7yULCn3s +NPBMzxosiXdCh7H5lsP5Q9nYqid1iL2l4u/H8ScgnRfrcyi9KUGJrwljvSUiCrtH +Pa0Hx/JmcYYF22kU31RDMfSYzl/MxQSojDqdD22nGXSEZkvDkDdq +-----END RSA PRIVATE KEY-----