Reputation: 1
Helidon SSL/TLS Config/Setup
Currently I know that I have to use this https://helidon.io/docs/latest/apidocs/io.helidon.common.pki/io/helidon/common/pki/KeyConfig.html
but not sure how to load that file or even how to attach the config to the actual server. Also, I'm loading some other special config like this:
Server.builder().addApplication(ENDPOINT, Application.class).config(config).build().start();
Is it ok to add that KeyConfig just like the existing config in the above line?
This because I'm are calling OCI public APIs and some of them required extra certifications, so the problem I have is this:
Failed to read response from endpoint, I/O error. javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Please can you give me some pointers/examples on what to try?
I'm already using a trust store file but this is only used in the request object, maybe we need to add another trust store to the server level.
Upvotes: 0
Views: 517
Answers (1)
Reputation: 525
This example shows how to configure TLS for the server.
You can set the following configuration in src/main/resources/META-INF/microprofile-config.properties:
server.tls.private-key.keystore.resource.path=/path/to/file
You can hard-code a default value in the config, and override it with an environment variable:
server_tls_private_key_keystore_resource_path=/path/to/file
Note that if you are making client requests and need to define a trust store with custom certificates, the above won't work. You'll need to either update the default trust store of your JDK installation, or use some client specific configuration.
If you are using Helidon WebClient or JAXRS Client with the Helidon Jersey Connector (io.helidon.jersey:helidon-jersey-connector) you can use same .tls configuration.
See the webclient configuration documentation here.
If using the Helidon Jersey Connector you can pass the configuration like this:
import io.helidon.config.mp.MpConfig;
import io.helidon.jersey.connector.HelidonProperties;
import jakarta.ws.rs.client.Client;
import jakarta.ws.rs.client.ClientBuilder;
import org.eclipse.microprofile.config.Config;
import org.eclipse.microprofile.config.spi.ConfigProviderResolver;
Client client = ClientBuilder.newClient();
Config config = ConfigProviderResolver.instance().getConfig(); // or get it with @Inject
client.property(HelidonProperties.CONFIG, MpConfig.toHelidonConfig(config).get("client"));
You can also do it like this:
import io.helidon.common.LazyValue;
import io.helidon.config.Config;
import io.helidon.config.mp.MpConfig;
import io.helidon.jersey.connector.HelidonProperties;
import jakarta.ws.rs.ConstrainedTo;
import jakarta.ws.rs.RuntimeType;
import jakarta.ws.rs.core.FeatureContext;
import org.eclipse.microprofile.config.spi.ConfigProviderResolver;
import org.glassfish.jersey.internal.spi.AutoDiscoverable;
@ConstrainedTo(RuntimeType.CLIENT)
public class HelidonConnectorConfigFeature implements AutoDiscoverable {
private final LazyValue<Config> config = LazyValue.create(this::clientConfig);
@Override
public void configure(FeatureContext context) {
context.property(HelidonProperties.CONFIG, config.get());
}
private Config clientConfig() {
return MpConfig.toHelidonConfig(ConfigProviderResolver.instance().getConfig()).get("client");
}
}
And add a file at src/main/resources/META-INF/services/org.glassfish.jersey.internal.spi.AutoDiscoverable with the fully qualified name of the class above.
Upvotes: 0
Related Questions
- Helidon SE + CDI
- RegistryFactory to register Metric changes from Helidon 3 to Helidon 4
- TCP/TLS sockets in helidon
- Not able to set up Custom Config Source in Helidon Mp
- How to configure Helidon application to use in-memory database for integration tests?
- How to setup Helidon MP Server with https and TLS 1.2 only
- How does one assign TLS certs to Helidon web server?
- Installing Helidon on WSL
- Helidon background task