From fe1b88cc97640344ecf99c1edfcddf14be511652 Mon Sep 17 00:00:00 2001 From: Swordsteel Date: Sat, 14 Dec 2024 02:19:58 +0100 Subject: [PATCH] Set up keystore --- .editorconfig | 7 +++++++ README.md | 32 +++++++++++++++++++++++++++--- build.gradle.kts | 5 +++++ gradle.properties | 2 ++ src/main/resources/application.yml | 16 +++++++++++++++ 5 files changed, 59 insertions(+), 3 deletions(-) diff --git a/.editorconfig b/.editorconfig index 547232b..6eb4adb 100644 --- a/.editorconfig +++ b/.editorconfig @@ -17,6 +17,13 @@ tab_width = 2 [*.bat] end_of_line = crlf +[*.{cer,pem}] +max_line_length = 64 +insert_final_newline = false + +[*.p12] +max_line_length = 1024 + # noinspection EditorConfigKeyCorrectness [*.{kt,kts}] ij_kotlin_packages_to_use_import_on_demand = unset diff --git a/README.md b/README.md index bfee296..84e6911 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,14 @@ Classes and endpoints, to shape and to steer, Devices and sensors, their purpose ## Properties for deployment -| name | required | info | -|------------------------|----------|-------------------------| -| spring.profiles.active | * | Spring Boot environment | +| name | required | info | +|-------------------------------|----------|-------------------------| +| spring.profiles.active | * | Spring Boot environment | +| server.port | * | HTTP port | +| server.ssl.enabled | * | HTTP Enable SSL | +| server.ssl.key-store | * | HTTP Keystore | +| server.ssl.key-store-type | * | HTTP Cert Type | +| server.ssl.key-store-password | ** | HTTP Cert Pass | Required: * can be stored as text, and ** need to be stored as secret. @@ -16,6 +21,27 @@ Run `release.sh` script from `master` branch. ## Development Configuration +### Developer Keystore + +1. Open `hosts` file: + * On Unix-like systems (Linux, macOS), this directory is typically `/etc/hosts`. + * On Windows, this directory is typically `%SystemRoot%\System32\drivers\etc\hosts`. + +2. Add the following lines to the `hosts` file: + ```text + 127.0.0.1 registryapi # Hlæja Registry API + ``` + +3. Generate Keystores + ```shell + keytool -genkeypair -alias registry-api -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=registryapi" -keypass password -keystore ./cert/keystore.p12 -storetype PKCS12 -storepass password + ``` + +4. Export the public certificate + ```shell + keytool -export -alias registry-api -keystore ./cert/keystore.p12 -storepass password -file ./cert/registry-api.cer -rfc + ``` + ### Global gradle properties To authenticate with Gradle to access repositories that require authentication, you can set your user and token in the `gradle.properties` file. diff --git a/build.gradle.kts b/build.gradle.kts index 93b629d..de442c3 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -1,6 +1,7 @@ plugins { alias(hlaeja.plugins.kotlin.jvm) alias(hlaeja.plugins.kotlin.spring) + alias(hlaeja.plugins.ltd.hlaeja.plugin.certificate) alias(hlaeja.plugins.ltd.hlaeja.plugin.service) alias(hlaeja.plugins.spring.dependency.management) alias(hlaeja.plugins.springframework.boot) @@ -22,3 +23,7 @@ dependencies { } group = "ltd.hlaeja" + +tasks.named("processResources") { + dependsOn("copyCertificates") +} diff --git a/gradle.properties b/gradle.properties index e5f759a..9cf5922 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,4 +1,6 @@ kotlin.code.style=official version=0.1.0-SNAPSHOT catalog=0.6.0 +docker.port.expose=8443 +container.port.expose=8443 container.port.host=9040 diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 4fc7d7a..7dad9d0 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -19,6 +19,14 @@ spring: activate: on-profile: development +server: + port: 8443 + ssl: + enabled: true + key-store: classpath:cert/keystore.p12 + key-store-type: PKCS12 + key-store-password: password + --- ########################## ### Docker environment ### @@ -28,6 +36,14 @@ spring: activate: on-profile: docker +server: + port: 8443 + ssl: + enabled: true + key-store: classpath:cert/keystore.p12 + key-store-type: PKCS12 + key-store-password: password + --- ############################## ### Production environment ###