ilguzin · November 12, 2013 06:39
diff --git a/Boot.scala b/Boot.scala
 import spray.routing._
 import spray.routing.directives.LogEntry
 import spray.http.HttpRequest
 import spray.httpx.encoding.{Gzip, NoEncoding}

 import akka.event.Logging._


 /** Main class to start up the application */
 object Boot extends App with SimpleRoutingApp {

  private val route = {
    
  }

  def startSecureServer(interface: String, port: Int, serviceActorName: String, sprayCanServerConfig: Config)
                       (route: => Route) {
    val sslConfiguration = new TocoboxSslConfiguration {
      def sslConfig: Config = config.getConfig("bind.ssl")
    }

    import sslConfiguration._

    startServer(interface, port, serviceActorName, settings = Some(ServerSettings(sprayCanServerConfig))) {
      route
    }
  }

  // TODO disable SSL, it is done at nginx now
  startSecureServer(config.getString("bind.interface"),
                    config.getInt("bind.port_ssl"),
                    "https-server-actor",
                    rootConfig.withValue("spray.can.server.ssl-encryption",
                                 ConfigFactory.parseString("ssl-encryption = on").getValue("ssl-encryption"))
  )(route)

 }
diff --git a/TocoboxSslConfiguration.scala b/TocoboxSslConfiguration.scala
 import java.security.{SecureRandom, KeyStore}
 import javax.net.ssl.{KeyManagerFactory, SSLContext, TrustManagerFactory}

 import spray.io._

 import com.typesafe.scalalogging.slf4j.Logging
 import com.typesafe.config.Config

 // for SSL support (if enabled in application.conf)
 trait TocoboxSslConfiguration extends Logging {

  def sslConfig: Config

  // if there is no SSLContext in scope implicitly the HttpServer uses the default SSLContext,
  // since we want non-default settings in this example we make a custom SSLContext available here
  implicit def sslContext: SSLContext = {
    val keyStoreResource = sslConfig.getString("certificate-file")
    val password = sslConfig.getString("certificate-password")

    val keyStore = KeyStore.getInstance("JKS")
    val in = getClass.getClassLoader.getResourceAsStream(keyStoreResource)
    require(in != null, "Bad java key storage file: " + keyStoreResource)
    keyStore.load(in, password.toCharArray)

    val keyManagerFactory = KeyManagerFactory.getInstance("SunX509")
    keyManagerFactory.init(keyStore, password.toCharArray)
    val trustManagerFactory = TrustManagerFactory.getInstance("SunX509")
    trustManagerFactory.init(keyStore)
    val context = SSLContext.getInstance("TLS")
    context.init(keyManagerFactory.getKeyManagers, trustManagerFactory.getTrustManagers, new SecureRandom)
    context
  }

  // if there is no ServerSSLEngineProvider in scope implicitly the HttpServer uses the default one,
  // since we want to explicitly enable cipher suites and protocols we make a custom ServerSSLEngineProvider
  // available here
  implicit def sslEngineProvider: ServerSSLEngineProvider = {
    ServerSSLEngineProvider { engine =>
      engine.setEnabledCipherSuites(Array("TLS_RSA_WITH_AES_256_CBC_SHA"))
      engine.setEnabledProtocols(Array("SSLv3", "TLSv1"))
      engine
    }
  }
 }
	import spray.routing._
	import spray.routing.directives.LogEntry
	import spray.http.HttpRequest
	import spray.httpx.encoding.{Gzip, NoEncoding}

	import akka.event.Logging._


	/** Main class to start up the application */
	object Boot extends App with SimpleRoutingApp {

	private val route = {

	}

	def startSecureServer(interface: String, port: Int, serviceActorName: String, sprayCanServerConfig: Config)
	(route: => Route) {
	val sslConfiguration = new TocoboxSslConfiguration {
	def sslConfig: Config = config.getConfig("bind.ssl")
	}

	import sslConfiguration._

	startServer(interface, port, serviceActorName, settings = Some(ServerSettings(sprayCanServerConfig))) {
	route
	}
	}

	// TODO disable SSL, it is done at nginx now
	startSecureServer(config.getString("bind.interface"),
	config.getInt("bind.port_ssl"),
	"https-server-actor",
	rootConfig.withValue("spray.can.server.ssl-encryption",
	ConfigFactory.parseString("ssl-encryption = on").getValue("ssl-encryption"))
	)(route)

	}
	import java.security.{SecureRandom, KeyStore}
	import javax.net.ssl.{KeyManagerFactory, SSLContext, TrustManagerFactory}

	import spray.io._

	import com.typesafe.scalalogging.slf4j.Logging
	import com.typesafe.config.Config

	// for SSL support (if enabled in application.conf)
	trait TocoboxSslConfiguration extends Logging {

	def sslConfig: Config

	// if there is no SSLContext in scope implicitly the HttpServer uses the default SSLContext,
	// since we want non-default settings in this example we make a custom SSLContext available here
	implicit def sslContext: SSLContext = {
	val keyStoreResource = sslConfig.getString("certificate-file")
	val password = sslConfig.getString("certificate-password")

	val keyStore = KeyStore.getInstance("JKS")
	val in = getClass.getClassLoader.getResourceAsStream(keyStoreResource)
	require(in != null, "Bad java key storage file: " + keyStoreResource)
	keyStore.load(in, password.toCharArray)

	val keyManagerFactory = KeyManagerFactory.getInstance("SunX509")
	keyManagerFactory.init(keyStore, password.toCharArray)
	val trustManagerFactory = TrustManagerFactory.getInstance("SunX509")
	trustManagerFactory.init(keyStore)
	val context = SSLContext.getInstance("TLS")
	context.init(keyManagerFactory.getKeyManagers, trustManagerFactory.getTrustManagers, new SecureRandom)
	context
	}

	// if there is no ServerSSLEngineProvider in scope implicitly the HttpServer uses the default one,
	// since we want to explicitly enable cipher suites and protocols we make a custom ServerSSLEngineProvider
	// available here
	implicit def sslEngineProvider: ServerSSLEngineProvider = {
	ServerSSLEngineProvider { engine =>
	engine.setEnabledCipherSuites(Array("TLS_RSA_WITH_AES_256_CBC_SHA"))
	engine.setEnabledProtocols(Array("SSLv3", "TLSv1"))
	engine
	}
	}
	}