Warn about certificate expiration

Affects issues:
- Close #2426
This commit is contained in:
Aurora Lahtela 2022-08-16 20:07:18 +03:00
parent 72ff23176c
commit 359a2bed0a
3 changed files with 40 additions and 2 deletions

View File

@ -16,6 +16,7 @@
*/
package com.djrapitops.plan.delivery.webserver.configuration;
import com.djrapitops.plan.delivery.formatting.Formatters;
import com.djrapitops.plan.delivery.webserver.Addresses;
import com.djrapitops.plan.settings.config.paths.WebserverSettings;
import com.djrapitops.plan.settings.locale.Locale;
@ -33,6 +34,7 @@ import java.util.concurrent.atomic.AtomicLong;
@Singleton
public class WebserverLogMessages {
private final Formatters formatters;
private final PluginLogger logger;
private final ErrorLogger errorLogger;
private final Locale locale;
@ -41,7 +43,8 @@ public class WebserverLogMessages {
private final AtomicLong warnedAboutXForwardedSecurityIssue = new AtomicLong(0L);
@Inject
public WebserverLogMessages(PluginLogger logger, ErrorLogger errorLogger, Locale locale, Addresses addresses) {
public WebserverLogMessages(Formatters formatters, PluginLogger logger, ErrorLogger errorLogger, Locale locale, Addresses addresses) {
this.formatters = formatters;
this.logger = logger;
this.errorLogger = errorLogger;
this.locale = locale;
@ -95,4 +98,16 @@ public class WebserverLogMessages {
public void keystoreFileNotFound() {
logger.info(locale.getString(PluginLang.WEB_SERVER_NOTIFY_NO_CERT_FILE));
}
public void certificateExpiryIn(long expires) {
logger.info(locale.getString(PluginLang.WEB_SERVER_NOTIFY_CERT_EXPIRE_DATE, formatters.yearLong().apply(expires)));
}
public void certificateExpiryIsNear(long timeMillisToExpiry) {
if (timeMillisToExpiry > 0) {
logger.warn(locale.getString(PluginLang.WEB_SERVER_NOTIFY_CERT_EXPIRE_DATE_SOON, formatters.timeAmount().apply(timeMillisToExpiry)));
} else {
logger.warn(locale.getString(PluginLang.WEB_SERVER_NOTIFY_CERT_EXPIRE_DATE_PASSED));
}
}
}

View File

@ -33,7 +33,11 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
import javax.inject.Inject;
import javax.inject.Singleton;
import java.io.File;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
@Singleton
public class JettyWebserver implements WebServer {
@ -126,10 +130,27 @@ public class JettyWebserver implements WebServer {
}
webserverLogMessages.infoWebserverEnabled(getPort());
sslContext.ifPresent(this::logCertificateExpiryInformation);
responseResolver.registerPages();
}
private void logCertificateExpiryInformation(SslContextFactory.Server sslContext) {
try {
Certificate certificate = sslContext.getKeyStore().getCertificate(webserverConfiguration.getAlias());
if (certificate instanceof X509Certificate) {
long expires = ((X509Certificate) certificate).getNotAfter().getTime();
long timeLeft = expires - System.currentTimeMillis();
webserverLogMessages.certificateExpiryIn(expires);
if (timeLeft < TimeUnit.DAYS.toMillis(7L)) {
webserverLogMessages.certificateExpiryIsNear(timeLeft);
}
}
} catch (KeyStoreException ignored) {
// Don't care, just warning the user.
}
}
private ALPNServerConnectionFactory getAlpnServerConnectionFactory(String protocol) {
ClassLoader pluginClassLoader = getClass().getClassLoader();
return ThreadContextClassLoaderSwap.performOperation(pluginClassLoader, () -> {
@ -182,7 +203,6 @@ public class JettyWebserver implements WebServer {
sslContextFactory.setKeyStorePassword(storepass);
sslContextFactory.setKeyManagerPassword(keypass);
sslContextFactory.setCertAlias(alias);
return Optional.of(sslContextFactory);
}

View File

@ -51,6 +51,9 @@ public enum PluginLang implements Lang {
WEB_SERVER_NOTIFY_HTTPS_USER_AUTH("plugin.webserver.notify.authDisabledConfig", "WebServer - Notify HTTPS User Auth", "WebServer: User Authorization Disabled! (Disabled in config)"),
WEB_SERVER_NOTIFY_IP_WHITELIST("plugin.webserver.notify.ipWhitelist", "Webserver - Notify IP Whitelist", "Webserver: IP Whitelist is enabled."),
WEB_SERVER_NOTIFY_IP_WHITELIST_BLOCK("plugin.webserver.notify.ipWhitelistBlock", "Webserver - Notify IP Whitelist Block", "Webserver: ${0} was denied access to '${1}'. (not whitelisted)"),
WEB_SERVER_NOTIFY_CERT_EXPIRE_DATE("plugin.webserver.notify.certificateExpiresOn", "Webserver notify - Cert expiry", "Webserver: Loaded certificate is valid until ${0}."),
WEB_SERVER_NOTIFY_CERT_EXPIRE_DATE_SOON("plugin.webserver.notify.certificateExpiresSoon", "Webserver notify - Cert expiry soon", "Webserver: Certificate expires in ${0}, consider renewing the certificate."),
WEB_SERVER_NOTIFY_CERT_EXPIRE_DATE_PASSED("plugin.webserver.notify.certificateExpiresPassed", "Webserver notify - Cert expiry passed", "Webserver: Certificate has expired, consider renewing the certificate."),
DISABLED("plugin.disable.disabled", "Disable", "Player Analytics Disabled."),
DISABLED_WEB_SERVER("plugin.disable.webserver", "Disable - WebServer", "Webserver has been disabled."),