[grid] Add (hidden) support for self-signed https

SeleniumHQ · Jan 16, 2020 · 711217d · 711217d
1 parent 7e34313
commit 711217d
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/java/server/src/org/openqa/selenium/grid/server/BaseServerFlags.java b/java/server/src/org/openqa/selenium/grid/server/BaseServerFlags.java
@@ -61,6 +61,10 @@ public class BaseServerFlags {
   @ConfigValue(section = "server", name = "https-certificate")
   private String httpsCertificate;
 
+  @Parameter(description = "Use a self-signed certificate for HTTPS communication", names = "--self-signed-https", hidden = true)
+  @ConfigValue(section = "server", name = "https-self-signed")
+  private boolean isSelfSigned = false;
+
   public BaseServerFlags(int defaultPort) {
     this.port = defaultPort;
   }

diff --git a/java/server/src/org/openqa/selenium/grid/server/BaseServerOptions.java b/java/server/src/org/openqa/selenium/grid/server/BaseServerOptions.java
@@ -117,4 +117,8 @@ public File getCertificate() {
     }
     throw new ConfigException("you must provide a certificate via --https-certificate when using --https");
   }
+
+  public boolean isSelfSigned() {
+    return config.getBool("server", "https-self-signed").orElse(false);
+  }
 }
diff --git a/java/server/src/org/openqa/selenium/netty/server/NettyServer.java b/java/server/src/org/openqa/selenium/netty/server/NettyServer.java
@@ -27,6 +27,7 @@
 import io.netty.handler.logging.LoggingHandler;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.util.SelfSignedCertificate;
 import org.openqa.selenium.grid.server.AddWebDriverSpecHeaders;
 import org.openqa.selenium.grid.server.BaseServerOptions;
 import org.openqa.selenium.grid.server.Server;
@@ -38,6 +39,7 @@
 import java.net.MalformedURLException;
 import javax.net.ssl.SSLException;
 import java.net.URL;
+import java.security.cert.CertificateException;
 import java.util.Objects;
 
 public class NettyServer implements Server<NettyServer> {
@@ -63,7 +65,14 @@ public NettyServer(BaseServerOptions options, HttpHandler handler) {
       } catch (SSLException e) {
         throw new UncheckedIOException(new IOException("Certificate problem.", e)); 
       }
-
+    } else if (options.isSelfSigned()) {
+      try {
+        SelfSignedCertificate cert = new SelfSignedCertificate();
+        sslCtx = SslContextBuilder.forServer(cert.certificate(), cert.privateKey())
+          .build();
+      } catch (CertificateException | SSLException e) {
+        throw new UncheckedIOException(new IOException("Self-signed certificate problem.", e));
+      }
     } else {
       sslCtx = null;
     }