From bfd895112df4f92e90df0dc5772f6ded301c757c Mon Sep 17 00:00:00 2001
From: Ziver Koc <ziver@koc.se>
Date: Wed, 15 Sep 2021 16:56:24 +0200
Subject: [PATCH] Added a test mode without cert for external web server

---
 hal-core/src/se/hal/HalContext.java           |  2 +-
 .../se/hal/daemon/HalExternalWebDaemon.java   | 34 ++++++++++++++-----
 hal.conf.example                              |  4 +--
 3 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/hal-core/src/se/hal/HalContext.java b/hal-core/src/se/hal/HalContext.java
index 03d9bf73..7263e5cd 100644
--- a/hal-core/src/se/hal/HalContext.java
+++ b/hal-core/src/se/hal/HalContext.java
@@ -24,7 +24,7 @@ public class HalContext {
     public static final String CONFIG_HTTP_PORT = "hal_core.http_port";
     public static final String CONFIG_HTTP_EXTERNAL_PORT = "hal_core.http_external_port";
     public static final String CONFIG_HTTP_EXTERNAL_DOMAIN = "hal_core.http_external_domain";
-    public static final String CONFIG_HTTP_EXTERNAL_ACME_TYPE = "hal_core.http_external_acme_type";
+    public static final String CONFIG_HTTP_EXTERNAL_CERT = "hal_core.http_external_cert";
     public static final String CONFIG_MAP_BACKGROUND_IMAGE = "hal_core.map_bgimage";
 
     public static final String RESOURCE_ROOT;
diff --git a/hal-core/src/se/hal/daemon/HalExternalWebDaemon.java b/hal-core/src/se/hal/daemon/HalExternalWebDaemon.java
index 960a8491..659eb716 100644
--- a/hal-core/src/se/hal/daemon/HalExternalWebDaemon.java
+++ b/hal-core/src/se/hal/daemon/HalExternalWebDaemon.java
@@ -2,7 +2,6 @@ package se.hal.daemon;
 
 import org.shredzone.acme4j.exception.AcmeException;
 import se.hal.HalContext;
-import se.hal.HalServer;
 import se.hal.intf.HalDaemon;
 import se.hal.intf.HalWebPage;
 import se.hal.util.HalAcmeDataStore;
@@ -83,24 +82,32 @@ public class HalExternalWebDaemon implements HalDaemon {
             // Prepare ACME Client
             AcmeClient acme;
             HttpServer tmpHttpServer = null;
+            String acmeType = HalContext.getStringProperty(HalContext.CONFIG_HTTP_EXTERNAL_CERT, "acme_http");
 
-            if ("dns".equals(HalContext.getStringProperty(HalContext.CONFIG_HTTP_EXTERNAL_ACME_TYPE, ""))) {
-                acme = new AcmeClient(acmeDataStore, new AcmeManualDnsChallengeFactory());
-            } else if ("http".equals(HalContext.getStringProperty(HalContext.CONFIG_HTTP_EXTERNAL_ACME_TYPE, "http"))) {
+            if ("acme_http".equals(acmeType)) {
                 tmpHttpServer = new HttpServer(80);
                 tmpHttpServer.start();
 
                 acme = new AcmeClient(acmeDataStore, new AcmeHttpChallengeFactory(tmpHttpServer), AcmeClient.ACME_SERVER_LETSENCRYPT_STAGING);
+            } else if ("none".equals(acmeType)) {
+                acme = null;
+            } else if ("acme_dns".equals(acmeType)) {
+                acme = new AcmeClient(acmeDataStore, new AcmeManualDnsChallengeFactory());
             } else {
                 throw new IllegalArgumentException("Unknown config value for " + externalServerUrl);
             }
 
             // Request certificate and start the external webserver
 
-            acme.addDomain(HalContext.getStringProperty(CONFIG_HTTP_EXTERNAL_DOMAIN));
-            acme.prepareRequest();
-            certificate = acme.requestCertificate();
-            acmeDataStore.storeCertificate(certificate);
+            if (acme != null) {
+                acme.addDomain(HalContext.getStringProperty(CONFIG_HTTP_EXTERNAL_DOMAIN));
+                acme.prepareRequest();
+                certificate = acme.requestCertificate();
+                acmeDataStore.storeCertificate(certificate);
+            } else {
+                logger.warning("No SSL certificate is configured for external HTTP Server.");
+                certificate = null;
+            }
 
             // Cleanup
             if (tmpHttpServer != null) {
@@ -110,7 +117,16 @@ public class HalExternalWebDaemon implements HalDaemon {
     }
 
     private void startHttpServer() throws GeneralSecurityException, IOException {
-        httpExternal = new HttpServer(HalContext.getIntegerProperty(CONFIG_HTTP_EXTERNAL_PORT), acmeDataStore.getDomainKeyPair().getPrivate(), certificate);
+        // Shutdown old server
+        if (httpExternal != null)
+            httpExternal.close();
+
+        // Start new Server
+
+        if (certificate != null)
+            httpExternal = new HttpServer(HalContext.getIntegerProperty(CONFIG_HTTP_EXTERNAL_PORT), acmeDataStore.getDomainKeyPair().getPrivate(), certificate);
+        else
+            httpExternal = new HttpServer(HalContext.getIntegerProperty(CONFIG_HTTP_EXTERNAL_PORT));
 
         for (String url : pageMap.keySet()) {
             httpExternal.setPage(url, pageMap.get(url));
diff --git a/hal.conf.example b/hal.conf.example
index 3a812de0..d34630a3 100644
--- a/hal.conf.example
+++ b/hal.conf.example
@@ -8,8 +8,8 @@ hal_core.http_port=8080
 # to letsencrypt to work port 80 needs to be opened temporarily during the certificate generation process
 # make sure the firewall forwarding rules are setup for this process to work.
 # In the future DNS authentication will also be available so no port forwarding will be necessary.
-hal_core.http_acme_type=http|dns
-hal_core.http_external_port=8081
+#hal_core.http_external_cert=acme_http|acme_dns|none
+#hal_core.http_external_port=8081
 #hal_core.http_external_domain=example.com
 
 # ------------------------------------------------------------------------