TLS communication

TLS Poort

Java service for HTTP(S)-to-TLS bridge from customer side server to mob.id cluster.

Release content

• mobid-poort*.jar – executable JAR file for Java VM
• Documentation

Prerequisites

• Windows/Linux/iOS
• Oracle Java 8 (Open Java 8 can be good as well, but not tested)
• Internet access to *.api.mob.id domain
• About 50 MB on HDD/SDD
• About 2 GB of RAM per service instance

Configuration

Main configuration file is application.properties in the current working folder.

If you need multiple instances, you can start the same JAR file with different working folders, and each folder can contain a different configuration file.

Sample content of configuration file:л

mob.id.domain.prefix=<your organization prefix>
mob.id.keystore.password=<client certificate's key store password>
mob.id.org.id=<id of your organization>
mob.id.sub.org.id=<id of your sub-organization (can be empty)>
mob.id.sdk.password=<your password of SDK access>

The service is built with Spring Boot framework, thus any Spring Boot configurations also can be applied. For example, more logging about network process:

logging.level.web=TRACE
logging.level.org.apache.http=DEBUG
logging.level.httpclient.wire=DEBUG

For example, change input port from 8080 (default) to 9090:

server.port=9090

Logging

By default, log messages are printed in console (stdout) and poort.log file.

Log files have a daily- and 10M-size- rolling policy.

Old log files are saved to the ./logs sub-folder with compression.

Turn on HTTPS or TLS

By default, the service is opening HTTP connection on port 8080. You can turn on HTTPS or TLS in configuration file:

server.port=443
server.ssl.enabled=false
server.ssl.key-store-type=JKS
server.ssl.key-store=keystore.jks
server.ssl.key-store-password=<key store password>
server.ssl.trust-store=truststore.jks
server.ssl.trust-store-password=<trust store password>
server.ssl.protocol=TLS
server.ssl.enabled-protocols=TLSv1.2
server.ssl.client-auth=need

More info can be easily googled with “spring boot ssl enable” request. For example:

• https://mkyong.com/spring-boot/spring-boot-ssl-https-examples/
• https://howtodoinjava.com/spring-boot/spring-boot-ssl-https-example/

The “Key Store Explorer” utility can be used for easy work with certificates and key stores.

• https://keystore-explorer.org/downloads.html

Securing configuration file

The configuration file engine of Spring Boot can read some values from environment variables. This way will help you to hide sensitive data from the configuration file with the ${} token.

For example, update similar line:

mob.id.keystore.password=my_secure_password

to

mob.id.keystore.password=${KEYSTORE_PASSWORD}

Docker

This service can be added in Docker containers. The sample of Docker file:

FROM openjdk:8-jre-alpine
COPY mobid-poort*.jar /mobid-poort.jar
COPY application.properties /application.properties
CMD ["/usr/bin/java", "-jar", "/mobid-poort.jar"]

Build Docker image:

docker build --tag mobid_poort .

Run Docker container:

docker run -d -p8080:8080 --name mobid_poort mobid_poort:latest

where 8080 is a port from the application.properties file.

Questions?

If you have any questions, email to support@mob.id 

Thanks!