From b362a4946fdf0ec7437112b68f1487a6563dae9a Mon Sep 17 00:00:00 2001
From: justADeni <deninikdo@gmail.com>
Date: Thu, 6 Nov 2025 01:22:22 +0100
Subject: [PATCH] feat: added SSL certificate handling to the internal web
 server

---
 .../squaremap/common/config/Messages.java     |  4 +++
 .../common/httpd/IntegratedServer.java        | 34 +++++++++++++++++--
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/common/src/main/java/xyz/jpenilla/squaremap/common/config/Messages.java b/common/src/main/java/xyz/jpenilla/squaremap/common/config/Messages.java
index 4def2d99..2e82bc5f 100644
--- a/common/src/main/java/xyz/jpenilla/squaremap/common/config/Messages.java
+++ b/common/src/main/java/xyz/jpenilla/squaremap/common/config/Messages.java
@@ -242,6 +242,10 @@ public final class Messages {
     public static String LOG_INTERNAL_WEB_DISABLED = "Internal webserver is disabled in config.yml";
     @MessageKey("log.internal-web-started")
     public static String LOG_INTERNAL_WEB_STARTED = "Internal webserver running on <bind>:<port>";
+    @MessageKey("log.internal-web-tls-enabled")
+    public static String LOG_INTERNAL_WEB_TLS_ENABLED = "SSL certificate detected, TLS enabled";
+    @MessageKey("log.internal-web-tls-disabled")
+    public static String LOG_INTERNAL_WEB_TLS_DISABLED = "SSL certificate not found, TLS disabled";
     @MessageKey("log.internal-web-stopped")
     public static String LOG_INTERNAL_WEB_STOPPED = "Internal webserver stopped";
 
diff --git a/common/src/main/java/xyz/jpenilla/squaremap/common/httpd/IntegratedServer.java b/common/src/main/java/xyz/jpenilla/squaremap/common/httpd/IntegratedServer.java
index 0651cbf1..2fa74a5a 100644
--- a/common/src/main/java/xyz/jpenilla/squaremap/common/httpd/IntegratedServer.java
+++ b/common/src/main/java/xyz/jpenilla/squaremap/common/httpd/IntegratedServer.java
@@ -12,19 +12,27 @@
 import io.undertow.server.handlers.resource.ResourceManager;
 import io.undertow.util.ETag;
 import io.undertow.util.Headers;
+
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.nio.file.attribute.BasicFileAttributes;
+import java.security.*;
+import java.security.cert.CertificateException;
 import java.util.concurrent.TimeUnit;
+
 import xyz.jpenilla.squaremap.common.Logging;
 import xyz.jpenilla.squaremap.common.config.Config;
 import xyz.jpenilla.squaremap.common.config.Messages;
 import xyz.jpenilla.squaremap.common.data.DirectoryProvider;
 import xyz.jpenilla.squaremap.common.util.Util;
 
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+
 public final class IntegratedServer {
     private static final boolean DEV_FRONTEND = Boolean.getBoolean("squaremap.devFrontend");
     private static final String FRONTEND_PATH = System.getProperty("squaremap.frontendPath");
@@ -43,7 +51,7 @@ public static void startServer(final DirectoryProvider directoryProvider, final
 
         CACHE = jsonCache;
         try {
-            SERVER = buildUndertow(createResourceHandler(directoryProvider));
+            SERVER = buildUndertow(directoryProvider);
             SERVER.start();
 
             Logging.info(Messages.LOG_INTERNAL_WEB_STARTED, "bind", Config.HTTPD_BIND, "port", Config.HTTPD_PORT);
@@ -53,10 +61,30 @@ public static void startServer(final DirectoryProvider directoryProvider, final
         }
     }
 
-    private static Undertow buildUndertow(final ResourceHandler resourceHandler) {
+    private static Undertow buildUndertow(final DirectoryProvider directoryProvider) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
+        ResourceHandler resourceHandler = createResourceHandler(directoryProvider);
+        KeyStore ks = KeyStore.getInstance("PKCS12");
+
+        try (FileInputStream fis = new FileInputStream(directoryProvider.dataDirectory().resolve("keystore.p12").toFile())) {
+            ks.load(fis, new char[0]);
+        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
+            Logging.info(Messages.LOG_INTERNAL_WEB_TLS_DISABLED);
+            return Undertow.builder()
+                    .setServerOption(UndertowOptions.ENABLE_HTTP2, true)
+                    .addHttpListener(Config.HTTPD_PORT, Config.HTTPD_BIND)
+                    .setHandler(createHttpHandler(resourceHandler))
+                    .build();
+        }
+
+        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+        kmf.init(ks, new char[0]);
+        SSLContext ssl = SSLContext.getInstance("TLS");
+        ssl.init(kmf.getKeyManagers(), null, null);
+
+        Logging.info(Messages.LOG_INTERNAL_WEB_TLS_ENABLED);
         return Undertow.builder()
             .setServerOption(UndertowOptions.ENABLE_HTTP2, true)
-            .addHttpListener(Config.HTTPD_PORT, Config.HTTPD_BIND)
+            .addHttpsListener(Config.HTTPD_PORT, Config.HTTPD_BIND, ssl)
             .setHandler(createHttpHandler(resourceHandler))
             .build();
     }