Example 1 with ViPRX509TrustManager
use of com.emc.storageos.security.ssl.ViPRX509TrustManager in project coprhd-controller by CoprHD.
the class BuildRestRequest method makeClient.
public static Client makeClient(final ClientConfig config, final CoordinatorClient coordinator, final String auth, final String protocol, final String user, final String password) throws Exception {
if (StringUtils.isEmpty(protocol)) {
throw InternalServerErrorException.internalServerErrors.customServiceExecutionFailed("Protocol not defined" + protocol);
}
if (!protocol.equals("https")) {
logger.error("Only Https is supported. Protocol:{} is not supported", protocol);
throw InternalServerErrorException.internalServerErrors.customServiceExecutionFailed("Protocol not supported" + protocol);
}
final SSLContext context = SSLContext.getInstance("SSL");
final ViPRX509TrustManager trustManager = new ViPRX509TrustManager(coordinator);
context.init(null, new TrustManager[] { trustManager }, null);
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(null, context));
final Client client = Client.create(config);
if (auth.equals(CustomServicesConstants.AuthType.BASIC.name())) {
if (!(StringUtils.isEmpty(user) && StringUtils.isEmpty(password))) {
client.addFilter(new HTTPBasicAuthFilter(user, password));
} else {
logger.error("user:{} or password not defined", user);
throw InternalServerErrorException.internalServerErrors.customServiceExecutionFailed("User or password not defined");
}
}
return client;
}
Also used :
SSLContext(javax.net.ssl.SSLContext)
Client(com.sun.jersey.api.client.Client)
CoordinatorClient(com.emc.storageos.coordinator.client.service.CoordinatorClient)
ViPRX509TrustManager(com.emc.storageos.security.ssl.ViPRX509TrustManager)
HTTPSProperties(com.sun.jersey.client.urlconnection.HTTPSProperties)
HTTPBasicAuthFilter(com.sun.jersey.api.client.filter.HTTPBasicAuthFilter)
Example 2 with ViPRX509TrustManager
use of com.emc.storageos.security.ssl.ViPRX509TrustManager in project coprhd-controller by CoprHD.
the class SSLHelper method configureSSLWithTrustManger.
public static void configureSSLWithTrustManger(AbstractHttpClient httpClient, CoordinatorClient coordinatorClient) throws GeneralSecurityException {
if (httpClient == null || coordinatorClient == null) {
if (httpClient == null) {
throw new IllegalArgumentException("null httpClient argument is not allowed");
}
throw new IllegalArgumentException("null coordinatorClient is not allowed");
}
SSLContext sslContext;
try {
sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[] { new ViPRX509TrustManager(coordinatorClient) }, null);
SSLSocketFactory socketFactory = new SupportedSSLSocketFactory(sslContext);
socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme sch = new Scheme("https", socketFactory, 443);
httpClient.getConnectionManager().getSchemeRegistry().register(sch);
} catch (GeneralSecurityException ex) {
throw new GeneralSecurityException("Error updating https scheme with trust manager", ex);
}
}
Also used :
Scheme(org.apache.http.conn.scheme.Scheme)
GeneralSecurityException(java.security.GeneralSecurityException)
SSLContext(javax.net.ssl.SSLContext)
SSLSocketFactory(org.apache.http.conn.ssl.SSLSocketFactory)
ViPRX509TrustManager(com.emc.storageos.security.ssl.ViPRX509TrustManager)
Example 3 with ViPRX509TrustManager
use of com.emc.storageos.security.ssl.ViPRX509TrustManager in project coprhd-controller by CoprHD.
the class TrustManagerTest method testCheckServerTrusted.
@Test
public void testCheckServerTrusted() throws Exception {
DistributedKeyStore zookeeperKeystore = new DistributedKeyStoreImpl();
zookeeperKeystore.init(loadStoreParam);
zookeeperKeystore.setTrustedCertificates(null);
KeyStoreUtil.setAcceptAllCertificates(zkhHelper, Boolean.FALSE);
ViPRX509TrustManager tm = new ViPRX509TrustManager(coordinatorClient);
KeyCertificatePairGenerator gen = new KeyCertificatePairGenerator();
gen.setKeyCertificateAlgorithmValuesHolder(new KeyCertificateAlgorithmValuesHolder(coordinatorClient));
KeyCertificateEntry entry = gen.generateKeyCertificatePair();
X509Certificate[] chainToVerify = new X509Certificate[] { (X509Certificate) entry.getCertificateChain()[0] };
boolean exceptionThrown = false;
try {
tm.checkServerTrusted(chainToVerify, "RSA_EXPORT");
} catch (CertificateException e) {
exceptionThrown = true;
}
Assert.assertTrue(exceptionThrown);
TrustedCertificateEntry trustedCert = new TrustedCertificateEntry(entry.getCertificateChain()[0], new Date());
zookeeperKeystore.addTrustedCertificate("someAlias", trustedCert);
// creating a new instance since trust manager caches all the certs
tm = new ViPRX509TrustManager(coordinatorClient);
try {
tm.checkServerTrusted(chainToVerify, "RSA_EXPORT");
} catch (CertificateException e) {
Assert.fail();
}
KeyStoreUtil.setAcceptAllCertificates(zkhHelper, Boolean.TRUE);
entry = gen.generateKeyCertificatePair();
chainToVerify = new X509Certificate[] { (X509Certificate) entry.getCertificateChain()[0] };
try {
tm.checkServerTrusted(chainToVerify, "RSA_EXPORT");
} catch (CertificateException e) {
Assert.fail();
}
}
Also used :
KeyCertificateAlgorithmValuesHolder(com.emc.storageos.security.keystore.impl.KeyCertificateAlgorithmValuesHolder)
DistributedKeyStoreImpl(com.emc.storageos.security.keystore.impl.DistributedKeyStoreImpl)
KeyCertificatePairGenerator(com.emc.storageos.security.keystore.impl.KeyCertificatePairGenerator)
CertificateException(java.security.cert.CertificateException)
ViPRX509TrustManager(com.emc.storageos.security.ssl.ViPRX509TrustManager)
KeyCertificateEntry(com.emc.storageos.security.keystore.impl.KeyCertificateEntry)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
TrustedCertificateEntry(com.emc.storageos.security.keystore.impl.TrustedCertificateEntry)
Test(org.junit.Test)
Aggregations
ViPRX509TrustManager (com.emc.storageos.security.ssl.ViPRX509TrustManager)3
SSLContext (javax.net.ssl.SSLContext)2
CoordinatorClient (com.emc.storageos.coordinator.client.service.CoordinatorClient)1
DistributedKeyStoreImpl (com.emc.storageos.security.keystore.impl.DistributedKeyStoreImpl)1
KeyCertificateAlgorithmValuesHolder (com.emc.storageos.security.keystore.impl.KeyCertificateAlgorithmValuesHolder)1
KeyCertificateEntry (com.emc.storageos.security.keystore.impl.KeyCertificateEntry)1
KeyCertificatePairGenerator (com.emc.storageos.security.keystore.impl.KeyCertificatePairGenerator)1
TrustedCertificateEntry (com.emc.storageos.security.keystore.impl.TrustedCertificateEntry)1
Client (com.sun.jersey.api.client.Client)1
HTTPBasicAuthFilter (com.sun.jersey.api.client.filter.HTTPBasicAuthFilter)1
HTTPSProperties (com.sun.jersey.client.urlconnection.HTTPSProperties)1
GeneralSecurityException (java.security.GeneralSecurityException)1
CertificateException (java.security.cert.CertificateException)1
X509Certificate (java.security.cert.X509Certificate)1
Date (java.util.Date)1
Scheme (org.apache.http.conn.scheme.Scheme)1
SSLSocketFactory (org.apache.http.conn.ssl.SSLSocketFactory)1
Test (org.junit.Test)1
