Example 6 with TLSClientParameters
use of org.apache.cxf.configuration.jsse.TLSClientParameters in project ddf by codice.
the class SecureCxfClientFactory method configureConduit.
private void configureConduit(ClientConfiguration clientConfig) {
HTTPConduit httpConduit = clientConfig.getHttpConduit();
if (httpConduit == null) {
LOGGER.info("HTTPConduit was null for {}. Unable to configure security.", this);
return;
}
if (allowRedirects) {
HTTPClientPolicy clientPolicy = httpConduit.getClient();
if (clientPolicy != null) {
clientPolicy.setAutoRedirect(true);
Bus bus = clientConfig.getBus();
if (bus != null) {
bus.getProperties().put("http.redirect.relative.uri", true);
}
}
}
TLSClientParameters tlsParams = httpConduit.getTlsClientParameters();
if (tlsParams == null) {
tlsParams = new TLSClientParameters();
}
tlsParams.setDisableCNCheck(disableCnCheck);
tlsParams.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
tlsParams.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
String cipherSuites = System.getProperty("https.cipherSuites");
if (cipherSuites != null) {
tlsParams.setCipherSuites(Arrays.asList(cipherSuites.split(",")));
}
KeyStore keyStore = null;
KeyStore trustStore = null;
try {
keyStore = SecurityConstants.newKeystore();
trustStore = SecurityConstants.newTruststore();
} catch (KeyStoreException e) {
LOGGER.debug("Unable to create keystore instance of type {}", System.getProperty(SecurityConstants.KEYSTORE_TYPE), e);
}
Path keyStoreFile = Paths.get(SecurityConstants.getKeystorePath());
Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath());
String ddfHome = System.getProperty("ddf.home");
if (ddfHome != null) {
Path ddfHomePath = Paths.get(ddfHome);
if (!keyStoreFile.isAbsolute()) {
keyStoreFile = Paths.get(ddfHomePath.toString(), keyStoreFile.toString());
}
if (!trustStoreFile.isAbsolute()) {
trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString());
}
}
String keyStorePassword = SecurityConstants.getKeystorePassword();
String trustStorePassword = SecurityConstants.getTruststorePassword();
if (!Files.isReadable(keyStoreFile) || !Files.isReadable(trustStoreFile)) {
LOGGER.debug("Unable to read system key/trust store files: [ {} ] [ {} ]", keyStoreFile, trustStoreFile);
return;
}
try (InputStream kfis = Files.newInputStream(keyStoreFile)) {
if (keyStore != null) {
keyStore.load(kfis, keyStorePassword.toCharArray());
}
} catch (NoSuchAlgorithmException | CertificateException | IOException e) {
LOGGER.debug("Unable to load system key file.", e);
}
try (InputStream tfis = Files.newInputStream(trustStoreFile)) {
if (trustStore != null) {
trustStore.load(tfis, trustStorePassword.toCharArray());
}
} catch (NoSuchAlgorithmException | CertificateException | IOException e) {
LOGGER.debug("Unable to load system trust file.", e);
}
try {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
tlsParams.setKeyManagers(keyManagerFactory.getKeyManagers());
} catch (NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e) {
LOGGER.debug("Unable to initialize KeyManagerFactory.", e);
}
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
tlsParams.setTrustManagers(trustManagerFactory.getTrustManagers());
} catch (NoSuchAlgorithmException | KeyStoreException e) {
LOGGER.debug("Unable to initialize TrustManagerFactory.", e);
}
tlsParams.setCertAlias(SystemBaseUrl.getHost());
httpConduit.setTlsClientParameters(tlsParams);
}
Also used :
Path(java.nio.file.Path)
Bus(org.apache.cxf.Bus)
TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters)
InputStream(java.io.InputStream)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
HTTPConduit(org.apache.cxf.transport.http.HTTPConduit)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
HTTPClientPolicy(org.apache.cxf.transports.http.configuration.HTTPClientPolicy)
Aggregations
TLSClientParameters (org.apache.cxf.configuration.jsse.TLSClientParameters)6
HTTPConduit (org.apache.cxf.transport.http.HTTPConduit)4
IOException (java.io.IOException)2
SHSIMPINC (com.ibm.maximo.wsdl.shsimpinc.SHSIMPINC)1
InputStream (java.io.InputStream)1
Path (java.nio.file.Path)1
KeyStore (java.security.KeyStore)1
KeyStoreException (java.security.KeyStoreException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
UnrecoverableKeyException (java.security.UnrecoverableKeyException)1
CertificateException (java.security.cert.CertificateException)1
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)1
SSLContext (javax.net.ssl.SSLContext)1
TrustManager (javax.net.ssl.TrustManager)1
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)1
X509TrustManager (javax.net.ssl.X509TrustManager)1
SSLContextParameters (org.apache.camel.util.jsse.SSLContextParameters)1
Bus (org.apache.cxf.Bus)1
BusException (org.apache.cxf.BusException)1
Client (org.apache.cxf.endpoint.Client)1
