Example 1 with ClientAuthentication
use of org.apache.cxf.configuration.security.ClientAuthentication in project cxf by apache.
the class HTTPJettyTransportActivator method createTlsServerParameters.
private TLSServerParameters createTlsServerParameters(Dictionary<String, ?> d) {
Enumeration<String> keys = d.keys();
TLSServerParameters p = null;
SecureRandomParameters srp = null;
KeyManagersType kmt = null;
TrustManagersType tmt = null;
boolean enableRevocation = false;
while (keys.hasMoreElements()) {
String k = keys.nextElement();
if (k.startsWith("tlsServerParameters.")) {
if (p == null) {
p = new TLSServerParameters();
}
String v = (String) d.get(k);
k = k.substring("tlsServerParameters.".length());
if ("secureSocketProtocol".equals(k)) {
p.setSecureSocketProtocol(v);
} else if ("jsseProvider".equals(k)) {
p.setJsseProvider(v);
} else if ("certAlias".equals(k)) {
p.setCertAlias(v);
} else if ("clientAuthentication.want".equals(k)) {
if (p.getClientAuthentication() == null) {
p.setClientAuthentication(new ClientAuthentication());
}
p.getClientAuthentication().setWant(Boolean.parseBoolean(v));
} else if ("clientAuthentication.required".equals(k)) {
if (p.getClientAuthentication() == null) {
p.setClientAuthentication(new ClientAuthentication());
}
p.getClientAuthentication().setRequired(Boolean.parseBoolean(v));
} else if ("enableRevocation".equals(k)) {
enableRevocation = Boolean.parseBoolean(v);
} else if (k.startsWith("certConstraints.")) {
configureCertConstraints(p, k, v);
} else if (k.startsWith("secureRandomParameters.")) {
srp = configureSecureRandom(srp, k, v);
} else if (k.startsWith("cipherSuitesFilter.")) {
configureCipherSuitesFilter(p, k, v);
} else if (k.startsWith("cipherSuites")) {
StringTokenizer st = new StringTokenizer(v, ",");
while (st.hasMoreTokens()) {
p.getCipherSuites().add(st.nextToken());
}
} else if (k.startsWith("excludeProtocols")) {
StringTokenizer st = new StringTokenizer(v, ",");
while (st.hasMoreTokens()) {
p.getExcludeProtocols().add(st.nextToken());
}
} else if (k.startsWith("trustManagers.")) {
tmt = getTrustManagers(tmt, k.substring("trustManagers.".length()), v);
} else if (k.startsWith("keyManagers.")) {
kmt = getKeyManagers(kmt, k.substring("keyManagers.".length()), v);
}
}
}
try {
if (srp != null) {
p.setSecureRandom(TLSParameterJaxBUtils.getSecureRandom(srp));
}
if (kmt != null) {
p.setKeyManagers(TLSParameterJaxBUtils.getKeyManagers(kmt));
}
if (tmt != null) {
p.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt, enableRevocation));
}
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw new RuntimeException(e);
}
return p;
}
Also used :
KeyManagersType(org.apache.cxf.configuration.security.KeyManagersType)
StringTokenizer(java.util.StringTokenizer)
SecureRandomParameters(org.apache.cxf.configuration.security.SecureRandomParameters)
TrustManagersType(org.apache.cxf.configuration.security.TrustManagersType)
ClientAuthentication(org.apache.cxf.configuration.security.ClientAuthentication)
TLSServerParameters(org.apache.cxf.configuration.jsse.TLSServerParameters)
GeneralSecurityException(java.security.GeneralSecurityException)
ConfigurationException(org.osgi.service.cm.ConfigurationException)
IOException(java.io.IOException)
Example 2 with ClientAuthentication
use of org.apache.cxf.configuration.security.ClientAuthentication in project cxf by apache.
the class JettyHTTPServerEngineBeanDefinitionParser method mapTLSServerParameters.
private void mapTLSServerParameters(Element e, BeanDefinitionBuilder bean) {
BeanDefinitionBuilder paramsbean = BeanDefinitionBuilder.rootBeanDefinition(TLSServerParametersConfig.TLSServerParametersTypeInternal.class);
// read the attributes
NamedNodeMap as = e.getAttributes();
for (int i = 0; i < as.getLength(); i++) {
Attr a = (Attr) as.item(i);
if (a.getNamespaceURI() == null) {
String aname = a.getLocalName();
if ("jsseProvider".equals(aname) || "secureSocketProtocol".equals(aname)) {
paramsbean.addPropertyValue(aname, a.getValue());
}
}
}
// read the child elements
Node n = e.getFirstChild();
while (n != null) {
if (Node.ELEMENT_NODE != n.getNodeType() || !SECURITY_NS.equals(n.getNamespaceURI())) {
n = n.getNextSibling();
continue;
}
String ename = n.getLocalName();
// Schema should require that no more than one each of these exist.
String ref = ((Element) n).getAttribute("ref");
if ("keyManagers".equals(ename)) {
if (ref != null && ref.length() > 0) {
paramsbean.addPropertyReference("keyManagersRef", ref);
} else {
mapElementToJaxbProperty((Element) n, paramsbean, ename, KeyManagersType.class);
}
} else if ("trustManagers".equals(ename)) {
if (ref != null && ref.length() > 0) {
paramsbean.addPropertyReference("trustManagersRef", ref);
} else {
mapElementToJaxbProperty((Element) n, paramsbean, ename, TrustManagersType.class);
}
} else if ("cipherSuites".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, CipherSuites.class);
} else if ("cipherSuitesFilter".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, FiltersType.class);
} else if ("excludeProtocols".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, ExcludeProtocols.class);
} else if ("includeProtocols".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, IncludeProtocols.class);
} else if ("secureRandomParameters".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, SecureRandomParameters.class);
} else if ("clientAuthentication".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, ClientAuthentication.class);
} else if ("certConstraints".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, CertificateConstraintsType.class);
} else if ("certAlias".equals(ename)) {
paramsbean.addPropertyValue(ename, n.getTextContent());
}
n = n.getNextSibling();
}
BeanDefinitionBuilder jaxbbean = BeanDefinitionBuilder.rootBeanDefinition(TLSServerParametersConfig.class);
jaxbbean.addConstructorArgValue(paramsbean.getBeanDefinition());
bean.addPropertyValue("tlsServerParameters", jaxbbean.getBeanDefinition());
}
Also used :
BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder)
NamedNodeMap(org.w3c.dom.NamedNodeMap)
IncludeProtocols(org.apache.cxf.configuration.security.IncludeProtocols)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
TrustManagersType(org.apache.cxf.configuration.security.TrustManagersType)
FiltersType(org.apache.cxf.configuration.security.FiltersType)
ClientAuthentication(org.apache.cxf.configuration.security.ClientAuthentication)
TLSServerParametersConfig(org.apache.cxf.configuration.jsse.TLSServerParametersConfig)
Attr(org.w3c.dom.Attr)
Example 3 with ClientAuthentication
use of org.apache.cxf.configuration.security.ClientAuthentication in project cxf by apache.
the class UndertowHTTPServerEngineBeanDefinitionParser method mapTLSServerParameters.
private void mapTLSServerParameters(Element e, BeanDefinitionBuilder bean) {
BeanDefinitionBuilder paramsbean = BeanDefinitionBuilder.rootBeanDefinition(TLSServerParametersConfig.TLSServerParametersTypeInternal.class);
// read the attributes
NamedNodeMap as = e.getAttributes();
for (int i = 0; i < as.getLength(); i++) {
Attr a = (Attr) as.item(i);
if (a.getNamespaceURI() == null) {
String aname = a.getLocalName();
if ("jsseProvider".equals(aname) || "secureSocketProtocol".equals(aname)) {
paramsbean.addPropertyValue(aname, a.getValue());
}
}
}
// read the child elements
Node n = e.getFirstChild();
while (n != null) {
if (Node.ELEMENT_NODE != n.getNodeType() || !SECURITY_NS.equals(n.getNamespaceURI())) {
n = n.getNextSibling();
continue;
}
String ename = n.getLocalName();
// Schema should require that no more than one each of these exist.
String ref = ((Element) n).getAttribute("ref");
if ("keyManagers".equals(ename)) {
if (ref != null && ref.length() > 0) {
paramsbean.addPropertyReference("keyManagersRef", ref);
} else {
mapElementToJaxbProperty((Element) n, paramsbean, ename, KeyManagersType.class);
}
} else if ("trustManagers".equals(ename)) {
if (ref != null && ref.length() > 0) {
paramsbean.addPropertyReference("trustManagersRef", ref);
} else {
mapElementToJaxbProperty((Element) n, paramsbean, ename, TrustManagersType.class);
}
} else if ("cipherSuites".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, CipherSuites.class);
} else if ("cipherSuitesFilter".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, FiltersType.class);
} else if ("excludeProtocols".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, ExcludeProtocols.class);
} else if ("includeProtocols".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, IncludeProtocols.class);
} else if ("secureRandomParameters".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, SecureRandomParameters.class);
} else if ("clientAuthentication".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, ClientAuthentication.class);
} else if ("certConstraints".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, CertificateConstraintsType.class);
} else if ("certAlias".equals(ename)) {
paramsbean.addPropertyValue(ename, n.getTextContent());
}
n = n.getNextSibling();
}
BeanDefinitionBuilder jaxbbean = BeanDefinitionBuilder.rootBeanDefinition(TLSServerParametersConfig.class);
jaxbbean.addConstructorArgValue(paramsbean.getBeanDefinition());
bean.addPropertyValue("tlsServerParameters", jaxbbean.getBeanDefinition());
}
Also used :
BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder)
NamedNodeMap(org.w3c.dom.NamedNodeMap)
IncludeProtocols(org.apache.cxf.configuration.security.IncludeProtocols)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
TrustManagersType(org.apache.cxf.configuration.security.TrustManagersType)
FiltersType(org.apache.cxf.configuration.security.FiltersType)
ClientAuthentication(org.apache.cxf.configuration.security.ClientAuthentication)
TLSServerParametersConfig(org.apache.cxf.configuration.jsse.TLSServerParametersConfig)
Attr(org.w3c.dom.Attr)
Example 4 with ClientAuthentication
use of org.apache.cxf.configuration.security.ClientAuthentication in project cxf by apache.
the class TrustServerNoSpring method run.
protected void run() {
Bus busLocal = BusFactory.getDefaultBus(true);
setBus(busLocal);
String address = "https://localhost:" + TrustManagerTest.PORT3 + "/SoapContext/HttpsPort";
try {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(ClassLoaderUtils.getResourceAsStream("keys/Bethal.jks", this.getClass()), "password".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, "password".toCharArray());
TLSServerParameters tlsParams = new TLSServerParameters();
tlsParams.setKeyManagers(kmf.getKeyManagers());
ClientAuthentication clientAuthentication = new ClientAuthentication();
clientAuthentication.setRequired(false);
clientAuthentication.setWant(true);
tlsParams.setClientAuthentication(clientAuthentication);
Map<String, TLSServerParameters> map = new HashMap<>();
map.put("tlsId", tlsParams);
JettyHTTPServerEngineFactory factory = busLocal.getExtension(JettyHTTPServerEngineFactory.class);
factory.setTlsServerParametersMap(map);
factory.createJettyHTTPServerEngine("localhost", Integer.parseInt(TrustManagerTest.PORT3), "https", "tlsId");
factory.initComplete();
} catch (Exception ex) {
ex.printStackTrace();
}
Endpoint.publish(address, new GreeterImpl());
}
Also used :
Bus(org.apache.cxf.Bus)
HashMap(java.util.HashMap)
GreeterImpl(org.apache.cxf.systest.http.GreeterImpl)
JettyHTTPServerEngineFactory(org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory)
KeyStore(java.security.KeyStore)
ClientAuthentication(org.apache.cxf.configuration.security.ClientAuthentication)
TLSServerParameters(org.apache.cxf.configuration.jsse.TLSServerParameters)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 5 with ClientAuthentication
use of org.apache.cxf.configuration.security.ClientAuthentication in project cxf by apache.
the class NettyHttpServerEngineBeanDefinitionParser method mapTLSServerParameters.
private void mapTLSServerParameters(Element e, BeanDefinitionBuilder bean) {
BeanDefinitionBuilder paramsbean = BeanDefinitionBuilder.rootBeanDefinition(TLSServerParametersConfig.TLSServerParametersTypeInternal.class);
// read the attributes
NamedNodeMap as = e.getAttributes();
for (int i = 0; i < as.getLength(); i++) {
Attr a = (Attr) as.item(i);
if (a.getNamespaceURI() == null) {
String aname = a.getLocalName();
if ("jsseProvider".equals(aname) || "secureSocketProtocol".equals(aname)) {
paramsbean.addPropertyValue(aname, a.getValue());
}
}
}
// read the child elements
Node n = e.getFirstChild();
while (n != null) {
if (Node.ELEMENT_NODE != n.getNodeType() || !SECURITY_NS.equals(n.getNamespaceURI())) {
n = n.getNextSibling();
continue;
}
String ename = n.getLocalName();
// Schema should require that no more than one each of these exist.
String ref = ((Element) n).getAttribute("ref");
if ("keyManagers".equals(ename)) {
if (ref != null && ref.length() > 0) {
paramsbean.addPropertyReference("keyManagersRef", ref);
} else {
mapElementToJaxbProperty((Element) n, paramsbean, ename, KeyManagersType.class);
}
} else if ("trustManagers".equals(ename)) {
if (ref != null && ref.length() > 0) {
paramsbean.addPropertyReference("trustManagersRef", ref);
} else {
mapElementToJaxbProperty((Element) n, paramsbean, ename, TrustManagersType.class);
}
} else if ("cipherSuites".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, CipherSuites.class);
} else if ("cipherSuitesFilter".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, FiltersType.class);
} else if ("secureRandomParameters".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, SecureRandomParameters.class);
} else if ("clientAuthentication".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, ClientAuthentication.class);
} else if ("certConstraints".equals(ename)) {
mapElementToJaxbProperty((Element) n, paramsbean, ename, CertificateConstraintsType.class);
} else if ("certAlias".equals(ename)) {
paramsbean.addPropertyValue(ename, n.getTextContent());
}
n = n.getNextSibling();
}
BeanDefinitionBuilder jaxbbean = BeanDefinitionBuilder.rootBeanDefinition(TLSServerParametersConfig.class);
jaxbbean.addConstructorArgValue(paramsbean.getBeanDefinition());
bean.addPropertyValue("tlsServerParameters", jaxbbean.getBeanDefinition());
}
Also used :
BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder)
NamedNodeMap(org.w3c.dom.NamedNodeMap)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
TrustManagersType(org.apache.cxf.configuration.security.TrustManagersType)
FiltersType(org.apache.cxf.configuration.security.FiltersType)
ClientAuthentication(org.apache.cxf.configuration.security.ClientAuthentication)
TLSServerParametersConfig(org.apache.cxf.configuration.jsse.TLSServerParametersConfig)
Attr(org.w3c.dom.Attr)
Aggregations
ClientAuthentication (org.apache.cxf.configuration.security.ClientAuthentication)6
TrustManagersType (org.apache.cxf.configuration.security.TrustManagersType)5
TLSServerParameters (org.apache.cxf.configuration.jsse.TLSServerParameters)3
TLSServerParametersConfig (org.apache.cxf.configuration.jsse.TLSServerParametersConfig)3
FiltersType (org.apache.cxf.configuration.security.FiltersType)3
BeanDefinitionBuilder (org.springframework.beans.factory.support.BeanDefinitionBuilder)3
Attr (org.w3c.dom.Attr)3
Element (org.w3c.dom.Element)3
NamedNodeMap (org.w3c.dom.NamedNodeMap)3
Node (org.w3c.dom.Node)3
IOException (java.io.IOException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
StringTokenizer (java.util.StringTokenizer)2
IncludeProtocols (org.apache.cxf.configuration.security.IncludeProtocols)2
KeyManagersType (org.apache.cxf.configuration.security.KeyManagersType)2
SecureRandomParameters (org.apache.cxf.configuration.security.SecureRandomParameters)2
ConfigurationException (org.osgi.service.cm.ConfigurationException)2
KeyStore (java.security.KeyStore)1
HashMap (java.util.HashMap)1
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)1
