use of org.apache.cxf.configuration.security.FiltersType in project cxf by apache.
the class HttpConduitConfigApplier method applyTlsClientParameters.
private void applyTlsClientParameters(Dictionary<String, String> d, HTTPConduit c) {
Enumeration<String> keys = d.keys();
TLSClientParameters p = c.getTlsClientParameters();
SecureRandomParameters srp = null;
KeyManagersType kmt = null;
TrustManagersType tmt = null;
boolean enableRevocation = false;
while (keys.hasMoreElements()) {
String k = keys.nextElement();
if (k.startsWith("tlsClientParameters.")) {
if (p == null) {
p = new TLSClientParameters();
c.setTlsClientParameters(p);
}
String v = d.get(k);
k = k.substring("tlsClientParameters.".length());
if ("secureSocketProtocol".equals(k)) {
p.setSecureSocketProtocol(v);
} else if ("sslCacheTimeout".equals(k)) {
p.setSslCacheTimeout(Integer.parseInt(v));
} else if ("jsseProvider".equals(k)) {
p.setJsseProvider(v);
} else if ("disableCNCheck".equals(k)) {
p.setDisableCNCheck(Boolean.parseBoolean(v));
} else if ("useHttpsURLConnectionDefaultHostnameVerifier".equals(k)) {
p.setUseHttpsURLConnectionDefaultHostnameVerifier(Boolean.parseBoolean(v));
} else if ("useHttpsURLConnectionDefaultSslSocketFactory".equals(k)) {
p.setUseHttpsURLConnectionDefaultSslSocketFactory(Boolean.parseBoolean(v));
} else if ("enableRevocation".equals(k)) {
enableRevocation = Boolean.parseBoolean(v);
} else if (k.startsWith("certConstraints.")) {
parseCertConstaints(p, k, v);
} else if (k.startsWith("secureRandomParameters.")) {
k = k.substring("secureRandomParameters.".length());
if (srp == null) {
srp = new SecureRandomParameters();
}
if ("algorithm".equals(k)) {
srp.setAlgorithm(v);
} else if ("provider".equals(k)) {
srp.setProvider(v);
}
} else if (k.startsWith("cipherSuitesFilter.")) {
k = k.substring("cipherSuitesFilter.".length());
StringTokenizer st = new StringTokenizer(v, ",");
FiltersType ft = p.getCipherSuitesFilter();
if (ft == null) {
ft = new FiltersType();
p.setCipherSuitesFilter(ft);
}
List<String> lst = "include".equals(k) ? ft.getInclude() : ft.getExclude();
while (st.hasMoreTokens()) {
lst.add(st.nextToken());
}
} else if (k.startsWith("cipherSuites")) {
StringTokenizer st = new StringTokenizer(v, ",");
while (st.hasMoreTokens()) {
p.getCipherSuites().add(st.nextToken());
}
} else if (k.startsWith("trustManagers.")) {
tmt = getTrustManagers(tmt, k.substring("trustManagers.".length()), v);
} else if (k.startsWith("keyManagers.")) {
kmt = getKeyManagers(kmt, k.substring("keyManagers.".length()), v);
}
}
}
try {
if (srp != null) {
p.setSecureRandom(TLSParameterJaxBUtils.getSecureRandom(srp));
}
if (kmt != null) {
p.setKeyManagers(TLSParameterJaxBUtils.getKeyManagers(kmt));
}
if (tmt != null) {
p.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt, enableRevocation));
}
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
use of org.apache.cxf.configuration.security.FiltersType in project cxf by apache.
the class HttpConduitConfigurationTest method verifyConduit.
private void verifyConduit(HTTPConduit conduit) {
AuthorizationPolicy authp = conduit.getAuthorization();
assertNotNull(authp);
assertEquals("Betty", authp.getUserName());
assertEquals("password", authp.getPassword());
TLSClientParameters tlscps = conduit.getTlsClientParameters();
assertNotNull(tlscps);
assertTrue(tlscps.isDisableCNCheck());
assertEquals(3600000, tlscps.getSslCacheTimeout());
KeyManager[] kms = tlscps.getKeyManagers();
assertTrue(kms != null && kms.length == 1);
assertTrue(kms[0] instanceof X509KeyManager);
TrustManager[] tms = tlscps.getTrustManagers();
assertTrue(tms != null && tms.length == 1);
assertTrue(tms[0] instanceof X509TrustManager);
FiltersType csfs = tlscps.getCipherSuitesFilter();
assertNotNull(csfs);
assertEquals(5, csfs.getInclude().size());
assertEquals(1, csfs.getExclude().size());
HTTPClientPolicy clientPolicy = conduit.getClient();
assertEquals(10240, clientPolicy.getChunkLength());
}
use of org.apache.cxf.configuration.security.FiltersType in project cxf by apache.
the class HTTPUndertowTransportActivator method configureCipherSuitesFilter.
private void configureCipherSuitesFilter(TLSServerParameters p, String k, String v) {
k = k.substring("cipherSuitesFilter.".length());
StringTokenizer st = new StringTokenizer(v, ",");
FiltersType ft = p.getCipherSuitesFilter();
if (ft == null) {
ft = new FiltersType();
p.setCipherSuitesFilter(ft);
}
List<String> lst = "include".equals(k) ? ft.getInclude() : ft.getExclude();
while (st.hasMoreTokens()) {
lst.add(st.nextToken());
}
}
use of org.apache.cxf.configuration.security.FiltersType in project cxf by apache.
the class HTTPJettyTransportActivator method configureCipherSuitesFilter.
private void configureCipherSuitesFilter(TLSServerParameters p, String k, String v) {
k = k.substring("cipherSuitesFilter.".length());
StringTokenizer st = new StringTokenizer(v, ",");
FiltersType ft = p.getCipherSuitesFilter();
if (ft == null) {
ft = new FiltersType();
p.setCipherSuitesFilter(ft);
}
List<String> lst = "include".equals(k) ? ft.getInclude() : ft.getExclude();
while (st.hasMoreTokens()) {
lst.add(st.nextToken());
}
}
Aggregations