Search in sources :

Example 1 with KeyManagersType

use of org.apache.cxf.configuration.security.KeyManagersType in project cxf by apache.

the class HTTPJettyTransportActivator method createTlsServerParameters.

private TLSServerParameters createTlsServerParameters(Dictionary<String, ?> d) {
    Enumeration<String> keys = d.keys();
    TLSServerParameters p = null;
    SecureRandomParameters srp = null;
    KeyManagersType kmt = null;
    TrustManagersType tmt = null;
    boolean enableRevocation = false;
    while (keys.hasMoreElements()) {
        String k = keys.nextElement();
        if (k.startsWith("tlsServerParameters.")) {
            if (p == null) {
                p = new TLSServerParameters();
            }
            String v = (String) d.get(k);
            k = k.substring("tlsServerParameters.".length());
            if ("secureSocketProtocol".equals(k)) {
                p.setSecureSocketProtocol(v);
            } else if ("jsseProvider".equals(k)) {
                p.setJsseProvider(v);
            } else if ("certAlias".equals(k)) {
                p.setCertAlias(v);
            } else if ("clientAuthentication.want".equals(k)) {
                if (p.getClientAuthentication() == null) {
                    p.setClientAuthentication(new ClientAuthentication());
                }
                p.getClientAuthentication().setWant(Boolean.parseBoolean(v));
            } else if ("clientAuthentication.required".equals(k)) {
                if (p.getClientAuthentication() == null) {
                    p.setClientAuthentication(new ClientAuthentication());
                }
                p.getClientAuthentication().setRequired(Boolean.parseBoolean(v));
            } else if ("enableRevocation".equals(k)) {
                enableRevocation = Boolean.parseBoolean(v);
            } else if (k.startsWith("certConstraints.")) {
                configureCertConstraints(p, k, v);
            } else if (k.startsWith("secureRandomParameters.")) {
                srp = configureSecureRandom(srp, k, v);
            } else if (k.startsWith("cipherSuitesFilter.")) {
                configureCipherSuitesFilter(p, k, v);
            } else if (k.startsWith("cipherSuites")) {
                StringTokenizer st = new StringTokenizer(v, ",");
                while (st.hasMoreTokens()) {
                    p.getCipherSuites().add(st.nextToken());
                }
            } else if (k.startsWith("excludeProtocols")) {
                StringTokenizer st = new StringTokenizer(v, ",");
                while (st.hasMoreTokens()) {
                    p.getExcludeProtocols().add(st.nextToken());
                }
            } else if (k.startsWith("trustManagers.")) {
                tmt = getTrustManagers(tmt, k.substring("trustManagers.".length()), v);
            } else if (k.startsWith("keyManagers.")) {
                kmt = getKeyManagers(kmt, k.substring("keyManagers.".length()), v);
            }
        }
    }
    try {
        if (srp != null) {
            p.setSecureRandom(TLSParameterJaxBUtils.getSecureRandom(srp));
        }
        if (kmt != null) {
            p.setKeyManagers(TLSParameterJaxBUtils.getKeyManagers(kmt));
        }
        if (tmt != null) {
            p.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt, enableRevocation));
        }
    } catch (RuntimeException e) {
        throw e;
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    return p;
}
Also used : KeyManagersType(org.apache.cxf.configuration.security.KeyManagersType) StringTokenizer(java.util.StringTokenizer) SecureRandomParameters(org.apache.cxf.configuration.security.SecureRandomParameters) TrustManagersType(org.apache.cxf.configuration.security.TrustManagersType) ClientAuthentication(org.apache.cxf.configuration.security.ClientAuthentication) TLSServerParameters(org.apache.cxf.configuration.jsse.TLSServerParameters) GeneralSecurityException(java.security.GeneralSecurityException) ConfigurationException(org.osgi.service.cm.ConfigurationException) IOException(java.io.IOException)

Example 2 with KeyManagersType

use of org.apache.cxf.configuration.security.KeyManagersType in project cxf by apache.

the class HttpConduitConfigApplier method applyTlsClientParameters.

private void applyTlsClientParameters(Dictionary<String, String> d, HTTPConduit c) {
    Enumeration<String> keys = d.keys();
    TLSClientParameters p = c.getTlsClientParameters();
    SecureRandomParameters srp = null;
    KeyManagersType kmt = null;
    TrustManagersType tmt = null;
    boolean enableRevocation = false;
    while (keys.hasMoreElements()) {
        String k = keys.nextElement();
        if (k.startsWith("tlsClientParameters.")) {
            if (p == null) {
                p = new TLSClientParameters();
                c.setTlsClientParameters(p);
            }
            String v = d.get(k);
            k = k.substring("tlsClientParameters.".length());
            if ("secureSocketProtocol".equals(k)) {
                p.setSecureSocketProtocol(v);
            } else if ("sslCacheTimeout".equals(k)) {
                p.setSslCacheTimeout(Integer.parseInt(v));
            } else if ("jsseProvider".equals(k)) {
                p.setJsseProvider(v);
            } else if ("disableCNCheck".equals(k)) {
                p.setDisableCNCheck(Boolean.parseBoolean(v));
            } else if ("useHttpsURLConnectionDefaultHostnameVerifier".equals(k)) {
                p.setUseHttpsURLConnectionDefaultHostnameVerifier(Boolean.parseBoolean(v));
            } else if ("useHttpsURLConnectionDefaultSslSocketFactory".equals(k)) {
                p.setUseHttpsURLConnectionDefaultSslSocketFactory(Boolean.parseBoolean(v));
            } else if ("enableRevocation".equals(k)) {
                enableRevocation = Boolean.parseBoolean(v);
            } else if (k.startsWith("certConstraints.")) {
                parseCertConstaints(p, k, v);
            } else if (k.startsWith("secureRandomParameters.")) {
                k = k.substring("secureRandomParameters.".length());
                if (srp == null) {
                    srp = new SecureRandomParameters();
                }
                if ("algorithm".equals(k)) {
                    srp.setAlgorithm(v);
                } else if ("provider".equals(k)) {
                    srp.setProvider(v);
                }
            } else if (k.startsWith("cipherSuitesFilter.")) {
                k = k.substring("cipherSuitesFilter.".length());
                StringTokenizer st = new StringTokenizer(v, ",");
                FiltersType ft = p.getCipherSuitesFilter();
                if (ft == null) {
                    ft = new FiltersType();
                    p.setCipherSuitesFilter(ft);
                }
                List<String> lst = "include".equals(k) ? ft.getInclude() : ft.getExclude();
                while (st.hasMoreTokens()) {
                    lst.add(st.nextToken());
                }
            } else if (k.startsWith("cipherSuites")) {
                StringTokenizer st = new StringTokenizer(v, ",");
                while (st.hasMoreTokens()) {
                    p.getCipherSuites().add(st.nextToken());
                }
            } else if (k.startsWith("trustManagers.")) {
                tmt = getTrustManagers(tmt, k.substring("trustManagers.".length()), v);
            } else if (k.startsWith("keyManagers.")) {
                kmt = getKeyManagers(kmt, k.substring("keyManagers.".length()), v);
            }
        }
    }
    try {
        if (srp != null) {
            p.setSecureRandom(TLSParameterJaxBUtils.getSecureRandom(srp));
        }
        if (kmt != null) {
            p.setKeyManagers(TLSParameterJaxBUtils.getKeyManagers(kmt));
        }
        if (tmt != null) {
            p.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt, enableRevocation));
        }
    } catch (RuntimeException e) {
        throw e;
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) KeyManagersType(org.apache.cxf.configuration.security.KeyManagersType) StringTokenizer(java.util.StringTokenizer) SecureRandomParameters(org.apache.cxf.configuration.security.SecureRandomParameters) TrustManagersType(org.apache.cxf.configuration.security.TrustManagersType) List(java.util.List) FiltersType(org.apache.cxf.configuration.security.FiltersType)

Example 3 with KeyManagersType

use of org.apache.cxf.configuration.security.KeyManagersType in project cxf by apache.

the class HTTPUndertowTransportActivator method createTlsServerParameters.

private TLSServerParameters createTlsServerParameters(Dictionary<String, ?> d) {
    Enumeration<String> keys = d.keys();
    TLSServerParameters p = null;
    SecureRandomParameters srp = null;
    KeyManagersType kmt = null;
    TrustManagersType tmt = null;
    boolean enableRevocation = false;
    while (keys.hasMoreElements()) {
        String k = keys.nextElement();
        if (k.startsWith("tlsServerParameters.")) {
            if (p == null) {
                p = new TLSServerParameters();
            }
            String v = (String) d.get(k);
            k = k.substring("tlsServerParameters.".length());
            if ("secureSocketProtocol".equals(k)) {
                p.setSecureSocketProtocol(v);
            } else if ("jsseProvider".equals(k)) {
                p.setJsseProvider(v);
            } else if ("certAlias".equals(k)) {
                p.setCertAlias(v);
            } else if ("enableRevocation".equals(k)) {
                enableRevocation = Boolean.parseBoolean(v);
            } else if ("clientAuthentication.want".equals(k)) {
                if (p.getClientAuthentication() == null) {
                    p.setClientAuthentication(new ClientAuthentication());
                }
                p.getClientAuthentication().setWant(Boolean.parseBoolean(v));
            } else if ("clientAuthentication.required".equals(k)) {
                if (p.getClientAuthentication() == null) {
                    p.setClientAuthentication(new ClientAuthentication());
                }
                p.getClientAuthentication().setRequired(Boolean.parseBoolean(v));
            } else if (k.startsWith("certConstraints.")) {
                configureCertConstraints(p, k, v);
            } else if (k.startsWith("secureRandomParameters.")) {
                srp = configureSecureRandom(srp, k, v);
            } else if (k.startsWith("cipherSuitesFilter.")) {
                configureCipherSuitesFilter(p, k, v);
            } else if (k.startsWith("cipherSuites")) {
                StringTokenizer st = new StringTokenizer(v, ",");
                while (st.hasMoreTokens()) {
                    p.getCipherSuites().add(st.nextToken());
                }
            } else if (k.startsWith("excludeProtocols")) {
                StringTokenizer st = new StringTokenizer(v, ",");
                while (st.hasMoreTokens()) {
                    p.getExcludeProtocols().add(st.nextToken());
                }
            } else if (k.startsWith("trustManagers.")) {
                tmt = getTrustManagers(tmt, k.substring("trustManagers.".length()), v);
            } else if (k.startsWith("keyManagers.")) {
                kmt = getKeyManagers(kmt, k.substring("keyManagers.".length()), v);
            }
        }
    }
    try {
        if (srp != null) {
            p.setSecureRandom(TLSParameterJaxBUtils.getSecureRandom(srp));
        }
        if (kmt != null) {
            p.setKeyManagers(TLSParameterJaxBUtils.getKeyManagers(kmt));
        }
        if (tmt != null) {
            p.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt, enableRevocation));
        }
    } catch (RuntimeException e) {
        throw e;
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    return p;
}
Also used : KeyManagersType(org.apache.cxf.configuration.security.KeyManagersType) StringTokenizer(java.util.StringTokenizer) SecureRandomParameters(org.apache.cxf.configuration.security.SecureRandomParameters) TrustManagersType(org.apache.cxf.configuration.security.TrustManagersType) ClientAuthentication(org.apache.cxf.configuration.security.ClientAuthentication) TLSServerParameters(org.apache.cxf.configuration.jsse.TLSServerParameters) GeneralSecurityException(java.security.GeneralSecurityException) ConfigurationException(org.osgi.service.cm.ConfigurationException) IOException(java.io.IOException)

Aggregations

StringTokenizer (java.util.StringTokenizer)3 KeyManagersType (org.apache.cxf.configuration.security.KeyManagersType)3 SecureRandomParameters (org.apache.cxf.configuration.security.SecureRandomParameters)3 TrustManagersType (org.apache.cxf.configuration.security.TrustManagersType)3 IOException (java.io.IOException)2 GeneralSecurityException (java.security.GeneralSecurityException)2 TLSServerParameters (org.apache.cxf.configuration.jsse.TLSServerParameters)2 ClientAuthentication (org.apache.cxf.configuration.security.ClientAuthentication)2 ConfigurationException (org.osgi.service.cm.ConfigurationException)2 List (java.util.List)1 TLSClientParameters (org.apache.cxf.configuration.jsse.TLSClientParameters)1 FiltersType (org.apache.cxf.configuration.security.FiltersType)1