use of org.apache.cxf.configuration.security.TrustManagersType in project cxf by apache.
the class HTTPJettyTransportActivator method createTlsServerParameters.
private TLSServerParameters createTlsServerParameters(Dictionary<String, ?> d) {
Enumeration<String> keys = d.keys();
TLSServerParameters p = null;
SecureRandomParameters srp = null;
KeyManagersType kmt = null;
TrustManagersType tmt = null;
boolean enableRevocation = false;
while (keys.hasMoreElements()) {
String k = keys.nextElement();
if (k.startsWith("tlsServerParameters.")) {
if (p == null) {
p = new TLSServerParameters();
}
String v = (String) d.get(k);
k = k.substring("tlsServerParameters.".length());
if ("secureSocketProtocol".equals(k)) {
p.setSecureSocketProtocol(v);
} else if ("jsseProvider".equals(k)) {
p.setJsseProvider(v);
} else if ("certAlias".equals(k)) {
p.setCertAlias(v);
} else if ("clientAuthentication.want".equals(k)) {
if (p.getClientAuthentication() == null) {
p.setClientAuthentication(new ClientAuthentication());
}
p.getClientAuthentication().setWant(Boolean.parseBoolean(v));
} else if ("clientAuthentication.required".equals(k)) {
if (p.getClientAuthentication() == null) {
p.setClientAuthentication(new ClientAuthentication());
}
p.getClientAuthentication().setRequired(Boolean.parseBoolean(v));
} else if ("enableRevocation".equals(k)) {
enableRevocation = Boolean.parseBoolean(v);
} else if (k.startsWith("certConstraints.")) {
configureCertConstraints(p, k, v);
} else if (k.startsWith("secureRandomParameters.")) {
srp = configureSecureRandom(srp, k, v);
} else if (k.startsWith("cipherSuitesFilter.")) {
configureCipherSuitesFilter(p, k, v);
} else if (k.startsWith("cipherSuites")) {
StringTokenizer st = new StringTokenizer(v, ",");
while (st.hasMoreTokens()) {
p.getCipherSuites().add(st.nextToken());
}
} else if (k.startsWith("excludeProtocols")) {
StringTokenizer st = new StringTokenizer(v, ",");
while (st.hasMoreTokens()) {
p.getExcludeProtocols().add(st.nextToken());
}
} else if (k.startsWith("trustManagers.")) {
tmt = getTrustManagers(tmt, k.substring("trustManagers.".length()), v);
} else if (k.startsWith("keyManagers.")) {
kmt = getKeyManagers(kmt, k.substring("keyManagers.".length()), v);
}
}
}
try {
if (srp != null) {
p.setSecureRandom(TLSParameterJaxBUtils.getSecureRandom(srp));
}
if (kmt != null) {
p.setKeyManagers(TLSParameterJaxBUtils.getKeyManagers(kmt));
}
if (tmt != null) {
p.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt, enableRevocation));
}
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw new RuntimeException(e);
}
return p;
}
use of org.apache.cxf.configuration.security.TrustManagersType in project cxf by apache.
the class HttpConduitConfigApplier method applyTlsClientParameters.
private void applyTlsClientParameters(Dictionary<String, String> d, HTTPConduit c) {
Enumeration<String> keys = d.keys();
TLSClientParameters p = c.getTlsClientParameters();
SecureRandomParameters srp = null;
KeyManagersType kmt = null;
TrustManagersType tmt = null;
boolean enableRevocation = false;
while (keys.hasMoreElements()) {
String k = keys.nextElement();
if (k.startsWith("tlsClientParameters.")) {
if (p == null) {
p = new TLSClientParameters();
c.setTlsClientParameters(p);
}
String v = d.get(k);
k = k.substring("tlsClientParameters.".length());
if ("secureSocketProtocol".equals(k)) {
p.setSecureSocketProtocol(v);
} else if ("sslCacheTimeout".equals(k)) {
p.setSslCacheTimeout(Integer.parseInt(v));
} else if ("jsseProvider".equals(k)) {
p.setJsseProvider(v);
} else if ("disableCNCheck".equals(k)) {
p.setDisableCNCheck(Boolean.parseBoolean(v));
} else if ("useHttpsURLConnectionDefaultHostnameVerifier".equals(k)) {
p.setUseHttpsURLConnectionDefaultHostnameVerifier(Boolean.parseBoolean(v));
} else if ("useHttpsURLConnectionDefaultSslSocketFactory".equals(k)) {
p.setUseHttpsURLConnectionDefaultSslSocketFactory(Boolean.parseBoolean(v));
} else if ("enableRevocation".equals(k)) {
enableRevocation = Boolean.parseBoolean(v);
} else if (k.startsWith("certConstraints.")) {
parseCertConstaints(p, k, v);
} else if (k.startsWith("secureRandomParameters.")) {
k = k.substring("secureRandomParameters.".length());
if (srp == null) {
srp = new SecureRandomParameters();
}
if ("algorithm".equals(k)) {
srp.setAlgorithm(v);
} else if ("provider".equals(k)) {
srp.setProvider(v);
}
} else if (k.startsWith("cipherSuitesFilter.")) {
k = k.substring("cipherSuitesFilter.".length());
StringTokenizer st = new StringTokenizer(v, ",");
FiltersType ft = p.getCipherSuitesFilter();
if (ft == null) {
ft = new FiltersType();
p.setCipherSuitesFilter(ft);
}
List<String> lst = "include".equals(k) ? ft.getInclude() : ft.getExclude();
while (st.hasMoreTokens()) {
lst.add(st.nextToken());
}
} else if (k.startsWith("cipherSuites")) {
StringTokenizer st = new StringTokenizer(v, ",");
while (st.hasMoreTokens()) {
p.getCipherSuites().add(st.nextToken());
}
} else if (k.startsWith("trustManagers.")) {
tmt = getTrustManagers(tmt, k.substring("trustManagers.".length()), v);
} else if (k.startsWith("keyManagers.")) {
kmt = getKeyManagers(kmt, k.substring("keyManagers.".length()), v);
}
}
}
try {
if (srp != null) {
p.setSecureRandom(TLSParameterJaxBUtils.getSecureRandom(srp));
}
if (kmt != null) {
p.setKeyManagers(TLSParameterJaxBUtils.getKeyManagers(kmt));
}
if (tmt != null) {
p.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt, enableRevocation));
}
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
use of org.apache.cxf.configuration.security.TrustManagersType in project cxf by apache.
the class HTTPUndertowTransportActivator method createTlsServerParameters.
private TLSServerParameters createTlsServerParameters(Dictionary<String, ?> d) {
Enumeration<String> keys = d.keys();
TLSServerParameters p = null;
SecureRandomParameters srp = null;
KeyManagersType kmt = null;
TrustManagersType tmt = null;
boolean enableRevocation = false;
while (keys.hasMoreElements()) {
String k = keys.nextElement();
if (k.startsWith("tlsServerParameters.")) {
if (p == null) {
p = new TLSServerParameters();
}
String v = (String) d.get(k);
k = k.substring("tlsServerParameters.".length());
if ("secureSocketProtocol".equals(k)) {
p.setSecureSocketProtocol(v);
} else if ("jsseProvider".equals(k)) {
p.setJsseProvider(v);
} else if ("certAlias".equals(k)) {
p.setCertAlias(v);
} else if ("enableRevocation".equals(k)) {
enableRevocation = Boolean.parseBoolean(v);
} else if ("clientAuthentication.want".equals(k)) {
if (p.getClientAuthentication() == null) {
p.setClientAuthentication(new ClientAuthentication());
}
p.getClientAuthentication().setWant(Boolean.parseBoolean(v));
} else if ("clientAuthentication.required".equals(k)) {
if (p.getClientAuthentication() == null) {
p.setClientAuthentication(new ClientAuthentication());
}
p.getClientAuthentication().setRequired(Boolean.parseBoolean(v));
} else if (k.startsWith("certConstraints.")) {
configureCertConstraints(p, k, v);
} else if (k.startsWith("secureRandomParameters.")) {
srp = configureSecureRandom(srp, k, v);
} else if (k.startsWith("cipherSuitesFilter.")) {
configureCipherSuitesFilter(p, k, v);
} else if (k.startsWith("cipherSuites")) {
StringTokenizer st = new StringTokenizer(v, ",");
while (st.hasMoreTokens()) {
p.getCipherSuites().add(st.nextToken());
}
} else if (k.startsWith("excludeProtocols")) {
StringTokenizer st = new StringTokenizer(v, ",");
while (st.hasMoreTokens()) {
p.getExcludeProtocols().add(st.nextToken());
}
} else if (k.startsWith("trustManagers.")) {
tmt = getTrustManagers(tmt, k.substring("trustManagers.".length()), v);
} else if (k.startsWith("keyManagers.")) {
kmt = getKeyManagers(kmt, k.substring("keyManagers.".length()), v);
}
}
}
try {
if (srp != null) {
p.setSecureRandom(TLSParameterJaxBUtils.getSecureRandom(srp));
}
if (kmt != null) {
p.setKeyManagers(TLSParameterJaxBUtils.getKeyManagers(kmt));
}
if (tmt != null) {
p.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt, enableRevocation));
}
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw new RuntimeException(e);
}
return p;
}
Aggregations