Examples with MessageTrustDecider - org.apache.cxf.transport.http.MessageTrustDecider

Example 1 with MessageTrustDecider

use of org.apache.cxf.transport.http.MessageTrustDecider in project cxf by apache.

the class CertConstraintsInterceptor method handleMessage.

public void handleMessage(Message message) throws Fault {
    final CertConstraints certConstraints = (CertConstraints) message.getContextualProperty(CertConstraints.class.getName());
    if (certConstraints == null) {
        return;
    }
    if (isRequestor(message)) {
        try {
            String scheme = (String) message.get("http.scheme");
            if ("https".equals(scheme)) {
                final MessageTrustDecider orig = message.get(MessageTrustDecider.class);
                MessageTrustDecider trust = new HttpsMessageTrustDecider(certConstraints, orig);
                message.put(MessageTrustDecider.class, trust);
            } else {
                throw new UntrustedURLConnectionIOException("TLS is not in use");
            }
        } catch (UntrustedURLConnectionIOException ex) {
            throw new Fault(ex);
        }
    } else {
        try {
            TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
            final Certificate[] certs = tlsInfo.getPeerCertificates();
            if (certs == null || certs.length == 0) {
                throw new UntrustedURLConnectionIOException("No client certificates were found");
            }
            X509Certificate[] x509Certs = (X509Certificate[]) certs;
            if (!certConstraints.matches(x509Certs[0])) {
                throw new UntrustedURLConnectionIOException("The client certificate does not match the defined cert constraints");
            }
        } catch (UntrustedURLConnectionIOException ex) {
            throw new Fault(ex);
        }
    }
}

Also used : UntrustedURLConnectionIOException(org.apache.cxf.transport.http.UntrustedURLConnectionIOException) Fault(org.apache.cxf.interceptor.Fault) MessageTrustDecider(org.apache.cxf.transport.http.MessageTrustDecider) TLSSessionInfo(org.apache.cxf.security.transport.TLSSessionInfo) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 2 with MessageTrustDecider

use of org.apache.cxf.transport.http.MessageTrustDecider in project ddf by codice.

the class OutgoingSubjectRetrievalInterceptor method handleMessage.

@Override
public void handleMessage(Message message) throws Fault {
    if (this.isRequestor(message) && "https".equals(message.get("http.scheme"))) {
        MessageTrustDecider originalTrustDecider = message.get(MessageTrustDecider.class);
        ReceiverTrustDecider receiverTrustDecider = new ReceiverTrustDecider(originalTrustDecider);
        message.put(MessageTrustDecider.class, receiverTrustDecider);
        message.getInterceptorChain().add(ending);
    }
}

Also used : MessageTrustDecider(org.apache.cxf.transport.http.MessageTrustDecider)

Aggregations

MessageTrustDecider (org.apache.cxf.transport.http.MessageTrustDecider)2 Certificate (java.security.cert.Certificate)1 X509Certificate (java.security.cert.X509Certificate)1 Fault (org.apache.cxf.interceptor.Fault)1 TLSSessionInfo (org.apache.cxf.security.transport.TLSSessionInfo)1 UntrustedURLConnectionIOException (org.apache.cxf.transport.http.UntrustedURLConnectionIOException)1