Example 6 with HTTPClientPolicy
use of org.apache.cxf.transports.http.configuration.HTTPClientPolicy in project ddf by codice.
the class SecureCxfClientFactory method configureTimeouts.
/**
* Configures the connection and receive timeouts. If any of the parameters are null, the timeouts
* will be set to the system default.
*
* @param clientConfiguration Client configuration used for outgoing requests.
* @param connectionTimeout Connection timeout in milliseconds.
* @param receiveTimeout Receive timeout in milliseconds.
*/
protected void configureTimeouts(ClientConfiguration clientConfiguration, Integer connectionTimeout, Integer receiveTimeout) {
HTTPConduit httpConduit = clientConfiguration.getHttpConduit();
if (httpConduit == null) {
LOGGER.info("HTTPConduit was null for {}. Unable to configure timeouts", this);
return;
}
HTTPClientPolicy httpClientPolicy = httpConduit.getClient();
if (httpClientPolicy == null) {
httpClientPolicy = new HTTPClientPolicy();
}
if (connectionTimeout != null) {
httpClientPolicy.setConnectionTimeout(connectionTimeout);
} else {
httpClientPolicy.setConnectionTimeout(DEFAULT_CONNECTION_TIMEOUT);
}
if (receiveTimeout != null) {
httpClientPolicy.setReceiveTimeout(receiveTimeout);
} else {
httpClientPolicy.setReceiveTimeout(DEFAULT_RECEIVE_TIMEOUT);
}
if (httpClientPolicy.isSetConnectionTimeout()) {
LOGGER.debug("Connection timeout has been set.");
} else {
LOGGER.debug("Connection timeout has NOT been set.");
}
if (httpClientPolicy.isSetReceiveTimeout()) {
LOGGER.debug("Receive timeout has been set.");
} else {
LOGGER.debug("Receive timeout has NOT been set.");
}
httpConduit.setClient(httpClientPolicy);
}
Also used :
HTTPConduit(org.apache.cxf.transport.http.HTTPConduit)
HTTPClientPolicy(org.apache.cxf.transports.http.configuration.HTTPClientPolicy)
Example 7 with HTTPClientPolicy
use of org.apache.cxf.transports.http.configuration.HTTPClientPolicy in project ddf by codice.
the class SecureCxfClientFactory method configureConduit.
private void configureConduit(ClientConfiguration clientConfig) {
HTTPConduit httpConduit = clientConfig.getHttpConduit();
if (httpConduit == null) {
LOGGER.info("HTTPConduit was null for {}. Unable to configure security.", this);
return;
}
if (allowRedirects) {
HTTPClientPolicy clientPolicy = httpConduit.getClient();
if (clientPolicy != null) {
clientPolicy.setAutoRedirect(true);
Bus bus = clientConfig.getBus();
if (bus != null) {
bus.getProperties().put("http.redirect.relative.uri", true);
}
}
}
TLSClientParameters tlsParams = httpConduit.getTlsClientParameters();
if (tlsParams == null) {
tlsParams = new TLSClientParameters();
}
tlsParams.setDisableCNCheck(disableCnCheck);
tlsParams.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
tlsParams.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
String cipherSuites = System.getProperty("https.cipherSuites");
if (cipherSuites != null) {
tlsParams.setCipherSuites(Arrays.asList(cipherSuites.split(",")));
}
KeyStore keyStore = null;
KeyStore trustStore = null;
try {
keyStore = SecurityConstants.newKeystore();
trustStore = SecurityConstants.newTruststore();
} catch (KeyStoreException e) {
LOGGER.debug("Unable to create keystore instance of type {}", System.getProperty(SecurityConstants.KEYSTORE_TYPE), e);
}
Path keyStoreFile = Paths.get(SecurityConstants.getKeystorePath());
Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath());
String ddfHome = System.getProperty("ddf.home");
if (ddfHome != null) {
Path ddfHomePath = Paths.get(ddfHome);
if (!keyStoreFile.isAbsolute()) {
keyStoreFile = Paths.get(ddfHomePath.toString(), keyStoreFile.toString());
}
if (!trustStoreFile.isAbsolute()) {
trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString());
}
}
String keyStorePassword = SecurityConstants.getKeystorePassword();
String trustStorePassword = SecurityConstants.getTruststorePassword();
if (!Files.isReadable(keyStoreFile) || !Files.isReadable(trustStoreFile)) {
LOGGER.debug("Unable to read system key/trust store files: [ {} ] [ {} ]", keyStoreFile, trustStoreFile);
return;
}
try (InputStream kfis = Files.newInputStream(keyStoreFile)) {
if (keyStore != null) {
keyStore.load(kfis, keyStorePassword.toCharArray());
}
} catch (NoSuchAlgorithmException | CertificateException | IOException e) {
LOGGER.debug("Unable to load system key file.", e);
}
try (InputStream tfis = Files.newInputStream(trustStoreFile)) {
if (trustStore != null) {
trustStore.load(tfis, trustStorePassword.toCharArray());
}
} catch (NoSuchAlgorithmException | CertificateException | IOException e) {
LOGGER.debug("Unable to load system trust file.", e);
}
try {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
tlsParams.setKeyManagers(keyManagerFactory.getKeyManagers());
} catch (NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e) {
LOGGER.debug("Unable to initialize KeyManagerFactory.", e);
}
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
tlsParams.setTrustManagers(trustManagerFactory.getTrustManagers());
} catch (NoSuchAlgorithmException | KeyStoreException e) {
LOGGER.debug("Unable to initialize TrustManagerFactory.", e);
}
tlsParams.setCertAlias(SystemBaseUrl.getHost());
httpConduit.setTlsClientParameters(tlsParams);
}
Also used :
Path(java.nio.file.Path)
Bus(org.apache.cxf.Bus)
TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters)
InputStream(java.io.InputStream)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
HTTPConduit(org.apache.cxf.transport.http.HTTPConduit)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
HTTPClientPolicy(org.apache.cxf.transports.http.configuration.HTTPClientPolicy)
Aggregations
HTTPClientPolicy (org.apache.cxf.transports.http.configuration.HTTPClientPolicy)7
HTTPConduit (org.apache.cxf.transport.http.HTTPConduit)6
ModelPortType (com.evolveum.midpoint.xml.ns._public.model.model_3.ModelPortType)2
ModelService (com.evolveum.midpoint.xml.ns._public.model.model_3.ModelService)2
BindingProvider (javax.xml.ws.BindingProvider)2
Client (org.apache.cxf.endpoint.Client)2
LoggingInInterceptor (org.apache.cxf.interceptor.LoggingInInterceptor)2
LoggingOutInterceptor (org.apache.cxf.interceptor.LoggingOutInterceptor)2
WSS4JOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)2
ClientPasswordHandler (com.evolveum.midpoint.cli.ninja.util.ClientPasswordHandler)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
Path (java.nio.file.Path)1
KeyStore (java.security.KeyStore)1
KeyStoreException (java.security.KeyStoreException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
UnrecoverableKeyException (java.security.UnrecoverableKeyException)1
CertificateException (java.security.cert.CertificateException)1
HashMap (java.util.HashMap)1
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)1
