Search in sources :

Example 1 with RevocationVerificationManager

use of org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager in project wso2-synapse by wso2.

the class ClientConnFactoryBuilder method parseSSL.

public ClientConnFactoryBuilder parseSSL() throws AxisFault {
    Parameter keyParam = transportOut.getParameter("keystore");
    Parameter trustParam = transportOut.getParameter("truststore");
    Parameter httpsProtocolsParam = transportOut.getParameter("HttpsProtocols");
    Parameter preferredCiphersParam = transportOut.getParameter(NhttpConstants.PREFERRED_CIPHERS);
    OMElement ksEle = null;
    OMElement tsEle = null;
    if (keyParam != null) {
        ksEle = keyParam.getParameterElement().getFirstElement();
    }
    boolean novalidatecert = ParamUtils.getOptionalParamBoolean(transportOut, "novalidatecert", false);
    if (trustParam != null) {
        if (novalidatecert) {
            if (log.isWarnEnabled()) {
                log.warn(name + " Ignoring novalidatecert parameter since a truststore has been specified");
            }
        }
        tsEle = trustParam.getParameterElement().getFirstElement();
    }
    SSLContext sslContext = createSSLContext(ksEle, tsEle, novalidatecert);
    final Parameter hvp = transportOut.getParameter("HostnameVerifier");
    final String hvs = hvp != null ? hvp.getValue().toString() : null;
    final X509HostnameVerifier hostnameVerifier;
    if ("Strict".equalsIgnoreCase(hvs)) {
        hostnameVerifier = ClientSSLSetupHandler.STRICT;
    } else if ("AllowAll".equalsIgnoreCase(hvs)) {
        hostnameVerifier = ClientSSLSetupHandler.ALLOW_ALL;
    } else if ("DefaultAndLocalhost".equalsIgnoreCase(hvs)) {
        hostnameVerifier = ClientSSLSetupHandler.DEFAULT_AND_LOCALHOST;
    } else {
        hostnameVerifier = ClientSSLSetupHandler.DEFAULT;
    }
    final Parameter cvp = transportOut.getParameter("CertificateRevocationVerifier");
    final String cvEnable = cvp != null ? cvp.getParameterElement().getAttribute(new QName("enable")).getAttributeValue() : null;
    RevocationVerificationManager revocationVerifier = null;
    if ("true".equalsIgnoreCase(cvEnable)) {
        String cacheSizeString = cvp.getParameterElement().getFirstChildWithName(new QName("CacheSize")).getText();
        String cacheDelayString = cvp.getParameterElement().getFirstChildWithName(new QName("CacheDelay")).getText();
        Integer cacheSize = null;
        Integer cacheDelay = null;
        try {
            cacheSize = new Integer(cacheSizeString);
            cacheDelay = new Integer(cacheDelayString);
        } catch (NumberFormatException e) {
        }
        revocationVerifier = new RevocationVerificationManager(cacheSize, cacheDelay);
    }
    // Process HttpProtocols
    OMElement httpsProtocolsEl = httpsProtocolsParam != null ? httpsProtocolsParam.getParameterElement() : null;
    String[] httpsProtocols = null;
    final String configuredHttpsProtocols = httpsProtocolsEl != null ? httpsProtocolsEl.getText() : null;
    if (configuredHttpsProtocols != null && configuredHttpsProtocols.trim().length() != 0) {
        String[] configuredValues = configuredHttpsProtocols.trim().split(",");
        List<String> protocolList = new ArrayList<String>(configuredValues.length);
        for (String protocol : configuredValues) {
            if (!protocol.trim().isEmpty()) {
                protocolList.add(protocol.trim());
            }
        }
        httpsProtocols = protocolList.toArray(new String[protocolList.size()]);
    }
    // Initiated separately to cater setting https protocols
    ClientSSLSetupHandler clientSSLSetupHandler = new ClientSSLSetupHandler(hostnameVerifier, revocationVerifier);
    if (null != httpsProtocols) {
        clientSSLSetupHandler.setHttpsProtocols(httpsProtocols);
    }
    // Process enabled ciphers
    OMElement preferredCiphersEl = preferredCiphersParam != null ? preferredCiphersParam.getParameterElement() : null;
    String[] preferredCiphers = null;
    final String configuredWeakCiphers = preferredCiphersEl != null ? preferredCiphersEl.getText() : null;
    if (configuredWeakCiphers != null && configuredWeakCiphers.trim().length() != 0) {
        String[] configuredValues = configuredWeakCiphers.trim().split(",");
        List<String> ciphersList = new ArrayList<String>(configuredValues.length);
        for (String cipher : configuredValues) {
            cipher = cipher.trim();
            if (!cipher.isEmpty()) {
                ciphersList.add(cipher);
            }
        }
        preferredCiphers = ciphersList.toArray(new String[ciphersList.size()]);
        clientSSLSetupHandler.setPreferredCiphers(preferredCiphers);
    }
    ssl = new SSLContextDetails(sslContext, clientSSLSetupHandler);
    sslByHostMap = getCustomSSLContexts(transportOut);
    return this;
}
Also used : ClientSSLSetupHandler(org.apache.synapse.transport.http.conn.ClientSSLSetupHandler) SSLContextDetails(org.apache.synapse.transport.http.conn.SSLContextDetails) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) OMElement(org.apache.axiom.om.OMElement) SSLContext(javax.net.ssl.SSLContext) X509HostnameVerifier(org.apache.http.conn.ssl.X509HostnameVerifier) Parameter(org.apache.axis2.description.Parameter) RevocationVerificationManager(org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager)

Example 2 with RevocationVerificationManager

use of org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager in project wso2-synapse by wso2.

the class ServerConnFactoryBuilder method parseSSL.

public ServerConnFactoryBuilder parseSSL() throws AxisFault {
    Parameter keyParam = transportIn.getParameter("keystore");
    Parameter trustParam = transportIn.getParameter("truststore");
    Parameter clientAuthParam = transportIn.getParameter("SSLVerifyClient");
    Parameter httpsProtocolsParam = transportIn.getParameter("HttpsProtocols");
    final Parameter sslpParameter = transportIn.getParameter("SSLProtocol");
    Parameter preferredCiphersParam = transportIn.getParameter(NhttpConstants.PREFERRED_CIPHERS);
    final String sslProtocol = sslpParameter != null ? sslpParameter.getValue().toString() : "TLS";
    OMElement keyStoreEl = keyParam != null ? keyParam.getParameterElement().getFirstElement() : null;
    OMElement trustStoreEl = trustParam != null ? trustParam.getParameterElement().getFirstElement() : null;
    OMElement clientAuthEl = clientAuthParam != null ? clientAuthParam.getParameterElement() : null;
    OMElement httpsProtocolsEl = httpsProtocolsParam != null ? httpsProtocolsParam.getParameterElement() : null;
    OMElement preferredCiphersEl = preferredCiphersParam != null ? preferredCiphersParam.getParameterElement() : null;
    final Parameter cvp = transportIn.getParameter("CertificateRevocationVerifier");
    final String cvEnable = cvp != null ? cvp.getParameterElement().getAttribute(new QName("enable")).getAttributeValue() : null;
    RevocationVerificationManager revocationVerifier = null;
    if ("true".equalsIgnoreCase(cvEnable)) {
        String cacheSizeString = cvp.getParameterElement().getFirstChildWithName(new QName("CacheSize")).getText();
        String cacheDelayString = cvp.getParameterElement().getFirstChildWithName(new QName("CacheDelay")).getText();
        Integer cacheSize = null;
        Integer cacheDelay = null;
        try {
            cacheSize = new Integer(cacheSizeString);
            cacheDelay = new Integer(cacheDelayString);
        } catch (NumberFormatException e) {
        }
        revocationVerifier = new RevocationVerificationManager(cacheSize, cacheDelay);
    }
    ssl = createSSLContext(keyStoreEl, trustStoreEl, clientAuthEl, httpsProtocolsEl, preferredCiphersEl, revocationVerifier, sslProtocol);
    return this;
}
Also used : QName(javax.xml.namespace.QName) Parameter(org.apache.axis2.description.Parameter) OMElement(org.apache.axiom.om.OMElement) RevocationVerificationManager(org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager)

Example 3 with RevocationVerificationManager

use of org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager in project wso2-synapse by wso2.

the class SSLServerConnFactoryBuilder method parseSSL.

public ServerConnFactoryBuilder parseSSL(OMElement keyStoreEl, OMElement trustStoreEl, OMElement clientAuthEl, OMElement httpsProtocolsEl, String sslProtocol, OMElement cvp, OMElement preferredCiphers) throws AxisFault {
    final String cvEnable = cvp != null ? cvp.getAttribute(new QName("enable")).getAttributeValue() : null;
    RevocationVerificationManager revocationVerifier = null;
    if ("true".equalsIgnoreCase(cvEnable)) {
        Iterator iterator = cvp.getChildElements();
        String cacheDelayString = null;
        String cacheSizeString = null;
        while (iterator.hasNext()) {
            Object obj = iterator.next();
            if (obj instanceof OMElement && ((OMElement) obj).getLocalName().equals("CacheSize")) {
                cacheSizeString = ((OMElement) obj).getText();
            } else if (obj instanceof OMElement && ((OMElement) obj).getLocalName().equals("CacheDelay")) {
                cacheDelayString = ((OMElement) obj).getText();
            }
        }
        Integer cacheSize = null;
        Integer cacheDelay = null;
        try {
            if (cacheDelayString != null && cacheSizeString != null) {
                cacheSize = new Integer(cacheSizeString);
                cacheDelay = new Integer(cacheDelayString);
            }
        } catch (NumberFormatException e) {
            log.error("Please specify correct Integer numbers for CacheDelay and CacheSize");
        }
        revocationVerifier = new RevocationVerificationManager(cacheSize, cacheDelay);
    }
    ssl = createSSLContext(keyStoreEl, trustStoreEl, clientAuthEl, httpsProtocolsEl, preferredCiphers, revocationVerifier, sslProtocol);
    return this;
}
Also used : QName(javax.xml.namespace.QName) Iterator(java.util.Iterator) RevocationVerificationManager(org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager) OMElement(org.apache.axiom.om.OMElement)

Aggregations

QName (javax.xml.namespace.QName)3 OMElement (org.apache.axiom.om.OMElement)3 RevocationVerificationManager (org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager)3 Parameter (org.apache.axis2.description.Parameter)2 ArrayList (java.util.ArrayList)1 Iterator (java.util.Iterator)1 SSLContext (javax.net.ssl.SSLContext)1 X509HostnameVerifier (org.apache.http.conn.ssl.X509HostnameVerifier)1 ClientSSLSetupHandler (org.apache.synapse.transport.http.conn.ClientSSLSetupHandler)1 SSLContextDetails (org.apache.synapse.transport.http.conn.SSLContextDetails)1