Examples with ClientSSLSetupHandler - org.apache.synapse.transport.http.conn.ClientSSLSetupHandler

Example 1 with ClientSSLSetupHandler

use of org.apache.synapse.transport.http.conn.ClientSSLSetupHandler in project wso2-synapse by wso2.

the class ClientConnFactoryBuilder method parseSSL.

public ClientConnFactoryBuilder parseSSL() throws AxisFault {
    Parameter keyParam = transportOut.getParameter("keystore");
    Parameter trustParam = transportOut.getParameter("truststore");
    Parameter httpsProtocolsParam = transportOut.getParameter("HttpsProtocols");
    Parameter preferredCiphersParam = transportOut.getParameter(NhttpConstants.PREFERRED_CIPHERS);
    OMElement ksEle = null;
    OMElement tsEle = null;
    if (keyParam != null) {
        ksEle = keyParam.getParameterElement().getFirstElement();
    }
    boolean novalidatecert = ParamUtils.getOptionalParamBoolean(transportOut, "novalidatecert", false);
    if (trustParam != null) {
        if (novalidatecert) {
            if (log.isWarnEnabled()) {
                log.warn(name + " Ignoring novalidatecert parameter since a truststore has been specified");
            }
        }
        tsEle = trustParam.getParameterElement().getFirstElement();
    }
    SSLContext sslContext = createSSLContext(ksEle, tsEle, novalidatecert);
    final Parameter hvp = transportOut.getParameter("HostnameVerifier");
    final String hvs = hvp != null ? hvp.getValue().toString() : null;
    final X509HostnameVerifier hostnameVerifier;
    if ("Strict".equalsIgnoreCase(hvs)) {
        hostnameVerifier = ClientSSLSetupHandler.STRICT;
    } else if ("AllowAll".equalsIgnoreCase(hvs)) {
        hostnameVerifier = ClientSSLSetupHandler.ALLOW_ALL;
    } else if ("DefaultAndLocalhost".equalsIgnoreCase(hvs)) {
        hostnameVerifier = ClientSSLSetupHandler.DEFAULT_AND_LOCALHOST;
    } else {
        hostnameVerifier = ClientSSLSetupHandler.DEFAULT;
    }
    final Parameter cvp = transportOut.getParameter("CertificateRevocationVerifier");
    final String cvEnable = cvp != null ? cvp.getParameterElement().getAttribute(new QName("enable")).getAttributeValue() : null;
    RevocationVerificationManager revocationVerifier = null;
    if ("true".equalsIgnoreCase(cvEnable)) {
        String cacheSizeString = cvp.getParameterElement().getFirstChildWithName(new QName("CacheSize")).getText();
        String cacheDelayString = cvp.getParameterElement().getFirstChildWithName(new QName("CacheDelay")).getText();
        Integer cacheSize = null;
        Integer cacheDelay = null;
        try {
            cacheSize = new Integer(cacheSizeString);
            cacheDelay = new Integer(cacheDelayString);
        } catch (NumberFormatException e) {
        }
        revocationVerifier = new RevocationVerificationManager(cacheSize, cacheDelay);
    }
    // Process HttpProtocols
    OMElement httpsProtocolsEl = httpsProtocolsParam != null ? httpsProtocolsParam.getParameterElement() : null;
    String[] httpsProtocols = null;
    final String configuredHttpsProtocols = httpsProtocolsEl != null ? httpsProtocolsEl.getText() : null;
    if (configuredHttpsProtocols != null && configuredHttpsProtocols.trim().length() != 0) {
        String[] configuredValues = configuredHttpsProtocols.trim().split(",");
        List<String> protocolList = new ArrayList<String>(configuredValues.length);
        for (String protocol : configuredValues) {
            if (!protocol.trim().isEmpty()) {
                protocolList.add(protocol.trim());
            }
        }
        httpsProtocols = protocolList.toArray(new String[protocolList.size()]);
    }
    // Initiated separately to cater setting https protocols
    ClientSSLSetupHandler clientSSLSetupHandler = new ClientSSLSetupHandler(hostnameVerifier, revocationVerifier);
    if (null != httpsProtocols) {
        clientSSLSetupHandler.setHttpsProtocols(httpsProtocols);
    }
    // Process enabled ciphers
    OMElement preferredCiphersEl = preferredCiphersParam != null ? preferredCiphersParam.getParameterElement() : null;
    String[] preferredCiphers = null;
    final String configuredWeakCiphers = preferredCiphersEl != null ? preferredCiphersEl.getText() : null;
    if (configuredWeakCiphers != null && configuredWeakCiphers.trim().length() != 0) {
        String[] configuredValues = configuredWeakCiphers.trim().split(",");
        List<String> ciphersList = new ArrayList<String>(configuredValues.length);
        for (String cipher : configuredValues) {
            cipher = cipher.trim();
            if (!cipher.isEmpty()) {
                ciphersList.add(cipher);
            }
        }
        preferredCiphers = ciphersList.toArray(new String[ciphersList.size()]);
        clientSSLSetupHandler.setPreferredCiphers(preferredCiphers);
    }
    ssl = new SSLContextDetails(sslContext, clientSSLSetupHandler);
    sslByHostMap = getCustomSSLContexts(transportOut);
    return this;
}

Also used : ClientSSLSetupHandler(org.apache.synapse.transport.http.conn.ClientSSLSetupHandler) SSLContextDetails(org.apache.synapse.transport.http.conn.SSLContextDetails) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) OMElement(org.apache.axiom.om.OMElement) SSLContext(javax.net.ssl.SSLContext) X509HostnameVerifier(org.apache.http.conn.ssl.X509HostnameVerifier) Parameter(org.apache.axis2.description.Parameter) RevocationVerificationManager(org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager)

Aggregations

ArrayList (java.util.ArrayList)1 SSLContext (javax.net.ssl.SSLContext)1 QName (javax.xml.namespace.QName)1 OMElement (org.apache.axiom.om.OMElement)1 Parameter (org.apache.axis2.description.Parameter)1 X509HostnameVerifier (org.apache.http.conn.ssl.X509HostnameVerifier)1 RevocationVerificationManager (org.apache.synapse.transport.certificatevalidation.RevocationVerificationManager)1 ClientSSLSetupHandler (org.apache.synapse.transport.http.conn.ClientSSLSetupHandler)1 SSLContextDetails (org.apache.synapse.transport.http.conn.SSLContextDetails)1