Search in sources :

Example 1 with ServerSSLSetupHandler

use of org.apache.synapse.transport.http.conn.ServerSSLSetupHandler in project wso2-synapse by wso2.

the class ServerConnFactoryBuilder method createSSLContext.

protected SSLContextDetails createSSLContext(final OMElement keyStoreEl, final OMElement trustStoreEl, final OMElement cientAuthEl, final OMElement httpsProtocolsEl, final OMElement preferredCiphersEl, final RevocationVerificationManager verificationManager, final String sslProtocol) throws AxisFault {
    KeyManager[] keymanagers = null;
    TrustManager[] trustManagers = null;
    if (keyStoreEl != null) {
        String location = getValueOfElementWithLocalName(keyStoreEl, "Location");
        String type = getValueOfElementWithLocalName(keyStoreEl, "Type");
        String storePassword = getValueOfElementWithLocalName(keyStoreEl, "Password");
        String keyPassword = getValueOfElementWithLocalName(keyStoreEl, "KeyPassword");
        FileInputStream fis = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(type);
            fis = new FileInputStream(location);
            if (log.isInfoEnabled()) {
                log.debug(name + " Loading Identity Keystore from : " + location);
            }
            keyStore.load(fis, storePassword.toCharArray());
            KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            kmfactory.init(keyStore, keyPassword.toCharArray());
            keymanagers = kmfactory.getKeyManagers();
            if (log.isInfoEnabled() && keymanagers != null) {
                for (KeyManager keymanager : keymanagers) {
                    if (keymanager instanceof X509KeyManager) {
                        X509KeyManager x509keymanager = (X509KeyManager) keymanager;
                        Enumeration<String> en = keyStore.aliases();
                        while (en.hasMoreElements()) {
                            String s = en.nextElement();
                            X509Certificate[] certs = x509keymanager.getCertificateChain(s);
                            if (certs == null)
                                continue;
                            for (X509Certificate cert : certs) {
                                log.debug(name + " Subject DN: " + cert.getSubjectDN());
                                log.debug(name + " Issuer DN: " + cert.getIssuerDN());
                            }
                        }
                    }
                }
            }
        } catch (GeneralSecurityException gse) {
            log.error(name + " Error loading Key store : " + location, gse);
            throw new AxisFault("Error loading Key store : " + location, gse);
        } catch (IOException ioe) {
            log.error(name + " Error opening Key store : " + location, ioe);
            throw new AxisFault("Error opening Key store : " + location, ioe);
        } finally {
            if (fis != null) {
                try {
                    fis.close();
                } catch (IOException ignore) {
                }
            }
        }
    }
    if (trustStoreEl != null) {
        String location = getValueOfElementWithLocalName(trustStoreEl, "Location");
        String type = getValueOfElementWithLocalName(trustStoreEl, "Type");
        String storePassword = getValueOfElementWithLocalName(trustStoreEl, "Password");
        FileInputStream fis = null;
        try {
            KeyStore trustStore = KeyStore.getInstance(type);
            fis = new FileInputStream(location);
            if (log.isInfoEnabled()) {
                log.debug(name + " Loading Trust Keystore from : " + location);
            }
            trustStore.load(fis, storePassword.toCharArray());
            TrustManagerFactory trustManagerfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerfactory.init(trustStore);
            trustManagers = trustManagerfactory.getTrustManagers();
        } catch (GeneralSecurityException gse) {
            log.error(name + " Error loading Key store : " + location, gse);
            throw new AxisFault("Error loading Key store : " + location, gse);
        } catch (IOException ioe) {
            log.error(name + " Error opening Key store : " + location, ioe);
            throw new AxisFault("Error opening Key store : " + location, ioe);
        } finally {
            if (fis != null) {
                try {
                    fis.close();
                } catch (IOException ignore) {
                }
            }
        }
    }
    final String s = cientAuthEl != null ? cientAuthEl.getText() : null;
    final SSLClientAuth clientAuth;
    if ("optional".equalsIgnoreCase(s)) {
        clientAuth = SSLClientAuth.OPTIONAL;
    } else if ("require".equalsIgnoreCase(s)) {
        clientAuth = SSLClientAuth.REQUIRED;
    } else {
        clientAuth = null;
    }
    String[] httpsProtocols = null;
    final String configuredHttpsProtocols = httpsProtocolsEl != null ? httpsProtocolsEl.getText() : null;
    if (configuredHttpsProtocols != null && configuredHttpsProtocols.trim().length() != 0) {
        String[] configuredValues = configuredHttpsProtocols.trim().split(",");
        List<String> protocolList = new ArrayList<String>(configuredValues.length);
        for (String protocol : configuredValues) {
            if (!protocol.trim().isEmpty()) {
                protocolList.add(protocol.trim());
            }
        }
        httpsProtocols = protocolList.toArray(new String[protocolList.size()]);
    }
    String[] preferredCiphers = null;
    final String configuredWeakCiphers = preferredCiphersEl != null ? preferredCiphersEl.getText() : null;
    if (configuredWeakCiphers != null && configuredWeakCiphers.trim().length() != 0) {
        String[] configuredValues = configuredWeakCiphers.trim().split(",");
        List<String> ciphersList = new ArrayList<String>(configuredValues.length);
        for (String cipher : configuredValues) {
            cipher = cipher.trim();
            if (!cipher.isEmpty()) {
                ciphersList.add(cipher);
            }
        }
        preferredCiphers = ciphersList.toArray(new String[ciphersList.size()]);
    }
    try {
        final String sslProtocolValue = sslProtocol != null ? sslProtocol : "TLS";
        SSLContext sslContext = SSLContext.getInstance(sslProtocolValue);
        sslContext.init(keymanagers, trustManagers, null);
        ServerSSLSetupHandler sslSetupHandler = (clientAuth != null || httpsProtocols != null || preferredCiphers != null) ? new ServerSSLSetupHandler(clientAuth, httpsProtocols, verificationManager, preferredCiphers) : null;
        return new SSLContextDetails(sslContext, sslSetupHandler);
    } catch (GeneralSecurityException gse) {
        log.error(name + " Unable to create SSL context with the given configuration", gse);
        throw new AxisFault("Unable to create SSL context with the given configuration", gse);
    }
}
Also used : AxisFault(org.apache.axis2.AxisFault) SSLContextDetails(org.apache.synapse.transport.http.conn.SSLContextDetails) GeneralSecurityException(java.security.GeneralSecurityException) SSLClientAuth(org.apache.synapse.transport.http.conn.SSLClientAuth) ArrayList(java.util.ArrayList) IOException(java.io.IOException) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) TrustManager(javax.net.ssl.TrustManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) ServerSSLSetupHandler(org.apache.synapse.transport.http.conn.ServerSSLSetupHandler) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) X509KeyManager(javax.net.ssl.X509KeyManager) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager)

Aggregations

FileInputStream (java.io.FileInputStream)1 IOException (java.io.IOException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 KeyStore (java.security.KeyStore)1 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1 KeyManager (javax.net.ssl.KeyManager)1 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)1 SSLContext (javax.net.ssl.SSLContext)1 TrustManager (javax.net.ssl.TrustManager)1 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)1 X509KeyManager (javax.net.ssl.X509KeyManager)1 AxisFault (org.apache.axis2.AxisFault)1 SSLClientAuth (org.apache.synapse.transport.http.conn.SSLClientAuth)1 SSLContextDetails (org.apache.synapse.transport.http.conn.SSLContextDetails)1 ServerSSLSetupHandler (org.apache.synapse.transport.http.conn.ServerSSLSetupHandler)1