Example 1 with NoValidateCertTrustManager
use of org.apache.synapse.transport.nhttp.NoValidateCertTrustManager in project wso2-synapse by wso2.
the class ClientConnFactoryBuilder method createSSLContext.
private SSLContext createSSLContext(OMElement keyStoreElt, OMElement trustStoreElt, boolean novalidatecert) throws AxisFault {
KeyManager[] keymanagers = null;
TrustManager[] trustManagers = null;
SecretResolver resolver;
if (configurationContext != null && configurationContext.getAxisConfiguration() != null) {
resolver = configurationContext.getAxisConfiguration().getSecretResolver();
} else {
resolver = SecretResolverFactory.create(keyStoreElt, false);
}
if (keyStoreElt != null) {
String location = keyStoreElt.getFirstChildWithName(new QName("Location")).getText();
String type = keyStoreElt.getFirstChildWithName(new QName("Type")).getText();
OMElement passwordElement = keyStoreElt.getFirstChildWithName(new QName("Password"));
OMElement keyPasswordElement = keyStoreElt.getFirstChildWithName(new QName("KeyPassword"));
if (passwordElement == null) {
throw new AxisFault("Cannot proceed because Password element is missing in KeyStore");
}
if (keyPasswordElement == null) {
throw new AxisFault("Cannot proceed because KeyPassword element is missing in KeyStore");
}
String storePassword = SecureVaultValueReader.getSecureVaultValue(resolver, passwordElement);
String keyPassword = SecureVaultValueReader.getSecureVaultValue(resolver, keyPasswordElement);
FileInputStream fis = null;
try {
KeyStore keyStore = KeyStore.getInstance(type);
fis = new FileInputStream(location);
if (log.isDebugEnabled()) {
log.debug(name + " Loading Identity Keystore from : " + location);
}
keyStore.load(fis, storePassword.toCharArray());
KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keyStore, keyPassword.toCharArray());
keymanagers = kmfactory.getKeyManagers();
} catch (GeneralSecurityException gse) {
log.error(name + " Error loading Keystore : " + location, gse);
throw new AxisFault("Error loading Keystore : " + location, gse);
} catch (IOException ioe) {
log.error(name + " Error opening Keystore : " + location, ioe);
throw new AxisFault("Error opening Keystore : " + location, ioe);
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException ignore) {
}
}
}
}
if (trustStoreElt != null) {
if (novalidatecert && log.isWarnEnabled()) {
log.warn(name + " Ignoring novalidatecert parameter since a truststore has been specified");
}
String location = trustStoreElt.getFirstChildWithName(new QName("Location")).getText();
String type = trustStoreElt.getFirstChildWithName(new QName("Type")).getText();
OMElement passwordElement = trustStoreElt.getFirstChildWithName(new QName("Password"));
if (passwordElement == null) {
throw new AxisFault("Cannot proceed because Password element is missing in TrustStore");
}
String storePassword = SecureVaultValueReader.getSecureVaultValue(resolver, passwordElement);
FileInputStream fis = null;
try {
KeyStore trustStore = KeyStore.getInstance(type);
fis = new FileInputStream(location);
if (log.isDebugEnabled()) {
log.debug(name + " Loading Trust Keystore from : " + location);
}
trustStore.load(fis, storePassword.toCharArray());
TrustManagerFactory trustManagerfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerfactory.init(trustStore);
trustManagers = trustManagerfactory.getTrustManagers();
} catch (GeneralSecurityException gse) {
log.error(name + " Error loading Key store : " + location, gse);
throw new AxisFault("Error loading Key store : " + location, gse);
} catch (IOException ioe) {
log.error(name + " Error opening Key store : " + location, ioe);
throw new AxisFault("Error opening Key store : " + location, ioe);
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException ignore) {
}
}
}
} else if (novalidatecert) {
if (log.isWarnEnabled()) {
log.warn(name + " Server certificate validation (trust) has been disabled. " + "DO NOT USE IN PRODUCTION!");
}
trustManagers = new TrustManager[] { new NoValidateCertTrustManager() };
}
try {
final Parameter sslpParameter = transportOut.getParameter("SSLProtocol");
final String sslProtocol = sslpParameter != null ? sslpParameter.getValue().toString() : "TLS";
SSLContext sslcontext = SSLContext.getInstance(sslProtocol);
sslcontext.init(keymanagers, trustManagers, null);
return sslcontext;
} catch (GeneralSecurityException gse) {
log.error(name + " Unable to create SSL context with the given configuration", gse);
throw new AxisFault("Unable to create SSL context with the given configuration", gse);
}
}
Also used :
AxisFault(org.apache.axis2.AxisFault)
QName(javax.xml.namespace.QName)
GeneralSecurityException(java.security.GeneralSecurityException)
OMElement(org.apache.axiom.om.OMElement)
IOException(java.io.IOException)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
TrustManager(javax.net.ssl.TrustManager)
NoValidateCertTrustManager(org.apache.synapse.transport.nhttp.NoValidateCertTrustManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
NoValidateCertTrustManager(org.apache.synapse.transport.nhttp.NoValidateCertTrustManager)
SecretResolver(org.wso2.securevault.SecretResolver)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
Parameter(org.apache.axis2.description.Parameter)
KeyManager(javax.net.ssl.KeyManager)
Example 2 with NoValidateCertTrustManager
use of org.apache.synapse.transport.nhttp.NoValidateCertTrustManager in project wso2-synapse by wso2.
the class ClientConnFactoryBuilder method createSSLContext.
private SSLContext createSSLContext(OMElement keyStoreElt, OMElement trustStoreElt, boolean novalidatecert, SecretResolver secretResolver) throws AxisFault {
KeyManager[] keymanagers = null;
TrustManager[] trustManagers = null;
if (keyStoreElt != null) {
String location = keyStoreElt.getFirstChildWithName(new QName("Location")).getText();
String type = keyStoreElt.getFirstChildWithName(new QName("Type")).getText();
String storePassword = SecureVaultValueReader.getSecureVaultValue(secretResolver, keyStoreElt.getFirstChildWithName(new QName("Password")));
String keyPassword = SecureVaultValueReader.getSecureVaultValue(secretResolver, keyStoreElt.getFirstChildWithName(new QName("KeyPassword")));
try (FileInputStream fis = new FileInputStream(location)) {
KeyStore keyStore = KeyStore.getInstance(type);
if (log.isDebugEnabled()) {
log.debug(name + " Loading Identity Keystore from : " + location);
}
keyStore.load(fis, storePassword.toCharArray());
KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keyStore, keyPassword.toCharArray());
keymanagers = kmfactory.getKeyManagers();
} catch (GeneralSecurityException gse) {
log.error(name + " Error loading Keystore : " + location, gse);
throw new AxisFault("Error loading Keystore : " + location, gse);
} catch (IOException ioe) {
log.error(name + " Error opening Keystore : " + location, ioe);
throw new AxisFault("Error opening Keystore : " + location, ioe);
}
}
if (trustStoreElt != null) {
if (novalidatecert && log.isWarnEnabled()) {
log.warn(name + " Ignoring novalidatecert parameter since a truststore has been specified");
}
String location = trustStoreElt.getFirstChildWithName(new QName("Location")).getText();
String type = trustStoreElt.getFirstChildWithName(new QName("Type")).getText();
String storePassword = SecureVaultValueReader.getSecureVaultValue(secretResolver, trustStoreElt.getFirstChildWithName(new QName("Password")));
try (FileInputStream fis = new FileInputStream(location)) {
KeyStore trustStore = KeyStore.getInstance(type);
if (log.isDebugEnabled()) {
log.debug(name + " Loading Trust Keystore from : " + location);
}
trustStore.load(fis, storePassword.toCharArray());
TrustManagerFactory trustManagerfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerfactory.init(trustStore);
trustManagers = trustManagerfactory.getTrustManagers();
} catch (GeneralSecurityException gse) {
log.error(name + " Error loading Key store : " + location, gse);
throw new AxisFault("Error loading Key store : " + location, gse);
} catch (IOException ioe) {
log.error(name + " Error opening Key store : " + location, ioe);
throw new AxisFault("Error opening Key store : " + location, ioe);
}
} else if (novalidatecert) {
if (log.isWarnEnabled()) {
log.warn(name + " Server certificate validation (trust) has been disabled. " + "DO NOT USE IN PRODUCTION!");
}
trustManagers = new TrustManager[] { new NoValidateCertTrustManager() };
}
try {
final Parameter sslpParameter = transportOut.getParameter("SSLProtocol");
final String sslProtocol = sslpParameter != null ? sslpParameter.getValue().toString() : "TLS";
SSLContext sslcontext = SSLContext.getInstance(sslProtocol);
sslcontext.init(keymanagers, trustManagers, null);
return sslcontext;
} catch (GeneralSecurityException gse) {
log.error(name + " Unable to create SSL context with the given configuration", gse);
throw new AxisFault("Unable to create SSL context with the given configuration", gse);
}
}
Also used :
AxisFault(org.apache.axis2.AxisFault)
QName(javax.xml.namespace.QName)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
TrustManager(javax.net.ssl.TrustManager)
NoValidateCertTrustManager(org.apache.synapse.transport.nhttp.NoValidateCertTrustManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
NoValidateCertTrustManager(org.apache.synapse.transport.nhttp.NoValidateCertTrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
Parameter(org.apache.axis2.description.Parameter)
KeyManager(javax.net.ssl.KeyManager)
Aggregations
FileInputStream (java.io.FileInputStream)2
IOException (java.io.IOException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
KeyStore (java.security.KeyStore)2
KeyManager (javax.net.ssl.KeyManager)2
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)2
SSLContext (javax.net.ssl.SSLContext)2
TrustManager (javax.net.ssl.TrustManager)2
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)2
QName (javax.xml.namespace.QName)2
AxisFault (org.apache.axis2.AxisFault)2
Parameter (org.apache.axis2.description.Parameter)2
NoValidateCertTrustManager (org.apache.synapse.transport.nhttp.NoValidateCertTrustManager)2
OMElement (org.apache.axiom.om.OMElement)1
SecretResolver (org.wso2.securevault.SecretResolver)1
