Search in sources :

Example 21 with SecretResolver

use of org.wso2.securevault.SecretResolver in project carbon-apimgt by wso2.

the class APIManagerConfiguration method setGlobalCacheInvalidationConfiguration.

private void setGlobalCacheInvalidationConfiguration(OMElement element) {
    CacheInvalidationConfiguration cacheInvalidationConfiguration = new CacheInvalidationConfiguration();
    OMElement enabledElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.ENABLED));
    if (enabledElement != null) {
        cacheInvalidationConfiguration.setEnabled(Boolean.parseBoolean(enabledElement.getText()));
    }
    OMElement domainElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.Domain));
    if (domainElement != null) {
        cacheInvalidationConfiguration.setDomain(domainElement.getText());
    }
    OMElement streamNameElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.Stream));
    if (streamNameElement != null) {
        cacheInvalidationConfiguration.setStream(streamNameElement.getText());
    }
    OMElement usernameElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.USERNAME));
    if (usernameElement != null) {
        cacheInvalidationConfiguration.setUsername(APIUtil.replaceSystemProperty(usernameElement.getText()));
    }
    String password;
    OMElement passwordElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.PASSWORD));
    if (passwordElement != null) {
        password = MiscellaneousUtil.resolve(passwordElement, secretResolver);
        cacheInvalidationConfiguration.setPassword(APIUtil.replaceSystemProperty(password));
    }
    OMElement receiverUrlGroupElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.REVEIVER_URL_GROUP));
    if (receiverUrlGroupElement != null) {
        cacheInvalidationConfiguration.setReceiverUrlGroup(APIUtil.replaceSystemProperty(receiverUrlGroupElement.getText()));
    }
    OMElement authUrlGroupElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.AUTH_URL_GROUP));
    if (authUrlGroupElement != null) {
        cacheInvalidationConfiguration.setAuthUrlGroup(APIUtil.replaceSystemProperty(authUrlGroupElement.getText()));
    }
    OMElement receiverConnectionDetailsElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.ReceiverConnectionDetails));
    if (receiverConnectionDetailsElement != null) {
        Iterator receiverConnectionDetailsElements = receiverConnectionDetailsElement.getChildElements();
        Properties properties = new Properties();
        while (receiverConnectionDetailsElements.hasNext()) {
            OMElement omElement = (OMElement) receiverConnectionDetailsElements.next();
            String value = MiscellaneousUtil.resolve(omElement, secretResolver);
            properties.put(omElement.getLocalName(), APIUtil.replaceSystemProperty(value));
        }
        cacheInvalidationConfiguration.setJmsConnectionParameters(properties);
    }
    OMElement topicNameElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.TOPIC_NAME));
    if (topicNameElement != null) {
        cacheInvalidationConfiguration.setCacheInValidationTopic(topicNameElement.getText());
    }
    OMElement excludedCachesElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.EXCLUDED_CACHES));
    if (excludedCachesElement != null) {
        Iterator excludedCaches = excludedCachesElement.getChildElements();
        while (excludedCaches.hasNext()) {
            cacheInvalidationConfiguration.addExcludedCaches(((OMElement) excludedCaches.next()).getText());
        }
    }
    this.cacheInvalidationConfiguration = cacheInvalidationConfiguration;
}
Also used : QName(javax.xml.namespace.QName) Iterator(java.util.Iterator) OMElement(org.apache.axiom.om.OMElement) GatewayArtifactSynchronizerProperties(org.wso2.carbon.apimgt.impl.dto.GatewayArtifactSynchronizerProperties) WorkflowProperties(org.wso2.carbon.apimgt.impl.dto.WorkflowProperties) Properties(java.util.Properties) ThrottleProperties(org.wso2.carbon.apimgt.impl.dto.ThrottleProperties)

Example 22 with SecretResolver

use of org.wso2.securevault.SecretResolver in project wso2-axis2-transports by wso2.

the class JMSSender method init.

/**
 * Initialize the transport sender by reading pre-defined connection factories for
 * outgoing messages.
 *
 * @param cfgCtx the configuration context
 * @param transportOut the transport sender definition from axis2.xml
 * @throws AxisFault on error
 */
@Override
public void init(ConfigurationContext cfgCtx, TransportOutDescription transportOut) throws AxisFault {
    super.init(cfgCtx, transportOut);
    SecretResolver secretResolver = cfgCtx.getAxisConfiguration().getSecretResolver();
    connFacManager = new JMSConnectionFactoryManager(transportOut, secretResolver);
    log.info("JMS Transport Sender initialized...");
}
Also used : SecretResolver(org.wso2.securevault.SecretResolver)

Example 23 with SecretResolver

use of org.wso2.securevault.SecretResolver in project wso2-synapse by wso2.

the class RequestResponseUtils method setSslConfig.

public static ListenerConfiguration setSslConfig(TransportInDescription transportIn, ListenerConfiguration listenerConfiguration, BaseConfiguration sourceConfiguration) throws AxisFault {
    List<org.wso2.transport.http.netty.contract.config.Parameter> serverParamList = new ArrayList<>();
    listenerConfiguration.setScheme(BridgeConstants.PROTOCOL_HTTPS);
    // evaluate keystore field
    Parameter keyParam = transportIn.getParameter(BridgeConstants.KEY_STORE);
    OMElement keyStoreEl = keyParam != null ? keyParam.getParameterElement() : null;
    SecretResolver secretResolver = sourceConfiguration.getConfigurationContext().getAxisConfiguration().getSecretResolver();
    populateKeyStoreConfigs(keyStoreEl, listenerConfiguration, secretResolver);
    // evaluate truststore field
    Parameter trustParam = transportIn.getParameter(BridgeConstants.TRUST_STORE);
    OMElement trustStoreEl = trustParam != null ? trustParam.getParameterElement() : null;
    populateTrustStoreConfigs(trustStoreEl, listenerConfiguration, secretResolver);
    // evaluate SSLVerifyClient field
    Parameter clientAuthParam = transportIn.getParameter(BridgeConstants.SSL_VERIFY_CLIENT);
    OMElement clientAuthEl = clientAuthParam != null ? clientAuthParam.getParameterElement() : null;
    final String s = clientAuthEl != null ? clientAuthEl.getText() : "";
    listenerConfiguration.setVerifyClient(s);
    // evaluate HttpsProtocols and SSLProtocol fields
    Parameter httpsProtocolsParam = transportIn.getParameter(BridgeConstants.HTTPS_PROTOCOL);
    OMElement httpsProtocolsEl = httpsProtocolsParam != null ? httpsProtocolsParam.getParameterElement() : null;
    Parameter sslParameter = transportIn.getParameter(BridgeConstants.SSL_PROTOCOL);
    String sslProtocol = sslParameter != null && sslParameter.getValue() != null ? sslParameter.getValue().toString() : BridgeConstants.TLS_PROTOCOL;
    populateProtocolConfigs(httpsProtocolsEl, sslProtocol, listenerConfiguration, serverParamList);
    // evaluate PreferredCiphers field
    Parameter preferredCiphersParam = transportIn.getParameter(BridgeConstants.PREFERRED_CIPHERS);
    OMElement preferredCiphersEl = preferredCiphersParam != null ? preferredCiphersParam.getParameterElement() : null;
    populateCiphersConfigs(preferredCiphersEl, serverParamList);
    // evaluate CertificateRevocationVerifier field
    Parameter cvpParam = transportIn.getParameter(BridgeConstants.CLIENT_REVOCATION);
    OMElement cvpEl = cvpParam != null ? cvpParam.getParameterElement() : null;
    populateCertValidationConfigs(cvpEl, listenerConfiguration);
    // evaluate common fields
    Parameter sessionTimeoutParam = transportIn.getParameter(BridgeConstants.SSL_SESSION_TIMEOUT);
    Parameter handshakeTimeoutParam = transportIn.getParameter(BridgeConstants.SSL_HANDSHAKE_TIMEOUT);
    String sessionTimeoutEl = sessionTimeoutParam != null && sessionTimeoutParam.getValue() != null ? sessionTimeoutParam.getValue().toString() : null;
    String handshakeTimeoutEl = handshakeTimeoutParam != null && handshakeTimeoutParam.getValue() != null ? handshakeTimeoutParam.getValue().toString() : null;
    populateTimeoutConfigs(sessionTimeoutEl, handshakeTimeoutEl, listenerConfiguration);
    if (!serverParamList.isEmpty()) {
        listenerConfiguration.setParameters(serverParamList);
    }
    listenerConfiguration.setId(getListenerInterface(listenerConfiguration.getHost(), listenerConfiguration.getPort()));
    return listenerConfiguration;
}
Also used : SecretResolver(org.wso2.securevault.SecretResolver) ArrayList(java.util.ArrayList) Parameter(org.apache.axis2.description.Parameter) OMElement(org.apache.axiom.om.OMElement)

Example 24 with SecretResolver

use of org.wso2.securevault.SecretResolver in project wso2-synapse by wso2.

the class ClientSSLConfigurationBuilder method parseSSL.

/**
 * Parse SSL configuration from axis2.xml.
 *
 * @param targetConfiguration the configuration of the sender
 * @param transportOut        TransportOutDescription of the configuration
 */
public ClientSSLConfigurationBuilder parseSSL(TargetConfiguration targetConfiguration, TransportOutDescription transportOut) throws AxisFault {
    SecretResolver secretResolver = targetConfiguration.getConfigurationContext().getAxisConfiguration().getSecretResolver();
    // Populate KeyStore configs
    Parameter keyParam = transportOut.getParameter(BridgeConstants.KEY_STORE);
    populateKeyStoreConfigs(keyParam, secretResolver);
    // Populate Truststore configs
    Parameter trustParam = transportOut.getParameter(BridgeConstants.TRUST_STORE);
    boolean novalidateCert = ParamUtils.getOptionalParamBoolean(transportOut, BridgeConstants.NO_VALIDATE_CERT, false);
    if (isCertValidationDisabled(novalidateCert, trustParam)) {
        if (LOG.isWarnEnabled()) {
            LOG.warn("Server certificate validation (trust) has been disabled.");
        }
        disableCertValidation = true;
        return this;
    }
    populateTrustStoreConfigs(trustParam, secretResolver, novalidateCert);
    // Populate HttpsProtocols and SSLProtocol configs
    Parameter httpsProtocolsParam = transportOut.getParameter(BridgeConstants.HTTPS_PROTOCOL);
    Parameter sslProtocolParam = transportOut.getParameter(BridgeConstants.SSL_PROTOCOL);
    populateProtocolConfigs(sslProtocolParam, httpsProtocolsParam);
    // Populate certificate validation configs
    Parameter cvp = transportOut.getParameter(BridgeConstants.CLIENT_REVOCATION);
    populateCertValidationConfigs(cvp);
    // Populate preferred ciphers configs
    Parameter preferredCiphersParam = transportOut.getParameter(BridgeConstants.PREFERRED_CIPHERS);
    populateCiphersConfigs(preferredCiphersParam);
    // Populate session and handshake timeout configs
    Parameter sessionTimeoutParam = transportOut.getParameter(BridgeConstants.SSL_SESSION_TIMEOUT);
    Parameter handshakeTimeoutParam = transportOut.getParameter(BridgeConstants.SSL_HANDSHAKE_TIMEOUT);
    populateTimeoutConfigs(sessionTimeoutParam, handshakeTimeoutParam);
    // TODO: populateHostnameVerifierConfigs with Strict, AllowAll, etc.
    Parameter hostnameVerifierParam = transportOut.getParameter(BridgeConstants.HOSTNAME_VERIFIER);
    populateHostnameVerifierConfigs(hostnameVerifierParam);
    return this;
}
Also used : SecretResolver(org.wso2.securevault.SecretResolver) Parameter(org.apache.axis2.description.Parameter)

Example 25 with SecretResolver

use of org.wso2.securevault.SecretResolver in project wso2-synapse by wso2.

the class ServerConnFactoryBuilder method parseMultiProfileSSL.

public ServerConnFactoryBuilder parseMultiProfileSSL() throws AxisFault {
    TransportInDescription loadedTransportIn = loadMultiProfileSSLConfig();
    if (loadedTransportIn == null)
        return this;
    Parameter profileParam = transportIn.getParameter("SSLProfiles");
    OMElement profilesEl = profileParam.getParameterElement();
    SecretResolver secretResolver = SecretResolverFactory.create(profilesEl, true);
    Iterator<?> profiles = profilesEl.getChildrenWithName(new QName("profile"));
    while (profiles.hasNext()) {
        OMElement profileEl = (OMElement) profiles.next();
        OMElement bindAddressEl = profileEl.getFirstChildWithName(new QName("bindAddress"));
        if (bindAddressEl == null) {
            String msg = "SSL profile must define a bind address";
            log.error(name + " " + msg);
            throw new AxisFault(msg);
        }
        InetSocketAddress address = new InetSocketAddress(bindAddressEl.getText(), host.getPort());
        OMElement keyStoreEl = profileEl.getFirstChildWithName(new QName("KeyStore"));
        OMElement trustStoreEl = profileEl.getFirstChildWithName(new QName("TrustStore"));
        OMElement clientAuthEl = profileEl.getFirstChildWithName(new QName("SSLVerifyClient"));
        OMElement httpsProtocolsEl = profileEl.getFirstChildWithName(new QName("HttpsProtocols"));
        OMElement preferredCiphersEl = profileEl.getFirstChildWithName(new QName(NhttpConstants.PREFERRED_CIPHERS));
        final Parameter sslpParameter = transportIn.getParameter("SSLProtocol");
        final String sslProtocol = sslpParameter != null ? sslpParameter.getValue().toString() : "TLS";
        SSLContextDetails ssl = createSSLContext(keyStoreEl, trustStoreEl, clientAuthEl, httpsProtocolsEl, preferredCiphersEl, null, sslProtocol, secretResolver);
        if (sslByIPMap == null) {
            sslByIPMap = new HashMap<InetSocketAddress, SSLContextDetails>();
        }
        sslByIPMap.put(address, ssl);
    }
    return this;
}
Also used : AxisFault(org.apache.axis2.AxisFault) SecretResolver(org.wso2.securevault.SecretResolver) SSLContextDetails(org.apache.synapse.transport.http.conn.SSLContextDetails) QName(javax.xml.namespace.QName) InetSocketAddress(java.net.InetSocketAddress) Parameter(org.apache.axis2.description.Parameter) OMElement(org.apache.axiom.om.OMElement) TransportInDescription(org.apache.axis2.description.TransportInDescription)

Aggregations

SecretResolver (org.wso2.securevault.SecretResolver)17 OMElement (org.apache.axiom.om.OMElement)15 QName (javax.xml.namespace.QName)13 Iterator (java.util.Iterator)7 StAXOMBuilder (org.apache.axiom.om.impl.builder.StAXOMBuilder)7 Parameter (org.apache.axis2.description.Parameter)7 Properties (java.util.Properties)6 AxisFault (org.apache.axis2.AxisFault)6 IOException (java.io.IOException)5 HashMap (java.util.HashMap)5 FileInputStream (java.io.FileInputStream)4 InputStream (java.io.InputStream)4 LinkedHashMap (java.util.LinkedHashMap)3 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)3 XmlException (org.apache.xmlbeans.XmlException)3 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)3 GatewayArtifactSynchronizerProperties (org.wso2.carbon.apimgt.impl.dto.GatewayArtifactSynchronizerProperties)3 ThrottleProperties (org.wso2.carbon.apimgt.impl.dto.ThrottleProperties)3 WorkflowProperties (org.wso2.carbon.apimgt.impl.dto.WorkflowProperties)3 FileNotFoundException (java.io.FileNotFoundException)2