use of org.wso2.securevault.SecretResolver in project carbon-apimgt by wso2.
the class APIManagerConfiguration method setGlobalCacheInvalidationConfiguration.
private void setGlobalCacheInvalidationConfiguration(OMElement element) {
CacheInvalidationConfiguration cacheInvalidationConfiguration = new CacheInvalidationConfiguration();
OMElement enabledElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.ENABLED));
if (enabledElement != null) {
cacheInvalidationConfiguration.setEnabled(Boolean.parseBoolean(enabledElement.getText()));
}
OMElement domainElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.Domain));
if (domainElement != null) {
cacheInvalidationConfiguration.setDomain(domainElement.getText());
}
OMElement streamNameElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.Stream));
if (streamNameElement != null) {
cacheInvalidationConfiguration.setStream(streamNameElement.getText());
}
OMElement usernameElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.USERNAME));
if (usernameElement != null) {
cacheInvalidationConfiguration.setUsername(APIUtil.replaceSystemProperty(usernameElement.getText()));
}
String password;
OMElement passwordElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.PASSWORD));
if (passwordElement != null) {
password = MiscellaneousUtil.resolve(passwordElement, secretResolver);
cacheInvalidationConfiguration.setPassword(APIUtil.replaceSystemProperty(password));
}
OMElement receiverUrlGroupElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.REVEIVER_URL_GROUP));
if (receiverUrlGroupElement != null) {
cacheInvalidationConfiguration.setReceiverUrlGroup(APIUtil.replaceSystemProperty(receiverUrlGroupElement.getText()));
}
OMElement authUrlGroupElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.AUTH_URL_GROUP));
if (authUrlGroupElement != null) {
cacheInvalidationConfiguration.setAuthUrlGroup(APIUtil.replaceSystemProperty(authUrlGroupElement.getText()));
}
OMElement receiverConnectionDetailsElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.ReceiverConnectionDetails));
if (receiverConnectionDetailsElement != null) {
Iterator receiverConnectionDetailsElements = receiverConnectionDetailsElement.getChildElements();
Properties properties = new Properties();
while (receiverConnectionDetailsElements.hasNext()) {
OMElement omElement = (OMElement) receiverConnectionDetailsElements.next();
String value = MiscellaneousUtil.resolve(omElement, secretResolver);
properties.put(omElement.getLocalName(), APIUtil.replaceSystemProperty(value));
}
cacheInvalidationConfiguration.setJmsConnectionParameters(properties);
}
OMElement topicNameElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.TOPIC_NAME));
if (topicNameElement != null) {
cacheInvalidationConfiguration.setCacheInValidationTopic(topicNameElement.getText());
}
OMElement excludedCachesElement = element.getFirstChildWithName(new QName(APIConstants.GlobalCacheInvalidation.EXCLUDED_CACHES));
if (excludedCachesElement != null) {
Iterator excludedCaches = excludedCachesElement.getChildElements();
while (excludedCaches.hasNext()) {
cacheInvalidationConfiguration.addExcludedCaches(((OMElement) excludedCaches.next()).getText());
}
}
this.cacheInvalidationConfiguration = cacheInvalidationConfiguration;
}
use of org.wso2.securevault.SecretResolver in project wso2-axis2-transports by wso2.
the class JMSSender method init.
/**
* Initialize the transport sender by reading pre-defined connection factories for
* outgoing messages.
*
* @param cfgCtx the configuration context
* @param transportOut the transport sender definition from axis2.xml
* @throws AxisFault on error
*/
@Override
public void init(ConfigurationContext cfgCtx, TransportOutDescription transportOut) throws AxisFault {
super.init(cfgCtx, transportOut);
SecretResolver secretResolver = cfgCtx.getAxisConfiguration().getSecretResolver();
connFacManager = new JMSConnectionFactoryManager(transportOut, secretResolver);
log.info("JMS Transport Sender initialized...");
}
use of org.wso2.securevault.SecretResolver in project wso2-synapse by wso2.
the class RequestResponseUtils method setSslConfig.
public static ListenerConfiguration setSslConfig(TransportInDescription transportIn, ListenerConfiguration listenerConfiguration, BaseConfiguration sourceConfiguration) throws AxisFault {
List<org.wso2.transport.http.netty.contract.config.Parameter> serverParamList = new ArrayList<>();
listenerConfiguration.setScheme(BridgeConstants.PROTOCOL_HTTPS);
// evaluate keystore field
Parameter keyParam = transportIn.getParameter(BridgeConstants.KEY_STORE);
OMElement keyStoreEl = keyParam != null ? keyParam.getParameterElement() : null;
SecretResolver secretResolver = sourceConfiguration.getConfigurationContext().getAxisConfiguration().getSecretResolver();
populateKeyStoreConfigs(keyStoreEl, listenerConfiguration, secretResolver);
// evaluate truststore field
Parameter trustParam = transportIn.getParameter(BridgeConstants.TRUST_STORE);
OMElement trustStoreEl = trustParam != null ? trustParam.getParameterElement() : null;
populateTrustStoreConfigs(trustStoreEl, listenerConfiguration, secretResolver);
// evaluate SSLVerifyClient field
Parameter clientAuthParam = transportIn.getParameter(BridgeConstants.SSL_VERIFY_CLIENT);
OMElement clientAuthEl = clientAuthParam != null ? clientAuthParam.getParameterElement() : null;
final String s = clientAuthEl != null ? clientAuthEl.getText() : "";
listenerConfiguration.setVerifyClient(s);
// evaluate HttpsProtocols and SSLProtocol fields
Parameter httpsProtocolsParam = transportIn.getParameter(BridgeConstants.HTTPS_PROTOCOL);
OMElement httpsProtocolsEl = httpsProtocolsParam != null ? httpsProtocolsParam.getParameterElement() : null;
Parameter sslParameter = transportIn.getParameter(BridgeConstants.SSL_PROTOCOL);
String sslProtocol = sslParameter != null && sslParameter.getValue() != null ? sslParameter.getValue().toString() : BridgeConstants.TLS_PROTOCOL;
populateProtocolConfigs(httpsProtocolsEl, sslProtocol, listenerConfiguration, serverParamList);
// evaluate PreferredCiphers field
Parameter preferredCiphersParam = transportIn.getParameter(BridgeConstants.PREFERRED_CIPHERS);
OMElement preferredCiphersEl = preferredCiphersParam != null ? preferredCiphersParam.getParameterElement() : null;
populateCiphersConfigs(preferredCiphersEl, serverParamList);
// evaluate CertificateRevocationVerifier field
Parameter cvpParam = transportIn.getParameter(BridgeConstants.CLIENT_REVOCATION);
OMElement cvpEl = cvpParam != null ? cvpParam.getParameterElement() : null;
populateCertValidationConfigs(cvpEl, listenerConfiguration);
// evaluate common fields
Parameter sessionTimeoutParam = transportIn.getParameter(BridgeConstants.SSL_SESSION_TIMEOUT);
Parameter handshakeTimeoutParam = transportIn.getParameter(BridgeConstants.SSL_HANDSHAKE_TIMEOUT);
String sessionTimeoutEl = sessionTimeoutParam != null && sessionTimeoutParam.getValue() != null ? sessionTimeoutParam.getValue().toString() : null;
String handshakeTimeoutEl = handshakeTimeoutParam != null && handshakeTimeoutParam.getValue() != null ? handshakeTimeoutParam.getValue().toString() : null;
populateTimeoutConfigs(sessionTimeoutEl, handshakeTimeoutEl, listenerConfiguration);
if (!serverParamList.isEmpty()) {
listenerConfiguration.setParameters(serverParamList);
}
listenerConfiguration.setId(getListenerInterface(listenerConfiguration.getHost(), listenerConfiguration.getPort()));
return listenerConfiguration;
}
use of org.wso2.securevault.SecretResolver in project wso2-synapse by wso2.
the class ClientSSLConfigurationBuilder method parseSSL.
/**
* Parse SSL configuration from axis2.xml.
*
* @param targetConfiguration the configuration of the sender
* @param transportOut TransportOutDescription of the configuration
*/
public ClientSSLConfigurationBuilder parseSSL(TargetConfiguration targetConfiguration, TransportOutDescription transportOut) throws AxisFault {
SecretResolver secretResolver = targetConfiguration.getConfigurationContext().getAxisConfiguration().getSecretResolver();
// Populate KeyStore configs
Parameter keyParam = transportOut.getParameter(BridgeConstants.KEY_STORE);
populateKeyStoreConfigs(keyParam, secretResolver);
// Populate Truststore configs
Parameter trustParam = transportOut.getParameter(BridgeConstants.TRUST_STORE);
boolean novalidateCert = ParamUtils.getOptionalParamBoolean(transportOut, BridgeConstants.NO_VALIDATE_CERT, false);
if (isCertValidationDisabled(novalidateCert, trustParam)) {
if (LOG.isWarnEnabled()) {
LOG.warn("Server certificate validation (trust) has been disabled.");
}
disableCertValidation = true;
return this;
}
populateTrustStoreConfigs(trustParam, secretResolver, novalidateCert);
// Populate HttpsProtocols and SSLProtocol configs
Parameter httpsProtocolsParam = transportOut.getParameter(BridgeConstants.HTTPS_PROTOCOL);
Parameter sslProtocolParam = transportOut.getParameter(BridgeConstants.SSL_PROTOCOL);
populateProtocolConfigs(sslProtocolParam, httpsProtocolsParam);
// Populate certificate validation configs
Parameter cvp = transportOut.getParameter(BridgeConstants.CLIENT_REVOCATION);
populateCertValidationConfigs(cvp);
// Populate preferred ciphers configs
Parameter preferredCiphersParam = transportOut.getParameter(BridgeConstants.PREFERRED_CIPHERS);
populateCiphersConfigs(preferredCiphersParam);
// Populate session and handshake timeout configs
Parameter sessionTimeoutParam = transportOut.getParameter(BridgeConstants.SSL_SESSION_TIMEOUT);
Parameter handshakeTimeoutParam = transportOut.getParameter(BridgeConstants.SSL_HANDSHAKE_TIMEOUT);
populateTimeoutConfigs(sessionTimeoutParam, handshakeTimeoutParam);
// TODO: populateHostnameVerifierConfigs with Strict, AllowAll, etc.
Parameter hostnameVerifierParam = transportOut.getParameter(BridgeConstants.HOSTNAME_VERIFIER);
populateHostnameVerifierConfigs(hostnameVerifierParam);
return this;
}
use of org.wso2.securevault.SecretResolver in project wso2-synapse by wso2.
the class ServerConnFactoryBuilder method parseMultiProfileSSL.
public ServerConnFactoryBuilder parseMultiProfileSSL() throws AxisFault {
TransportInDescription loadedTransportIn = loadMultiProfileSSLConfig();
if (loadedTransportIn == null)
return this;
Parameter profileParam = transportIn.getParameter("SSLProfiles");
OMElement profilesEl = profileParam.getParameterElement();
SecretResolver secretResolver = SecretResolverFactory.create(profilesEl, true);
Iterator<?> profiles = profilesEl.getChildrenWithName(new QName("profile"));
while (profiles.hasNext()) {
OMElement profileEl = (OMElement) profiles.next();
OMElement bindAddressEl = profileEl.getFirstChildWithName(new QName("bindAddress"));
if (bindAddressEl == null) {
String msg = "SSL profile must define a bind address";
log.error(name + " " + msg);
throw new AxisFault(msg);
}
InetSocketAddress address = new InetSocketAddress(bindAddressEl.getText(), host.getPort());
OMElement keyStoreEl = profileEl.getFirstChildWithName(new QName("KeyStore"));
OMElement trustStoreEl = profileEl.getFirstChildWithName(new QName("TrustStore"));
OMElement clientAuthEl = profileEl.getFirstChildWithName(new QName("SSLVerifyClient"));
OMElement httpsProtocolsEl = profileEl.getFirstChildWithName(new QName("HttpsProtocols"));
OMElement preferredCiphersEl = profileEl.getFirstChildWithName(new QName(NhttpConstants.PREFERRED_CIPHERS));
final Parameter sslpParameter = transportIn.getParameter("SSLProtocol");
final String sslProtocol = sslpParameter != null ? sslpParameter.getValue().toString() : "TLS";
SSLContextDetails ssl = createSSLContext(keyStoreEl, trustStoreEl, clientAuthEl, httpsProtocolsEl, preferredCiphersEl, null, sslProtocol, secretResolver);
if (sslByIPMap == null) {
sslByIPMap = new HashMap<InetSocketAddress, SSLContextDetails>();
}
sslByIPMap.put(address, ssl);
}
return this;
}
Aggregations