Example 1 with IdentityKeyStoreInformation
use of org.wso2.securevault.definition.IdentityKeyStoreInformation in project wso2-synapse by wso2.
the class CryptoUtil method init.
/**
* Method to initialise crypto util. which will generate the required chiper etc.
*
* @param secureVaultProperties
* @throws org.apache.axis2.AxisFault
*/
public void init(Properties secureVaultProperties) throws AxisFault {
// Create a KeyStore Information for private key entry KeyStore
IdentityKeyStoreInformation identityInformation = KeyStoreInformationFactory.createIdentityKeyStoreInformation(secureVaultProperties);
String identityKeyPass = null;
String identityStorePass = null;
if (identityInformation != null) {
identityKeyPass = identityInformation.getKeyPasswordProvider().getResolvedSecret();
identityStorePass = identityInformation.getKeyStorePasswordProvider().getResolvedSecret();
}
if (!Util.validatePasswords(identityStorePass, identityKeyPass)) {
if (log.isDebugEnabled()) {
log.info("Either Identity or Trust keystore password is mandatory" + " in order to initialized secret manager.");
}
throw new AxisFault("Error inititialising cryptoutil, required parameters not provided");
}
IdentityKeyStoreWrapper identityKeyStoreWrapper = new IdentityKeyStoreWrapper();
identityKeyStoreWrapper.init(identityInformation, identityKeyPass);
algorithm = MiscellaneousUtil.getProperty(secureVaultProperties, CryptoConstants.CIPHER_ALGORITHM, CryptoConstants.CIPHER_ALGORITHM_DEFAULT);
String provider = MiscellaneousUtil.getProperty(secureVaultProperties, CryptoConstants.SECURITY_PROVIDER, null);
String cipherType = MiscellaneousUtil.getProperty(secureVaultProperties, CryptoConstants.CIPHER_TYPE, null);
String inTypeString = MiscellaneousUtil.getProperty(secureVaultProperties, CryptoConstants.INPUT_ENCODE_TYPE, null);
inType = Util.getEncodeDecodeType(inTypeString, EncodeDecodeTypes.BASE64);
String outTypeString = MiscellaneousUtil.getProperty(secureVaultProperties, CryptoConstants.OUTPUT_ENCODE_TYPE, null);
outType = Util.getEncodeDecodeType(outTypeString, null);
CipherInformation cipherInformation = new CipherInformation();
cipherInformation.setAlgorithm(algorithm);
cipherInformation.setCipherOperationMode(CipherOperationMode.DECRYPT);
cipherInformation.setType(cipherType);
// skipping decoding encoding in securevault
cipherInformation.setInType(null);
// skipping decoding encoding in securevault
cipherInformation.setOutType(null);
if (provider != null && !provider.isEmpty()) {
if (CryptoConstants.BOUNCY_CASTLE_PROVIDER.equals(provider)) {
Security.addProvider(new BouncyCastleProvider());
cipherInformation.setProvider(provider);
}
// todo need to add other providers if there are any.
}
baseCipher = CipherFactory.createCipher(cipherInformation, identityKeyStoreWrapper);
isInitialized = true;
}
Also used :
AxisFault(org.apache.axis2.AxisFault)
IdentityKeyStoreWrapper(org.wso2.securevault.keystore.IdentityKeyStoreWrapper)
IdentityKeyStoreInformation(org.wso2.securevault.definition.IdentityKeyStoreInformation)
CipherInformation(org.wso2.securevault.definition.CipherInformation)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Example 2 with IdentityKeyStoreInformation
use of org.wso2.securevault.definition.IdentityKeyStoreInformation in project wso2-synapse by wso2.
the class SynapseConfigUtils method getHttpsURLConnection.
/**
* Helper method to create a HttpSURLConnection with provided KeyStores
*
* @param url Https URL
* @param synapseProperties properties for extracting info
* @param proxy if there is a proxy
* @return gives out the connection created
*/
private static HttpsURLConnection getHttpsURLConnection(URL url, Properties synapseProperties, Proxy proxy) {
if (log.isDebugEnabled()) {
log.debug("Creating a HttpsURL Connection from given URL : " + url);
}
KeyManager[] keyManagers = null;
TrustManager[] trustManagers = null;
IdentityKeyStoreInformation identityInformation = KeyStoreInformationFactory.createIdentityKeyStoreInformation(synapseProperties);
if (identityInformation != null) {
KeyManagerFactory keyManagerFactory = identityInformation.getIdentityKeyManagerFactoryInstance();
if (keyManagerFactory != null) {
keyManagers = keyManagerFactory.getKeyManagers();
}
} else {
if (log.isDebugEnabled()) {
log.debug("There is no private key entry store configuration." + " Will use JDK's default one");
}
}
TrustKeyStoreInformation trustInformation = KeyStoreInformationFactory.createTrustKeyStoreInformation(synapseProperties);
if (trustInformation != null) {
TrustManagerFactory trustManagerFactory = trustInformation.getTrustManagerFactoryInstance();
if (trustManagerFactory != null) {
trustManagers = trustManagerFactory.getTrustManagers();
}
} else {
if (log.isDebugEnabled()) {
log.debug("There is no trusted certificate store configuration." + " Will use JDK's default one");
}
}
try {
HttpsURLConnection connection;
if (proxy != null) {
connection = (HttpsURLConnection) url.openConnection(proxy);
} else {
connection = (HttpsURLConnection) url.openConnection();
}
// Create a SSLContext
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);
connection.setSSLSocketFactory(sslContext.getSocketFactory());
if (trustInformation != null) {
// Determine is it need to overwrite default Host Name verifier
boolean enableHostnameVerifier = true;
String value = trustInformation.getParameter(KeyStoreInformation.ENABLE_HOST_NAME_VERIFIER);
if (value != null) {
enableHostnameVerifier = Boolean.parseBoolean(value);
}
if (!enableHostnameVerifier) {
if (log.isDebugEnabled()) {
log.debug("Overriding default HostName Verifier." + "HostName verification disabled");
}
connection.setHostnameVerifier(new javax.net.ssl.HostnameVerifier() {
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
if (log.isTraceEnabled()) {
log.trace("HostName verification disabled");
log.trace("Host: " + hostname);
log.trace("Peer Host: " + session.getPeerHost());
}
return true;
}
});
} else {
if (log.isDebugEnabled()) {
log.debug("Using default HostName verifier...");
}
}
}
return connection;
} catch (NoSuchAlgorithmException e) {
handleException("Error loading SSLContext ", e);
} catch (KeyManagementException e) {
handleException("Error initiation SSLContext with KeyManagers", e);
} catch (IOException e) {
handleException("Error opening a https connection from URL : " + url, e);
}
return null;
}
Also used :
TrustKeyStoreInformation(org.wso2.securevault.definition.TrustKeyStoreInformation)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
TrustManager(javax.net.ssl.TrustManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
SSLSession(javax.net.ssl.SSLSession)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
IdentityKeyStoreInformation(org.wso2.securevault.definition.IdentityKeyStoreInformation)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
KeyManager(javax.net.ssl.KeyManager)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
Aggregations
IdentityKeyStoreInformation (org.wso2.securevault.definition.IdentityKeyStoreInformation)2
IOException (java.io.IOException)1
KeyManagementException (java.security.KeyManagementException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
HostnameVerifier (javax.net.ssl.HostnameVerifier)1
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)1
KeyManager (javax.net.ssl.KeyManager)1
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)1
SSLContext (javax.net.ssl.SSLContext)1
SSLSession (javax.net.ssl.SSLSession)1
TrustManager (javax.net.ssl.TrustManager)1
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)1
AxisFault (org.apache.axis2.AxisFault)1
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)1
CipherInformation (org.wso2.securevault.definition.CipherInformation)1
TrustKeyStoreInformation (org.wso2.securevault.definition.TrustKeyStoreInformation)1
IdentityKeyStoreWrapper (org.wso2.securevault.keystore.IdentityKeyStoreWrapper)1
