Examples with TrustKeyStoreInformation - org.wso2.securevault.definition.TrustKeyStoreInformation

Example 1 with TrustKeyStoreInformation

use of org.wso2.securevault.definition.TrustKeyStoreInformation in project wso2-synapse by wso2.

the class SynapseConfigUtils method getHttpsURLConnection.

/**
 * Helper method to create a HttpSURLConnection with provided KeyStores
 *
 * @param url Https URL
 * @param synapseProperties properties for extracting info
 * @param proxy if there is a proxy
 * @return gives out the connection created
 */
private static HttpsURLConnection getHttpsURLConnection(URL url, Properties synapseProperties, Proxy proxy) {
    if (log.isDebugEnabled()) {
        log.debug("Creating a HttpsURL Connection from given URL : " + url);
    }
    KeyManager[] keyManagers = null;
    TrustManager[] trustManagers = null;
    IdentityKeyStoreInformation identityInformation = KeyStoreInformationFactory.createIdentityKeyStoreInformation(synapseProperties);
    if (identityInformation != null) {
        KeyManagerFactory keyManagerFactory = identityInformation.getIdentityKeyManagerFactoryInstance();
        if (keyManagerFactory != null) {
            keyManagers = keyManagerFactory.getKeyManagers();
        }
    } else {
        if (log.isDebugEnabled()) {
            log.debug("There is no private key entry store configuration." + " Will use JDK's default one");
        }
    }
    TrustKeyStoreInformation trustInformation = KeyStoreInformationFactory.createTrustKeyStoreInformation(synapseProperties);
    if (trustInformation != null) {
        TrustManagerFactory trustManagerFactory = trustInformation.getTrustManagerFactoryInstance();
        if (trustManagerFactory != null) {
            trustManagers = trustManagerFactory.getTrustManagers();
        }
    } else {
        if (log.isDebugEnabled()) {
            log.debug("There is no trusted certificate store configuration." + " Will use JDK's default one");
        }
    }
    try {
        HttpsURLConnection connection;
        if (proxy != null) {
            connection = (HttpsURLConnection) url.openConnection(proxy);
        } else {
            connection = (HttpsURLConnection) url.openConnection();
        }
        // Create a SSLContext
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(keyManagers, trustManagers, null);
        connection.setSSLSocketFactory(sslContext.getSocketFactory());
        if (trustInformation != null) {
            // Determine is it need to overwrite default Host Name verifier
            boolean enableHostnameVerifier = true;
            String value = trustInformation.getParameter(KeyStoreInformation.ENABLE_HOST_NAME_VERIFIER);
            if (value != null) {
                enableHostnameVerifier = Boolean.parseBoolean(value);
            }
            if (!enableHostnameVerifier) {
                if (log.isDebugEnabled()) {
                    log.debug("Overriding default HostName Verifier." + "HostName verification disabled");
                }
                connection.setHostnameVerifier(new javax.net.ssl.HostnameVerifier() {

                    public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
                        if (log.isTraceEnabled()) {
                            log.trace("HostName verification disabled");
                            log.trace("Host:   " + hostname);
                            log.trace("Peer Host:  " + session.getPeerHost());
                        }
                        return true;
                    }
                });
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Using default HostName verifier...");
                }
            }
        }
        return connection;
    } catch (NoSuchAlgorithmException e) {
        handleException("Error loading SSLContext ", e);
    } catch (KeyManagementException e) {
        handleException("Error initiation SSLContext with KeyManagers", e);
    } catch (IOException e) {
        handleException("Error opening a https connection from URL : " + url, e);
    }
    return null;
}

Also used : TrustKeyStoreInformation(org.wso2.securevault.definition.TrustKeyStoreInformation) SSLContext(javax.net.ssl.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) TrustManager(javax.net.ssl.TrustManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) SSLSession(javax.net.ssl.SSLSession) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) IdentityKeyStoreInformation(org.wso2.securevault.definition.IdentityKeyStoreInformation) HostnameVerifier(javax.net.ssl.HostnameVerifier) KeyManager(javax.net.ssl.KeyManager) HttpsURLConnection(javax.net.ssl.HttpsURLConnection)

Aggregations

IOException (java.io.IOException)1 KeyManagementException (java.security.KeyManagementException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 HostnameVerifier (javax.net.ssl.HostnameVerifier)1 HttpsURLConnection (javax.net.ssl.HttpsURLConnection)1 KeyManager (javax.net.ssl.KeyManager)1 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)1 SSLContext (javax.net.ssl.SSLContext)1 SSLSession (javax.net.ssl.SSLSession)1 TrustManager (javax.net.ssl.TrustManager)1 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)1 IdentityKeyStoreInformation (org.wso2.securevault.definition.IdentityKeyStoreInformation)1 TrustKeyStoreInformation (org.wso2.securevault.definition.TrustKeyStoreInformation)1