org.apache.cxf.configuration.jsse.TLSClientParameters Java Examples
The following examples show how to use
org.apache.cxf.configuration.jsse.TLSClientParameters.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RestUtil.java From peer-os with Apache License 2.0 | 7 votes |
public static WebClient createTrustedWebClient( String url ) { WebClient client = WebClient.create( url ); HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit(); HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); httpClientPolicy.setConnectionTimeout( defaultConnectionTimeout ); httpClientPolicy.setReceiveTimeout( defaultReceiveTimeout ); httpClientPolicy.setMaxRetransmits( defaultMaxRetransmits ); httpConduit.setClient( httpClientPolicy ); SSLManager sslManager = new SSLManager( null, null, null, null ); TLSClientParameters tlsClientParameters = new TLSClientParameters(); tlsClientParameters.setDisableCNCheck( true ); tlsClientParameters.setTrustManagers( sslManager.getClientFullTrustManagers() ); httpConduit.setTlsClientParameters( tlsClientParameters ); return client; }
Example #2
Source File: HTTPConduitURLConnectionTest.java From cxf with Apache License 2.0 | 6 votes |
private Object doTestTLSServerParameters() throws Exception { Bus bus = new ExtensionManagerBus(); EndpointInfo ei = new EndpointInfo(); ei.setAddress("https://secure.nowhere.null/" + "bar/foo"); HTTPConduit conduit = new URLConnectionHTTPConduit(bus, ei, null); conduit.finalizeConfig(); Message message = getNewMessage(); // We need an SSL policy, or we can't use "https". conduit.setTlsClientParameters(new TLSClientParameters()); // Test call conduit.prepare(message); return message.get("http.connection"); }
Example #3
Source File: HTTPConduit.java From cxf with Apache License 2.0 | 6 votes |
/** * This method sets the TLS Client Parameters for this HTTPConduit. * Using this method overrides any TLS Client Parameters that is configured * for this HTTPConduit. */ public void setTlsClientParameters(TLSClientParameters params) { this.tlsClientParameters = params; if (this.tlsClientParameters != null) { if (LOG.isLoggable(Level.FINE)) { LOG.log(Level.FINE, "Conduit '" + getConduitName() + "' has been (re) configured for TLS " + "keyManagers " + Arrays.toString(tlsClientParameters.getKeyManagers()) + "trustManagers " + Arrays.toString(tlsClientParameters.getTrustManagers()) + "secureRandom " + tlsClientParameters.getSecureRandom()); } CertificateConstraintsType constraints = params.getCertConstraints(); if (constraints != null) { certConstraints = CertConstraintsJaxBUtils.createCertConstraints(constraints); } } else { if (LOG.isLoggable(Level.FINE)) { LOG.log(Level.FINE, "Conduit '" + getConduitName() + "' has been (re)configured for plain http."); } } }
Example #4
Source File: HttpsURLConnectionFactoryTest.java From cxf with Apache License 2.0 | 6 votes |
@Test public void noExplicitKeystoreNoCertAlias() throws Exception { clearDefaults(); System.clearProperty("javax.net.ssl.keyStore"); System.clearProperty("javax.net.ssl.keyStorePassword"); HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory(); Assert.assertNull(factory.socketFactory); TLSClientParameters tlsClientParams = new TLSClientParameters(); tlsClientParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false); HttpsURLConnection conn = EasyMock.createMock(HttpsURLConnection.class); try { factory.decorateWithTLS(tlsClientParams, conn); } catch (NullPointerException e) { Assert.fail("should not fail with NullPointerException"); } }
Example #5
Source File: HttpsURLConnectionFactoryTest.java From cxf with Apache License 2.0 | 6 votes |
@Test public void noExplicitKeystoreWithCertAlias() throws Exception { clearDefaults(); System.clearProperty("javax.net.ssl.keyStore"); System.clearProperty("javax.net.ssl.keyStorePassword"); HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory(); Assert.assertNull(factory.socketFactory); TLSClientParameters tlsClientParams = new TLSClientParameters(); tlsClientParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false); tlsClientParams.setCertAlias("someAlias"); HttpsURLConnection conn = EasyMock.createMock(HttpsURLConnection.class); try { factory.decorateWithTLS(tlsClientParams, conn); } catch (NullPointerException e) { Assert.fail("should not fail with NullPointerException"); } }
Example #6
Source File: HttpsURLConnectionFactoryTest.java From cxf with Apache License 2.0 | 6 votes |
@Test public void defaultKeystoreNoCertAlias() throws Exception { clearDefaults(); String keystorePath = getClass().getResource("resources/defaultkeystore2").getPath(); System.setProperty("javax.net.ssl.keyStore", keystorePath); System.setProperty("javax.net.ssl.keyStorePassword", "123456"); HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory(); Assert.assertNull(factory.socketFactory); TLSClientParameters tlsClientParams = new TLSClientParameters(); tlsClientParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false); HttpsURLConnection conn = EasyMock.createMock(HttpsURLConnection.class); try { factory.decorateWithTLS(tlsClientParams, conn); } catch (NullPointerException e) { Assert.fail("should not fail with NullPointerException"); } }
Example #7
Source File: ClientNonSpring.java From cxf with Apache License 2.0 | 6 votes |
private static void setupTLS(Greeter port) throws IOException, GeneralSecurityException { final TLSClientParameters tlsCP = new TLSClientParameters(); tlsCP.setDisableCNCheck(true); final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); try (InputStream is = new FileInputStream("src/main/config/clientKeystore.jks")) { keyStore.load(is, "cspass".toCharArray()); } KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, "ckpass".toCharArray()); tlsCP.setKeyManagers(kmf.getKeyManagers()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keyStore); tlsCP.setTrustManagers(tmf.getTrustManagers()); ((HTTPConduit) ClientProxy.getClient(port).getConduit()).setTlsClientParameters(tlsCP); }
Example #8
Source File: HttpsURLConnectionFactoryTest.java From cxf with Apache License 2.0 | 6 votes |
@Test public void defaultKeystoreWithCertAlias() throws Exception { clearDefaults(); String keystorePath = getClass().getResource("resources/defaultkeystore2").getPath(); System.setProperty("javax.net.ssl.keyStore", keystorePath); System.setProperty("javax.net.ssl.keyStorePassword", "123456"); HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory(); Assert.assertNull(factory.socketFactory); TLSClientParameters tlsClientParams = new TLSClientParameters(); tlsClientParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false); tlsClientParams.setCertAlias("someAlias"); HttpsURLConnection conn = EasyMock.createMock(HttpsURLConnection.class); try { factory.decorateWithTLS(tlsClientParams, conn); } catch (NullPointerException e) { Assert.fail("should not fail with NullPointerException"); } }
Example #9
Source File: HttpConduitConfigurationTest.java From cxf with Apache License 2.0 | 6 votes |
private void verifyConduit(HTTPConduit conduit) { AuthorizationPolicy authp = conduit.getAuthorization(); assertNotNull(authp); assertEquals("Betty", authp.getUserName()); assertEquals("password", authp.getPassword()); TLSClientParameters tlscps = conduit.getTlsClientParameters(); assertNotNull(tlscps); assertTrue(tlscps.isDisableCNCheck()); assertEquals(3600000, tlscps.getSslCacheTimeout()); KeyManager[] kms = tlscps.getKeyManagers(); assertTrue(kms != null && kms.length == 1); assertTrue(kms[0] instanceof X509KeyManager); TrustManager[] tms = tlscps.getTrustManagers(); assertTrue(tms != null && tms.length == 1); assertTrue(tms[0] instanceof X509TrustManager); FiltersType csfs = tlscps.getCipherSuitesFilter(); assertNotNull(csfs); assertEquals(1, csfs.getInclude().size()); assertEquals(1, csfs.getExclude().size()); HTTPClientPolicy clientPolicy = conduit.getClient(); assertEquals(10240, clientPolicy.getChunkLength()); }
Example #10
Source File: BatchResponse.java From syncope with Apache License 2.0 | 6 votes |
/** * If asynchronous processing was requested, queries the monitor URI. * * @param monitor monitor URI * @param jwt authorization JWT * @param boundary mutipart / mixed boundary * @param tlsClientParameters (optional) TLS client parameters * * @return the last Response received from the Batch service */ public static Response poll( final URI monitor, final String jwt, final String boundary, final TLSClientParameters tlsClientParameters) { WebClient webClient = WebClient.create(monitor). header(HttpHeaders.AUTHORIZATION, "Bearer " + jwt). type(RESTHeaders.multipartMixedWith(boundary.substring(2))); if (tlsClientParameters != null) { ClientConfiguration config = WebClient.getConfig(webClient); HTTPConduit httpConduit = (HTTPConduit) config.getConduit(); httpConduit.setTlsClientParameters(tlsClientParameters); } return webClient.get(); }
Example #11
Source File: SyncopeClient.java From syncope with Apache License 2.0 | 6 votes |
public SyncopeClient( final MediaType mediaType, final JAXRSClientFactoryBean restClientFactory, final RestClientExceptionMapper exceptionMapper, final AuthenticationHandler handler, final boolean useCompression, final TLSClientParameters tlsClientParameters) { this.mediaType = mediaType; this.restClientFactory = restClientFactory; if (this.restClientFactory.getHeaders() == null) { this.restClientFactory.setHeaders(new HashMap<>()); } this.exceptionMapper = exceptionMapper; this.tlsClientParameters = tlsClientParameters; init(handler); this.useCompression = useCompression; }
Example #12
Source File: SSLNettyServerTest.java From cxf with Apache License 2.0 | 6 votes |
private static void setupTLS(Greeter port) throws FileNotFoundException, IOException, GeneralSecurityException { String keyStoreLoc = "/keys/clientstore.jks"; HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit(); TLSClientParameters tlsCP = new TLSClientParameters(); String keyPassword = "ckpass"; KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(SSLNettyServerTest.class.getResourceAsStream(keyStoreLoc), "cspass".toCharArray()); KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword); tlsCP.setKeyManagers(myKeyManagers); KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(SSLNettyServerTest.class.getResourceAsStream(keyStoreLoc), "cspass".toCharArray()); TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore); tlsCP.setTrustManagers(myTrustStoreKeyManagers); tlsCP.setDisableCNCheck(true); httpConduit.setTlsClientParameters(tlsCP); }
Example #13
Source File: SSLNettyClientTest.java From cxf with Apache License 2.0 | 6 votes |
private static void setupTLS(Greeter port) throws FileNotFoundException, IOException, GeneralSecurityException { String keyStoreLoc = "/keys/clientstore.jks"; NettyHttpConduit httpConduit = (NettyHttpConduit) ClientProxy.getClient(port).getConduit(); TLSClientParameters tlsCP = new TLSClientParameters(); String keyPassword = "ckpass"; KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(SSLNettyClientTest.class.getResourceAsStream(keyStoreLoc), "cspass".toCharArray()); KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword); tlsCP.setKeyManagers(myKeyManagers); KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(SSLNettyClientTest.class.getResourceAsStream(keyStoreLoc), "cspass".toCharArray()); TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore); tlsCP.setTrustManagers(myTrustStoreKeyManagers); tlsCP.setDisableCNCheck(true); httpConduit.setTlsClientParameters(tlsCP); }
Example #14
Source File: TLSClientParametersUtils.java From cxf with Apache License 2.0 | 6 votes |
public static TLSClientParameters getTLSClientParameters() throws GeneralSecurityException, IOException { final TLSClientParameters tlsCP = new TLSClientParameters(); tlsCP.setDisableCNCheck(true); final KeyStore keyStore; try (InputStream is = ClassLoaderUtils.getResourceAsStream(CLIENTSTORE, TLSClientParametersUtils.class)) { keyStore = CryptoUtils.loadKeyStore(is, KEYSTORE_PASS.toCharArray(), null); } KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, KEY_PASS.toCharArray()); tlsCP.setKeyManagers(kmf.getKeyManagers()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keyStore); tlsCP.setTrustManagers(tmf.getTrustManagers()); return tlsCP; }
Example #15
Source File: JAXRS20HttpsBookTest.java From cxf with Apache License 2.0 | 6 votes |
private SSLContext createSSLContext() throws Exception { TLSClientParameters tlsParams = new TLSClientParameters(); try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", this.getClass())) { KeyStore trustStore = loadStore(keystore, "password"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); tlsParams.setTrustManagers(tmf.getTrustManagers()); } try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Morpit.jks", this.getClass())) { KeyStore keyStore = loadStore(keystore, "password"); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, "password".toCharArray()); tlsParams.setKeyManagers(kmf.getKeyManagers()); } return SSLUtils.getSSLContext(tlsParams); }
Example #16
Source File: RestUtil.java From peer-os with Apache License 2.0 | 6 votes |
public static WebClient createTrustedWebClient( String url, Object provider ) { WebClient client = WebClient.create( url, Arrays.asList( provider ) ); HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit(); HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); httpClientPolicy.setConnectionTimeout( defaultConnectionTimeout ); httpClientPolicy.setReceiveTimeout( defaultReceiveTimeout ); httpClientPolicy.setMaxRetransmits( defaultMaxRetransmits ); httpConduit.setClient( httpClientPolicy ); SSLManager sslManager = new SSLManager( null, null, null, null ); TLSClientParameters tlsClientParameters = new TLSClientParameters(); tlsClientParameters.setDisableCNCheck( true ); tlsClientParameters.setTrustManagers( sslManager.getClientFullTrustManagers() ); httpConduit.setTlsClientParameters( tlsClientParameters ); return client; }
Example #17
Source File: AbstractSTSTest.java From cxf-fediz with Apache License 2.0 | 6 votes |
protected TLSClientParameters initTLSClientParameters(Properties testProps, boolean initKeystore) throws URISyntaxException, GeneralSecurityException, IOException { TLSClientParameters tlsClientParameters = new TLSClientParameters(); String truststore = testProps.getProperty(PROPERTY_TRUSTSTORE); String tuststorePw = testProps.getProperty(PROPERTY_TRUSTSTORE_PW); Assert.assertNotNull("Property '" + PROPERTY_TRUSTSTORE + "' null", truststore); Assert.assertNotNull("Property '" + PROPERTY_TRUSTSTORE_PW + "' null", tuststorePw); String keystoreFile = testProps.getProperty(PROPERTY_KEYSTORE); if (initKeystore && keystoreFile != null) { String keystorePassword = testProps.getProperty(PROPERTY_KEYSTORE_PW); String keyPassword = testProps.getProperty(PROPERTY_KEYSTORE_KEY_PW); Assert.assertNotNull("Property '" + PROPERTY_KEYSTORE + "' null", keystoreFile); Assert.assertNotNull("Property '" + PROPERTY_KEYSTORE_PW + "' null", keystorePassword); Assert.assertNotNull("Property '" + PROPERTY_KEYSTORE_KEY_PW + "' null", keyPassword); Utils.initTLSClientParameters(tlsClientParameters, keystoreFile, keystorePassword, keyPassword, truststore, tuststorePw); } else { Utils.initTLSClientParameters(tlsClientParameters, null, null, null, truststore, tuststorePw); } return tlsClientParameters; }
Example #18
Source File: SSLUtils.java From cxf with Apache License 2.0 | 5 votes |
public static SSLContext getSSLContext(TLSParameterBase parameters) throws GeneralSecurityException { // TODO do we need to cache the context String provider = parameters.getJsseProvider(); String protocol = parameters.getSecureSocketProtocol() != null ? parameters .getSecureSocketProtocol() : "TLS"; SSLContext ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext .getInstance(protocol, provider); KeyManager[] keyManagers = parameters.getKeyManagers(); if (keyManagers == null && parameters instanceof TLSClientParameters) { keyManagers = org.apache.cxf.configuration.jsse.SSLUtils.getDefaultKeyStoreManagers(LOG); } KeyManager[] configuredKeyManagers = configureKeyManagersWithCertAlias(parameters, keyManagers); TrustManager[] trustManagers = parameters.getTrustManagers(); if (trustManagers == null && parameters instanceof TLSClientParameters) { trustManagers = org.apache.cxf.configuration.jsse.SSLUtils.getDefaultTrustStoreManagers(LOG); } ctx.init(configuredKeyManagers, trustManagers, parameters.getSecureRandom()); if (parameters instanceof TLSClientParameters && ctx.getClientSessionContext() != null) { ctx.getClientSessionContext().setSessionTimeout(((TLSClientParameters)parameters).getSslCacheTimeout()); } return ctx; }
Example #19
Source File: SSLUtils.java From cxf with Apache License 2.0 | 5 votes |
public static HostnameVerifier getHostnameVerifier(TLSClientParameters tlsClientParameters) { HostnameVerifier verifier; if (tlsClientParameters.getHostnameVerifier() != null) { verifier = tlsClientParameters.getHostnameVerifier(); } else if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) { verifier = HttpsURLConnection.getDefaultHostnameVerifier(); } else if (tlsClientParameters.isDisableCNCheck()) { verifier = new AllowAllHostnameVerifier(); } else { verifier = new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault()); } return verifier; }
Example #20
Source File: BatchRequest.java From syncope with Apache License 2.0 | 5 votes |
public BatchRequest( final MediaType mediaType, final String address, final List<?> providers, final String jwt, final TLSClientParameters tlsClientParameters) { this.mediaType = mediaType; this.jwt = jwt; this.address = address; this.providers = providers; this.tlsClientParameters = tlsClientParameters; initBatchClientFactoryBean(); }
Example #21
Source File: MicroProfileClientFactoryBean.java From cxf with Apache License 2.0 | 5 votes |
@Override protected void initClient(AbstractClient client, Endpoint ep, boolean addHeaders) { super.initClient(client, ep, addHeaders); TLSClientParameters tlsParams = secConfig.getTlsClientParams(); if (tlsParams.getSSLSocketFactory() != null || tlsParams.getTrustManagers() != null || tlsParams.getHostnameVerifier() != null) { client.getConfiguration().getHttpConduit().setTlsClientParameters(tlsParams); } if (PropertyUtils.isTrue(configuration.getProperty(ClientProperties.HTTP_AUTOREDIRECT_PROP))) { client.getConfiguration().getHttpConduit().getClient().setAutoRedirect(true); } String proxyHost = (String) configuration.getProperty(ClientProperties.HTTP_PROXY_SERVER_PROP); if (proxyHost != null) { client.getConfiguration().getHttpConduit().getClient().setProxyServer(proxyHost); int proxyPort = (int) configuration.getProperty(ClientProperties.HTTP_PROXY_SERVER_PORT_PROP); client.getConfiguration().getHttpConduit().getClient().setProxyServerPort(proxyPort); } MicroProfileClientProviderFactory factory = MicroProfileClientProviderFactory.createInstance(getBus(), comparator); factory.setUserProviders(registeredProviders); ep.put(MicroProfileClientProviderFactory.CLIENT_FACTORY_NAME, factory); }
Example #22
Source File: HTTPSConduitTest.java From cxf with Apache License 2.0 | 5 votes |
private void verifyBethalClient(Greeter bethal) { Client client = ClientProxy.getClient(bethal); HTTPConduit http = (HTTPConduit) client.getConduit(); HTTPClientPolicy httpClientPolicy = http.getClient(); assertTrue("the httpClientPolicy's autoRedirect should be true", httpClientPolicy.isAutoRedirect()); TLSClientParameters tlsParameters = http.getTlsClientParameters(); assertNotNull("the http conduit's tlsParameters should not be null", tlsParameters); // If we set any name, but Edward, Mary, or George, // and a password of "password" we will get through // Bethal. AuthorizationPolicy authPolicy = http.getAuthorization(); assertEquals("Set the wrong user name from the configuration", "Betty", authPolicy.getUserName()); assertEquals("Set the wrong pass word form the configuration", "password", authPolicy.getPassword()); configureProxy(ClientProxy.getClient(bethal)); String answer = bethal.sayHi(); answer = bethal.sayHi(); answer = bethal.sayHi(); answer = bethal.sayHi(); answer = bethal.sayHi(); assertTrue("Unexpected answer: " + answer, "Bonjour from Bethal".equals(answer)); //With HTTPS, it will just be a CONNECT to the proxy and all the //data is encrypted. Thus, the proxy cannot distinquish the requests assertProxyRequestCount(0); }
Example #23
Source File: CalculatorTest.java From tomee with Apache License 2.0 | 5 votes |
public static void setupTLS(final Object port) throws GeneralSecurityException, IOException { final HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit(); final TLSClientParameters tlsCP = new TLSClientParameters(); final String storePassword = "keystorePass"; final String keyPassword = "clientPassword"; final KeyStore keyStore = KeyStore.getInstance("jks"); final String keyStoreLoc = "META-INF/clientStore.jks"; keyStore.load(Thread.currentThread().getContextClassLoader().getResourceAsStream(keyStoreLoc), storePassword.toCharArray()); // set the key managers from the Java KeyStore we just loaded final KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword); tlsCP.setKeyManagers(myKeyManagers); tlsCP.setCertAlias("clientalias"); // in case there is multiple certs in the keystore, make sure we pick the one we want // Create a trust manager that does not validate certificate chains // this should not be done in production. It's recommended to create a cacerts with the certificate chain or // to rely on a well known CA such as Verisign which is already available in the JVM TrustManager[] trustAllCerts = getTrustManagers(); tlsCP.setTrustManagers(trustAllCerts); // don't check the host name of the certificate to match the server (running locally) // this should not be done on a real production system tlsCP.setHostnameVerifier((s, sslSession) -> true); httpConduit.setTlsClientParameters(tlsCP); }
Example #24
Source File: HttpConduitConfigApplier.java From cxf with Apache License 2.0 | 5 votes |
private void parseCertConstaints(TLSClientParameters p, String k, String v) { k = k.substring("certConstraints.".length()); CertificateConstraintsType cct = p.getCertConstraints(); if (cct == null) { cct = new CertificateConstraintsType(); p.setCertConstraints(cct); } DNConstraintsType dnct = null; if (k.startsWith("SubjectDNConstraints.")) { dnct = cct.getSubjectDNConstraints(); if (dnct == null) { dnct = new DNConstraintsType(); cct.setSubjectDNConstraints(dnct); } k = k.substring("SubjectDNConstraints.".length()); } else if (k.startsWith("IssuerDNConstraints.")) { dnct = cct.getIssuerDNConstraints(); if (dnct == null) { dnct = new DNConstraintsType(); cct.setIssuerDNConstraints(dnct); } k = k.substring("IssuerDNConstraints.".length()); } if (dnct != null) { if ("combinator".equals(k)) { dnct.setCombinator(CombinatorType.fromValue(v)); } else if ("RegularExpression".equals(k)) { dnct.getRegularExpression().add(k); } } }
Example #25
Source File: HTTPConduit.java From cxf with Apache License 2.0 | 5 votes |
private static void configureConduitFromEndpointInfo(HTTPConduit conduit, EndpointInfo endpointInfo) { if (conduit.getClient() == null) { conduit.setClient(endpointInfo.getTraversedExtensor( new HTTPClientPolicy(), HTTPClientPolicy.class)); } if (conduit.getAuthorization() == null) { conduit.setAuthorization(endpointInfo.getTraversedExtensor( new AuthorizationPolicy(), AuthorizationPolicy.class)); } if (conduit.getProxyAuthorization() == null) { conduit.setProxyAuthorization(endpointInfo.getTraversedExtensor( new ProxyAuthorizationPolicy(), ProxyAuthorizationPolicy.class)); } if (conduit.getTlsClientParameters() == null) { conduit.setTlsClientParameters(endpointInfo.getTraversedExtensor( null, TLSClientParameters.class)); } if (conduit.getTrustDecider() == null) { conduit.setTrustDecider(endpointInfo.getTraversedExtensor(null, MessageTrustDecider.class)); } if (conduit.getAuthSupplier() == null) { conduit.setAuthSupplier(endpointInfo.getTraversedExtensor(null, HttpAuthSupplier.class)); } }
Example #26
Source File: URLConnectionHTTPConduit.java From cxf with Apache License 2.0 | 5 votes |
private HttpURLConnection createConnection(Message message, Address address, HTTPClientPolicy csPolicy) throws IOException { URL url = address.getURL(); URI uri = address.getURI(); Proxy proxy = proxyFactory.createProxy(csPolicy, uri); message.put("http.scheme", uri.getScheme()); // check tlsClientParameters from message header TLSClientParameters clientParameters = message.get(TLSClientParameters.class); if (clientParameters == null) { clientParameters = tlsClientParameters; } return connectionFactory.createConnection(clientParameters, proxy != null ? proxy : address.getDefaultProxy(), url); }
Example #27
Source File: AbstractSTSTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
protected SecurityToken requestSecurityTokenUsernamePassword(String username, String password, String tokenType, String keyType, String realm, Bus bus, TLSClientParameters tlsClientParameters, String baseEndpointUrl) throws Exception { STSClient stsClient = new STSClient(bus); String endpointUrl = baseEndpointUrl + realm + "/STSServiceTransportUT"; stsClient.setWsdlLocation(endpointUrl + "?wsdl"); stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"); stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}TransportUT_Port"); // insert TLS config for STS Client HTTPConduit http = (HTTPConduit)stsClient.getClient().getConduit(); http.setTlsClientParameters(tlsClientParameters); TLSClientParameters tlsParameters = http.getTlsClientParameters(); Assert.assertNotNull("the http conduit's tlsParameters should not be null", tlsParameters); Map<String, Object> properties = new HashMap<>(); properties.put(SecurityConstants.USERNAME, username); properties.put(SecurityConstants.PASSWORD, password); properties.put(SecurityConstants.IS_BSP_COMPLIANT, "false"); stsClient.setProperties(properties); stsClient.setTokenType(tokenType); stsClient.setKeyType(keyType); return stsClient.requestSecurityToken(endpointUrl); }
Example #28
Source File: AbstractSTSTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
protected SecurityToken requestSecurityTokenOnbehalfOf(String tokenType, String keyType, String realm, String appliesTo, List<String> claims, Element supportingToken, Bus bus, TLSClientParameters tlsClientParameters, String baseEndpointUrl) throws Exception { STSClient stsClient = new STSClient(bus); String endpointUrl = baseEndpointUrl + realm + "/STSServiceTransport"; stsClient.setWsdlLocation(endpointUrl + "?wsdl"); stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"); stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"); // insert TLS config for STS Client HTTPConduit http = (HTTPConduit)stsClient.getClient().getConduit(); http.setTlsClientParameters(tlsClientParameters); TLSClientParameters tlsParameters = http.getTlsClientParameters(); Assert.assertNotNull("the http conduit's tlsParameters should not be null", tlsParameters); Map<String, Object> properties = new HashMap<>(); properties.put(SecurityConstants.IS_BSP_COMPLIANT, "false"); Assert.assertNotNull("supportingToken must not be null", supportingToken); stsClient.setOnBehalfOf(supportingToken); stsClient.setProperties(properties); stsClient.setTokenType(tokenType); stsClient.setKeyType(keyType); if (claims != null) { stsClient.setClaims(createClaimsElement(claims)); } if (appliesTo == null) { return stsClient.requestSecurityToken(); } else { stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing"); return stsClient.requestSecurityToken(appliesTo); } }
Example #29
Source File: Utils.java From cxf-fediz with Apache License 2.0 | 5 votes |
public static void initTLSClientParameters(TLSClientParameters tlsClientParameters, String keystoreFile, String keystorePassword, String keyPassword, String truststoreFile, String trustPassword) throws URISyntaxException, GeneralSecurityException, IOException { tlsClientParameters.setDisableCNCheck(true); // System.setProperty("javax.net.debug", "all"); if (keystoreFile != null && keystoreFile.length() > 0) { String keystore = new File(Thread.currentThread().getContextClassLoader() .getResource(keystoreFile).toURI()).getAbsolutePath(); KeyManager[] kmgrs = getKeyManagers(getKeyStore("JKS", keystore, keystorePassword), keyPassword); tlsClientParameters.setKeyManagers(kmgrs); } String truststore = new File(Thread.currentThread().getContextClassLoader() .getResource(truststoreFile).toURI()).getAbsolutePath(); TrustManager[] tmgrs = getTrustManagers(getKeyStore("JKS", truststore, trustPassword)); tlsClientParameters.setTrustManagers(tmgrs); FiltersType filters = new FiltersType(); filters.getInclude().add(".*_EXPORT_.*"); filters.getInclude().add(".*_EXPORT1024_.*"); filters.getInclude().add(".*_WITH_DES_.*"); filters.getInclude().add(".*_WITH_AES_.*"); filters.getInclude().add(".*_WITH_NULL_.*"); filters.getInclude().add(".*_DH_anon_.*"); tlsClientParameters.setCipherSuitesFilter(filters); }
Example #30
Source File: SoapClient.java From document-management-software with GNU Lesser General Public License v3.0 | 5 votes |
/** * Configures the SSL environment. */ protected void configureSSL() { TLSClientParameters tlsParams = new TLSClientParameters(); tlsParams.setDisableCNCheck(true); tlsParams.setTrustManagers(new TrustManager[] { new EasyX509TrustManager() }); org.apache.cxf.endpoint.Client cl = ClientProxy.getClient(client); HTTPConduit httpConduit = (HTTPConduit) cl.getConduit(); httpConduit.setTlsClientParameters(tlsParams); }