Java Code Examples for org.apache.cxf.configuration.jsse.TLSClientParameters#setKeyManagers()

The following examples show how to use org.apache.cxf.configuration.jsse.TLSClientParameters#setKeyManagers() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ClientNonSpring.java    From cxf with Apache License 2.0 6 votes vote down vote up
private static void setupTLS(Greeter port)
    throws IOException, GeneralSecurityException {
    final TLSClientParameters tlsCP = new TLSClientParameters();
    tlsCP.setDisableCNCheck(true);

    final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    try (InputStream is = new FileInputStream("src/main/config/clientKeystore.jks")) {
        keyStore.load(is, "cspass".toCharArray());
    }

    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(keyStore, "ckpass".toCharArray());
    tlsCP.setKeyManagers(kmf.getKeyManagers());

    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(keyStore);
    tlsCP.setTrustManagers(tmf.getTrustManagers());

    ((HTTPConduit) ClientProxy.getClient(port).getConduit()).setTlsClientParameters(tlsCP);
}
 
Example 2
Source File: JAXRS20HttpsBookTest.java    From cxf with Apache License 2.0 6 votes vote down vote up
private SSLContext createSSLContext() throws Exception {
    TLSClientParameters tlsParams = new TLSClientParameters();

    try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", this.getClass())) {
        KeyStore trustStore = loadStore(keystore, "password");

        TrustManagerFactory tmf =
            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(trustStore);
        tlsParams.setTrustManagers(tmf.getTrustManagers());
    }

    try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Morpit.jks", this.getClass())) {
        KeyStore keyStore = loadStore(keystore, "password");

        KeyManagerFactory kmf =
            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(keyStore, "password".toCharArray());
        tlsParams.setKeyManagers(kmf.getKeyManagers());
    }

    return SSLUtils.getSSLContext(tlsParams);
}
 
Example 3
Source File: TLSClientParametersUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static TLSClientParameters getTLSClientParameters() throws GeneralSecurityException, IOException {
    final TLSClientParameters tlsCP = new TLSClientParameters();
    tlsCP.setDisableCNCheck(true);

    final KeyStore keyStore;
    try (InputStream is = ClassLoaderUtils.getResourceAsStream(CLIENTSTORE, TLSClientParametersUtils.class)) {
        keyStore = CryptoUtils.loadKeyStore(is, KEYSTORE_PASS.toCharArray(), null);
    }

    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(keyStore, KEY_PASS.toCharArray());
    tlsCP.setKeyManagers(kmf.getKeyManagers());

    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(keyStore);
    tlsCP.setTrustManagers(tmf.getTrustManagers());

    return tlsCP;
}
 
Example 4
Source File: SSLNettyServerTest.java    From cxf with Apache License 2.0 6 votes vote down vote up
private static void setupTLS(Greeter port)
    throws FileNotFoundException, IOException, GeneralSecurityException {
    String keyStoreLoc =
        "/keys/clientstore.jks";
    HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit();

    TLSClientParameters tlsCP = new TLSClientParameters();
    String keyPassword = "ckpass";
    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(SSLNettyServerTest.class.getResourceAsStream(keyStoreLoc), "cspass".toCharArray());
    KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
    tlsCP.setKeyManagers(myKeyManagers);


    KeyStore trustStore = KeyStore.getInstance("JKS");
    trustStore.load(SSLNettyServerTest.class.getResourceAsStream(keyStoreLoc), "cspass".toCharArray());
    TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
    tlsCP.setTrustManagers(myTrustStoreKeyManagers);

    tlsCP.setDisableCNCheck(true);
    httpConduit.setTlsClientParameters(tlsCP);
}
 
Example 5
Source File: SSLNettyClientTest.java    From cxf with Apache License 2.0 6 votes vote down vote up
private static void setupTLS(Greeter port)
    throws FileNotFoundException, IOException, GeneralSecurityException {
    String keyStoreLoc =
        "/keys/clientstore.jks";
    NettyHttpConduit httpConduit = (NettyHttpConduit) ClientProxy.getClient(port).getConduit();

    TLSClientParameters tlsCP = new TLSClientParameters();
    String keyPassword = "ckpass";
    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(SSLNettyClientTest.class.getResourceAsStream(keyStoreLoc), "cspass".toCharArray());
    KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
    tlsCP.setKeyManagers(myKeyManagers);


    KeyStore trustStore = KeyStore.getInstance("JKS");
    trustStore.load(SSLNettyClientTest.class.getResourceAsStream(keyStoreLoc), "cspass".toCharArray());
    TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
    tlsCP.setTrustManagers(myTrustStoreKeyManagers);


    tlsCP.setDisableCNCheck(true);
    httpConduit.setTlsClientParameters(tlsCP);
}
 
Example 6
Source File: WebClientBuilder.java    From peer-os with Apache License 2.0 5 votes vote down vote up
public static WebClient buildEnvironmentWebClient( final PeerInfo peerInfo, final String path,
                                                   final Object provider )
{
    String effectiveUrl = String.format( ENVIRONMENT_URL_TEMPLATE, peerInfo.getIp(), peerInfo.getPublicSecurePort(),
            path.startsWith( "/" ) ? path : "/" + path );
    WebClient client = WebClient.create( effectiveUrl, Arrays.asList( provider ) );
    client.type( MediaType.APPLICATION_JSON );
    client.accept( MediaType.APPLICATION_JSON );
    HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit();

    HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
    httpClientPolicy.setConnectionTimeout( DEFAULT_CONNECTION_TIMEOUT );
    httpClientPolicy.setReceiveTimeout( DEFAULT_RECEIVE_TIMEOUT );
    httpClientPolicy.setMaxRetransmits( DEFAULT_MAX_RETRANSMITS );

    httpConduit.setClient( httpClientPolicy );

    KeyStoreTool keyStoreManager = new KeyStoreTool();
    KeyStoreData keyStoreData = new KeyStoreData();
    keyStoreData.setupKeyStorePx2();
    keyStoreData.setAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
    KeyStore keyStore = keyStoreManager.load( keyStoreData );

    LOG.debug( String.format( "Getting key with alias: %s for url: %s", SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS,
            effectiveUrl ) );

    KeyStoreData trustStoreData = new KeyStoreData();
    trustStoreData.setupTrustStorePx2();
    KeyStore trustStore = keyStoreManager.load( trustStoreData );

    SSLManager sslManager = new SSLManager( keyStore, keyStoreData, trustStore, trustStoreData );

    TLSClientParameters tlsClientParameters = new TLSClientParameters();
    tlsClientParameters.setDisableCNCheck( true );
    tlsClientParameters.setTrustManagers( sslManager.getClientTrustManagers() );
    tlsClientParameters.setKeyManagers( sslManager.getClientKeyManagers() );
    tlsClientParameters.setCertAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
    httpConduit.setTlsClientParameters( tlsClientParameters );
    return client;
}
 
Example 7
Source File: NaiveSSLHelper.java    From onvif with Apache License 2.0 5 votes vote down vote up
public static void makeCxfWebServiceClientTrustEveryone(HTTPConduit http) {
  TrustManager[] trustManagers = new TrustManager[] {new NaiveTrustManager()};
  TLSClientParameters tlsParams = new TLSClientParameters();
  tlsParams.setSecureSocketProtocol("TLS");
  tlsParams.setKeyManagers(new KeyManager[0]);
  tlsParams.setTrustManagers(trustManagers);
  tlsParams.setDisableCNCheck(true);
  http.setTlsClientParameters(tlsParams);
}
 
Example 8
Source File: Utils.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
public static void initTLSClientParameters(TLSClientParameters tlsClientParameters, String keystoreFile,
                                           String keystorePassword, String keyPassword,
                                           String truststoreFile, String trustPassword)
    throws URISyntaxException, GeneralSecurityException, IOException {

    tlsClientParameters.setDisableCNCheck(true);
    // System.setProperty("javax.net.debug", "all");
    if (keystoreFile != null && keystoreFile.length() > 0) {
        String keystore = new File(Thread.currentThread().getContextClassLoader()
                                   .getResource(keystoreFile).toURI()).getAbsolutePath();

        KeyManager[] kmgrs = getKeyManagers(getKeyStore("JKS", keystore, keystorePassword), keyPassword);
        tlsClientParameters.setKeyManagers(kmgrs);
    }

    String truststore = new File(Thread.currentThread().getContextClassLoader()
                                 .getResource(truststoreFile).toURI()).getAbsolutePath();

    TrustManager[] tmgrs = getTrustManagers(getKeyStore("JKS", truststore, trustPassword));

    tlsClientParameters.setTrustManagers(tmgrs);
    FiltersType filters = new FiltersType();
    filters.getInclude().add(".*_EXPORT_.*");
    filters.getInclude().add(".*_EXPORT1024_.*");
    filters.getInclude().add(".*_WITH_DES_.*");
    filters.getInclude().add(".*_WITH_AES_.*");
    filters.getInclude().add(".*_WITH_NULL_.*");
    filters.getInclude().add(".*_DH_anon_.*");
    tlsClientParameters.setCipherSuitesFilter(filters);

}
 
Example 9
Source File: CalculatorTest.java    From tomee with Apache License 2.0 5 votes vote down vote up
public static void setupTLS(final Object port) throws GeneralSecurityException, IOException {

        final HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit();

        final TLSClientParameters tlsCP = new TLSClientParameters();
        final String storePassword = "keystorePass";
        final String keyPassword = "clientPassword";
        final KeyStore keyStore = KeyStore.getInstance("jks");
        final String keyStoreLoc = "META-INF/clientStore.jks";
        keyStore.load(Thread.currentThread().getContextClassLoader().getResourceAsStream(keyStoreLoc), storePassword.toCharArray());

        // set the key managers from the Java KeyStore we just loaded
        final KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
        tlsCP.setKeyManagers(myKeyManagers);
        tlsCP.setCertAlias("clientalias"); // in case there is multiple certs in the keystore, make sure we pick the one we want

        // Create a trust manager that does not validate certificate chains
        // this should not be done in production. It's recommended to create a cacerts with the certificate chain or
        // to rely on a well known CA such as Verisign which is already available in the JVM
        TrustManager[] trustAllCerts = getTrustManagers();
        tlsCP.setTrustManagers(trustAllCerts);

        // don't check the host name of the certificate to match the server (running locally)
        // this should not be done on a real production system
        tlsCP.setHostnameVerifier((s, sslSession) -> true);

        httpConduit.setTlsClientParameters(tlsCP);
    }
 
Example 10
Source File: WebClientBuilder.java    From peer-os with Apache License 2.0 4 votes vote down vote up
public static WebClient buildPeerWebClient( final PeerInfo peerInfo, final String path, final Object provider,
                                            long connectTimeoutMs, long readTimeoutMs, int maxAttempts )
{
    String effectiveUrl = String.format( PEER_URL_TEMPLATE, peerInfo.getIp(), peerInfo.getPublicSecurePort(),
            path.startsWith( "/" ) ? path : "/" + path );
    WebClient client;
    if ( provider == null )
    {
        client = WebClient.create( effectiveUrl );
    }
    else
    {
        client = WebClient.create( effectiveUrl, Collections.singletonList( provider ) );
    }
    client.type( MediaType.APPLICATION_JSON );
    client.accept( MediaType.APPLICATION_JSON );

    HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit();

    HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
    httpClientPolicy.setConnectionTimeout( connectTimeoutMs );
    httpClientPolicy.setReceiveTimeout( readTimeoutMs );
    httpClientPolicy.setMaxRetransmits( maxAttempts );

    httpConduit.setClient( httpClientPolicy );

    KeyStoreTool keyStoreManager = new KeyStoreTool();
    KeyStoreData keyStoreData = new KeyStoreData();
    keyStoreData.setupKeyStorePx2();
    keyStoreData.setAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
    KeyStore keyStore = keyStoreManager.load( keyStoreData );

    LOG.debug( String.format( "Getting key with alias: %s for url: %s", SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS,
            effectiveUrl ) );

    KeyStoreData trustStoreData = new KeyStoreData();
    trustStoreData.setupTrustStorePx2();
    KeyStore trustStore = keyStoreManager.load( trustStoreData );

    SSLManager sslManager = new SSLManager( keyStore, keyStoreData, trustStore, trustStoreData );

    TLSClientParameters tlsClientParameters = new TLSClientParameters();
    tlsClientParameters.setDisableCNCheck( true );
    tlsClientParameters.setTrustManagers( sslManager.getClientTrustManagers() );
    tlsClientParameters.setKeyManagers( sslManager.getClientKeyManagers() );
    tlsClientParameters.setCertAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
    httpConduit.setTlsClientParameters( tlsClientParameters );
    return client;
}
 
Example 11
Source File: WebClientBuilder.java    From peer-os with Apache License 2.0 4 votes vote down vote up
public static WebClient buildEnvironmentWebClient( final PeerInfo peerInfo, final String path,
                                                   final Object provider, long connectTimeoutMs, long readTimeoutMs,
                                                   int maxAttempts )
{
    String effectiveUrl = String.format( ENVIRONMENT_URL_TEMPLATE, peerInfo.getIp(), peerInfo.getPublicSecurePort(),
            path.startsWith( "/" ) ? path : "/" + path );
    WebClient client = WebClient.create( effectiveUrl, Arrays.asList( provider ) );
    client.type( MediaType.APPLICATION_JSON );
    client.accept( MediaType.APPLICATION_JSON );
    HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit();

    HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
    httpClientPolicy.setConnectionTimeout( connectTimeoutMs );
    httpClientPolicy.setReceiveTimeout( readTimeoutMs );
    httpClientPolicy.setMaxRetransmits( maxAttempts );

    httpConduit.setClient( httpClientPolicy );

    KeyStoreTool keyStoreManager = new KeyStoreTool();
    KeyStoreData keyStoreData = new KeyStoreData();
    keyStoreData.setupKeyStorePx2();
    keyStoreData.setAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
    KeyStore keyStore = keyStoreManager.load( keyStoreData );

    LOG.debug( String.format( "Getting key with alias: %s for url: %s", SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS,
            effectiveUrl ) );

    KeyStoreData trustStoreData = new KeyStoreData();
    trustStoreData.setupTrustStorePx2();
    KeyStore trustStore = keyStoreManager.load( trustStoreData );

    SSLManager sslManager = new SSLManager( keyStore, keyStoreData, trustStore, trustStoreData );

    TLSClientParameters tlsClientParameters = new TLSClientParameters();
    tlsClientParameters.setDisableCNCheck( true );
    tlsClientParameters.setTrustManagers( sslManager.getClientTrustManagers() );
    tlsClientParameters.setKeyManagers( sslManager.getClientKeyManagers() );
    tlsClientParameters.setCertAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
    httpConduit.setTlsClientParameters( tlsClientParameters );
    return client;
}
 
Example 12
Source File: HttpClient.java    From peer-os with Apache License 2.0 4 votes vote down vote up
public static WebClient createTrustedWebClientWithAuth( String url, KeyStore keyStore, char[] keyStorePassword,
                                                        byte[] serverFingerprint ) throws BazaarManagerException
{
    try
    {
        WebClient client = WebClient.create( url );

        // A client certificate is not provided in SSL context if async connection is used.
        // See details: #311 - Registration failure due to inability to find fingerprint.
        Map<String, Object> requestContext = WebClient.getConfig( client ).getRequestContext();
        requestContext.put( "use.async.http.conduit", Boolean.FALSE );

        HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit();

        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();

        httpClientPolicy.setConnectionTimeout( SECONDS_30 );

        httpClientPolicy.setReceiveTimeout( SECONDS_60 );

        httpClientPolicy.setMaxRetransmits( DEFAULT_MAX_RETRANSMITS );

        httpConduit.setClient( httpClientPolicy );

        KeyManagerFactory keyManagerFactory =
                KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );

        keyManagerFactory.init( keyStore, keyStorePassword );

        TLSClientParameters tlsClientParameters = new TLSClientParameters();

        tlsClientParameters.setDisableCNCheck( true );

        tlsClientParameters
                .setTrustManagers( new TrustManager[] { new FingerprintTrustManager( serverFingerprint ) } );

        tlsClientParameters.setKeyManagers( keyManagerFactory.getKeyManagers() );

        httpConduit.setTlsClientParameters( tlsClientParameters );

        return client;
    }
    catch ( Exception e )
    {
        throw new BazaarManagerException( e );
    }
}
 
Example 13
Source File: ClientAuthTest.java    From cxf with Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testDirectTrustUsingKeyManagers() throws Exception {

    URL url = SOAPService.WSDL_LOCATION;
    SOAPService service = new SOAPService(url, SOAPService.SERVICE);
    assertNotNull("Service is null", service);
    final Greeter port = service.getHttpsPort();
    assertNotNull("Port is null", port);

    updateAddressPort(port, PORT);

    // Enable Async
    if (async) {
        ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
    }

    // Set up KeyManagers/TrustManagers
    KeyStore ts = KeyStore.getInstance("JKS");
    try (InputStream trustStore =
        ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", ClientAuthTest.class)) {
        ts.load(trustStore, "password".toCharArray());
    }

    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(ts);

    KeyStore ks = KeyStore.getInstance("JKS");
    try (InputStream keyStore =
        ClassLoaderUtils.getResourceAsStream("keys/Morpit.jks", ClientAuthTest.class)) {
        ks.load(keyStore, "password".toCharArray());
    }

    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(ks, "password".toCharArray());

    TLSClientParameters tlsParams = new TLSClientParameters();
    tlsParams.setKeyManagers(kmf.getKeyManagers());
    tlsParams.setTrustManagers(tmf.getTrustManagers());
    tlsParams.setDisableCNCheck(true);

    Client client = ClientProxy.getClient(port);
    HTTPConduit http = (HTTPConduit) client.getConduit();
    http.setTlsClientParameters(tlsParams);

    assertEquals(port.greetMe("Kitty"), "Hello Kitty");

    ((java.io.Closeable)port).close();
}