public static SSLContext getSSLContext(TLSParameterBase parameters) throws GeneralSecurityException { // TODO do we need to cache the context String provider = parameters.getJsseProvider(); String protocol = parameters.getSecureSocketProtocol() != null ? parameters .getSecureSocketProtocol() : "TLS"; SSLContext ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext .getInstance(protocol, provider); KeyManager[] keyManagers = parameters.getKeyManagers(); if (keyManagers == null && parameters instanceof TLSClientParameters) { keyManagers = org.apache.cxf.configuration.jsse.SSLUtils.getDefaultKeyStoreManagers(LOG); } KeyManager[] configuredKeyManagers = configureKeyManagersWithCertAlias(parameters, keyManagers); TrustManager[] trustManagers = parameters.getTrustManagers(); if (trustManagers == null && parameters instanceof TLSClientParameters) { trustManagers = org.apache.cxf.configuration.jsse.SSLUtils.getDefaultTrustStoreManagers(LOG); } ctx.init(configuredKeyManagers, trustManagers, parameters.getSecureRandom()); if (parameters instanceof TLSClientParameters && ctx.getClientSessionContext() != null) { ctx.getClientSessionContext().setSessionTimeout(((TLSClientParameters)parameters).getSslCacheTimeout()); } return ctx; }
} else { ctx = org.apache.cxf.transport.https.SSLUtils.getSSLContext(tlsClientParameters); .getHostnameVerifier(tlsClientParameters);
public static SSLEngine createClientSSLEngine(TLSClientParameters parameters) throws Exception { SSLContext sslContext = getSSLContext(parameters); SSLEngine clientEngine = sslContext.createSSLEngine(); clientEngine.setUseClientMode(true); return clientEngine; }
.getHostnameVerifier(tlsClientParameters); if (!verifier.verify(url.getHost(), session)) { throw new IOException("Could not verify host " + url.getHost());
private SslHandler configureServerSSLOnDemand() throws Exception { if (tlsServerParameters != null) { SSLEngine sslEngine = SSLUtils.createServerSSLEngine(tlsServerParameters); return new SslHandler(sslEngine); } return null; }
private SslHandler configureClientSSLOnDemand() throws Exception { if (tlsClientParameters != null) { SSLEngine sslEngine = SSLUtils.createClientSSLEngine(tlsClientParameters); return new SslHandler(sslEngine); } return null; }
public static SSLEngine createServerSSLEngine(TLSServerParameters parameters) throws Exception { SSLContext sslContext = getSSLContext(parameters); SSLEngine serverEngine = sslContext.createSSLEngine(); serverEngine.setUseClientMode(false); serverEngine.setNeedClientAuth(parameters.getClientAuthentication().isRequired()); return serverEngine; }
@Override protected HttpsURLConnectionInfo getHttpsURLConnectionInfo() throws IOException { if ("http".equals(outMessage.get("http.scheme"))) { return null; } connect(true); HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils .getHostnameVerifier(findTLSClientParameters()); if (!verifier.verify(url.getHost(), session)) { throw new IOException("Could not verify host " + url.getHost()); } String method = (String)outMessage.get(Message.HTTP_REQUEST_METHOD); String cipherSuite = null; Certificate[] localCerts = null; Principal principal = null; Certificate[] serverCerts = null; Principal peer = null; if (session != null) { cipherSuite = session.getCipherSuite(); localCerts = session.getLocalCertificates(); principal = session.getLocalPrincipal(); serverCerts = session.getPeerCertificates(); peer = session.getPeerPrincipal(); } return new HttpsURLConnectionInfo(url, method, cipherSuite, localCerts, principal, serverCerts, peer); }
private SslHandler configureServerSSLOnDemand() throws Exception { if (tlsServerParameters != null) { SSLEngine sslEngine = SSLUtils.createServerSSLEngine(tlsServerParameters); return new SslHandler(sslEngine); } return null; }
private SslHandler configureClientSSLOnDemand() throws Exception { if (tlsClientParameters != null) { SSLEngine sslEngine = SSLUtils.createClientSSLEngine(tlsClientParameters); return new SslHandler(sslEngine); } return null; }
} else { ctx = org.apache.cxf.transport.https.SSLUtils.getSSLContext(tlsClientParameters); .getHostnameVerifier(tlsClientParameters);
public static SSLEngine createClientSSLEngine(TLSClientParameters parameters) throws Exception { SSLContext sslContext = getSSLContext(parameters); SSLEngine clientEngine = sslContext.createSSLEngine(); clientEngine.setUseClientMode(true); return clientEngine; }
public static SSLContext getSSLContext(TLSParameterBase parameters) throws GeneralSecurityException { // TODO do we need to cache the context String provider = parameters.getJsseProvider(); String protocol = parameters.getSecureSocketProtocol() != null ? parameters .getSecureSocketProtocol() : "TLS"; SSLContext ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext .getInstance(protocol, provider); KeyManager[] keyManagers = parameters.getKeyManagers(); if (keyManagers == null && parameters instanceof TLSClientParameters) { keyManagers = org.apache.cxf.configuration.jsse.SSLUtils.getDefaultKeyStoreManagers(LOG); } KeyManager[] configuredKeyManagers = configureKeyManagersWithCertAlias(parameters, keyManagers); TrustManager[] trustManagers = parameters.getTrustManagers(); if (trustManagers == null && parameters instanceof TLSClientParameters) { trustManagers = org.apache.cxf.configuration.jsse.SSLUtils.getDefaultTrustStoreManagers(LOG); } ctx.init(configuredKeyManagers, trustManagers, parameters.getSecureRandom()); if (parameters instanceof TLSClientParameters && ctx.getClientSessionContext() != null) { ctx.getClientSessionContext().setSessionTimeout(((TLSClientParameters)parameters).getSslCacheTimeout()); } return ctx; }
@Override protected HttpsURLConnectionInfo getHttpsURLConnectionInfo() throws IOException { if ("http".equals(outMessage.get("http.scheme"))) { return null; } connect(true); HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils .getHostnameVerifier(findTLSClientParameters()); if (!verifier.verify(url.getHost(), session)) { throw new IOException("Could not verify host " + url.getHost()); } String method = (String)outMessage.get(Message.HTTP_REQUEST_METHOD); String cipherSuite = null; Certificate[] localCerts = null; Principal principal = null; Certificate[] serverCerts = null; Principal peer = null; if (session != null) { cipherSuite = session.getCipherSuite(); localCerts = session.getLocalCertificates(); principal = session.getLocalPrincipal(); serverCerts = session.getPeerCertificates(); peer = session.getPeerPrincipal(); } return new HttpsURLConnectionInfo(url, method, cipherSuite, localCerts, principal, serverCerts, peer); }
public static SSLEngine createServerSSLEngine(TLSServerParameters parameters) throws Exception { SSLContext sslContext = getSSLContext(parameters); SSLEngine serverEngine = sslContext.createSSLEngine(); serverEngine.setUseClientMode(false); serverEngine.setNeedClientAuth(parameters.getClientAuthentication().isRequired()); return serverEngine; }
KeyManager[] configuredKeyManagers = org.apache.cxf.transport.https.SSLUtils.configureKeyManagersWithCertAlias( tlsServerParameters, keyManagers);
.getHostnameVerifier(tlsClientParameters); regBuilder .register("https",
private SSLContext createSSLContext() throws Exception { TLSClientParameters tlsParams = new TLSClientParameters(); try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", this.getClass())) { KeyStore trustStore = loadStore(keystore, "password"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); tlsParams.setTrustManagers(tmf.getTrustManagers()); } try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Morpit.jks", this.getClass())) { KeyStore keyStore = loadStore(keystore, "password"); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, "password".toCharArray()); tlsParams.setKeyManagers(kmf.getKeyManagers()); } return SSLUtils.getSSLContext(tlsParams); } }
KeyManager[] configuredKeyManagers = org.apache.cxf.transport.https.SSLUtils.configureKeyManagersWithCertAlias( tlsServerParameters, keyManagers);
@Override public SSLContext getSslContext() { checkClosed(); if (secConfig.getSslContext() != null) { return secConfig.getSslContext(); } else if (secConfig.getTlsClientParams().getTrustManagers() != null) { try { return SSLUtils.getSSLContext(secConfig.getTlsClientParams()); } catch (Exception ex) { throw new ProcessingException(ex); } } else { return null; } }