tlsClientParameters = new TLSClientParameters();
if (k.startsWith("tlsClientParameters.")) { if (p == null) { p = new TLSClientParameters(); c.setTlsClientParameters(p);
// BEGIN FIX to avoid certificate error, need to set this up in the code for cxf String storePath = System.getProperty("javax.net.ssl.keyStore"); String storePassword = System.getProperty("javax.net.ssl.keyStorePassword"); String storeType = System.getProperty("javax.net.ssl.keyStoreType"); KeyStore keyStore = KeyStore.getInstance(storeType); keyStore.load(new FileInputStream(storePath), storePassword.toCharArray()); KeyManagerFactory factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); factory.init(keyStore, storePassword.toCharArray()); KeyManager[] keyManagers = factory.getKeyManagers(); Client client = ClientProxy.getClient(port); HTTPConduit conduit = (HTTPConduit) client.getConduit(); conduit.setTlsClientParameters(new TLSClientParameters()); conduit.getTlsClientParameters().setKeyManagers(keyManagers);
protected TLSClientParameters tryToGetTLSClientParametersFromConduit(HTTPConduit httpConduit) { if (httpConduit.getTlsClientParameters() != null) { return httpConduit.getTlsClientParameters(); } return new TLSClientParameters(); } }
protected TLSClientParameters findTLSClientParameters() { TLSClientParameters clientParameters = outMessage.get(TLSClientParameters.class); if (clientParameters == null) { clientParameters = getTlsClientParameters(); } if (clientParameters == null) { clientParameters = new TLSClientParameters(); } return clientParameters; }
protected TLSClientParameters findTLSClientParameters() { TLSClientParameters clientParameters = outMessage.get(TLSClientParameters.class); if (clientParameters == null) { clientParameters = getTlsClientParameters(); } if (clientParameters == null) { clientParameters = new TLSClientParameters(); } return clientParameters; }
// Set custom SSLContext. HTTPConduit conduit = (HTTPConduit) ClientProxy.getClient(port).getConduit(); TLSClientParameters tlsClientParameters = new TLSClientParameters(); tlsClientParameters.setSSLSocketFactory(customSSLContext.getSocketFactory()); conduit.setTlsClientParameters(tlsClientParameters);
TLSClientParameters params = new TLSClientParameters(); params.setKeyManagers(keyManagers); params.setTrustManagers(trustManagers);
private WebClient configureTLS(WebClient client) throws Exception { if (client.getBaseURI().getScheme().startsWith(HTTPS_SCHEME) && !(trustStorePath == null || trustStorePassword ==null)) { HTTPConduit conduit = (HTTPConduit)WebClient.getConfig(client).getConduit(); TLSClientParameters tlsParameters = new TLSClientParameters(); KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray()); TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); trustFactory.init(trustStore); tlsParameters.setTrustManagers(trustFactory.getTrustManagers()); // allow a hostname mismatch tlsParameters.setDisableCNCheck(true); conduit.setTlsClientParameters(tlsParameters); } return client; }
private void configureTLSClient(HTTPConduit conduit) { TLSClientParameters parameters = conduit.getTlsClientParameters(); if (parameters == null) //don't do anything when user already provided a configuration { parameters = new TLSClientParameters(); parameters.setUseHttpsURLConnectionDefaultSslSocketFactory(true); if (Boolean.TRUE.equals((Boolean)configuration.get(Constants.CXF_TLS_CLIENT_DISABLE_CN_CHECK))) { parameters.setDisableCNCheck(true); } conduit.setTlsClientParameters(parameters); } }
... HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); httpClientPolicy.setAllowChunking(false); httpClientPolicy.setAutoRedirect(true); httpClientPolicy.setConnection(ConnectionType.KEEP_ALIVE); String proxyUrl = "http://proxy.com"; String proxyPortString = "8080"; HTTPConduit http = (HTTPConduit)client.getConduit(); SSLContext sslContext = SSLContext.getInstance("TLSv1"); sslContext.init(null, null, null); HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); TLSClientParameters tlsClientParameters = new TLSClientParameters(); tlsClientParameters.setUseHttpsURLConnectionDefaultSslSocketFactory(true); http.setTlsClientParameters(tlsClientParameters); http.setClient(httpClientPolicy);
String targetAddr = http.getTarget().getAddress().getValue(); if (targetAddr.toLowerCase().startsWith("https:")) { TrustManager[] simpleTrustManager = new TrustManager[] { new X509TrustManager() { public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { } public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } } }; TLSClientParameters tlsParams = new TLSClientParameters(); tlsParams.setTrustManagers(simpleTrustManager); tlsParams.setDisableCNCheck(true); http.setTlsClientParameters(tlsParams); }
public static void disableHostNameChecks(WebClient webClient) { HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } LOG.debug("Disabling host name checks"); params.setHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String s, SSLSession sslSession) { return true; } }); }
public void initializeSSLEngine(SSLContext sslcontext, SSLEngine sslengine) { TLSClientParameters tlsClientParameters = getTlsClientParameters(); if (tlsClientParameters == null) { tlsClientParameters = new TLSClientParameters(); } String[] cipherSuites = SSLUtils.getCiphersuitesToInclude(tlsClientParameters.getCipherSuites(), tlsClientParameters.getCipherSuitesFilter(), sslcontext.getSocketFactory().getDefaultCipherSuites(), SSLUtils.getSupportedCipherSuites(sslcontext), LOG); sslengine.setEnabledCipherSuites(cipherSuites); String protocol = tlsClientParameters.getSecureSocketProtocol() != null ? tlsClientParameters .getSecureSocketProtocol() : sslcontext.getProtocol(); String[] p = findProtocols(protocol, sslengine.getSupportedProtocols()); if (p != null) { sslengine.setEnabledProtocols(p); } }
public static void trustAllForHttpConduit(HTTPConduit conduit) { TLSClientParameters tlsClientParams = conduit.getTlsClientParameters(); if (tlsClientParams == null) { tlsClientParams = new TLSClientParameters(); conduit.setTlsClientParameters(tlsClientParams); } tlsClientParams.setTrustManagers(new TrustManager[] { new FakeX509TrustManager() }); tlsClientParams.setDisableCNCheck(true); } }
public static void trustAllForHttpConduit(HTTPConduit conduit) { TLSClientParameters tlsClientParams = conduit.getTlsClientParameters(); if (tlsClientParams == null) { tlsClientParams = new TLSClientParameters(); conduit.setTlsClientParameters(tlsClientParams); } tlsClientParams.setTrustManagers(new TrustManager[] { new FakeX509TrustManager() }); tlsClientParams.setDisableCNCheck(true); } }
WebClient webClient = WebClient.create(this.serviceURL, this.username, this.password, null); // Spring config file - we don't use this if (trustAllCerts) { HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } params.setTrustManagers(new TrustManager[] { new DumbX509TrustManager() }); params.setDisableCNCheck(true); }
private SSLContext createSSLContext() throws Exception { TLSClientParameters tlsParams = new TLSClientParameters(); try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", this.getClass())) { KeyStore trustStore = loadStore(keystore, "password"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); tlsParams.setTrustManagers(tmf.getTrustManagers()); } try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Morpit.jks", this.getClass())) { KeyStore keyStore = loadStore(keystore, "password"); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, "password".toCharArray()); tlsParams.setKeyManagers(kmf.getKeyManagers()); } return SSLUtils.getSSLContext(tlsParams); } }
public static void disableSslChecks(WebClient webClient) { HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } params.setTrustManagers(new TrustManager[]{new TrustEverythingSSLTrustManager()}); params.setDisableCNCheck(true); }
private WebClient clientFor() { final WebClient webClient = WebClient.create(this.hostUrl); if (acceptAllCertificates) { final HTTPConduit conduit = WebClient.getConfig(webClient).getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } params.setTrustManagers(new TrustManager[]{new DumbX509TrustManager()}); params.setDisableCNCheck(true); } return webClient; }