private void applyTlsClientParameters(Dictionary<String, String> d, HTTPConduit c) { Enumeration<String> keys = d.keys(); TLSClientParameters p = c.getTlsClientParameters(); SecureRandomParameters srp = null; KeyManagersType kmt = null;
protected TLSClientParameters tryToGetTLSClientParametersFromConduit(HTTPConduit httpConduit) { if (httpConduit.getTlsClientParameters() != null) { return httpConduit.getTlsClientParameters(); } return new TLSClientParameters(); } }
// BEGIN FIX to avoid certificate error, need to set this up in the code for cxf String storePath = System.getProperty("javax.net.ssl.keyStore"); String storePassword = System.getProperty("javax.net.ssl.keyStorePassword"); String storeType = System.getProperty("javax.net.ssl.keyStoreType"); KeyStore keyStore = KeyStore.getInstance(storeType); keyStore.load(new FileInputStream(storePath), storePassword.toCharArray()); KeyManagerFactory factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); factory.init(keyStore, storePassword.toCharArray()); KeyManager[] keyManagers = factory.getKeyManagers(); Client client = ClientProxy.getClient(port); HTTPConduit conduit = (HTTPConduit) client.getConduit(); conduit.setTlsClientParameters(new TLSClientParameters()); conduit.getTlsClientParameters().setKeyManagers(keyManagers);
private static void configureConduitFromEndpointInfo(HTTPConduit conduit, EndpointInfo endpointInfo) { if (conduit.getClient() == null) { conduit.setClient(endpointInfo.getTraversedExtensor( new HTTPClientPolicy(), HTTPClientPolicy.class)); } if (conduit.getAuthorization() == null) { conduit.setAuthorization(endpointInfo.getTraversedExtensor( new AuthorizationPolicy(), AuthorizationPolicy.class)); } if (conduit.getProxyAuthorization() == null) { conduit.setProxyAuthorization(endpointInfo.getTraversedExtensor( new ProxyAuthorizationPolicy(), ProxyAuthorizationPolicy.class)); } if (conduit.getTlsClientParameters() == null) { conduit.setTlsClientParameters(endpointInfo.getTraversedExtensor( null, TLSClientParameters.class)); } if (conduit.getTrustDecider() == null) { conduit.setTrustDecider(endpointInfo.getTraversedExtensor(null, MessageTrustDecider.class)); } if (conduit.getAuthSupplier() == null) { conduit.setAuthSupplier(endpointInfo.getTraversedExtensor(null, HttpAuthSupplier.class)); } }
HTTPConduit httpConduit = (HTTPConduit) cxfClient.getConduit(); TLSClientParameters tlsParams = httpConduit.getTlsClientParameters(); if (tlsParams == null) { tlsParams = new TLSClientParameters();
private void configureTLSClient(HTTPConduit conduit) { TLSClientParameters parameters = conduit.getTlsClientParameters(); if (parameters == null) //don't do anything when user already provided a configuration { parameters = new TLSClientParameters(); parameters.setUseHttpsURLConnectionDefaultSslSocketFactory(true); if (Boolean.TRUE.equals((Boolean)configuration.get(Constants.CXF_TLS_CLIENT_DISABLE_CN_CHECK))) { parameters.setDisableCNCheck(true); } conduit.setTlsClientParameters(parameters); } }
public static void configureCaCert(WebClient webClient, String caCertData, File caCertFile) { try { KeyStore trustStore = createTrustStore(caCertData, caCertFile); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } TrustManager[] existingTrustManagers = params.getTrustManagers(); if (existingTrustManagers != null && existingTrustManagers.length > 0) { List<TrustManager> list = new ArrayList<>(); list.addAll(Arrays.asList(existingTrustManagers)); list.addAll(Arrays.asList(trustManagers)); trustManagers = list.toArray(new TrustManager[list.size()]); } params.setTrustManagers(trustManagers); } catch (Exception e) { LOG.error("Could not create trust manager for " + caCertFile, e); } }
public static void configureClientCert(WebClient webClient, String clientCertData, File clientCertFile, String clientKeyData, File clientKeyFile, String clientKeyAlgo, char[] clientKeyPassword) { try { KeyStore keyStore = createKeyStore(clientCertData, clientCertFile, clientKeyData, clientKeyFile, clientKeyAlgo, clientKeyPassword); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, clientKeyPassword); KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } KeyManager[] existingKeyManagers = params.getKeyManagers(); if (existingKeyManagers != null && existingKeyManagers.length > 0) { List<KeyManager> list = new ArrayList<>(); list.addAll(Arrays.asList(existingKeyManagers)); list.addAll(Arrays.asList(keyManagers)); keyManagers = list.toArray(new KeyManager[list.size()]); } params.setKeyManagers(keyManagers); } catch (Exception e) { LOG.error("Could not create key manager for " + clientCertFile + " (" + clientKeyFile + ")", e); } }
public static void disableHostNameChecks(WebClient webClient) { HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } LOG.debug("Disabling host name checks"); params.setHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String s, SSLSession sslSession) { return true; } }); }
private void applyTlsClientParameters(Dictionary<String, String> d, HTTPConduit c) { Enumeration<String> keys = d.keys(); TLSClientParameters p = c.getTlsClientParameters(); SecureRandomParameters srp = null; KeyManagersType kmt = null;
public static void trustAllForHttpConduit(HTTPConduit conduit) { TLSClientParameters tlsClientParams = conduit.getTlsClientParameters(); if (tlsClientParams == null) { tlsClientParams = new TLSClientParameters(); conduit.setTlsClientParameters(tlsClientParams); } tlsClientParams.setTrustManagers(new TrustManager[] { new FakeX509TrustManager() }); tlsClientParams.setDisableCNCheck(true); } }
public static void trustAllForHttpConduit(HTTPConduit conduit) { TLSClientParameters tlsClientParams = conduit.getTlsClientParameters(); if (tlsClientParams == null) { tlsClientParams = new TLSClientParameters(); conduit.setTlsClientParameters(tlsClientParams); } tlsClientParams.setTrustManagers(new TrustManager[] { new FakeX509TrustManager() }); tlsClientParams.setDisableCNCheck(true); } }
WebClient webClient = WebClient.create(this.serviceURL, this.username, this.password, null); // Spring config file - we don't use this if (trustAllCerts) { HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } params.setTrustManagers(new TrustManager[] { new DumbX509TrustManager() }); params.setDisableCNCheck(true); }
public static void disableSslChecks(WebClient webClient) { HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } params.setTrustManagers(new TrustManager[]{new TrustEverythingSSLTrustManager()}); params.setDisableCNCheck(true); }
private WebClient clientFor() { final WebClient webClient = WebClient.create(this.hostUrl); if (acceptAllCertificates) { final HTTPConduit conduit = WebClient.getConfig(webClient).getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } params.setTrustManagers(new TrustManager[]{new DumbX509TrustManager()}); params.setDisableCNCheck(true); } return webClient; }
/** * Sets a mock client authentication to the given client. * * @param client * the new mock client authentication */ public static void setMockClientAuthentication(Object client) { final ClientConfiguration config = WebClient.getConfig(client); // trust all certs... final HTTPConduit conduit = config.getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); params.setTrustManagers(new TrustManager[] { new MockX509TrustManager() }); params.setDisableCNCheck(true); conduit.setTlsClientParameters(params); } }
protected void configureHttpConduit(HTTPConduit httpConduit) { if (isSecure()) { TLSClientParameters tlsClientParameters = httpConduit.getTlsClientParameters(); // If no TLSClientParameters are configured and no custom SslContext is configured, we use the system default // otherwise we overwrite TLSClientParameters if a custom SslContext is configured if (tlsClientParameters == null) { tlsClientParameters = new TLSClientParameters(); maybeUpdateSslContext(tlsClientParameters, true); } else { maybeUpdateSslContext(tlsClientParameters, false); } if (getHostnameVerifier() != null) { tlsClientParameters.setHostnameVerifier(getHostnameVerifier()); } httpConduit.setTlsClientParameters(tlsClientParameters); } if (getUsername() != null) { AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy(); authorizationPolicy.setUserName(getUsername()); authorizationPolicy.setPassword(getPassword()); httpConduit.setAuthorization(authorizationPolicy); } }
private static void configureConduitFromEndpointInfo(HTTPConduit conduit, EndpointInfo endpointInfo) { if (conduit.getClient() == null) { conduit.setClient(endpointInfo.getTraversedExtensor( new HTTPClientPolicy(), HTTPClientPolicy.class)); } if (conduit.getAuthorization() == null) { conduit.setAuthorization(endpointInfo.getTraversedExtensor( new AuthorizationPolicy(), AuthorizationPolicy.class)); } if (conduit.getProxyAuthorization() == null) { conduit.setProxyAuthorization(endpointInfo.getTraversedExtensor( new ProxyAuthorizationPolicy(), ProxyAuthorizationPolicy.class)); } if (conduit.getTlsClientParameters() == null) { conduit.setTlsClientParameters(endpointInfo.getTraversedExtensor( null, TLSClientParameters.class)); } if (conduit.getTrustDecider() == null) { conduit.setTrustDecider(endpointInfo.getTraversedExtensor(null, MessageTrustDecider.class)); } if (conduit.getAuthSupplier() == null) { conduit.setAuthSupplier(endpointInfo.getTraversedExtensor(null, HttpAuthSupplier.class)); } }
private static void configureConduitFromEndpointInfo(HTTPConduit conduit, EndpointInfo endpointInfo) { if (conduit.getClient() == null) { conduit.setClient(endpointInfo.getTraversedExtensor( new HTTPClientPolicy(), HTTPClientPolicy.class)); } if (conduit.getAuthorization() == null) { conduit.setAuthorization(endpointInfo.getTraversedExtensor( new AuthorizationPolicy(), AuthorizationPolicy.class)); } if (conduit.getProxyAuthorization() == null) { conduit.setProxyAuthorization(endpointInfo.getTraversedExtensor( new ProxyAuthorizationPolicy(), ProxyAuthorizationPolicy.class)); } if (conduit.getTlsClientParameters() == null) { conduit.setTlsClientParameters(endpointInfo.getTraversedExtensor( null, TLSClientParameters.class)); } if (conduit.getTrustDecider() == null) { conduit.setTrustDecider(endpointInfo.getTraversedExtensor(null, MessageTrustDecider.class)); } if (conduit.getAuthSupplier() == null) { conduit.setAuthSupplier(endpointInfo.getTraversedExtensor(null, HttpAuthSupplier.class)); } }
private void verifyBethalClient(Greeter bethal) { Client client = ClientProxy.getClient(bethal); HTTPConduit http = (HTTPConduit) client.getConduit(); HTTPClientPolicy httpClientPolicy = http.getClient(); assertEquals("the httpClientPolicy's autoRedirect should be true", true, httpClientPolicy.isAutoRedirect()); TLSClientParameters tlsParameters = http.getTlsClientParameters(); assertNotNull("the http conduit's tlsParameters should not be null", tlsParameters); // If we set any name, but Edward, Mary, or George, // and a password of "password" we will get through // Bethal. AuthorizationPolicy authPolicy = http.getAuthorization(); assertEquals("Set the wrong user name from the configuration", "Betty", authPolicy.getUserName()); assertEquals("Set the wrong pass word form the configuration", "password", authPolicy.getPassword()); configureProxy(ClientProxy.getClient(bethal)); String answer = bethal.sayHi(); answer = bethal.sayHi(); answer = bethal.sayHi(); answer = bethal.sayHi(); answer = bethal.sayHi(); assertTrue("Unexpected answer: " + answer, "Bonjour from Bethal".equals(answer)); //With HTTPS, it will just be a CONNECT to the proxy and all the //data is encrypted. Thus, the proxy cannot distinquish the requests assertProxyRequestCount(0); }