private static Client initializeClient(DirectoryServerConfiguration directoryServerConfiguration) throws CertificateException { KeyStore trustStore = initializeKeyStore(directoryServerConfiguration.getReplicationCaCertificate()); SSLContext sslContext = SslConfigurator.newInstance() .securityProtocol("TLSv1.2") .trustStore(trustStore) .createSSLContext(); return ClientBuilder.newBuilder() .register(HttpAuthenticationFeature.basic("signal", directoryServerConfiguration.getReplicationPassword().getBytes())) .sslContext(sslContext) .build(); }
/** * Sets the SSL context on the builder. * <p> * Separate so subclasses can call if desired. * * @param builder * The client builder to use. */ protected void setSslContext(ClientBuilder builder) { JreVersion version = JavaRuntimeUtils.getRuntimeVersion(); if (version == JreVersion.Java_7) { LOG.info("Running on 1.7 VM, manually setting security protocol to TLSv1.2"); SSLContext sslContext = SslConfigurator.newInstance(true) .securityProtocol("TLSv1.2") .createSSLContext(); builder.sslContext(sslContext); } else if (version == JreVersion.Unsupported) { LOG.error("Using an unsupported runtime only 1.7+ is supported"); } else if (version == JreVersion.Unknown) { LOG.warn("Using an unknown runtime, calls may not work"); } }
protected SSLContext createSSLContext(Map<String, String> sslConfigurations) { SslConfigurator sslConfigurator = SslConfigurator.newInstance(); String keyPassword = "keyPassword"; sslConfigurator.keyStoreType(sslConfigurations.get("keyStoreType")) .keyStoreFile(sslConfigurations.get("keyStorePath")) .keyStorePassword(sslConfigurations.get("keyStorePassword")) .trustStoreType(sslConfigurations.get("trustStoreType")) .trustStoreFile(sslConfigurations.get("trustStorePath")) .trustStorePassword(sslConfigurations.get("trustStorePassword")) .keyStoreProvider(sslConfigurations.get("keyStoreProvider")) .trustStoreProvider(sslConfigurations.get("trustStoreProvider")) .keyManagerFactoryAlgorithm(sslConfigurations.get("keyManagerFactoryAlgorithm")) .keyManagerFactoryProvider(sslConfigurations.get("keyManagerFactoryProvider")) .trustManagerFactoryAlgorithm(sslConfigurations.get("trustManagerFactoryAlgorithm")) .trustManagerFactoryProvider(sslConfigurations.get("trustManagerFactoryProvider")) .securityProtocol(sslConfigurations.get("protocol")); if (sslConfigurations.containsKey(keyPassword)) sslConfigurator.keyPassword(sslConfigurations.get(keyPassword)); return sslConfigurator.createSSLContext(); }
if ((gsConfigProperties != null) && (sslConfig != null)) { sslConfig.securityProtocol( getPropertyValue(gsConfigProperties, GEOSERVER_SSL_SECURITY_PROTOCOL, "TLS"));
public static Client buildClient(RestClientConfig clientConfig) { Client client; if (clientConfig.isDisabledSecureConnection()) { client = ClientBuilder.newBuilder().build(); } else { SslConfigurator sslConfig = SslConfigurator.newInstance() .trustStore(getTrustStore()) .trustStorePassword(getTrustStorePassword()) .securityProtocol(TLSV1_2); SSLContext sslContext = sslConfig.createSSLContext(); client = ClientBuilder.newBuilder().sslContext(sslContext).build(); } client.register(RestClientLoggingFilter.class); return client; }