/** * Create a CertConstraints object from a JAXB CertificateConstraintsType */ public static CertConstraints createCertConstraints( CertificateConstraintsType certConstraints ) { List<String> subjectRegexps = getSubjectConstraints(certConstraints); CertConstraints.Combinator subjectCombinator = getSubjectConstraintsCombinator(certConstraints); List<String> issuerRegexps = getIssuerConstraints(certConstraints); CertConstraints.Combinator issuerCombinator = getIssuerConstraintsCombinator(certConstraints); return new CertConstraints( subjectRegexps, subjectCombinator, issuerRegexps, issuerCombinator); }
/** * Create a CertificateConstraints from a CertificateConstraintsType specification */ public CertConstraints( final java.util.List<String> subjectConstraints, final Combinator subjectConstraintsCombinator, final java.util.List<String> issuerConstraints, final Combinator issuerConstraintsCombinator ) throws java.util.regex.PatternSyntaxException { this.subjectDNConstraints = new DNConstraints(subjectConstraints, subjectConstraintsCombinator); this.issuerDNConstraints = new DNConstraints(issuerConstraints, issuerConstraintsCombinator); }
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException, UnknownHostException { return enableCipherSuites(sslSocketFactory.createSocket(s, host, port, autoClose), new Object[]{host, port}); }
@Override public void initialize(Bus bus) { if (contraints == null) { return; } initializeProvider(bus, bus); CertConstraints c = CertConstraintsJaxBUtils.createCertConstraints(contraints); bus.setProperty(CertConstraints.class.getName(), c); }
public static HostnameVerifier getHostnameVerifier(TLSClientParameters tlsClientParameters) { HostnameVerifier verifier; if (tlsClientParameters.getHostnameVerifier() != null) { verifier = tlsClientParameters.getHostnameVerifier(); } else if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) { verifier = HttpsURLConnection.getDefaultHostnameVerifier(); } else if (tlsClientParameters.isDisableCNCheck()) { verifier = new AllowAllHostnameVerifier(); } else { verifier = new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault()); } return verifier; }
protected HttpsURLConnectionInfo getHttpsURLConnectionInfo() throws IOException { connection.connect(); return new HttpsURLConnectionInfo(connection); } protected void updateResponseHeaders(Message inMessage) {
public void establishTrust(String conduitName, URLConnectionInfo connectionInfo, Message message) throws UntrustedURLConnectionIOException { if (orig != null) { orig.establishTrust(conduitName, connectionInfo, message); } HttpsURLConnectionInfo info = (HttpsURLConnectionInfo)connectionInfo; if (info.getServerCertificates() == null || info.getServerCertificates().length == 0) { throw new UntrustedURLConnectionIOException( "No server certificates were found" ); } X509Certificate[] certs = (X509Certificate[])info.getServerCertificates(); if (!certConstraints.matches(certs[0])) { throw new UntrustedURLConnectionIOException( "The server certificate(s) do not match the defined cert constraints" ); } } }
public static SSLEngine createClientSSLEngine(TLSClientParameters parameters) throws Exception { SSLContext sslContext = getSSLContext(parameters); SSLEngine clientEngine = sslContext.createSSLEngine(); clientEngine.setUseClientMode(true); return clientEngine; }
public static KeyManager[] configureKeyManagersWithCertAlias(TLSParameterBase tlsParameters, KeyManager[] keyManagers) throws GeneralSecurityException { if (tlsParameters.getCertAlias() == null || keyManagers == null) { return keyManagers; } KeyManager[] copiedKeyManagers = Arrays.copyOf(keyManagers, keyManagers.length); for (int idx = 0; idx < copiedKeyManagers.length; idx++) { if (copiedKeyManagers[idx] instanceof X509KeyManager && !(copiedKeyManagers[idx] instanceof AliasedX509ExtendedKeyManager)) { try { copiedKeyManagers[idx] = new AliasedX509ExtendedKeyManager(tlsParameters.getCertAlias(), (X509KeyManager)copiedKeyManagers[idx]); } catch (Exception e) { throw new GeneralSecurityException(e); } } } return copiedKeyManagers; }
public URLConnectionHTTPConduit(Bus b, EndpointInfo ei) throws IOException { super(b, ei); connectionFactory = new HttpsURLConnectionFactory(); CXFAuthenticator.addAuthenticator(); }
/** * @return true if the certificate's SubjectDN matches the constraints defined in the * subject DNConstraints and the certificate's IssuerDN matches the issuer * DNConstraints; false, otherwise */ public boolean matches( final java.security.cert.X509Certificate cert ) { return this.subjectDNConstraints.matches(cert.getSubjectX500Principal()) && this.issuerDNConstraints.matches(cert.getIssuerX500Principal()); } }
private Socket enableCipherSuites(Socket s, Object[] logParams) { SSLSocket socket = (SSLSocket)s; if (socket == null) { LogUtils.log(LOG, Level.SEVERE, "PROBLEM_CREATING_OUTBOUND_REQUEST_SOCKET", logParams); return socket; } if (protocol != null) { String[] p = findProtocols(protocol, socket.getSupportedProtocols()); if (p != null) { socket.setEnabledProtocols(p); } } if (ciphers != null) { socket.setEnabledCipherSuites(ciphers); } return socket; } private String[] findProtocols(String p, String[] options) {
@Override public void initialize(Client client, Bus bus) { if (contraints == null) { return; } initializeProvider(client, bus); CertConstraints c = CertConstraintsJaxBUtils.createCertConstraints(contraints); client.getEndpoint().put(CertConstraints.class.getName(), c); }
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return enableCipherSuites(sslSocketFactory.createSocket(host, port, localHost, localPort), new Object[]{host, port}); }
public static SSLEngine createServerSSLEngine(TLSServerParameters parameters) throws Exception { SSLContext sslContext = getSSLContext(parameters); SSLEngine serverEngine = sslContext.createSSLEngine(); serverEngine.setUseClientMode(false); serverEngine.setNeedClientAuth(parameters.getClientAuthentication().isRequired()); return serverEngine; }
public URLConnectionHTTPConduit(Bus b, EndpointInfo ei, EndpointReferenceType t) throws IOException { super(b, ei, t); connectionFactory = new HttpsURLConnectionFactory(); CXFAuthenticator.addAuthenticator(); }
@Override public void initialize(Server server, Bus bus) { if (contraints == null) { return; } initializeProvider(server.getEndpoint(), bus); CertConstraints c = CertConstraintsJaxBUtils.createCertConstraints(contraints); server.getEndpoint().put(CertConstraints.class.getName(), c); }
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { return enableCipherSuites(sslSocketFactory.createSocket(address, port, localAddress, localPort), new Object[]{address, port}); }
public Socket createSocket(String host, int port) throws IOException, UnknownHostException { return enableCipherSuites(sslSocketFactory.createSocket(host, port), new Object[]{host, port}); }
public Socket createSocket(InetAddress host, int port) throws IOException { return enableCipherSuites(sslSocketFactory.createSocket(host, port), new Object[]{host, port}); }