|
Apache CXF example source code file (SSLUtils.java)
The Apache CXF SSLUtils.java source code/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.cxf.transport.https; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.DataInputStream; import java.io.FileInputStream; import java.io.IOException; import java.lang.reflect.Method; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.servlet.http.HttpServletRequest; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.configuration.security.FiltersType; import org.apache.cxf.message.Message; import org.apache.cxf.security.transport.TLSSessionInfo; /** * Holder for utility methods related to manipulating SSL settings, common * to the connection and listener factories (previously duplicated). */ public final class SSLUtils { static final String PKCS12_TYPE = "PKCS12"; private static final String DEFAULT_KEYSTORE_TYPE = "PKCS12"; private static final String DEFAULT_TRUST_STORE_TYPE = "JKS"; private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1"; private static final String CERTIFICATE_FACTORY_TYPE = "X.509"; private static final String SSL_CIPHER_SUITE_ATTRIBUTE = "javax.servlet.request.cipher_suite"; private static final String SSL_PEER_CERT_CHAIN_ATTRIBUTE = "javax.servlet.request.X509Certificate"; private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false; private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true; /** * By default, only include export-compatible ciphersuites. */ private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_INCLUDE = Arrays.asList(new String[] {".*"}); private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE = Arrays.asList(new String[] {".*_NULL_.*", ".*_anon_.*"}); private SSLUtils() { } public static KeyManager[] getKeyStoreManagers( String keyStoreLocation, String keyStoreType, String keyStorePassword, String keyPassword, String keyStoreMgrFactoryAlgorithm, String secureSocketProtocol, Logger log) throws Exception { //TODO for performance reasons we should cache // the KeymanagerFactory and TrustManagerFactory if ((keyStorePassword != null) && (keyPassword != null) && (!keyStorePassword.equals(keyPassword))) { LogUtils.log(log, Level.WARNING, "KEY_PASSWORD_NOT_SAME_KEYSTORE_PASSWORD"); } KeyManager[] keystoreManagers = null; KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyStoreMgrFactoryAlgorithm); KeyStore ks = KeyStore.getInstance(keyStoreType); if (keyStoreType.equalsIgnoreCase(PKCS12_TYPE)) { FileInputStream fis = new FileInputStream(keyStoreLocation); DataInputStream dis = new DataInputStream(fis); byte[] bytes = new byte[dis.available()]; dis.readFully(bytes); ByteArrayInputStream bin = new ByteArrayInputStream(bytes); if (keyStorePassword != null) { keystoreManagers = loadKeyStore(kmf, ks, bin, keyStoreLocation, keyStorePassword, log); } } else { byte[] sslCert = loadClientCredential(keyStoreLocation); if (sslCert != null && sslCert.length > 0 && keyStorePassword != null) { ByteArrayInputStream bin = new ByteArrayInputStream(sslCert); keystoreManagers = loadKeyStore(kmf, ks, bin, keyStoreLocation, keyStorePassword, log); } } if ((keyStorePassword == null) && (keyStoreLocation != null)) { LogUtils.log(log, Level.WARNING, "FAILED_TO_LOAD_KEYSTORE_NULL_PASSWORD", keyStoreLocation); } return keystoreManagers; } public static KeyManager[] loadKeyStore(KeyManagerFactory kmf, KeyStore ks, ByteArrayInputStream bin, String keyStoreLocation, String keyStorePassword, Logger log) { KeyManager[] keystoreManagers = null; try { ks.load(bin, keyStorePassword.toCharArray()); kmf.init(ks, keyStorePassword.toCharArray()); keystoreManagers = kmf.getKeyManagers(); LogUtils.log(log, Level.FINE, "LOADED_KEYSTORE", keyStoreLocation); } catch (Exception e) { LogUtils.log(log, Level.WARNING, "FAILED_TO_LOAD_KEYSTORE", new Object[]{keyStoreLocation, e.getMessage()}); } return keystoreManagers; } public static TrustManager[] getTrustStoreManagers( boolean pkcs12, String trustStoreType, String trustStoreLocation, String trustStoreMgrFactoryAlgorithm, Logger log) throws Exception { // ********************** Load Trusted CA file ********************** TrustManager[] trustStoreManagers = null; KeyStore trustedCertStore = KeyStore.getInstance(trustStoreType); if (pkcs12) { //TODO could support multiple trust cas trustStoreManagers = new TrustManager[1]; trustedCertStore.load(null, "".toCharArray()); CertificateFactory cf = CertificateFactory.getInstance(CERTIFICATE_FACTORY_TYPE); byte[] caCert = loadCACert(trustStoreLocation); try { if (caCert != null) { ByteArrayInputStream cabin = new ByteArrayInputStream(caCert); X509Certificate cert = (X509Certificate)cf.generateCertificate(cabin); trustedCertStore.setCertificateEntry(cert.getIssuerDN().toString(), cert); cabin.close(); } } catch (Exception e) { LogUtils.log(log, Level.WARNING, "FAILED_TO_LOAD_TRUST_STORE", new Object[]{trustStoreLocation, e.getMessage()}); } } else { trustedCertStore.load(new FileInputStream(trustStoreLocation), null); } TrustManagerFactory tmf = TrustManagerFactory.getInstance(trustStoreMgrFactoryAlgorithm); tmf.init(trustedCertStore); LogUtils.log(log, Level.FINE, "LOADED_TRUST_STORE", trustStoreLocation); trustStoreManagers = tmf.getTrustManagers(); return trustStoreManagers; } protected static byte[] loadClientCredential(String fileName) throws IOException { if (fileName == null) { return null; } FileInputStream in = new FileInputStream(fileName); ByteArrayOutputStream out = new ByteArrayOutputStream(); byte[] buf = new byte[512]; int i = in.read(buf); while (i > 0) { out.write(buf, 0, i); i = in.read(buf); } in.close(); return out.toByteArray(); } protected static byte[] loadCACert(String fileName) throws IOException { if (fileName == null) { return null; } FileInputStream in = new FileInputStream(fileName); ByteArrayOutputStream out = new ByteArrayOutputStream(); byte[] buf = new byte[512]; int i = in.read(buf); while (i > 0) { out.write(buf, 0, i); i = in.read(buf); } in.close(); return out.toByteArray(); } public static String getKeystore(String keyStoreLocation, Logger log) { String logMsg = null; if (keyStoreLocation != null) { logMsg = "KEY_STORE_SET"; } else { keyStoreLocation = System.getProperty("javax.net.ssl.keyStore"); if (keyStoreLocation != null) { logMsg = "KEY_STORE_SYSTEM_PROPERTY_SET"; } else { keyStoreLocation = System.getProperty("user.home") + "/.keystore"; logMsg = "KEY_STORE_NOT_SET"; } } LogUtils.log(log, Level.FINE, logMsg, keyStoreLocation); return keyStoreLocation; } public static String getKeystoreType(String keyStoreType, Logger log) { String logMsg = null; if (keyStoreType != null) { logMsg = "KEY_STORE_TYPE_SET"; } else { keyStoreType = DEFAULT_KEYSTORE_TYPE; logMsg = "KEY_STORE_TYPE_NOT_SET"; } LogUtils.log(log, Level.FINE, logMsg, keyStoreType); return keyStoreType; } public static String getKeystorePassword(String keyStorePassword, Logger log) { String logMsg = null; if (keyStorePassword != null) { logMsg = "KEY_STORE_PASSWORD_SET"; } else { keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword"); logMsg = keyStorePassword != null ? "KEY_STORE_PASSWORD_SYSTEM_PROPERTY_SET" : "KEY_STORE_PASSWORD_NOT_SET"; } LogUtils.log(log, Level.FINE, logMsg); return keyStorePassword; } public static String getKeyPassword(String keyPassword, Logger log) { String logMsg = null; if (keyPassword != null) { logMsg = "KEY_PASSWORD_SET"; } else { keyPassword = System.getProperty("javax.net.ssl.keyStorePassword"); logMsg = keyPassword != null ? "KEY_PASSWORD_SYSTEM_PROPERTY_SET" : "KEY_PASSWORD_NOT_SET"; } LogUtils.log(log, Level.FINE, logMsg); return keyPassword; } public static String getKeystoreAlgorithm( String keyStoreMgrFactoryAlgorithm, Logger log) { String logMsg = null; if (keyStoreMgrFactoryAlgorithm != null) { logMsg = "KEY_STORE_ALGORITHM_SET"; } else { keyStoreMgrFactoryAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); logMsg = "KEY_STORE_ALGORITHM_NOT_SET"; } LogUtils.log(log, Level.FINE, logMsg, keyStoreMgrFactoryAlgorithm); return keyStoreMgrFactoryAlgorithm; } public static String getTrustStoreAlgorithm( String trustStoreMgrFactoryAlgorithm, Logger log) { String logMsg = null; if (trustStoreMgrFactoryAlgorithm != null) { logMsg = "TRUST_STORE_ALGORITHM_SET"; } else { trustStoreMgrFactoryAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); logMsg = "TRUST_STORE_ALGORITHM_NOT_SET"; } LogUtils.log(log, Level.FINE, logMsg, trustStoreMgrFactoryAlgorithm); return trustStoreMgrFactoryAlgorithm; } public static SSLContext getSSLContext(String protocol, KeyManager[] keyStoreManagers, TrustManager[] trustStoreManagers) throws NoSuchAlgorithmException, KeyManagementException { SSLContext ctx = SSLContext.getInstance(protocol); ctx.init(keyStoreManagers, trustStoreManagers, null); return ctx; } public static String[] getSupportedCipherSuites(SSLContext context) { return context.getSocketFactory().getSupportedCipherSuites(); } public static String[] getServerSupportedCipherSuites(SSLContext context) { return context.getServerSocketFactory().getSupportedCipherSuites(); } public static String[] getCiphersuites(List<String> cipherSuitesList, String[] supportedCipherSuites, FiltersType filters, Logger log, boolean exclude) { String[] cipherSuites = null; if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) { cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude); } else { LogUtils.log(log, Level.FINE, "CIPHERSUITES_NOT_SET"); if (filters == null) { LogUtils.log(log, Level.FINE, "CIPHERSUITE_FILTERS_NOT_SET"); } List<String> filteredCipherSuites = new ArrayList Other Apache CXF examples (source code examples)Here is a short list of links related to this Apache CXF SSLUtils.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.