/** * * @return certificate paramters for tls * @throws GeneralSecurityException * @throws IOException */ public static SSLContextParameters sslParameters() throws GeneralSecurityException, IOException { String storePath = System.getProperty(ServerProperties.KEYSTORE); String alias = System.getProperty(ServerProperties.ALIAS); String pass = System.getProperty(ServerProperties.PASS); KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource(storePath); ksp.setPassword(pass); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyStore(ksp); kmp.setKeyPassword(pass); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); SSLContextParameters scp = new SSLContextParameters(); scp.setKeyManagers(kmp); scp.setTrustManagers(tmp); return scp; }
@Named("cxfProducerEndpoint") @Produces public CxfEndpoint createCxfProducerEndpoint() { CxfComponent cxfProducerComponent = new CxfComponent(this.camelContext); CxfEndpoint cxfProducerEndpoint = new CxfEndpoint(CXF_PRODUCER_ENDPOINT_ADDRESS, cxfProducerComponent); cxfProducerEndpoint.setBeanId("cxfProducerEndpoint"); cxfProducerEndpoint.setServiceClass(org.wildfly.camel.examples.cxf.jaxws.GreetingService.class); SSLContextParameters producerSslContextParameters = this.createProducerSSLContextParameters(); cxfProducerEndpoint.setSslContextParameters(producerSslContextParameters); // Not for use in production HostnameVerifier hostnameVerifier = new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }; cxfProducerEndpoint.setHostnameVerifier(hostnameVerifier); return cxfProducerEndpoint; }
private SSLContextParameters createConsumerSSLContextParameters() { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource(KEYSTORE_PATH); ksp.setPassword(KEYSTORE_PASSWORD); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); SSLContextServerParameters sslContextServerParameters = new SSLContextServerParameters(); sslContextServerParameters.setClientAuthentication(ClientAuthentication.REQUIRE.name()); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setServerParameters(sslContextServerParameters); sslContextParameters.setTrustManagers(tmp); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyStore(ksp); kmp.setKeyPassword(KEYSTORE_PASSWORD); sslContextParameters.setKeyManagers(kmp); return sslContextParameters; }
@Test public void testRetry() throws Exception { SalesforceComponent sf = context().getComponent("salesforce", SalesforceComponent.class); String accessToken = sf.getSession().getAccessToken(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setSslContext(new SSLContextParameters().createSSLContext(context)); HttpClient httpClient = new HttpClient(sslContextFactory); httpClient.setConnectTimeout(60000); httpClient.start(); String uri = sf.getLoginConfig().getLoginUrl() + "/services/oauth2/revoke?token=" + accessToken; Request logoutGet = httpClient.newRequest(uri) .method(HttpMethod.GET) .timeout(1, TimeUnit.MINUTES); ContentResponse response = logoutGet.send(); assertEquals(HttpStatus.OK_200, response.getStatus()); JobInfo jobInfo = new JobInfo(); jobInfo.setOperation(OperationEnum.INSERT); jobInfo.setContentType(ContentType.CSV); jobInfo.setObject(Merchandise__c.class.getSimpleName()); createJob(jobInfo); }
@Override protected JndiRegistry createRegistry() throws Exception { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource("server.jks"); ksp.setPassword("password"); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword("password"); kmp.setKeyStore(ksp); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setSecureSocketProtocol("SSL"); sslContextParameters.setKeyManagers(kmp); sslContextParameters.setTrustManagers(tmp); JndiRegistry registry = super.createRegistry(); registry.bind("sslContextParameters", sslContextParameters); return registry; }
@Override protected JndiRegistry createRegistry() throws Exception { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource("server.jks"); ksp.setPassword("password"); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setSecureSocketProtocol("SSL"); sslContextParameters.setTrustManagers(tmp); JndiRegistry registry = super.createRegistry(); registry.bind("sslContextParameters", sslContextParameters); return registry; }
@Override protected JndiRegistry createRegistry() throws Exception { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource("server.jks"); ksp.setPassword("password"); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setSecureSocketProtocol("TLS"); sslContextParameters.setTrustManagers(tmp); JndiRegistry registry = super.createRegistry(); registry.bind("sslContextParameters", sslContextParameters); return registry; }
@Override protected JndiRegistry createRegistry() throws Exception { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource("server.jks"); ksp.setPassword("password"); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword("password"); kmp.setKeyStore(ksp); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setSecureSocketProtocol("TLS"); sslContextParameters.setKeyManagers(kmp); sslContextParameters.setTrustManagers(tmp); JndiRegistry registry = super.createRegistry(); registry.bind("sslContextParameters", sslContextParameters); return registry; }
private Connector createSslSocketConnector(CamelContext context, int port) throws Exception { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString()); ksp.setPassword(pwd); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword(pwd); kmp.setKeyStore(ksp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setKeyManagers(kmp); // From Camel 2.5.0 Camel-Jetty is using SslSelectChannelConnector instead of SslSocketConnector //SslSelectChannelConnector sslSocketConnector = new SslSelectChannelConnector(); //sslSocketConnector.getSslContextFactory().setSslContext(sslContextParameters.createSSLContext()); //sslSocketConnector.setPort(port); //return sslSocketConnector; return null; }
@Override protected JndiRegistry createRegistry() throws Exception { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource("localhost.ks"); ksp.setPassword("changeit"); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setTrustManagers(tmp); JndiRegistry registry = super.createRegistry(); registry.bind("sslContextParameters", sslContextParameters); return registry; }
protected SSLContextParameters defineSSLContextParameters() { KeyStoreParameters ksp = new KeyStoreParameters(); // ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString()); ksp.setResource("jsse/localhost.ks"); ksp.setPassword(pwd); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword(pwd); kmp.setKeyStore(ksp); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); // NOTE: Needed since the client uses a loose trust configuration when no ssl context // is provided. We turn on WANT client-auth to prefer using authentication SSLContextServerParameters scsp = new SSLContextServerParameters(); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setKeyManagers(kmp); sslContextParameters.setTrustManagers(tmp); sslContextParameters.setServerParameters(scsp); return sslContextParameters; }
@Override protected CamelSalesforceMojo createMojo() throws IOException { final CamelSalesforceMojo mojo = super.createMojo(); // SSL context parameters mojo.sslContextParameters = new SSLContextParameters(); // HTTP proxy properties mojo.httpProxyHost = HTTP_PROXY_HOST; mojo.httpProxyPort = httpProxyPort; mojo.httpProxyUsername = HTTP_PROXY_USER_NAME; mojo.httpProxyPassword = HTTP_PROXY_PASSWORD; mojo.httpProxyRealm = HTTP_PROXY_REALM; mojo.httpProxyAuthUri = String.format("https://%s:%s", HTTP_PROXY_HOST, httpProxyPort); // HTTP client properties mojo.httpClientProperties = new HashMap<String, Object>(); mojo.httpClientProperties.put("timeout", "60000"); mojo.httpClientProperties.put("removeIdleDestinations", "true"); return mojo; }
@Override protected JndiRegistry createRegistry() throws Exception { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").getPath().toString()); ksp.setPassword("changeit"); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword("changeit"); kmp.setKeyStore(ksp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setKeyManagers(kmp); JndiRegistry registry = super.createRegistry(); registry.bind("mySSLContextParameters", sslContextParameters); return registry; }
protected void addSslContextParametersToRegistry(JndiRegistry registry) { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString()); ksp.setPassword(KEY_STORE_PASSWORD); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword(KEY_STORE_PASSWORD); kmp.setKeyStore(ksp); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); // NOTE: Needed since the client uses a loose trust configuration when no ssl context // is provided. We turn on WANT client-auth to prefer using authentication SSLContextServerParameters scsp = new SSLContextServerParameters(); scsp.setClientAuthentication(ClientAuthentication.WANT.name()); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setKeyManagers(kmp); sslContextParameters.setTrustManagers(tmp); sslContextParameters.setServerParameters(scsp); registry.bind("sslContextParameters", sslContextParameters); }
private static SSLContextParameters defineSSLContextServerParameters() { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource("jsse/localhost.ks"); ksp.setPassword(PW); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword(PW); kmp.setKeyStore(ksp); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); // NOTE: Needed since the client uses a loose trust configuration when no ssl context // is provided. We turn on WANT client-auth to prefer using authentication SSLContextServerParameters scsp = new SSLContextServerParameters(); scsp.setClientAuthentication(ClientAuthentication.WANT.name()); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setKeyManagers(kmp); sslContextParameters.setTrustManagers(tmp); sslContextParameters.setServerParameters(scsp); return sslContextParameters; }
@Override protected RouteBuilder createRouteBuilder() throws Exception { return new RouteBuilder() { public void configure() { SSLContextParameters params = new SSLContextParameters(); ProtocolSocketFactory factory = new SSLContextParametersSecureProtocolSocketFactory(params, context); Protocol.registerProtocol("https", new Protocol( "https", factory, 443)); from("direct:start") .to("https://mail.google.com/mail/").to("mock:results"); } }; }
public static SSLContextParameters createSslContextParameters() { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource(MailTestHelper.class.getClassLoader().getResource("jsse/localhost.ks").toString()); ksp.setPassword(KEY_STORE_PASSWORD); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword(KEY_STORE_PASSWORD); kmp.setKeyStore(ksp); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setKeyManagers(kmp); sslContextParameters.setTrustManagers(tmp); return sslContextParameters; }
private SSLContextParameters getSSLContextParameters(String path, String password) { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource(path); ksp.setPassword(password); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword(password); kmp.setKeyStore(ksp); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setKeyManagers(kmp); sslContextParameters.setTrustManagers(tmp); return sslContextParameters; }
@Override protected JndiRegistry createRegistry() throws Exception { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString()); ksp.setPassword(pwd); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword(pwd); kmp.setKeyStore(ksp); //TrustManagersParameters tmp = new TrustManagersParameters(); //tmp.setKeyStore(ksp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setKeyManagers(kmp); //sslContextParameters.setTrustManagers(tmp); JndiRegistry registry = super.createRegistry(); registry.bind("sslContextParameters", sslContextParameters); return registry; }
private SslContextFactory createSslContextFactory(SSLContextParameters ssl) throws GeneralSecurityException, IOException { SslContextFactory answer = new SslContextFactory(); if (ssl != null) { answer.setSslContext(ssl.createSSLContext()); } return answer; }
@Named("cxfConsumerEndpoint") @Produces public CxfEndpoint createCxfConsumerEndpoint() { CxfComponent cxfConsumerComponent = new CxfComponent(this.camelContext); CxfEndpoint cxfConsumerEndpoint = new CxfEndpoint(CXF_CONSUMER_ENDPOINT_ADDRESS, cxfConsumerComponent); cxfConsumerEndpoint.setBeanId("cxfConsumerEndpoint"); cxfConsumerEndpoint.setServiceClass(org.wildfly.camel.examples.cxf.jaxws.GreetingService.class); SSLContextParameters consumerSslContextParameters = this.createConsumerSSLContextParameters(); cxfConsumerEndpoint.setSslContextParameters(consumerSslContextParameters); List<Interceptor<? extends Message>> inInterceptors = cxfConsumerEndpoint.getInInterceptors(); // Authentication JAASLoginInterceptor jaasLoginInterceptor = new JAASLoginInterceptor(); jaasLoginInterceptor.setContextName(WILDFLY_SECURITY_DOMAIN_NAME); jaasLoginInterceptor.setAllowAnonymous(false); List<CallbackHandlerProvider> chp = Arrays.asList(new JBossCallbackHandlerTlsCert()); jaasLoginInterceptor.setCallbackHandlerProviders(chp); inInterceptors.add(jaasLoginInterceptor); // Authorization SimpleAuthorizingInterceptor authorizingInterceptor = new SimpleAuthorizingInterceptor(); authorizingInterceptor.setAllowAnonymousUsers(false); Map<String, String> rolesMap = new HashMap<>(1); rolesMap.put("greet", "testRole"); authorizingInterceptor.setMethodRolesMap(rolesMap); inInterceptors.add(authorizingInterceptor); return cxfConsumerEndpoint; }
public static CxfEndpointConfigurer create(SSLContextParameters sslContextParameters, CamelContext camelContext) { if (sslContextParameters == null) { return new ChainedCxfEndpointConfigurer.NullCxfEndpointConfigurer(); } else { return new SslCxfEndpointConfigurer(sslContextParameters, camelContext); } }
@Test public void testLogin() throws Exception { final SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setSslContext(new SSLContextParameters().createSSLContext()); final SalesforceHttpClient httpClient = new SalesforceHttpClient(sslContextFactory); httpClient.setConnectTimeout(TIMEOUT); final SalesforceSession session = new SalesforceSession( httpClient, TIMEOUT, LoginConfigHelper.getLoginConfig()); session.addListener(this); httpClient.setSession(session); httpClient.start(); try { String loginToken = session.login(session.getAccessToken()); LOG.info("First token " + loginToken); assertTrue("SalesforceSessionListener onLogin NOT called", onLoginTriggered); onLoginTriggered = false; // refresh token, also causes logout loginToken = session.login(loginToken); LOG.info("Refreshed token " + loginToken); assertTrue("SalesforceSessionListener onLogout NOT called", onLogoutTriggered); assertTrue("SalesforceSessionListener onLogin NOT called", onLoginTriggered); } finally { // logout finally session.logout(); } }
/** * Creates a new instance using a factory created by the provided client configuration * parameters. * * @param params the configuration parameters to use when creating the socket factory * @param camelContext the Camel context */ public SSLContextParametersSecureProtocolSocketFactory(SSLContextParameters params, CamelContext camelContext) { try { this.context = params.createSSLContext(camelContext); this.factory = this.context.getSocketFactory(); } catch (Exception e) { throw new RuntimeCamelException("Error creating the SSLContext.", e); } }
@Override protected JndiRegistry createRegistry() throws Exception { JndiRegistry registry = super.createRegistry(); registry.bind("x509HostnameVerifier", new AllowAllHostnameVerifier()); registry.bind("sslContextParameters", new SSLContextParameters()); registry.bind("sslContextParameters2", new SSLContextParameters()); return registry; }
@Override protected JndiRegistry createRegistry() throws Exception { JndiRegistry registry = super.createRegistry(); registry.bind("x509HostnameVerifier", new AllowAllHostnameVerifier()); registry.bind("sslContextParameters", new SSLContextParameters()); registry.bind("sslContextParameters2", new SSLContextParameters()); registry.bind("http4s-foo", new HttpComponent()); registry.bind("http4s-bar", new HttpComponent()); return registry; }
@Override protected SSLContextParameters createInstance() throws Exception { SSLContextParameters newInstance = new SSLContextParameters(); if (getKeyManagers() != null) { getKeyManagers().setCamelContext(getCamelContext()); newInstance.setKeyManagers(getKeyManagers().getObject()); } if (getTrustManagers() != null) { getTrustManagers().setCamelContext(getCamelContext()); newInstance.setTrustManagers(getTrustManagers().getObject()); } if (getSecureRandom() != null) { getSecureRandom().setCamelContext(getCamelContext()); newInstance.setSecureRandom(getSecureRandom().getObject()); } if (getClientParameters() != null) { getClientParameters().setCamelContext(getCamelContext()); newInstance.setClientParameters(getClientParameters().getObject()); } if (getServerParameters() != null) { getServerParameters().setCamelContext(getCamelContext()); newInstance.setServerParameters(getServerParameters().getObject()); } newInstance.setProvider(provider); newInstance.setSecureSocketProtocol(secureSocketProtocol); newInstance.setCertAlias(certAlias); newInstance.setCamelContext(getCamelContext()); return newInstance; }
private Metadata parseSSLContextParametersNode(Element element, ParserContext context) { LOG.trace("Parsing SSLContextParameters {}", element); // now parse the key store parameters with JAXB Binder<Node> binder; try { binder = getJaxbContext().createBinder(); } catch (JAXBException e) { throw new ComponentDefinitionException("Failed to create the JAXB binder : " + e, e); } Object value = parseUsingJaxb(element, context, binder); if (!(value instanceof SSLContextParametersFactoryBean)) { throw new ComponentDefinitionException("Expected an instance of " + SSLContextParametersFactoryBean.class); } SSLContextParametersFactoryBean scpfb = (SSLContextParametersFactoryBean) value; String id = scpfb.getId(); MutablePassThroughMetadata factory = context.createMetadata(MutablePassThroughMetadata.class); factory.setId(".camelBlueprint.passThrough." + id); factory.setObject(new PassThroughCallable<Object>(scpfb)); MutableBeanMetadata factory2 = context.createMetadata(MutableBeanMetadata.class); factory2.setId(".camelBlueprint.factory." + id); factory2.setFactoryComponent(factory); factory2.setFactoryMethod("call"); factory2.setInitMethod("afterPropertiesSet"); factory2.setDestroyMethod("destroy"); factory2.addProperty("blueprintContainer", createRef(context, "blueprintContainer")); MutableBeanMetadata ctx = context.createMetadata(MutableBeanMetadata.class); ctx.setId(id); ctx.setRuntimeClass(SSLContextParameters.class); ctx.setFactoryComponent(factory2); ctx.setFactoryMethod("getObject"); // must be lazy as we want CamelContext to be activated first ctx.setActivation(ACTIVATION_LAZY); LOG.trace("Parsing SSLContextParameters done, returning {}", ctx); return ctx; }
public CamelSSLIRCConnection(String host, int[] ports, String pass, String nick, String username, String realname, SSLContextParameters sslContextParameters, CamelContext camelContext) { super(host, ports, pass, nick, username, realname); this.sslContextParameters = sslContextParameters; this.camelContext = camelContext; }
private SslContextFactory createSslContextFactory(SSLContextParameters ssl) throws GeneralSecurityException, IOException { SslContextFactory answer = new SslContextFactory(); if (ssl != null) { answer.setSslContext(ssl.createSSLContext(getCamelContext())); } return answer; }
@Override protected RouteBuilder createRouteBuilder() throws Exception { return new RouteBuilder() { @Override public void configure() throws Exception { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource("jsse/localhost.ks"); ksp.setPassword("changeit"); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword("changeit"); kmp.setKeyStore(ksp); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setKeyManagers(kmp); sslContextParameters.setTrustManagers(tmp); CometdComponent component = (CometdComponent) context.getComponent("cometds"); component.setSslContextParameters(sslContextParameters); from("direct:input").to(uri); from(uri).to("mock:test"); } }; }
@Override protected RouteBuilder createRouteBuilder() throws Exception { return new RouteBuilder() { public void configure() throws URISyntaxException { JettyHttpComponent jetty = getContext().getComponent("jetty", JettyHttpComponent.class); KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString()); ksp.setPassword(pwd); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword(pwd); kmp.setKeyStore(ksp); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setKeyManagers(kmp); jetty.setSslContextParameters(sslContextParameters); // NOTE: These are here to check that they are properly ignored. setSSLProps(jetty, "", "asdfasdfasdfdasfs", "sadfasdfasdfas"); from("jetty:https://localhost:" + port1 + "/test").to("mock:a"); Processor proc = new Processor() { public void process(Exchange exchange) throws Exception { exchange.getOut().setBody("<b>Hello World</b>"); } }; from("jetty:https://localhost:" + port1 + "/hello").process(proc); from("jetty:https://localhost:" + port2 + "/test").to("mock:b"); } }; }
protected void addSslContextParametersToRegistry(JndiRegistry registry) { KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString()); ksp.setPassword(KEY_STORE_PASSWORD); KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setKeyPassword(KEY_STORE_PASSWORD); kmp.setKeyStore(ksp); TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setKeyStore(ksp); // NOTE: Needed since the client uses a loose trust configuration when no ssl context // is provided. We turn on WANT client-auth to prefer using authentication SSLContextServerParameters scsp = new SSLContextServerParameters(); scsp.setClientAuthentication(ClientAuthentication.WANT.name()); SSLContextParameters sslContextParameters = new SSLContextParameters(); sslContextParameters.setKeyManagers(kmp); sslContextParameters.setTrustManagers(tmp); sslContextParameters.setServerParameters(scsp); // use SSLv3 to avoid issue with (eg disable TLS) // Caused by: javax.net.ssl.SSLException: bad record MAC sslContextParameters.setSecureSocketProtocol("SSLv3"); registry.bind("sslContextParameters", sslContextParameters); }
public SSLContextParameters getSslContextParameters() { return sslContextParameters; }
public void setSslContextParameters(SSLContextParameters sslContextParameters) { this.sslContextParameters = sslContextParameters; }
