/*
* #%L
* GarethHealy :: JBoss Fuse Examples :: WS Playground :: WS Security HTTPS CXF Client
* %%
* Copyright (C) 2013 - 2017 Gareth Healy
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
package com.garethahealy.wssecurity.https.cxf.client.decorators;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import com.garethahealy.wssecurity.https.cxf.client.config.WsEndpointConfiguration;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.configuration.security.FiltersType;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.transport.http.HTTPConduit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class HTTPSWsSignatureEndpointDecorator extends WsSignatureEndpointDecorator {
private static final Logger LOG = LoggerFactory.getLogger(HTTPSWsSignatureEndpointDecorator.class);
public HTTPSWsSignatureEndpointDecorator(WsEndpointConfiguration<?> config) {
super(config);
}
@Override
public synchronized Object create() {
Object port = super.create();
Client client = ClientProxy.getClient(port);
configureSSLOnTheClient(client);
return port;
}
public void configureSSLOnTheClient(Client client) {
//NOTE: The below order matters!
HTTPConduit httpConduit = (HTTPConduit)client.getConduit();
KeyStore keyStore = getInstanceOfKeyStore();
loadKeyStore(keyStore, config.getKeystorePath(), config.getKeystorePassword());
KeyManagerFactory keyFactory = getInstanceOfKeyManagerFactory(keyStore, config.getKeyManagerPassword());
loadKeyStore(keyStore, config.getTruststorePath(), config.getTruststorePassword());
TrustManagerFactory trustFactory = getInstanceOfTrustManagerFactory(keyStore);
FiltersType filter = new FiltersType();
filter.getInclude().add(".*_WITH_3DES_.*");
filter.getInclude().add(".*_WITH_DES_.*");
filter.getInclude().add(".*_WITH_NULL_.*");
filter.getExclude().add(".*_DH_anon_.*");
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);
tlsParams.setTrustManagers(trustFactory.getTrustManagers());
tlsParams.setKeyManagers(keyFactory.getKeyManagers());
tlsParams.setCipherSuitesFilter(filter);
httpConduit.setTlsClientParameters(tlsParams);
}
private KeyStore getInstanceOfKeyStore() {
KeyStore keyStore = null;
try {
keyStore = KeyStore.getInstance("JKS");
} catch (KeyStoreException kse) {
LOG.error("Security configuration failed with the following: " + kse.getCause());
}
return keyStore;
}
private void loadKeyStore(KeyStore keyStore, String path, String storePassword) {
File pathFile = new File(path);
try (FileInputStream stream = new FileInputStream(pathFile)) {
keyStore.load(stream, storePassword.toCharArray());
} catch (IOException nsa) {
LOG.error("Security configuration failed with the following: " + nsa.getCause());
} catch (CertificateException fnfe) {
LOG.error("Security configuration failed with the following: " + fnfe.getCause());
} catch (NoSuchAlgorithmException fnfe) {
LOG.error("Security configuration failed with the following: " + fnfe.getCause());
}
}
private KeyManagerFactory getInstanceOfKeyManagerFactory(KeyStore keyStore, String keyManagerPassword) {
KeyManagerFactory keyFactory = null;
try {
keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, keyManagerPassword.toCharArray());
} catch (NoSuchAlgorithmException fnfe) {
LOG.error("Security configuration failed with the following: " + fnfe.getCause());
} catch (KeyStoreException kse) {
LOG.error("Security configuration failed with the following: " + kse.getCause());
} catch (UnrecoverableKeyException uke) {
LOG.error("Security configuration failed with the following: " + uke.getCause());
}
return keyFactory;
}
private TrustManagerFactory getInstanceOfTrustManagerFactory(KeyStore keyStore) {
TrustManagerFactory trustFactory = null;
try {
trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(keyStore);
} catch (NoSuchAlgorithmException fnfe) {
LOG.error("Security configuration failed with the following: " + fnfe.getCause());
} catch (KeyStoreException kse) {
LOG.error("Security configuration failed with the following: " + kse.getCause());
}
return trustFactory;
}
}