p.setJsseProvider(v); } else if ("disableCNCheck".equals(k)) { p.setDisableCNCheck(Boolean.parseBoolean(v)); } else if ("useHttpsURLConnectionDefaultHostnameVerifier".equals(k)) { p.setUseHttpsURLConnectionDefaultHostnameVerifier(Boolean.parseBoolean(v));
private WebClient configureTLS(WebClient client) throws Exception { if (client.getBaseURI().getScheme().startsWith(HTTPS_SCHEME) && !(trustStorePath == null || trustStorePassword ==null)) { HTTPConduit conduit = (HTTPConduit)WebClient.getConfig(client).getConduit(); TLSClientParameters tlsParameters = new TLSClientParameters(); KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray()); TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); trustFactory.init(trustStore); tlsParameters.setTrustManagers(trustFactory.getTrustManagers()); // allow a hostname mismatch tlsParameters.setDisableCNCheck(true); conduit.setTlsClientParameters(tlsParameters); } return client; }
private void configureTLSClient(HTTPConduit conduit) { TLSClientParameters parameters = conduit.getTlsClientParameters(); if (parameters == null) //don't do anything when user already provided a configuration { parameters = new TLSClientParameters(); parameters.setUseHttpsURLConnectionDefaultSslSocketFactory(true); if (Boolean.TRUE.equals((Boolean)configuration.get(Constants.CXF_TLS_CLIENT_DISABLE_CN_CHECK))) { parameters.setDisableCNCheck(true); } conduit.setTlsClientParameters(parameters); } }
URL url = null; try { url = new URL(endpoint + "/wsdl"); } catch (MalformedURLException e) { LOG.error(e.getMessage()); } javax.xml.ws.Service s = MyService.create(url, new QName(MyService.NAMESPACE, MyService.SERVICE)); ServiceSoap port = s.getPort(ServiceSoap.class); Map<String, Object> reqCtx = ((BindingProvider)port).getRequestContext(); reqCtx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint); reqCtx.put(BindingProvider.SOAPACTION_USE_PROPERTY, Boolean.TRUE); reqCtx.put(BindingProvider.SOAPACTION_URI_PROPERTY, actionName); Client client = ClientProxy.getClient(port); HTTPConduit http = (HTTPConduit) client.getConduit(); HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); httpClientPolicy.setConnection(ConnectionType.CLOSE); http.setClient(httpClientPolicy); TLSClientParameters tls = new TLSClientParameters(); tls.setSSLSocketFactory(sslFactory); tls.setDisableCNCheck(true); http.setTlsClientParameters(tls);
String targetAddr = http.getTarget().getAddress().getValue(); if (targetAddr.toLowerCase().startsWith("https:")) { TrustManager[] simpleTrustManager = new TrustManager[] { new X509TrustManager() { public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { } public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } } }; TLSClientParameters tlsParams = new TLSClientParameters(); tlsParams.setTrustManagers(simpleTrustManager); tlsParams.setDisableCNCheck(true); http.setTlsClientParameters(tlsParams); }
public static void trustAllForHttpConduit(HTTPConduit conduit) { TLSClientParameters tlsClientParams = conduit.getTlsClientParameters(); if (tlsClientParams == null) { tlsClientParams = new TLSClientParameters(); conduit.setTlsClientParameters(tlsClientParams); } tlsClientParams.setTrustManagers(new TrustManager[] { new FakeX509TrustManager() }); tlsClientParams.setDisableCNCheck(true); } }
public static void trustAllForHttpConduit(HTTPConduit conduit) { TLSClientParameters tlsClientParams = conduit.getTlsClientParameters(); if (tlsClientParams == null) { tlsClientParams = new TLSClientParameters(); conduit.setTlsClientParameters(tlsClientParams); } tlsClientParams.setTrustManagers(new TrustManager[] { new FakeX509TrustManager() }); tlsClientParams.setDisableCNCheck(true); } }
WebClient webClient = WebClient.create(this.serviceURL, this.username, this.password, null); // Spring config file - we don't use this if (trustAllCerts) { HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } params.setTrustManagers(new TrustManager[] { new DumbX509TrustManager() }); params.setDisableCNCheck(true); }
@BeforeClass public static void allocatePorts() { BusServer.resetPortMap(); addrMap.clear(); addrMap.put("Mortimer", "http://localhost:" + getPort("PORT0") + "/"); addrMap.put("Tarpin", "https://localhost:" + getPort("PORT1") + "/"); addrMap.put("Poltim", "https://localhost:" + getPort("PORT2") + "/"); addrMap.put("Gordy", "https://localhost:" + getPort("PORT3") + "/"); addrMap.put("Bethal", "https://localhost:" + getPort("PORT4") + "/"); addrMap.put("Morpit", "https://localhost:" + getPort("PORT5") + "/"); tlsClientParameters.setDisableCNCheck(true); servers.clear(); }
private SHSIMPINCPortType getService() { final SHSIMPINC service = new SHSIMPINC(); port = service.getSHSIMPINCSOAP12Port(); final Client cxfClient = ClientProxy.getClient(port); try { cxfClient.getRequestContext().put(Message.ENDPOINT_ADDRESS, getProperties().getProperty("tsrm.url")); final HTTPConduit http = (HTTPConduit) cxfClient.getConduit(); String stictSSL = getProperties().getProperty("tsrm.ssl.strict"); if (!Boolean.parseBoolean(stictSSL)) { LOG.debug("Disabling strict SSL checking."); // Accept all certificates final TrustManager[] simpleTrustManager = new TrustManager[] { new AnyServerX509TrustManager() }; final TLSClientParameters tlsParams = new TLSClientParameters(); tlsParams.setTrustManagers(simpleTrustManager); tlsParams.setDisableCNCheck(true); http.setTlsClientParameters(tlsParams); } } catch (IOException e) { LOG.error("Unable to load tsrm properties ", e); } // Log incoming and outgoing requests LoggingInInterceptor loggingInInterceptor = new LoggingInInterceptor(); loggingInInterceptor.setPrettyLogging(true); cxfClient.getInInterceptors().add(loggingInInterceptor); LoggingOutInterceptor loggingOutInterceptor = new LoggingOutInterceptor(); loggingOutInterceptor.setPrettyLogging(true); cxfClient.getOutInterceptors().add(loggingOutInterceptor); return port; }
public static void disableSslChecks(WebClient webClient) { HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } params.setTrustManagers(new TrustManager[]{new TrustEverythingSSLTrustManager()}); params.setDisableCNCheck(true); }
private WebClient clientFor() { final WebClient webClient = WebClient.create(this.hostUrl); if (acceptAllCertificates) { final HTTPConduit conduit = WebClient.getConfig(webClient).getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } params.setTrustManagers(new TrustManager[]{new DumbX509TrustManager()}); params.setDisableCNCheck(true); } return webClient; }
/** * Sets a mock client authentication to the given client. * * @param client * the new mock client authentication */ public static void setMockClientAuthentication(Object client) { final ClientConfiguration config = WebClient.getConfig(client); // trust all certs... final HTTPConduit conduit = config.getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); params.setTrustManagers(new TrustManager[] { new MockX509TrustManager() }); params.setDisableCNCheck(true); conduit.setTlsClientParameters(params); } }
tls.setDisableCNCheck(true); tls.setTrustManagers(new TrustManager[] { new TrustingX509TrustManager() }); httpConduit.setTlsClientParameters(tls);
trustManagers[0] = trustManager; tlsParams.setTrustManagers(trustManagers); tlsParams.setDisableCNCheck(true);
trustManagers[0] = trustManager; tlsParams.setTrustManagers(trustManagers); tlsParams.setDisableCNCheck(true);
@org.junit.Test public void testNoOpX509TrustManager() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = TrustManagerTest.class.getResource("client-trust.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); URL url = SOAPService.WSDL_LOCATION; SOAPService service = new SOAPService(url, SOAPService.SERVICE); assertNotNull("Service is null", service); final Greeter port = service.getHttpsPort(); assertNotNull("Port is null", port); updateAddressPort(port, PORT); TLSClientParameters tlsParams = new TLSClientParameters(); X509TrustManager trustManager = new NoOpX509TrustManager(); TrustManager[] trustManagers = new TrustManager[1]; trustManagers[0] = trustManager; tlsParams.setTrustManagers(trustManagers); tlsParams.setDisableCNCheck(true); Client client = ClientProxy.getClient(port); HTTPConduit http = (HTTPConduit) client.getConduit(); http.setTlsClientParameters(tlsParams); assertEquals(port.greetMe("Kitty"), "Hello Kitty"); ((java.io.Closeable)port).close(); bus.shutdown(true); }
@org.junit.Test public void testValidServerCertX509TrustManager() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = TrustManagerTest.class.getResource("client-trust.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); URL url = SOAPService.WSDL_LOCATION; SOAPService service = new SOAPService(url, SOAPService.SERVICE); assertNotNull("Service is null", service); final Greeter port = service.getHttpsPort(); assertNotNull("Port is null", port); updateAddressPort(port, PORT); String validPrincipalName = "CN=Bethal,OU=Bethal,O=ApacheTest,L=Syracuse,C=US"; TLSClientParameters tlsParams = new TLSClientParameters(); X509TrustManager trustManager = new ServerCertX509TrustManager(validPrincipalName); TrustManager[] trustManagers = new TrustManager[1]; trustManagers[0] = trustManager; tlsParams.setTrustManagers(trustManagers); tlsParams.setDisableCNCheck(true); Client client = ClientProxy.getClient(port); HTTPConduit http = (HTTPConduit) client.getConduit(); http.setTlsClientParameters(tlsParams); assertEquals(port.greetMe("Kitty"), "Hello Kitty"); ((java.io.Closeable)port).close(); bus.shutdown(true); }
@org.junit.Test public void testValidServerCertX509TrustManager2() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = TrustManagerTest.class.getResource("client-trust.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); URL url = SOAPService.WSDL_LOCATION; SOAPService service = new SOAPService(url, SOAPService.SERVICE); assertNotNull("Service is null", service); final Greeter port = service.getHttpsPort(); assertNotNull("Port is null", port); updateAddressPort(port, PORT3); String validPrincipalName = "CN=Bethal,OU=Bethal,O=ApacheTest,L=Syracuse,C=US"; TLSClientParameters tlsParams = new TLSClientParameters(); X509TrustManager trustManager = new ServerCertX509TrustManager(validPrincipalName); TrustManager[] trustManagers = new TrustManager[1]; trustManagers[0] = trustManager; tlsParams.setTrustManagers(trustManagers); tlsParams.setDisableCNCheck(true); Client client = ClientProxy.getClient(port); HTTPConduit http = (HTTPConduit) client.getConduit(); http.setTlsClientParameters(tlsParams); assertEquals(port.greetMe("Kitty"), "Hello Kitty"); ((java.io.Closeable)port).close(); bus.shutdown(true); }
@org.junit.Test public void testAESIncludedTLSv10() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client-noconfig.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); URL url = SOAPService.WSDL_LOCATION; SOAPService service = new SOAPService(url, SOAPService.SERVICE); assertNotNull("Service is null", service); final Greeter port = service.getHttpsPort(); assertNotNull("Port is null", port); updateAddressPort(port, PORT); Client client = ClientProxy.getClient(port); HTTPConduit conduit = (HTTPConduit) client.getConduit(); TLSClientParameters tlsParams = new TLSClientParameters(); X509TrustManager trustManager = new NoOpX509TrustManager(); TrustManager[] trustManagers = new TrustManager[1]; trustManagers[0] = trustManager; tlsParams.setTrustManagers(trustManagers); tlsParams.setDisableCNCheck(true); tlsParams.setSecureSocketProtocol("TLSv1"); conduit.setTlsClientParameters(tlsParams); assertEquals(port.greetMe("Kitty"), "Hello Kitty"); ((java.io.Closeable)port).close(); bus.shutdown(true); }