p.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt, enableRevocation));
@Override public ClientBuilder trustStore(KeyStore store) { secConfig.setSslContext(null); try { TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(store); secConfig.getTlsClientParams().setTrustManagers(tmf.getTrustManagers()); } catch (Exception ex) { throw new ProcessingException(ex); } return this; }
@Override public ClientBuilder trustStore(KeyStore store) { secConfig.setSslContext(null); try { TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(store); secConfig.getTlsClientParams().setTrustManagers(tmf.getTrustManagers()); } catch (Exception ex) { throw new ProcessingException(ex); } return this; }
TLSClientParameters params = new TLSClientParameters(); params.setKeyManagers(keyManagers); params.setTrustManagers(trustManagers);
private WebClient configureTLS(WebClient client) throws Exception { if (client.getBaseURI().getScheme().startsWith(HTTPS_SCHEME) && !(trustStorePath == null || trustStorePassword ==null)) { HTTPConduit conduit = (HTTPConduit)WebClient.getConfig(client).getConduit(); TLSClientParameters tlsParameters = new TLSClientParameters(); KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray()); TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); trustFactory.init(trustStore); tlsParameters.setTrustManagers(trustFactory.getTrustManagers()); // allow a hostname mismatch tlsParameters.setDisableCNCheck(true); conduit.setTlsClientParameters(tlsParameters); } return client; }
public static void configureCaCert(WebClient webClient, String caCertData, File caCertFile) { try { KeyStore trustStore = createTrustStore(caCertData, caCertFile); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } TrustManager[] existingTrustManagers = params.getTrustManagers(); if (existingTrustManagers != null && existingTrustManagers.length > 0) { List<TrustManager> list = new ArrayList<>(); list.addAll(Arrays.asList(existingTrustManagers)); list.addAll(Arrays.asList(trustManagers)); trustManagers = list.toArray(new TrustManager[list.size()]); } params.setTrustManagers(trustManagers); } catch (Exception e) { LOG.error("Could not create trust manager for " + caCertFile, e); } }
String targetAddr = http.getTarget().getAddress().getValue(); if (targetAddr.toLowerCase().startsWith("https:")) { TrustManager[] simpleTrustManager = new TrustManager[] { new X509TrustManager() { public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { } public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } } }; TLSClientParameters tlsParams = new TLSClientParameters(); tlsParams.setTrustManagers(simpleTrustManager); tlsParams.setDisableCNCheck(true); http.setTlsClientParameters(tlsParams); }
@Override public ClientBuilder sslContext(SSLContext sslContext) { secConfig.getTlsClientParams().setKeyManagers(null); secConfig.getTlsClientParams().setTrustManagers(null); secConfig.setSslContext(sslContext); return this; }
@Override public ClientBuilder sslContext(SSLContext sslContext) { secConfig.getTlsClientParams().setKeyManagers(null); secConfig.getTlsClientParams().setTrustManagers(null); secConfig.setSslContext(sslContext); return this; }
public static void trustAllForHttpConduit(HTTPConduit conduit) { TLSClientParameters tlsClientParams = conduit.getTlsClientParameters(); if (tlsClientParams == null) { tlsClientParams = new TLSClientParameters(); conduit.setTlsClientParameters(tlsClientParams); } tlsClientParams.setTrustManagers(new TrustManager[] { new FakeX509TrustManager() }); tlsClientParams.setDisableCNCheck(true); } }
public static void trustAllForHttpConduit(HTTPConduit conduit) { TLSClientParameters tlsClientParams = conduit.getTlsClientParameters(); if (tlsClientParams == null) { tlsClientParams = new TLSClientParameters(); conduit.setTlsClientParameters(tlsClientParams); } tlsClientParams.setTrustManagers(new TrustManager[] { new FakeX509TrustManager() }); tlsClientParams.setDisableCNCheck(true); } }
WebClient webClient = WebClient.create(this.serviceURL, this.username, this.password, null); // Spring config file - we don't use this if (trustAllCerts) { HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } params.setTrustManagers(new TrustManager[] { new DumbX509TrustManager() }); params.setDisableCNCheck(true); }
private SSLContext createSSLContext() throws Exception { TLSClientParameters tlsParams = new TLSClientParameters(); try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", this.getClass())) { KeyStore trustStore = loadStore(keystore, "password"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); tlsParams.setTrustManagers(tmf.getTrustManagers()); } try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Morpit.jks", this.getClass())) { KeyStore keyStore = loadStore(keystore, "password"); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, "password".toCharArray()); tlsParams.setKeyManagers(kmf.getKeyManagers()); } return SSLUtils.getSSLContext(tlsParams); } }
public static void disableSslChecks(WebClient webClient) { HTTPConduit conduit = WebClient.getConfig(webClient) .getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } params.setTrustManagers(new TrustManager[]{new TrustEverythingSSLTrustManager()}); params.setDisableCNCheck(true); }
private WebClient clientFor() { final WebClient webClient = WebClient.create(this.hostUrl); if (acceptAllCertificates) { final HTTPConduit conduit = WebClient.getConfig(webClient).getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } params.setTrustManagers(new TrustManager[]{new DumbX509TrustManager()}); params.setDisableCNCheck(true); } return webClient; }
/** * Sets a mock client authentication to the given client. * * @param client * the new mock client authentication */ public static void setMockClientAuthentication(Object client) { final ClientConfiguration config = WebClient.getConfig(client); // trust all certs... final HTTPConduit conduit = config.getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); params.setTrustManagers(new TrustManager[] { new MockX509TrustManager() }); params.setDisableCNCheck(true); conduit.setTlsClientParameters(params); } }
tls.setTrustManagers(new TrustManager[] { new TrustingX509TrustManager() }); httpConduit.setTlsClientParameters(tls);
@org.junit.Test public void testNoOpX509TrustManager() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = TrustManagerTest.class.getResource("client-trust.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); URL url = SOAPService.WSDL_LOCATION; SOAPService service = new SOAPService(url, SOAPService.SERVICE); assertNotNull("Service is null", service); final Greeter port = service.getHttpsPort(); assertNotNull("Port is null", port); updateAddressPort(port, PORT); TLSClientParameters tlsParams = new TLSClientParameters(); X509TrustManager trustManager = new NoOpX509TrustManager(); TrustManager[] trustManagers = new TrustManager[1]; trustManagers[0] = trustManager; tlsParams.setTrustManagers(trustManagers); tlsParams.setDisableCNCheck(true); Client client = ClientProxy.getClient(port); HTTPConduit http = (HTTPConduit) client.getConduit(); http.setTlsClientParameters(tlsParams); assertEquals(port.greetMe("Kitty"), "Hello Kitty"); ((java.io.Closeable)port).close(); bus.shutdown(true); }
@org.junit.Test public void testValidServerCertX509TrustManager() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = TrustManagerTest.class.getResource("client-trust.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); URL url = SOAPService.WSDL_LOCATION; SOAPService service = new SOAPService(url, SOAPService.SERVICE); assertNotNull("Service is null", service); final Greeter port = service.getHttpsPort(); assertNotNull("Port is null", port); updateAddressPort(port, PORT); String validPrincipalName = "CN=Bethal,OU=Bethal,O=ApacheTest,L=Syracuse,C=US"; TLSClientParameters tlsParams = new TLSClientParameters(); X509TrustManager trustManager = new ServerCertX509TrustManager(validPrincipalName); TrustManager[] trustManagers = new TrustManager[1]; trustManagers[0] = trustManager; tlsParams.setTrustManagers(trustManagers); tlsParams.setDisableCNCheck(true); Client client = ClientProxy.getClient(port); HTTPConduit http = (HTTPConduit) client.getConduit(); http.setTlsClientParameters(tlsParams); assertEquals(port.greetMe("Kitty"), "Hello Kitty"); ((java.io.Closeable)port).close(); bus.shutdown(true); }
@org.junit.Test public void testAESIncludedTLSv10() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client-noconfig.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); URL url = SOAPService.WSDL_LOCATION; SOAPService service = new SOAPService(url, SOAPService.SERVICE); assertNotNull("Service is null", service); final Greeter port = service.getHttpsPort(); assertNotNull("Port is null", port); updateAddressPort(port, PORT); Client client = ClientProxy.getClient(port); HTTPConduit conduit = (HTTPConduit) client.getConduit(); TLSClientParameters tlsParams = new TLSClientParameters(); X509TrustManager trustManager = new NoOpX509TrustManager(); TrustManager[] trustManagers = new TrustManager[1]; trustManagers[0] = trustManager; tlsParams.setTrustManagers(trustManagers); tlsParams.setDisableCNCheck(true); tlsParams.setSecureSocketProtocol("TLSv1"); conduit.setTlsClientParameters(tlsParams); assertEquals(port.greetMe("Kitty"), "Hello Kitty"); ((java.io.Closeable)port).close(); bus.shutdown(true); }