Java Code Examples for org.apache.cxf.configuration.jsse.TLSClientParameters#setDisableCNCheck()
The following examples show how to use
org.apache.cxf.configuration.jsse.TLSClientParameters#setDisableCNCheck() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RestUtil.java From peer-os with Apache License 2.0 | 7 votes |
|
public static WebClient createTrustedWebClient( String url )
{
WebClient client = WebClient.create( url );
HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout( defaultConnectionTimeout );
httpClientPolicy.setReceiveTimeout( defaultReceiveTimeout );
httpClientPolicy.setMaxRetransmits( defaultMaxRetransmits );
httpConduit.setClient( httpClientPolicy );
SSLManager sslManager = new SSLManager( null, null, null, null );
TLSClientParameters tlsClientParameters = new TLSClientParameters();
tlsClientParameters.setDisableCNCheck( true );
tlsClientParameters.setTrustManagers( sslManager.getClientFullTrustManagers() );
httpConduit.setTlsClientParameters( tlsClientParameters );
return client;
}
Example 2
| Source File: SSLNettyClientTest.java From cxf with Apache License 2.0 | 6 votes |
|
private static void setupTLS(Greeter port)
throws FileNotFoundException, IOException, GeneralSecurityException {
String keyStoreLoc =
"/keys/clientstore.jks";
NettyHttpConduit httpConduit = (NettyHttpConduit) ClientProxy.getClient(port).getConduit();
TLSClientParameters tlsCP = new TLSClientParameters();
String keyPassword = "ckpass";
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(SSLNettyClientTest.class.getResourceAsStream(keyStoreLoc), "cspass".toCharArray());
KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
tlsCP.setKeyManagers(myKeyManagers);
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(SSLNettyClientTest.class.getResourceAsStream(keyStoreLoc), "cspass".toCharArray());
TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
tlsCP.setTrustManagers(myTrustStoreKeyManagers);
tlsCP.setDisableCNCheck(true);
httpConduit.setTlsClientParameters(tlsCP);
}
Example 3
| Source File: TLSClientParametersUtils.java From cxf with Apache License 2.0 | 6 votes |
|
public static TLSClientParameters getTLSClientParameters() throws GeneralSecurityException, IOException {
final TLSClientParameters tlsCP = new TLSClientParameters();
tlsCP.setDisableCNCheck(true);
final KeyStore keyStore;
try (InputStream is = ClassLoaderUtils.getResourceAsStream(CLIENTSTORE, TLSClientParametersUtils.class)) {
keyStore = CryptoUtils.loadKeyStore(is, KEYSTORE_PASS.toCharArray(), null);
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, KEY_PASS.toCharArray());
tlsCP.setKeyManagers(kmf.getKeyManagers());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
tlsCP.setTrustManagers(tmf.getTrustManagers());
return tlsCP;
}
Example 4
| Source File: ClientNonSpring.java From cxf with Apache License 2.0 | 6 votes |
|
private static void setupTLS(Greeter port)
throws IOException, GeneralSecurityException {
final TLSClientParameters tlsCP = new TLSClientParameters();
tlsCP.setDisableCNCheck(true);
final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream is = new FileInputStream("src/main/config/clientKeystore.jks")) {
keyStore.load(is, "cspass".toCharArray());
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, "ckpass".toCharArray());
tlsCP.setKeyManagers(kmf.getKeyManagers());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
tlsCP.setTrustManagers(tmf.getTrustManagers());
((HTTPConduit) ClientProxy.getClient(port).getConduit()).setTlsClientParameters(tlsCP);
}
Example 5
| Source File: RestUtil.java From peer-os with Apache License 2.0 | 6 votes |
|
public static WebClient createTrustedWebClient( String url, Object provider )
{
WebClient client = WebClient.create( url, Arrays.asList( provider ) );
HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout( defaultConnectionTimeout );
httpClientPolicy.setReceiveTimeout( defaultReceiveTimeout );
httpClientPolicy.setMaxRetransmits( defaultMaxRetransmits );
httpConduit.setClient( httpClientPolicy );
SSLManager sslManager = new SSLManager( null, null, null, null );
TLSClientParameters tlsClientParameters = new TLSClientParameters();
tlsClientParameters.setDisableCNCheck( true );
tlsClientParameters.setTrustManagers( sslManager.getClientFullTrustManagers() );
httpConduit.setTlsClientParameters( tlsClientParameters );
return client;
}
Example 6
| Source File: WebClientBuilder.java From peer-os with Apache License 2.0 | 5 votes |
|
public static WebClient buildEnvironmentWebClient( final PeerInfo peerInfo, final String path,
final Object provider )
{
String effectiveUrl = String.format( ENVIRONMENT_URL_TEMPLATE, peerInfo.getIp(), peerInfo.getPublicSecurePort(),
path.startsWith( "/" ) ? path : "/" + path );
WebClient client = WebClient.create( effectiveUrl, Arrays.asList( provider ) );
client.type( MediaType.APPLICATION_JSON );
client.accept( MediaType.APPLICATION_JSON );
HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout( DEFAULT_CONNECTION_TIMEOUT );
httpClientPolicy.setReceiveTimeout( DEFAULT_RECEIVE_TIMEOUT );
httpClientPolicy.setMaxRetransmits( DEFAULT_MAX_RETRANSMITS );
httpConduit.setClient( httpClientPolicy );
KeyStoreTool keyStoreManager = new KeyStoreTool();
KeyStoreData keyStoreData = new KeyStoreData();
keyStoreData.setupKeyStorePx2();
keyStoreData.setAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
KeyStore keyStore = keyStoreManager.load( keyStoreData );
LOG.debug( String.format( "Getting key with alias: %s for url: %s", SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS,
effectiveUrl ) );
KeyStoreData trustStoreData = new KeyStoreData();
trustStoreData.setupTrustStorePx2();
KeyStore trustStore = keyStoreManager.load( trustStoreData );
SSLManager sslManager = new SSLManager( keyStore, keyStoreData, trustStore, trustStoreData );
TLSClientParameters tlsClientParameters = new TLSClientParameters();
tlsClientParameters.setDisableCNCheck( true );
tlsClientParameters.setTrustManagers( sslManager.getClientTrustManagers() );
tlsClientParameters.setKeyManagers( sslManager.getClientKeyManagers() );
tlsClientParameters.setCertAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
httpConduit.setTlsClientParameters( tlsClientParameters );
return client;
}
Example 7
| Source File: NaiveSSLHelper.java From onvif with Apache License 2.0 | 5 votes |
|
public static void makeCxfWebServiceClientTrustEveryone(HTTPConduit http) {
TrustManager[] trustManagers = new TrustManager[] {new NaiveTrustManager()};
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setSecureSocketProtocol("TLS");
tlsParams.setKeyManagers(new KeyManager[0]);
tlsParams.setTrustManagers(trustManagers);
tlsParams.setDisableCNCheck(true);
http.setTlsClientParameters(tlsParams);
}
Example 8
| Source File: AmbariClientBuilder.java From components with Apache License 2.0 | 5 votes |
|
/**
* Build a client proxy, for a specific proxy type.
*
* @param proxyType proxy type class
* @return client proxy stub
*/
protected <T> T build(Class<T> proxyType) {
String address = generateAddress();
T rootResource;
// Synchronized on the class to correlate with the scope of clientStaticResources
// We want to ensure that the shared bean isn't set concurrently in multiple callers
synchronized (AmbariClientBuilder.class) {
JAXRSClientFactoryBean bean = cleanFactory(clientStaticResources.getUnchecked(proxyType));
bean.setAddress(address);
if (username != null) {
bean.setUsername(username);
bean.setPassword(password);
}
if (enableLogging) {
bean.setFeatures(Arrays.<AbstractFeature> asList(new LoggingFeature()));
}
rootResource = bean.create(proxyType);
}
boolean isTlsEnabled = address.startsWith("https://");
ClientConfiguration config = WebClient.getConfig(rootResource);
HTTPConduit conduit = (HTTPConduit) config.getConduit();
if (isTlsEnabled) {
TLSClientParameters tlsParams = new TLSClientParameters();
if (!validateCerts) {
tlsParams.setTrustManagers(new TrustManager[] { new AcceptAllTrustManager() });
} else if (trustManagers != null) {
tlsParams.setTrustManagers(trustManagers);
}
tlsParams.setDisableCNCheck(!validateCn);
conduit.setTlsClientParameters(tlsParams);
}
HTTPClientPolicy policy = conduit.getClient();
policy.setConnectionTimeout(connectionTimeoutUnits.toMillis(connectionTimeout));
policy.setReceiveTimeout(receiveTimeoutUnits.toMillis(receiveTimeout));
return rootResource;
}
Example 9
| Source File: Utils.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
public static void initTLSClientParameters(TLSClientParameters tlsClientParameters, String keystoreFile,
String keystorePassword, String keyPassword,
String truststoreFile, String trustPassword)
throws URISyntaxException, GeneralSecurityException, IOException {
tlsClientParameters.setDisableCNCheck(true);
// System.setProperty("javax.net.debug", "all");
if (keystoreFile != null && keystoreFile.length() > 0) {
String keystore = new File(Thread.currentThread().getContextClassLoader()
.getResource(keystoreFile).toURI()).getAbsolutePath();
KeyManager[] kmgrs = getKeyManagers(getKeyStore("JKS", keystore, keystorePassword), keyPassword);
tlsClientParameters.setKeyManagers(kmgrs);
}
String truststore = new File(Thread.currentThread().getContextClassLoader()
.getResource(truststoreFile).toURI()).getAbsolutePath();
TrustManager[] tmgrs = getTrustManagers(getKeyStore("JKS", truststore, trustPassword));
tlsClientParameters.setTrustManagers(tmgrs);
FiltersType filters = new FiltersType();
filters.getInclude().add(".*_EXPORT_.*");
filters.getInclude().add(".*_EXPORT1024_.*");
filters.getInclude().add(".*_WITH_DES_.*");
filters.getInclude().add(".*_WITH_AES_.*");
filters.getInclude().add(".*_WITH_NULL_.*");
filters.getInclude().add(".*_DH_anon_.*");
tlsClientParameters.setCipherSuitesFilter(filters);
}
Example 10
| Source File: TrustManagerTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testNoOpX509TrustManager() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = TrustManagerTest.class.getResource("client-trust.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL url = SOAPService.WSDL_LOCATION;
SOAPService service = new SOAPService(url, SOAPService.SERVICE);
assertNotNull("Service is null", service);
final Greeter port = service.getHttpsPort();
assertNotNull("Port is null", port);
updateAddressPort(port, PORT);
// Enable Async
if (async) {
((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
}
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(InsecureTrustManager.getNoOpX509TrustManagers());
tlsParams.setDisableCNCheck(true);
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
bus.shutdown(true);
}
Example 11
| Source File: ClientAuthTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testDirectTrustUsingSSLContext() throws Exception {
URL url = SOAPService.WSDL_LOCATION;
SOAPService service = new SOAPService(url, SOAPService.SERVICE);
assertNotNull("Service is null", service);
final Greeter port = service.getHttpsPort();
assertNotNull("Port is null", port);
updateAddressPort(port, PORT);
// Enable Async
if (async) {
((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
}
// Set up KeyManagers/TrustManagers
KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore =
ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", ClientAuthTest.class)) {
ts.load(trustStore, "password".toCharArray());
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ts);
KeyStore ks = KeyStore.getInstance("JKS");
try (InputStream keyStore =
ClassLoaderUtils.getResourceAsStream("keys/Morpit.jks", ClientAuthTest.class)) {
ks.load(keyStore, "password".toCharArray());
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, "password".toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new java.security.SecureRandom());
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setSslContext(sslContext);
tlsParams.setDisableCNCheck(true);
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
// Enable Async
((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
}
Example 12
| Source File: TrustManagerTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testInvalidServerCertX509TrustManager() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = TrustManagerTest.class.getResource("client-trust.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL url = SOAPService.WSDL_LOCATION;
SOAPService service = new SOAPService(url, SOAPService.SERVICE);
assertNotNull("Service is null", service);
final Greeter port = service.getHttpsPort();
assertNotNull("Port is null", port);
updateAddressPort(port, PORT);
// Enable Async
if (async) {
((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
}
String invalidPrincipalName = "CN=Bethal2,OU=Bethal,O=ApacheTest,L=Syracuse,C=US";
TLSClientParameters tlsParams = new TLSClientParameters();
X509TrustManager trustManager =
new ServerCertX509TrustManager(invalidPrincipalName);
TrustManager[] trustManagers = new TrustManager[1];
trustManagers[0] = trustManager;
tlsParams.setTrustManagers(trustManagers);
tlsParams.setDisableCNCheck(true);
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
try {
port.greetMe("Kitty");
fail("Failure expected on an invalid principal name");
} catch (Exception ex) {
// expected
}
((java.io.Closeable)port).close();
bus.shutdown(true);
}
Example 13
| Source File: UsernameTokenTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testPlaintextTLSConfigViaCode() throws Exception {
URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl");
// URL wsdl = new URL("https://localhost:" + PORT + "/DoubleItUTPlaintext?wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPort");
DoubleItPortType utPort =
service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(utPort, test.getPort());
if (test.isStreaming()) {
SecurityTestUtil.enableStreaming(utPort);
}
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME, "Alice");
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
"org.apache.cxf.systest.ws.common.UTPasswordCallback");
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
final KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore =
ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", UsernameTokenTest.class)) {
ts.load(trustStore, "password".toCharArray());
}
tmf.init(ts);
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(tmf.getTrustManagers());
tlsParams.setDisableCNCheck(true);
Client client = ClientProxy.getClient(utPort);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
assertEquals(50, utPort.doubleIt(25));
((java.io.Closeable)utPort).close();
}
Example 14
| Source File: UsernameTokenTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testPlaintextCodeFirst() throws Exception {
String address = "https://localhost:" + PORT + "/DoubleItUTPlaintext";
QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPort");
WSPolicyFeature policyFeature = new WSPolicyFeature();
Element policyElement =
StaxUtils.read(getClass().getResourceAsStream("plaintext-pass-timestamp-policy.xml")).getDocumentElement();
policyFeature.setPolicyElements(Collections.singletonList(policyElement));
JaxWsProxyFactoryBean clientFactoryBean = new JaxWsProxyFactoryBean();
clientFactoryBean.setFeatures(Collections.singletonList(policyFeature));
clientFactoryBean.setAddress(address);
clientFactoryBean.setServiceName(SERVICE_QNAME);
clientFactoryBean.setEndpointName(portQName);
clientFactoryBean.setServiceClass(DoubleItPortType.class);
DoubleItPortType port = (DoubleItPortType)clientFactoryBean.create();
if (test.isStreaming()) {
SecurityTestUtil.enableStreaming(port);
}
((BindingProvider)port).getRequestContext().put(SecurityConstants.USERNAME, "Alice");
((BindingProvider)port).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
"org.apache.cxf.systest.ws.common.UTPasswordCallback");
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
final KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore =
ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", UsernameTokenTest.class)) {
ts.load(trustStore, "password".toCharArray());
}
tmf.init(ts);
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(tmf.getTrustManagers());
tlsParams.setDisableCNCheck(true);
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
assertEquals(50, port.doubleIt(25));
((java.io.Closeable)port).close();
}
Example 15
| Source File: UsernameTokenTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testPlaintextWSDLOverHTTPSViaCode() throws Exception {
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
final KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore =
ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", UsernameTokenTest.class)) {
ts.load(trustStore, "password".toCharArray());
}
tmf.init(ts);
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(tmf.getTrustManagers());
tlsParams.setDisableCNCheck(true);
HTTPConduitConfigurer myHttpConduitConfig = new HTTPConduitConfigurer() {
public void configure(String name, String address, HTTPConduit c) {
if ("{http://cxf.apache.org}TransportURIResolver.http-conduit".equals(name)) {
c.setTlsClientParameters(tlsParams);
}
}
};
BusFactory busFactory = BusFactory.newInstance();
bus = busFactory.createBus();
bus.setExtension(myHttpConduitConfig, HTTPConduitConfigurer.class);
BusFactory.setThreadDefaultBus(bus);
URL wsdl = new URL("https://localhost:" + PORT + "/DoubleItUTPlaintext?wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPort");
DoubleItPortType utPort =
service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(utPort, test.getPort());
if (test.isStreaming()) {
SecurityTestUtil.enableStreaming(utPort);
}
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME, "Alice");
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
"org.apache.cxf.systest.ws.common.UTPasswordCallback");
Client client = ClientProxy.getClient(utPort);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
assertEquals(50, utPort.doubleIt(25));
((java.io.Closeable)utPort).close();
}
Example 16
| Source File: CipherSuitesTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testAESIncludedTLSv12ViaCode() throws Exception {
// Doesn't work with IBM JDK
if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
return;
}
SpringBusFactory bf = new SpringBusFactory();
URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client-noconfig.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL url = SOAPService.WSDL_LOCATION;
SOAPService service = new SOAPService(url, SOAPService.SERVICE);
assertNotNull("Service is null", service);
final Greeter port = service.getHttpsPort();
assertNotNull("Port is null", port);
updateAddressPort(port, PORT);
// Enable Async
if (async) {
((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
}
Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
TLSClientParameters tlsParams = new TLSClientParameters();
TrustManager[] trustManagers = InsecureTrustManager.getNoOpX509TrustManagers();
tlsParams.setTrustManagers(trustManagers);
tlsParams.setDisableCNCheck(true);
tlsParams.setSecureSocketProtocol("TLSv1.2");
tlsParams.setCipherSuites(Collections.singletonList("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"));
conduit.setTlsClientParameters(tlsParams);
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
bus.shutdown(true);
}
Example 17
| Source File: CipherSuitesTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testAESIncludedTLSv13ViaCode() throws Exception {
// Doesn't work with IBM JDK
if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
return;
}
Assume.assumeTrue(JavaUtils.isJava11Compatible());
SpringBusFactory bf = new SpringBusFactory();
URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client-noconfig.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL url = SOAPService.WSDL_LOCATION;
SOAPService service = new SOAPService(url, SOAPService.SERVICE);
assertNotNull("Service is null", service);
final Greeter port = service.getHttpsPort();
assertNotNull("Port is null", port);
updateAddressPort(port, PORT);
// Enable Async
if (async) {
((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
}
Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
TLSClientParameters tlsParams = new TLSClientParameters();
TrustManager[] trustManagers = InsecureTrustManager.getNoOpX509TrustManagers();
tlsParams.setTrustManagers(trustManagers);
tlsParams.setDisableCNCheck(true);
tlsParams.setSecureSocketProtocol("TLSv1.3");
tlsParams.setCipherSuites(Collections.singletonList("TLS_AES_128_GCM_SHA256"));
conduit.setTlsClientParameters(tlsParams);
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
bus.shutdown(true);
}
Example 18
| Source File: CipherSuitesTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testAESIncludedTLSv11() throws Exception {
// Doesn't work with IBM JDK
if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
return;
}
SpringBusFactory bf = new SpringBusFactory();
URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client-noconfig.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL url = SOAPService.WSDL_LOCATION;
SOAPService service = new SOAPService(url, SOAPService.SERVICE);
assertNotNull("Service is null", service);
final Greeter port = service.getHttpsPort();
assertNotNull("Port is null", port);
updateAddressPort(port, PORT);
// Enable Async
if (async) {
((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
}
Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
TLSClientParameters tlsParams = new TLSClientParameters();
TrustManager[] trustManagers = InsecureTrustManager.getNoOpX509TrustManagers();
tlsParams.setTrustManagers(trustManagers);
tlsParams.setDisableCNCheck(true);
tlsParams.setSecureSocketProtocol("TLSv1.1");
conduit.setTlsClientParameters(tlsParams);
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
bus.shutdown(true);
}
Example 19
| Source File: TrustManagerTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testValidServerCertX509TrustManager2() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = TrustManagerTest.class.getResource("client-trust.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL url = SOAPService.WSDL_LOCATION;
SOAPService service = new SOAPService(url, SOAPService.SERVICE);
assertNotNull("Service is null", service);
final Greeter port = service.getHttpsPort();
assertNotNull("Port is null", port);
updateAddressPort(port, PORT3);
// Enable Async
if (async) {
((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
}
String validPrincipalName = "CN=Bethal,OU=Bethal,O=ApacheTest,L=Syracuse,C=US";
TLSClientParameters tlsParams = new TLSClientParameters();
X509TrustManager trustManager =
new ServerCertX509TrustManager(validPrincipalName);
TrustManager[] trustManagers = new TrustManager[1];
trustManagers[0] = trustManager;
tlsParams.setTrustManagers(trustManagers);
tlsParams.setDisableCNCheck(true);
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
bus.shutdown(true);
}
Example 20
| Source File: WebClientBuilder.java From peer-os with Apache License 2.0 | 4 votes |
|
public static WebClient buildPeerWebClient( final PeerInfo peerInfo, final String path, final Object provider,
long connectTimeoutMs, long readTimeoutMs, int maxAttempts )
{
String effectiveUrl = String.format( PEER_URL_TEMPLATE, peerInfo.getIp(), peerInfo.getPublicSecurePort(),
path.startsWith( "/" ) ? path : "/" + path );
WebClient client;
if ( provider == null )
{
client = WebClient.create( effectiveUrl );
}
else
{
client = WebClient.create( effectiveUrl, Collections.singletonList( provider ) );
}
client.type( MediaType.APPLICATION_JSON );
client.accept( MediaType.APPLICATION_JSON );
HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout( connectTimeoutMs );
httpClientPolicy.setReceiveTimeout( readTimeoutMs );
httpClientPolicy.setMaxRetransmits( maxAttempts );
httpConduit.setClient( httpClientPolicy );
KeyStoreTool keyStoreManager = new KeyStoreTool();
KeyStoreData keyStoreData = new KeyStoreData();
keyStoreData.setupKeyStorePx2();
keyStoreData.setAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
KeyStore keyStore = keyStoreManager.load( keyStoreData );
LOG.debug( String.format( "Getting key with alias: %s for url: %s", SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS,
effectiveUrl ) );
KeyStoreData trustStoreData = new KeyStoreData();
trustStoreData.setupTrustStorePx2();
KeyStore trustStore = keyStoreManager.load( trustStoreData );
SSLManager sslManager = new SSLManager( keyStore, keyStoreData, trustStore, trustStoreData );
TLSClientParameters tlsClientParameters = new TLSClientParameters();
tlsClientParameters.setDisableCNCheck( true );
tlsClientParameters.setTrustManagers( sslManager.getClientTrustManagers() );
tlsClientParameters.setKeyManagers( sslManager.getClientKeyManagers() );
tlsClientParameters.setCertAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
httpConduit.setTlsClientParameters( tlsClientParameters );
return client;
}
