View Javadoc
1   /**
2    * This Source Code Form is subject to the terms of the Mozilla Public
3    * License, v. 2.0. If a copy of the MPL was not distributed with this
4    * file, You can obtain one at http://mozilla.org/MPL/2.0/.
5    *
6    * If it is not possible or desirable to put the notice in a particular
7    * file, then You may include the notice in a location (such as a LICENSE
8    * file in a relevant directory) where a recipient would be likely to look
9    * for such a notice.
10  
11   * 
12   */
13   
14  /*  ---------------------------------------------------------------------------
15   *  U.S. Government, Department of the Army
16   *  Army Materiel Command
17   *  Research Development Engineering Command
18   *  Communications Electronics Research Development and Engineering Center
19   *  ---------------------------------------------------------------------------
20   */
21  
22  package org.miloss.fgsms.agentcore;
23  
24  import java.io.IOException;
25  import java.io.InputStream;
26  import java.net.URL;
27  import java.security.GeneralSecurityException;
28  import java.security.KeyStore;
29  import java.security.KeyStoreException;
30  import java.security.NoSuchAlgorithmException;
31  import java.security.cert.CertificateException;
32  import javax.net.ssl.KeyManager;
33  import javax.net.ssl.KeyManagerFactory;
34  import javax.net.ssl.TrustManager;
35  import javax.net.ssl.TrustManagerFactory;
36  import org.miloss.fgsms.common.Utility;
37  import org.apache.cxf.configuration.jsse.TLSClientParameters;
38  import org.apache.cxf.frontend.ClientProxy;
39  import org.apache.cxf.transport.http.HTTPConduit;
40  import org.apache.log4j.Level;
41  import org.miloss.fgsms.common.Logger;;
42  
43  /**
44   *This class will add the necessary keystore/trust store information into an Apache CXF Conduit
45   * @author AO
46   */
47  public class ApacheCxfSSlHelperGo {
48  
49      private static final Logger log = Logger.getLogger(org.miloss.fgsms.common.Constants.LoggerName);
50  
51      private static KeyStore createKeyStore(final URL url, final String password)
52              throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
53          if (url == null) {
54              throw new IllegalArgumentException("Keystore url may not be null");
55          }
56  
57          KeyStore keystore = KeyStore.getInstance("jks");
58          InputStream is = null;
59          try {
60              is = url.openStream();
61              keystore.load(is, password != null ? password.toCharArray() : null);
62          } catch (Exception ex) {
63              log.log(Level.WARN, "trouble opening keystore at " + url.toString(), ex);
64          } finally {
65              if (is != null) {
66                  try{is.close();}catch (Exception ex){}
67              }
68          }
69          return keystore;
70      }
71  
72      public static void doCXF(Object webserviceclient, ConfigLoader cfg) {
73  
74          try {
75              //if (webserviceclient instanceof Client) {
76                  HTTPConduit http = (HTTPConduit) ClientProxy.getClient(webserviceclient).getConduit();
77                  TLSClientParameters parameters = new TLSClientParameters();
78                  parameters.setDisableCNCheck(false);
79                  KeyManager[] keymanagers = null;
80                  TrustManager[] trustmanagers = null;
81                  if (!Utility.stringIsNullOrEmpty(cfg.javaxkeystore)) {
82                      KeyStore keystore = createKeyStore(new URL(cfg.javaxkeystore), Utility.DE(cfg.javaxkeystorepass));
83                      keymanagers = getKeyManagers(keystore, Utility.DE(cfg.javaxkeystorepass));
84                  }
85                  if (!Utility.stringIsNullOrEmpty(cfg.javaxtruststore)) {
86                      KeyStore keystore = createKeyStore(new URL(cfg.javaxtruststore), Utility.DE(cfg.javaxtruststorepass));
87                      trustmanagers = getTrustManagers(keystore);
88                  }
89                  parameters.setKeyManagers(keymanagers);
90                  parameters.setTrustManagers(trustmanagers);
91                  TLSClientParameters tlsCP = new TLSClientParameters();
92  
93                  tlsCP.setKeyManagers(keymanagers);
94                  tlsCP.setTrustManagers(trustmanagers);
95  
96                  //  httpConduit.setTlsClientParameters(tlsCP);
97                  http.setTlsClientParameters(tlsCP);
98  
99              //}
100         } catch (Exception ex) {
101             log.log(Level.ERROR, "unable to initialize the CXF Conduit for configuration SSL information. The transaction may not go through", ex);
102         }
103     }
104 
105     private static TrustManager[] getTrustManagers(KeyStore trustStore)
106             throws NoSuchAlgorithmException, KeyStoreException {
107         String alg = KeyManagerFactory.getDefaultAlgorithm();
108         TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
109         fac.init(trustStore);
110         return fac.getTrustManagers();
111     }
112 
113     private static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword)
114             throws GeneralSecurityException, IOException {
115         String alg = KeyManagerFactory.getDefaultAlgorithm();
116         char[] keyPass = keyPassword != null
117                 ? keyPassword.toCharArray()
118                 : null;
119         KeyManagerFactory fac = KeyManagerFactory.getInstance(alg);
120         fac.init(keyStore, keyPass);
121         return fac.getKeyManagers();
122     }
123 }