|
|
|
@ -21,24 +21,43 @@ package org.wso2.carbon.apimgt.integration.client.util;
|
|
|
|
|
|
|
|
|
|
import feign.Client;
|
|
|
|
|
|
|
|
|
|
import javax.net.ssl.HostnameVerifier;
|
|
|
|
|
import javax.net.ssl.SSLContext;
|
|
|
|
|
import javax.net.ssl.SSLSession;
|
|
|
|
|
import javax.net.ssl.SSLSocketFactory;
|
|
|
|
|
import javax.net.ssl.TrustManager;
|
|
|
|
|
import javax.net.ssl.X509TrustManager;
|
|
|
|
|
import javax.net.ssl.*;
|
|
|
|
|
import java.io.FileInputStream;
|
|
|
|
|
import java.io.FileNotFoundException;
|
|
|
|
|
import java.io.IOException;
|
|
|
|
|
import java.security.KeyManagementException;
|
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
|
|
|
|
import java.io.InputStream;
|
|
|
|
|
import java.security.*;
|
|
|
|
|
import java.security.cert.CertificateException;
|
|
|
|
|
import java.util.regex.Matcher;
|
|
|
|
|
import java.util.regex.Pattern;
|
|
|
|
|
import feign.Logger;
|
|
|
|
|
import feign.Request;
|
|
|
|
|
import feign.Response;
|
|
|
|
|
import org.apache.commons.logging.Log;
|
|
|
|
|
import org.apache.commons.logging.LogFactory;
|
|
|
|
|
import org.wso2.carbon.base.ServerConfiguration;
|
|
|
|
|
|
|
|
|
|
public class Utils {
|
|
|
|
|
|
|
|
|
|
private static final Log log = LogFactory.getLog(Utils.class);
|
|
|
|
|
|
|
|
|
|
private static final String KEY_STORE_TYPE = "JKS";
|
|
|
|
|
/**
|
|
|
|
|
* Default truststore type of the client
|
|
|
|
|
*/
|
|
|
|
|
private static final String TRUST_STORE_TYPE = "JKS";
|
|
|
|
|
/**
|
|
|
|
|
* Default keymanager type of the client
|
|
|
|
|
*/
|
|
|
|
|
private static final String KEY_MANAGER_TYPE = "SunX509"; //Default Key Manager Type
|
|
|
|
|
/**
|
|
|
|
|
* Default trustmanager type of the client
|
|
|
|
|
*/
|
|
|
|
|
private static final String TRUST_MANAGER_TYPE = "SunX509"; //Default Trust Manager Type
|
|
|
|
|
|
|
|
|
|
private static final String SSLV3 = "SSLv3";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//This method is only used if the mb features are within DAS.
|
|
|
|
|
public static String replaceProperties(String text) {
|
|
|
|
|
String regex = "\\$\\{(.*?)\\}";
|
|
|
|
@ -55,15 +74,20 @@ public class Utils {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static Client getSSLClient() {
|
|
|
|
|
return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() {
|
|
|
|
|
boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification"));
|
|
|
|
|
if(isIgnoreHostnameVerification) {
|
|
|
|
|
return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() {
|
|
|
|
|
@Override
|
|
|
|
|
public boolean verify(String s, SSLSession sslSession) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
}else {
|
|
|
|
|
return new Client.Default(getTrustedSSLSocketFactory(), null);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private static SSLSocketFactory getTrustedSSLSocketFactory() {
|
|
|
|
|
private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
|
|
|
|
|
try {
|
|
|
|
|
TrustManager[] trustAllCerts = new TrustManager[]{
|
|
|
|
|
new X509TrustManager() {
|
|
|
|
@ -86,4 +110,60 @@ public class Utils {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private static SSLSocketFactory getTrustedSSLSocketFactory() {
|
|
|
|
|
try {
|
|
|
|
|
String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
|
|
|
|
|
String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location");
|
|
|
|
|
String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty(
|
|
|
|
|
"Security.TrustStore.Password");
|
|
|
|
|
String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty(
|
|
|
|
|
"Security.TrustStore.Location");
|
|
|
|
|
KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,KEY_STORE_TYPE);
|
|
|
|
|
KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword);
|
|
|
|
|
|
|
|
|
|
return initSSLConnection(keyStore,keyStorePassword,trustStore);
|
|
|
|
|
} catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException
|
|
|
|
|
|CertificateException | IOException | UnrecoverableKeyException e) {
|
|
|
|
|
log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e);
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException,
|
|
|
|
|
KeyStoreException, KeyManagementException {
|
|
|
|
|
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_TYPE);
|
|
|
|
|
keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
|
|
|
|
|
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TRUST_MANAGER_TYPE);
|
|
|
|
|
trustManagerFactory.init(trustStore);
|
|
|
|
|
|
|
|
|
|
// Create and initialize SSLContext for HTTPS communication
|
|
|
|
|
SSLContext sslContext = SSLContext.getInstance(SSLV3);
|
|
|
|
|
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
|
|
|
|
|
SSLContext.setDefault(sslContext);
|
|
|
|
|
return sslContext.getSocketFactory();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private static KeyStore loadKeyStore(String keyStorePath, String ksPassword,String type)
|
|
|
|
|
throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
|
|
|
|
|
InputStream fileInputStream = null;
|
|
|
|
|
try {
|
|
|
|
|
char[] keypassChar = ksPassword.toCharArray();
|
|
|
|
|
KeyStore keyStore = KeyStore.getInstance(type);
|
|
|
|
|
fileInputStream = new FileInputStream(keyStorePath);
|
|
|
|
|
keyStore.load(fileInputStream, keypassChar);
|
|
|
|
|
return keyStore;
|
|
|
|
|
} finally {
|
|
|
|
|
if (fileInputStream != null) {
|
|
|
|
|
fileInputStream.close();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private static KeyStore loadTrustStore(String trustStorePath, String tsPassword)
|
|
|
|
|
throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
|
|
|
|
|
return loadKeyStore(trustStorePath,tsPassword,TRUST_STORE_TYPE);
|
|
|
|
|
}
|
|
|
|
|
}
|