diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.integration.client/src/main/java/org/wso2/carbon/apimgt/integration/client/util/Utils.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.integration.client/src/main/java/org/wso2/carbon/apimgt/integration/client/util/Utils.java index ed5a587986..aaf2a0b877 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.integration.client/src/main/java/org/wso2/carbon/apimgt/integration/client/util/Utils.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.integration.client/src/main/java/org/wso2/carbon/apimgt/integration/client/util/Utils.java @@ -21,24 +21,43 @@ package org.wso2.carbon.apimgt.integration.client.util; import feign.Client; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; +import javax.net.ssl.*; +import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; +import java.io.InputStream; +import java.security.*; +import java.security.cert.CertificateException; import java.util.regex.Matcher; import java.util.regex.Pattern; import feign.Logger; import feign.Request; import feign.Response; import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.base.ServerConfiguration; public class Utils { + private static final Log log = LogFactory.getLog(Utils.class); + + private static final String KEY_STORE_TYPE = "JKS"; + /** + * Default truststore type of the client + */ + private static final String TRUST_STORE_TYPE = "JKS"; + /** + * Default keymanager type of the client + */ + private static final String KEY_MANAGER_TYPE = "SunX509"; //Default Key Manager Type + /** + * Default trustmanager type of the client + */ + private static final String TRUST_MANAGER_TYPE = "SunX509"; //Default Trust Manager Type + + private static final String SSLV3 = "SSLv3"; + + //This method is only used if the mb features are within DAS. public static String replaceProperties(String text) { String regex = "\\$\\{(.*?)\\}"; @@ -55,15 +74,22 @@ public class Utils { } public static Client getSSLClient() { - return new Client.Default(getTrustedSSLSocketFactory(), new HostnameVerifier() { - @Override - public boolean verify(String s, SSLSession sslSession) { - return true; - } - }); + + boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification")); + if(isIgnoreHostnameVerification) { + return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() { + @Override + public boolean verify(String s, SSLSession sslSession) { + return true; + } + + }); + }else { + return new Client.Default(getTrustedSSLSocketFactory(), null); + } } - private static SSLSocketFactory getTrustedSSLSocketFactory() { + private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() { try { TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { @@ -86,4 +112,74 @@ public class Utils { } } + + private static SSLSocketFactory getTrustedSSLSocketFactory() { + try { + String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password"); + String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location"); + String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Password"); + String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty( + "Security.TrustStore.Location"); + KeyStore keyStore = loadKeyStore(keyStoreLocation,keyStorePassword,KEY_STORE_TYPE); + KeyStore trustStore = loadTrustStore(trustStoreLocation,trustStorePassword); + + return initSSLConnection(keyStore,keyStorePassword,trustStore); + + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException + |CertificateException | IOException | UnrecoverableKeyException e) { + log.error("Error while creating the SSL socket factory due to "+e.getMessage(),e); + return null; + } + + } + + + private static SSLSocketFactory initSSLConnection(KeyStore keyStore,String keyStorePassword,KeyStore trustStore) throws NoSuchAlgorithmException, UnrecoverableKeyException, + KeyStoreException, KeyManagementException { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_TYPE); + keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TRUST_MANAGER_TYPE); + trustManagerFactory.init(trustStore); + + // Create and initialize SSLContext for HTTPS communication + SSLContext sslContext = SSLContext.getInstance(SSLV3); + sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); + SSLContext.setDefault(sslContext); + return sslContext.getSocketFactory(); + } + + + private static KeyStore loadKeyStore(String keyStorePath, String ksPassword,String type) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + InputStream fis = null; + try { + char[] keypassChar = ksPassword.toCharArray(); + KeyStore keyStore = KeyStore.getInstance(type); + FileInputStream fileInputStream = new FileInputStream(keyStorePath); + + keyStore.load(fileInputStream, keypassChar); + return keyStore; + } finally { + if (fis != null) { + fis.close(); + } + } + } + + /** + * Loads the trustore + * + * @param trustStorePath - the trustore path in the filesystem. + * @param tsPassword - the truststore password + */ + private static KeyStore loadTrustStore(String trustStorePath, String tsPassword) + throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + + return loadKeyStore(trustStorePath,tsPassword,TRUST_STORE_TYPE); + } + + + + }