From a849dd49daf60128db79311293d7f5c466bd0642 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Fri, 16 Apr 2021 22:08:42 +0200 Subject: Use custom SSLContext builder to generate BouncyCastle specific TrustManager in case of keys base on HSM-Facade, because SSLContext based on BCJSSE needs BCJSSE TrustManager BCJSSE is not compatible to SunJSSE TrustManager in Java >= 9 --- .../at/gv/egiz/eaaf/core/impl/http/HttpUtils.java | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) (limited to 'eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java') diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java index 365e969d..3058c9b5 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java @@ -40,8 +40,6 @@ import org.apache.http.client.ClientProtocolException; import org.apache.http.client.ResponseHandler; import org.apache.http.conn.ssl.TrustAllStrategy; import org.apache.http.entity.ContentType; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; import org.apache.http.ssl.TrustStrategy; import org.apache.http.util.EntityUtils; import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider; @@ -56,7 +54,6 @@ import lombok.extern.slf4j.Slf4j; public class HttpUtils { private static final String ERROR_03 = "internal.httpclient.03"; - /** * Simple Http response-handler that only give http status-code as result. @@ -174,7 +171,7 @@ public class HttpUtils { * @param url URL * @param paramname Name of the parameter. * @param paramvalue Value of the parameter. - * @return + * @return Url with parameter */ public static String addUrlParameter(final String url, final String paramname, final String paramvalue) { @@ -210,7 +207,7 @@ public class HttpUtils { boolean trustAllServerCertificates, @Nonnull String friendlyName) throws EaafConfigurationException, EaafFactoryException { try { - SSLContextBuilder sslContextBuilder = SSLContexts.custom(); + EaafSslContextBuilder sslContextBuilder = EaafSslContextBuilder.create(); injectKeyStore(sslContextBuilder, keyStore, keyAlias, keyPasswordString, friendlyName); @@ -251,7 +248,7 @@ public class HttpUtils { @Nonnull String friendlyName) throws EaafConfigurationException, EaafFactoryException { try { - SSLContextBuilder sslContextBuilder = SSLContexts.custom(); + EaafSslContextBuilder sslContextBuilder = EaafSslContextBuilder.create(); injectKeyStore(sslContextBuilder, keyStore, keyAlias, keyPasswordString, friendlyName); @@ -266,7 +263,7 @@ public class HttpUtils { } } - private static void injectTrustStore(SSLContextBuilder sslContextBuilder, + private static void injectTrustStore(EaafSslContextBuilder sslContextBuilder, Pair trustStore, boolean trustAllServerCertificates, String friendlyName) throws NoSuchAlgorithmException, KeyStoreException { @@ -276,7 +273,7 @@ public class HttpUtils { trustStrategy = new TrustAllStrategy(); } - + KeyStore trustStoreImpl = null; if (trustStore != null) { log.info("Http-client: {} uses custom TrustStore.", friendlyName); @@ -288,16 +285,18 @@ public class HttpUtils { } - private static void injectKeyStore(SSLContextBuilder sslContextBuilder, Pair keyStore, + private static void injectKeyStore(EaafSslContextBuilder sslContextBuilder, Pair keyStore, String keyAlias, String keyPasswordString, String friendlyName) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException { + + Provider provider; if (keyStore.getSecond() != null) { - Provider provider = new BouncyCastleJsseProvider(keyStore.getSecond()); + provider = new BouncyCastleJsseProvider(keyStore.getSecond()); log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext", friendlyName, provider.getName()); sslContextBuilder.setProvider(provider); - } + } log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString); final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray() @@ -313,5 +312,4 @@ public class HttpUtils { } } - } -- cgit v1.2.3