diff options
author | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-27 17:39:24 +0200 |
---|---|---|
committer | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-27 17:39:24 +0200 |
commit | a9a9e1cb62123475edd733a53ecc00611c2aa764 (patch) | |
tree | 05ac9f2f2a6c199badb802c1390f1a9fc887aba8 /src/main/java/at/gv/egiz/moazs/msg | |
parent | 8b80ea299ef6fadfbc0ec59308e0937612eb8c35 (diff) | |
download | moa-zs-a9a9e1cb62123475edd733a53ecc00611c2aa764.tar.gz moa-zs-a9a9e1cb62123475edd733a53ecc00611c2aa764.tar.bz2 moa-zs-a9a9e1cb62123475edd733a53ecc00611c2aa764.zip |
Honor & Test TrustAll and LaxHostNameVerification
- Print a big scary warning message for everyone who enables "trustAll"
- Test TrustAll and LaxHostNameVerification
- Describe test case requirements and add key material needed to run
these test cases.
Diffstat (limited to 'src/main/java/at/gv/egiz/moazs/msg')
-rw-r--r-- | src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java index 389fa5c..e55debc 100644 --- a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java +++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java @@ -4,6 +4,7 @@ import at.gv.egiz.moazs.util.FileUtils; import at.gv.egiz.moazs.util.SSLContextCreator; import at.gv.zustellung.app2mzs.xsd.ClientType; import at.gv.zustellung.app2mzs.xsd.KeyStoreType; +import at.gv.zustellung.app2mzs.xsd.SSLType; import at.gv.zustellung.msg.xsd.App2ZusePort; import org.apache.cxf.configuration.jsse.TLSClientParameters; import org.apache.cxf.endpoint.Client; @@ -32,7 +33,9 @@ public class MsgClientFactory { private final FileUtils fileUtils; @Autowired - public MsgClientFactory(StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor, SSLContextCreator creator, FileUtils fileUtils) { + public MsgClientFactory(StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor, + SSLContextCreator creator, + FileUtils fileUtils) { this.storeResponseInterceptor = storeResponseInterceptor; this.sslContextCreator = creator; this.fileUtils = fileUtils; @@ -44,7 +47,6 @@ public class MsgClientFactory { * @param params for the client, such as service url and ssl parameters. * @return the msg client */ - //TODO evaluate and honor laxhostnameverification and trustall parameter! public App2ZusePort create(ClientType params) { var factory = new JaxWsClientFactoryBean(); @@ -62,11 +64,7 @@ public class MsgClientFactory { http.setClient(httpClientPolicy); if (params.getURL().startsWith("https")) { - var keystore = resolveKeyStorePath(params.getSSL().getKeyStore()); - var truststore = resolveKeyStorePath(params.getSSL().getTrustStore()); - SSLContext sslContext = sslContextCreator.createSSLContext(keystore, truststore); - var tlsParams = new TLSClientParameters(); - tlsParams.setSSLSocketFactory(sslContext.getSocketFactory()); + TLSClientParameters tlsParams = setupTLSParams(params.getSSL()); http.setTlsClientParameters(tlsParams); log.info("SSLContext initialized. "); } @@ -74,6 +72,27 @@ public class MsgClientFactory { return ((App2ZusePort)proxy); } + private TLSClientParameters setupTLSParams(SSLType ssl) { + + var tlsParams = new TLSClientParameters(); + var keystore = resolveKeyStorePath(ssl.getKeyStore()); + + SSLContext sslContext; + if (ssl.isTrustAll()) { + sslContext = sslContextCreator.createUnsafeSSLContext(keystore); + } else { + var truststore = resolveKeyStorePath(ssl.getTrustStore()); + sslContext = sslContextCreator.createSSLContext(keystore, truststore); + } + tlsParams.setSSLSocketFactory(sslContext.getSocketFactory()); + + if (ssl.isLaxHostNameVerification()) { + tlsParams.setDisableCNCheck(true); + } + + return tlsParams; + } + private KeyStoreType resolveKeyStorePath(@Nullable KeyStoreType store) { if (store == null) return null; |