aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/at/gv/egiz/moazs/util
diff options
context:
space:
mode:
authorChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-07-09 12:56:54 +0200
committerChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-07-09 12:56:54 +0200
commit65163646205b6e05139485fe957bceabe531f447 (patch)
treec35c0061a8c7e8ad3f054e632ed6ecfb1fb1b3cc /src/main/java/at/gv/egiz/moazs/util
parent8e36fa01ea42d282eacdc78d6749daf9ae1ede9c (diff)
downloadmoa-zs-65163646205b6e05139485fe957bceabe531f447.tar.gz
moa-zs-65163646205b6e05139485fe957bceabe531f447.tar.bz2
moa-zs-65163646205b6e05139485fe957bceabe531f447.zip
Minor Fixes And Refactoring
- Fix typo in SafeResponseToFileSink. - MoaZSException: Simplify constructor by replacing lots of arguments with the builder instance. - Fix minor codesmells (unused imports, superfluous braces).
Diffstat (limited to 'src/main/java/at/gv/egiz/moazs/util')
-rw-r--r--src/main/java/at/gv/egiz/moazs/util/ClientFactory.java113
-rw-r--r--src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java133
2 files changed, 0 insertions, 246 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/util/ClientFactory.java b/src/main/java/at/gv/egiz/moazs/util/ClientFactory.java
deleted file mode 100644
index d0a445b..0000000
--- a/src/main/java/at/gv/egiz/moazs/util/ClientFactory.java
+++ /dev/null
@@ -1,113 +0,0 @@
-package at.gv.egiz.moazs.client;
-
-import at.gv.egiz.moazs.util.FileUtils;
-import at.gv.egiz.moazs.util.StoreSOAPBodyBinaryInRepositoryInterceptor;
-import at.gv.zustellung.app2mzs.xsd.ClientType;
-import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
-import at.gv.zustellung.app2mzs.xsd.SSLType;
-import org.apache.cxf.configuration.jsse.TLSClientParameters;
-import org.apache.cxf.endpoint.Client;
-import org.apache.cxf.frontend.ClientProxy;
-import org.apache.cxf.jaxws.JaxWsClientFactoryBean;
-import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
-import org.apache.cxf.transport.http.HTTPConduit;
-import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import javax.annotation.Nullable;
-import javax.net.ssl.SSLContext;
-import javax.xml.ws.BindingProvider;
-import javax.xml.ws.soap.SOAPBinding;
-
-import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder;
-
-@Component
-public class ClientFactory {
-
- private static final Logger log = LoggerFactory.getLogger(ClientFactory.class);
-
- private final StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor;
- private final SSLContextCreator sslContextCreator;
- private final FileUtils fileUtils;
-
- @Autowired
- public ClientFactory(StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor,
- SSLContextCreator creator,
- FileUtils fileUtils) {
- this.storeResponseInterceptor = storeResponseInterceptor;
- this.sslContextCreator = creator;
- this.fileUtils = fileUtils;
- }
-
- /**
- * Creates a client that communicates with a soap service.
- *
- * @param params for the client, such as service url and ssl parameters.
- * @return the client
- */
- public <T> T create(ClientType params, Class<T> clazz) {
-
- var factory = new JaxWsClientFactoryBean();
- factory.setServiceClass(clazz);
- factory.setAddress(params.getURL());
- factory.getInInterceptors().add(storeResponseInterceptor);
-
- var proxy = new JaxWsProxyFactoryBean(factory).create();
- Client client = ClientProxy.getClient(proxy);
- HTTPConduit http = (HTTPConduit) client.getConduit();
-
- var bindingProvider = (BindingProvider) proxy;
- SOAPBinding binding = (SOAPBinding) bindingProvider.getBinding();
- binding.setMTOMEnabled(true);
-
- var httpClientPolicy = new HTTPClientPolicy();
- httpClientPolicy.setConnectionTimeout(params.getConnectionTimeout().longValueExact());
- httpClientPolicy.setReceiveTimeout(params.getReceiveTimeout().longValueExact());
- http.setClient(httpClientPolicy);
-
- if (params.getURL().startsWith("https")) {
- TLSClientParameters tlsParams = setupTLSParams(params.getSSL());
- http.setTlsClientParameters(tlsParams);
- log.info("SSLContext initialized. ");
- }
-
- return ((T)proxy);
- }
-
- private TLSClientParameters setupTLSParams(SSLType ssl) {
-
- var tlsParams = new TLSClientParameters();
- var keystore = resolveKeyStorePath(ssl.getKeyStore());
-
- SSLContext sslContext;
- if (ssl.isTrustAll()) {
- sslContext = sslContextCreator.createUnsafeSSLContext(keystore);
- } else {
- var truststore = resolveKeyStorePath(ssl.getTrustStore());
- sslContext = sslContextCreator.createSSLContext(keystore, truststore);
- }
- tlsParams.setSSLSocketFactory(sslContext.getSocketFactory());
-
- if (ssl.isLaxHostNameVerification()) {
- tlsParams.setDisableCNCheck(true);
- }
-
- return tlsParams;
- }
-
- private KeyStoreType resolveKeyStorePath(@Nullable KeyStoreType store) {
-
- if (store == null) return null;
-
- var resolvedURI = "file:" + fileUtils.determinePath(store.getFileName());
- log.trace("Resolved key store path from {} to {}.", store.getFileName(), resolvedURI);
-
- return keyStoreTypeBuilder(store)
- .withFileName(resolvedURI)
- .build();
- }
-
-}
diff --git a/src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java b/src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java
deleted file mode 100644
index 8fb5d80..0000000
--- a/src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java
+++ /dev/null
@@ -1,133 +0,0 @@
-package at.gv.egiz.moazs.client;
-
-import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.lang.Nullable;
-import org.springframework.stereotype.Component;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import javax.net.ssl.X509TrustManager;
-
-import javax.net.ssl.*;
-import java.io.IOException;
-import java.security.*;
-
-import static at.gv.egiz.moazs.MoaZSException.moaZSException;
-import static java.lang.String.format;
-
-@Component
- /**
- * Adapted from at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient
- */
-public class SSLContextCreator {
-
- private static final Logger log = LoggerFactory.getLogger(SSLContextCreator.class);
-
- private static final String SSL_WARN_MAN_IN_THE_MIDDLE_MSG =
- "HTTP Client trusts ANY server certificate and is therefore vulnerable to Man-In-The-Middle attacks. " +
- "Use this configuration for testing purposes only and NOT IN PRODUCTION. ";
-
- /**
- * Creates an SSL Context.
- *
- * @param keystore (if null, use no key store)
- * @param truststore (if null, use default trust store)
- * @throws at.gv.egiz.moazs.MoaZSException
- */
- public SSLContext createSSLContext(@Nullable KeyStoreType keystore, @Nullable KeyStoreType truststore) {
- return createSSLContext(keystore, false, truststore);
- }
-
- /**
- * Creates an SSL Context that trusts all certificates. Don't use in production.
- *
- * @param keystore (if null, use no key store)
- * @throws at.gv.egiz.moazs.MoaZSException
- */
- public SSLContext createUnsafeSSLContext(@Nullable KeyStoreType keystore) {
- log.warn(SSL_WARN_MAN_IN_THE_MIDDLE_MSG);
- return createSSLContext(keystore, true, null);
- }
-
- private SSLContext createSSLContext(@Nullable KeyStoreType keystore, boolean trustAll, @Nullable KeyStoreType truststore) {
- try {
- SSLContext context = SSLContext.getInstance("TLS");
- KeyManager[] keyManager = initKeyManager(keystore);
- TrustManager[] trustManager = trustAll
- ? new TrustManager[]{new TrustAllManager()}
- : initTrustManager(truststore);
- context.init(keyManager, trustManager, new SecureRandom());
- return context;
- } catch (NoSuchAlgorithmException | KeyManagementException e) {
- throw moaZSException("SSLContext initialization FAILED.", e);
- }
- }
-
- private KeyManager[] initKeyManager(KeyStoreType keystore) {
- if (keystore == null) {
- log.trace("No keystore path provided. NOT using SSL client authentication. ");
- return null;
- } else {
- log.trace("Find keystore path: {}. Injecting SSL client certificate... ", keystore.getFileName());
- try {
- KeyStore keyStore = KeyStoreUtils.loadKeyStore(
- keystore.getFileType(), keystore.getFileName(), keystore.getPassword());
- KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
- kmf.init(keyStore, keystore.getPassword().toCharArray());
- log.trace("SSL client certificate injected.");
- return kmf.getKeyManagers();
- } catch (IOException | GeneralSecurityException e) {
- throw moaZSException(format("Can NOT load SSL client certificate from path: %s.",
- keystore.getFileName()), e);
- }
- }
- }
-
- private TrustManager[] initTrustManager(KeyStoreType truststore) {
- if (truststore == null) {
- log.trace("Using default truststore. ");
- return null;
- } else {
- log.trace("Find truststore path: {}. Injecting SSL truststore... ", truststore.getFileName());
- try {
- KeyStore trustStore = KeyStoreUtils.loadKeyStore(
- truststore.getFileType(), truststore.getFileName(), truststore.getPassword());
- TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
- tmf.init(trustStore);
- log.trace("SSL TrustStore injected to client. ");
- return tmf.getTrustManagers();
- } catch (GeneralSecurityException | IOException e) {
- throw moaZSException(format("Can NOT open SSL TrustStore from path: %s.",
- truststore.getFileName()), e);
- }
- }
- }
-
- /**
- * Class implementing a trust manager that trusts all certificates.
- *
- * @author Arne Tauber
- */
- public static class TrustAllManager implements X509TrustManager {
-
- private static Logger log = LoggerFactory.getLogger(TrustAllManager.class);
-
- public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[0];
- }
-
- public void checkClientTrusted(X509Certificate[] arg0, String arg1)
- throws CertificateException {
- log.debug("Automatically accepting client certificate as trusted.");
- }
-
- public void checkServerTrusted(X509Certificate[] arg0, String arg1)
- throws CertificateException {
- log.debug("Automatically accepting server certificate as trusted.");
- }
- }
-
-
-}