aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java')
-rw-r--r--src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java133
1 files changed, 0 insertions, 133 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java b/src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java
deleted file mode 100644
index 8fb5d80..0000000
--- a/src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java
+++ /dev/null
@@ -1,133 +0,0 @@
-package at.gv.egiz.moazs.client;
-
-import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.lang.Nullable;
-import org.springframework.stereotype.Component;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import javax.net.ssl.X509TrustManager;
-
-import javax.net.ssl.*;
-import java.io.IOException;
-import java.security.*;
-
-import static at.gv.egiz.moazs.MoaZSException.moaZSException;
-import static java.lang.String.format;
-
-@Component
- /**
- * Adapted from at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient
- */
-public class SSLContextCreator {
-
- private static final Logger log = LoggerFactory.getLogger(SSLContextCreator.class);
-
- private static final String SSL_WARN_MAN_IN_THE_MIDDLE_MSG =
- "HTTP Client trusts ANY server certificate and is therefore vulnerable to Man-In-The-Middle attacks. " +
- "Use this configuration for testing purposes only and NOT IN PRODUCTION. ";
-
- /**
- * Creates an SSL Context.
- *
- * @param keystore (if null, use no key store)
- * @param truststore (if null, use default trust store)
- * @throws at.gv.egiz.moazs.MoaZSException
- */
- public SSLContext createSSLContext(@Nullable KeyStoreType keystore, @Nullable KeyStoreType truststore) {
- return createSSLContext(keystore, false, truststore);
- }
-
- /**
- * Creates an SSL Context that trusts all certificates. Don't use in production.
- *
- * @param keystore (if null, use no key store)
- * @throws at.gv.egiz.moazs.MoaZSException
- */
- public SSLContext createUnsafeSSLContext(@Nullable KeyStoreType keystore) {
- log.warn(SSL_WARN_MAN_IN_THE_MIDDLE_MSG);
- return createSSLContext(keystore, true, null);
- }
-
- private SSLContext createSSLContext(@Nullable KeyStoreType keystore, boolean trustAll, @Nullable KeyStoreType truststore) {
- try {
- SSLContext context = SSLContext.getInstance("TLS");
- KeyManager[] keyManager = initKeyManager(keystore);
- TrustManager[] trustManager = trustAll
- ? new TrustManager[]{new TrustAllManager()}
- : initTrustManager(truststore);
- context.init(keyManager, trustManager, new SecureRandom());
- return context;
- } catch (NoSuchAlgorithmException | KeyManagementException e) {
- throw moaZSException("SSLContext initialization FAILED.", e);
- }
- }
-
- private KeyManager[] initKeyManager(KeyStoreType keystore) {
- if (keystore == null) {
- log.trace("No keystore path provided. NOT using SSL client authentication. ");
- return null;
- } else {
- log.trace("Find keystore path: {}. Injecting SSL client certificate... ", keystore.getFileName());
- try {
- KeyStore keyStore = KeyStoreUtils.loadKeyStore(
- keystore.getFileType(), keystore.getFileName(), keystore.getPassword());
- KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
- kmf.init(keyStore, keystore.getPassword().toCharArray());
- log.trace("SSL client certificate injected.");
- return kmf.getKeyManagers();
- } catch (IOException | GeneralSecurityException e) {
- throw moaZSException(format("Can NOT load SSL client certificate from path: %s.",
- keystore.getFileName()), e);
- }
- }
- }
-
- private TrustManager[] initTrustManager(KeyStoreType truststore) {
- if (truststore == null) {
- log.trace("Using default truststore. ");
- return null;
- } else {
- log.trace("Find truststore path: {}. Injecting SSL truststore... ", truststore.getFileName());
- try {
- KeyStore trustStore = KeyStoreUtils.loadKeyStore(
- truststore.getFileType(), truststore.getFileName(), truststore.getPassword());
- TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
- tmf.init(trustStore);
- log.trace("SSL TrustStore injected to client. ");
- return tmf.getTrustManagers();
- } catch (GeneralSecurityException | IOException e) {
- throw moaZSException(format("Can NOT open SSL TrustStore from path: %s.",
- truststore.getFileName()), e);
- }
- }
- }
-
- /**
- * Class implementing a trust manager that trusts all certificates.
- *
- * @author Arne Tauber
- */
- public static class TrustAllManager implements X509TrustManager {
-
- private static Logger log = LoggerFactory.getLogger(TrustAllManager.class);
-
- public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[0];
- }
-
- public void checkClientTrusted(X509Certificate[] arg0, String arg1)
- throws CertificateException {
- log.debug("Automatically accepting client certificate as trusted.");
- }
-
- public void checkServerTrusted(X509Certificate[] arg0, String arg1)
- throws CertificateException {
- log.debug("Automatically accepting server certificate as trusted.");
- }
- }
-
-
-}