From a9a9e1cb62123475edd733a53ecc00611c2aa764 Mon Sep 17 00:00:00 2001
From: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>
Date: Thu, 27 Jun 2019 17:39:24 +0200
Subject: Honor & Test TrustAll and LaxHostNameVerification

- Print a big scary warning message for everyone who enables "trustAll"
- Test TrustAll and LaxHostNameVerification
- Describe test case requirements and add key material needed to run
  these test cases.
---
 .../at/gv/egiz/moazs/msg/MsgClientFactory.java     | 33 ++++++++++---
 .../at/gv/egiz/moazs/util/SSLContextCreator.java   | 55 +++++++++++++++++++++-
 2 files changed, 79 insertions(+), 9 deletions(-)

(limited to 'src/main/java/at')

diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java
index 389fa5c..e55debc 100644
--- a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java
+++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java
@@ -4,6 +4,7 @@ import at.gv.egiz.moazs.util.FileUtils;
 import at.gv.egiz.moazs.util.SSLContextCreator;
 import at.gv.zustellung.app2mzs.xsd.ClientType;
 import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
+import at.gv.zustellung.app2mzs.xsd.SSLType;
 import at.gv.zustellung.msg.xsd.App2ZusePort;
 import org.apache.cxf.configuration.jsse.TLSClientParameters;
 import org.apache.cxf.endpoint.Client;
@@ -32,7 +33,9 @@ public class MsgClientFactory {
     private final FileUtils fileUtils;
 
     @Autowired
-    public MsgClientFactory(StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor, SSLContextCreator creator, FileUtils fileUtils) {
+    public MsgClientFactory(StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor,
+                            SSLContextCreator creator,
+                            FileUtils fileUtils) {
         this.storeResponseInterceptor = storeResponseInterceptor;
         this.sslContextCreator = creator;
         this.fileUtils = fileUtils;
@@ -44,7 +47,6 @@ public class MsgClientFactory {
      * @param params for the client, such as service url and ssl parameters.
      * @return the msg client
      */
-    //TODO evaluate and honor laxhostnameverification and trustall parameter!
     public App2ZusePort create(ClientType params) {
 
         var factory = new JaxWsClientFactoryBean();
@@ -62,11 +64,7 @@ public class MsgClientFactory {
         http.setClient(httpClientPolicy);
 
         if (params.getURL().startsWith("https")) {
-            var keystore = resolveKeyStorePath(params.getSSL().getKeyStore());
-            var truststore = resolveKeyStorePath(params.getSSL().getTrustStore());
-            SSLContext sslContext = sslContextCreator.createSSLContext(keystore, truststore);
-            var tlsParams = new TLSClientParameters();
-            tlsParams.setSSLSocketFactory(sslContext.getSocketFactory());
+            TLSClientParameters tlsParams = setupTLSParams(params.getSSL());
             http.setTlsClientParameters(tlsParams);
             log.info("SSLContext initialized. ");
         }
@@ -74,6 +72,27 @@ public class MsgClientFactory {
         return ((App2ZusePort)proxy);
     }
 
+    private TLSClientParameters setupTLSParams(SSLType ssl) {
+
+        var tlsParams = new TLSClientParameters();
+        var keystore = resolveKeyStorePath(ssl.getKeyStore());
+
+        SSLContext sslContext;
+        if (ssl.isTrustAll()) {
+            sslContext = sslContextCreator.createUnsafeSSLContext(keystore);
+        } else {
+            var truststore = resolveKeyStorePath(ssl.getTrustStore());
+            sslContext = sslContextCreator.createSSLContext(keystore, truststore);
+        }
+        tlsParams.setSSLSocketFactory(sslContext.getSocketFactory());
+
+        if (ssl.isLaxHostNameVerification()) {
+            tlsParams.setDisableCNCheck(true);
+        }
+
+        return tlsParams;
+    }
+
     private KeyStoreType resolveKeyStorePath(@Nullable KeyStoreType store) {
 
         if (store == null) return null;
diff --git a/src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java b/src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java
index b4d66d1..302bbf0 100644
--- a/src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java
+++ b/src/main/java/at/gv/egiz/moazs/util/SSLContextCreator.java
@@ -6,6 +6,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.lang.Nullable;
 import org.springframework.stereotype.Component;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.X509TrustManager;
 
 import javax.net.ssl.*;
 import java.io.IOException;
@@ -15,23 +18,46 @@ import static at.gv.egiz.moazs.MoaZSException.moaZSException;
 import static java.lang.String.format;
 
 @Component
+ /**
+  * Adapted from at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient
+  */
 public class SSLContextCreator {
 
     private static final Logger log = LoggerFactory.getLogger(SSLContextCreator.class);
 
+    private static final String SSL_WARN_MAN_IN_THE_MIDDLE_MSG =
+            "HTTP Client trusts ANY server certificate and is therefore vulnerable to Man-In-The-Middle attacks. " +
+                    "Use this configuration for testing purposes only and NOT IN PRODUCTION. ";
+
     /**
      * Creates an SSL Context.
-     * Adapted from at.asitplus.eidas.specific.modules.authmodule_eIDASv2.szr.SZRClient
      *
      * @param keystore (if null, use no key store)
      * @param truststore (if null, use default trust store)
      * @throws at.gv.egiz.moazs.MoaZSException
      */
     public SSLContext createSSLContext(@Nullable KeyStoreType keystore, @Nullable KeyStoreType truststore) {
+        return createSSLContext(keystore, false, truststore);
+    }
+
+    /**
+     * Creates an SSL Context that trusts all certificates. Don't use in production.
+     *
+     * @param keystore (if null, use no key store)
+     * @throws at.gv.egiz.moazs.MoaZSException
+     */
+    public SSLContext createUnsafeSSLContext(@Nullable KeyStoreType keystore) {
+        log.warn(SSL_WARN_MAN_IN_THE_MIDDLE_MSG);
+        return createSSLContext(keystore, true, null);
+    }
+
+    private SSLContext createSSLContext(@Nullable KeyStoreType keystore, boolean trustAll, @Nullable KeyStoreType truststore) {
         try {
             SSLContext context = SSLContext.getInstance("TLS");
             KeyManager[] keyManager = initKeyManager(keystore);
-            TrustManager[] trustManager = initTrustManager(truststore);
+            TrustManager[] trustManager = trustAll
+                    ? new TrustManager[]{new TrustAllManager()}
+                    : initTrustManager(truststore);
             context.init(keyManager, trustManager, new SecureRandom());
             return context;
         } catch (NoSuchAlgorithmException | KeyManagementException e) {
@@ -79,4 +105,29 @@ public class SSLContextCreator {
         }
     }
 
+    /**
+     * Class implementing a trust manager that trusts all certificates.
+     *
+     * @author Arne Tauber
+     */
+    public static class TrustAllManager implements X509TrustManager {
+
+        private static Logger log = LoggerFactory.getLogger(TrustAllManager.class);
+
+        public X509Certificate[] getAcceptedIssuers() {
+            return new X509Certificate[0];
+        }
+
+        public void checkClientTrusted(X509Certificate[] arg0, String arg1)
+                throws CertificateException {
+            log.debug("Automatically accepting client certificate as trusted.");
+        }
+
+        public void checkServerTrusted(X509Certificate[] arg0, String arg1)
+                throws CertificateException {
+            log.debug("Automatically accepting server certificate as trusted.");
+        }
+    }
+
+
 }
-- 
cgit v1.2.3