Skip to content
Permalink
Browse files
JUDDI-919 replication now works with ssl + client-cert authentication…
…. In order to support this, we need to have two different war file (unfortunately). Included with this change set is number of typos in our deployment files (web.xml, beans.xml, etc) for the various supported containers

JUDDI-910 adding support for alternate endpoints for edge based coms. a number of optimizations were added to prevent/reduce network traffic for unnecessary updates. tested and working with 3 tomcat nodes
  • Loading branch information
spyhunter99 committed Feb 16, 2015
1 parent 5eda4a7 commit 5994cd063d305050b2c082358fd7519dd01be708
Showing 110 changed files with 18,053 additions and 745 deletions.
@@ -19,11 +19,8 @@
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.juddi.v3.client.ClassUtil;
@@ -0,0 +1,122 @@
/*
* Copyright 2015 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.juddi.v3.client.cryptor;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.ws.BindingProvider;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
*
* @author alex
*/
public class TransportSecurityHelper {

private static final Log log = LogFactory.getLog(TransportSecurityHelper.class);

public static boolean applyTransportSecurity(BindingProvider webServicePort) {
try {
File currentdir = new File(".");
String s = System.getProperty("javax.net.ssl.keyStore");
String st = System.getProperty("javax.net.ssl.trustStore");
log.info("Attempting to initialize keystore and truststore from " + s + " " + st);
if (s == null) {
log.warn("keystore isn't defined! " + s);
return false;
} else if (st == null) {
log.warn("truststore isn't defined! " + s);
return false;
} else {
File keystore = new File(s);
if (keystore == null || !keystore.exists()) {
log.warn("keystore doesn't exist! input was " + s + " working dir is " + currentdir
.getAbsolutePath());
return false;
}
//File truststore =new File(System.getProperty("javax.net.ssl.trustStore"));
String pwd = System.getProperty("javax.net.ssl.keyStorePassword");
if (pwd == null) {
log.warn("keystore password isn't defined!");
return false;
}

File truststore = new File(st);
if (truststore == null || !truststore.exists()) {
log.warn("truststore doesn't exist! input was " + s + " working dir is " + currentdir
.getAbsolutePath());
return false;
}
//File truststore =new File(System.getProperty("javax.net.ssl.trustStore"));
String pwdt = System.getProperty("javax.net.ssl.trustStorePassword");
if (pwdt == null) {
log.warn("truststore password isn't defined!");
return false;
}

if (keystore.exists()) {
try {
log.info("Using keystore from " + keystore.getAbsolutePath() + " current dir is " + currentdir.getAbsolutePath());

log.info("Using truststore from " + truststore.getAbsolutePath() + " current dir is " + currentdir.getAbsolutePath());
//log.info("Using truststure from " + truststore.getAbsolutePath() + " current dir is " + currentdir.getAbsolutePath());
SSLContext sc = SSLContext.getInstance("SSLv3");

KeyManagerFactory kmf
= KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(keystore), pwd.toCharArray());

kmf.init(ks, pwd.toCharArray());

String alg = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmFact = TrustManagerFactory.getInstance(alg);

FileInputStream fis = new FileInputStream(st);
KeyStore kst = KeyStore.getInstance("jks");
kst.load(fis, pwdt.toCharArray());
fis.close();

tmFact.init(kst);

TrustManager[] tms = tmFact.getTrustManagers();

sc.init(kmf.getKeyManagers(), null, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
((BindingProvider) webServicePort).getRequestContext().put("com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory", sc.getSocketFactory());
((BindingProvider) webServicePort).getRequestContext().put("com.sun.xml.ws.transport.https.client.SSLSocketFactory", sc.getSocketFactory());
return true;
} catch (Exception ex) {
log.warn("unable to establish ssl settings", ex);
}
}
}
return false;
} catch (Exception x) {
log.error("unexpected error", x);
}
return false;
}

}

0 comments on commit 5994cd0

Please sign in to comment.