Java tutorial
/* * Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.wso2.carbon.identity.application.authentication.endpoint.util; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.application.authentication.endpoint.util.AuthenticationException; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import java.io.BufferedReader; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStream; import java.net.URL; import java.nio.charset.StandardCharsets; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.util.Map; /** * Client for calling Admin Services with mutual ssl authentication */ public class TenantMgtAdminServiceClient { /** * Logger for TenantMgtAdminServiceClient class */ private static final Log log = LogFactory.getLog(TenantMgtAdminServiceClient.class); /** * HTTP POST */ private static final String HTTP_POST = "POST"; /** * Default keystore type of the client */ private static String keyStoreType = "JKS"; /** * Default truststore type of the client */ private static String trustStoreType = "JKS"; /** * Default keymanager type of the client */ private static String keyManagerType = "SunX509"; //Default Key Manager Type /** * Default trustmanager type of the client */ private static String trustManagerType = "SunX509"; //Default Trust Manager Type /** * Default ssl protocol for client */ private static String protocol = "SSLv3"; private static KeyStore keyStore; private static KeyStore trustStore; private static char[] keyStorePassword; private static HttpsURLConnection httpsURLConnection; private static SSLSocketFactory sslSocketFactory; private TenantMgtAdminServiceClient() { } /** * Load key store with given keystore.jks * * @param keyStorePath Path to keystore * @param keyStorePassword Password of keystore * @throws AuthenticationException */ public static void loadKeyStore(String keyStorePath, String keyStorePassword) throws AuthenticationException { InputStream fis = null; try { TenantMgtAdminServiceClient.keyStorePassword = keyStorePassword.toCharArray(); keyStore = KeyStore.getInstance(keyStoreType); fis = new FileInputStream(keyStorePath); keyStore.load(fis, TenantMgtAdminServiceClient.keyStorePassword); } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException e) { throw new AuthenticationException("Error while trying to load Key Store.", e); } finally { if (fis != null) { try { fis.close(); } catch (IOException e) { log.error("Failed to close file. ", e); } } } } /** * Load trust store with given .jks file * * @param trustStorePath Path to truststore * @param trustStorePassword Password of truststore * @throws AuthenticationException */ public static void loadTrustStore(String trustStorePath, String trustStorePassword) throws AuthenticationException { InputStream is = null; try { trustStore = KeyStore.getInstance(trustStoreType); is = new FileInputStream(trustStorePath); trustStore.load(is, trustStorePassword.toCharArray()); } catch (KeyStoreException | CertificateException | IOException | NoSuchAlgorithmException e) { throw new AuthenticationException("Error while trying to load Trust Store.", e); } finally { if (is != null) { try { is.close(); } catch (IOException e) { log.error("Failed to close file. ", e); } } } } /** * Create basic SSL connection factory * * @throws AuthenticationException */ public static void initMutualSSLConnection(boolean hostNameVerificationEnabled) throws AuthenticationException { try { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyManagerType); keyManagerFactory.init(keyStore, keyStorePassword); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerType); trustManagerFactory.init(trustStore); // Create and initialize SSLContext for HTTPS communication SSLContext sslContext = SSLContext.getInstance(protocol); if (hostNameVerificationEnabled) { sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); sslSocketFactory = sslContext.getSocketFactory(); if (log.isDebugEnabled()) { log.debug("Mutual SSL Client initialized with Hostname Verification enabled"); } } else { // All the code below is to overcome host name verification failure we get in certificate // validation due to self signed certificate. // Create empty HostnameVerifier HostnameVerifier hv = new HostnameVerifier() { @Override public boolean verify(String urlHostName, SSLSession session) { return true; } }; // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[0]; } @Override public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { /* skipped implementation */ } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { /* skipped implementation */ } } }; sslContext.init(keyManagerFactory.getKeyManagers(), trustAllCerts, new java.security.SecureRandom()); if (log.isDebugEnabled()) { log.debug("SSL Context is initialized with trust manager for excluding certificate validation"); } SSLContext.setDefault(sslContext); sslSocketFactory = sslContext.getSocketFactory(); HttpsURLConnection.setDefaultHostnameVerifier(hv); if (log.isDebugEnabled()) { log.debug("Mutual SSL Client initialized with Hostname Verification disabled"); } } } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { throw new AuthenticationException("Error while trying to load Trust Store.", e); } } /** * Send mutual ssl https post request and return data * * @param backendURL URL of the service * @param message Message sent to the URL * @param requestProps Request properties * @return Received data * @throws java.io.IOException */ public static String sendPostRequest(String backendURL, String message, Map<String, String> requestProps) { OutputStream outputStream = null; InputStream inputStream = null; BufferedReader reader = null; String response = null; URL url = null; try { url = new URL(backendURL); httpsURLConnection = (HttpsURLConnection) url.openConnection(); httpsURLConnection.setSSLSocketFactory(sslSocketFactory); httpsURLConnection.setDoOutput(true); httpsURLConnection.setDoInput(true); httpsURLConnection.setRequestMethod(HTTP_POST); if (requestProps != null) { for (Map.Entry<String, String> entry : requestProps.entrySet()) { httpsURLConnection.setRequestProperty(entry.getKey(), entry.getValue()); } } outputStream = httpsURLConnection.getOutputStream(); if (StringUtils.isNotEmpty(message)) { outputStream.write(message.getBytes(StandardCharsets.UTF_8)); } inputStream = httpsURLConnection.getInputStream(); reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8)); StringBuilder builder = new StringBuilder(); String line; while (StringUtils.isNotEmpty(line = reader.readLine())) { builder.append(line); } response = builder.toString(); } catch (IOException e) { log.error("Sending " + HTTP_POST + " request to URL : " + url + "failed.", e); } finally { try { if (reader != null) { reader.close(); } if (inputStream != null) { inputStream.close(); } if (outputStream != null) { outputStream.close(); } } catch (IOException e) { log.error("Closing stream for " + url + " failed", e); } } return response; } public static String getKeyStoreType() { return keyStoreType; } public static void setKeyStoreType(String keyStoreType) { TenantMgtAdminServiceClient.keyStoreType = keyStoreType; } public static String getTrustStoreType() { return trustStoreType; } public static void setTrustStoreType(String trustStoreType) { TenantMgtAdminServiceClient.trustStoreType = trustStoreType; } public static String getKeyManagerType() { return keyManagerType; } public static void setKeyManagerType(String keyManagerType) { TenantMgtAdminServiceClient.keyManagerType = keyManagerType; } public static String getTrustManagerType() { return trustManagerType; } public static void setTrustManagerType(String trustManagerType) { TenantMgtAdminServiceClient.trustManagerType = trustManagerType; } public static HttpsURLConnection getHttpsURLConnection() { return httpsURLConnection; } public static void setProtocol(String protocol) { TenantMgtAdminServiceClient.protocol = protocol; } }