示例#1
0
  protected void addSslContextParametersToRegistry(JndiRegistry registry) {
    KeyStoreParameters ksp = new KeyStoreParameters();
    ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString());
    ksp.setPassword(KEY_STORE_PASSWORD);

    KeyManagersParameters kmp = new KeyManagersParameters();
    kmp.setKeyPassword(KEY_STORE_PASSWORD);
    kmp.setKeyStore(ksp);

    TrustManagersParameters tmp = new TrustManagersParameters();
    tmp.setKeyStore(ksp);

    // NOTE: Needed since the client uses a loose trust configuration when no ssl context
    // is provided.  We turn on WANT client-auth to prefer using authentication
    SSLContextServerParameters scsp = new SSLContextServerParameters();
    scsp.setClientAuthentication(ClientAuthentication.WANT.name());

    SSLContextParameters sslContextParameters = new SSLContextParameters();
    sslContextParameters.setKeyManagers(kmp);
    sslContextParameters.setTrustManagers(tmp);
    sslContextParameters.setServerParameters(scsp);
    // use SSLv3 to avoid issue with (eg disable TLS)
    // Caused by: javax.net.ssl.SSLException: bad record MAC
    sslContextParameters.setSecureSocketProtocol("SSLv3");

    registry.bind("sslContextParameters", sslContextParameters);
  }
  @Override
  protected JndiRegistry createRegistry() throws Exception {

    KeyStoreParameters ksp = new KeyStoreParameters();
    ksp.setResource(this.getClass().getClassLoader().getResource("keystore.jks").toString());
    ksp.setPassword("changeit");

    KeyManagersParameters kmp = new KeyManagersParameters();
    kmp.setKeyPassword("changeit");
    kmp.setKeyStore(ksp);

    TrustManagersParameters tmp = new TrustManagersParameters();
    tmp.setKeyStore(ksp);

    SSLContextParameters sslContextParameters = new SSLContextParameters();
    sslContextParameters.setKeyManagers(kmp);
    sslContextParameters.setTrustManagers(tmp);

    JndiRegistry registry = super.createRegistry();
    registry.bind("sslContextParameters", sslContextParameters);
    return registry;
  }