protected void addSslContextParametersToRegistry(JndiRegistry registry) {
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString());
ksp.setPassword(KEY_STORE_PASSWORD);
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword(KEY_STORE_PASSWORD);
kmp.setKeyStore(ksp);
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(ksp);
// NOTE: Needed since the client uses a loose trust configuration when no ssl context
// is provided. We turn on WANT client-auth to prefer using authentication
SSLContextServerParameters scsp = new SSLContextServerParameters();
scsp.setClientAuthentication(ClientAuthentication.WANT.name());
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setKeyManagers(kmp);
sslContextParameters.setTrustManagers(tmp);
sslContextParameters.setServerParameters(scsp);
// use SSLv3 to avoid issue with (eg disable TLS)
// Caused by: javax.net.ssl.SSLException: bad record MAC
sslContextParameters.setSecureSocketProtocol("SSLv3");
registry.bind("sslContextParameters", sslContextParameters);
}
@Override
protected JndiRegistry createRegistry() throws Exception {
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource(this.getClass().getClassLoader().getResource("keystore.jks").toString());
ksp.setPassword("changeit");
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword("changeit");
kmp.setKeyStore(ksp);
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(ksp);
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setKeyManagers(kmp);
sslContextParameters.setTrustManagers(tmp);
JndiRegistry registry = super.createRegistry();
registry.bind("sslContextParameters", sslContextParameters);
return registry;
}