Skip to content

Commit

Permalink
separate loading certificate to jks and getting updated ssl
Browse files Browse the repository at this point in the history
  • Loading branch information
@chathuranga-jayanath-99
chathuranga-jayanath-99 committed Dec 4, 2024
1 parent 8cf0e92 commit 7a2806c
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 19 deletions.
48 changes: 29 additions & 19 deletions modules/core/src/main/java/org/apache/synapse/deployers/LocalEntryDeployer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ public String deploySynapseArtifact(OMElement artifactConfig, String fileName,
}
log.info("LocalEntry named '" + e.getKey()
+ "' has been deployed from file : " + fileName);
handleHttpConnectorCertificates(artifactConfig);
handleSSLSenderCertificates(artifactConfig);
return e.getKey();
} else {
handleSynapseArtifactDeploymentError("LocalEntry Deployment Failed. The artifact " +
Expand All @@ -102,7 +102,7 @@ public String deploySynapseArtifact(OMElement artifactConfig, String fileName,
return null;
}

private void handleHttpConnectorCertificates(OMElement element) throws DeploymentException {
private void handleSSLSenderCertificates(OMElement element) throws DeploymentException {

OMElement httpInitElement =
element.getFirstChildWithName(new QName(SynapseConstants.SYNAPSE_NAMESPACE, HTTP_CONNECTION_IDENTIFIER));
Expand All @@ -113,40 +113,50 @@ private void handleHttpConnectorCertificates(OMElement element) throws Deploymen
String childElementValue = childElement.getText();
String transformedElementValue = getTransformedElementValue(childElementValue);
if (transformedElementValue.endsWith(CERTIFICATE_EXTENSION)) {
loadCertificateFileToStore(transformedElementValue);
loadCertificateFileToSSLSenderTrustStore(transformedElementValue);
loadUpdatedSSL();
}
}
}
}

private void loadCertificateFileToStore(String certificateFileResourceKey) throws DeploymentException {
private void loadCertificateFileToSSLSenderTrustStore(String certificateFileResourceKey) throws DeploymentException {

String certificateFilePath = getSynapseConfiguration().getRegistry().getRegistryEntry(certificateFileResourceKey).getName();
File certificateFile = new File(certificateFilePath);
String certificateAlias = certificateFile.getName().split("\\.")[0];
try (FileInputStream certificateFileInputStream = FileUtils.openInputStream(new File(certificateFilePath))) {
SslSenderTrustStoreHolder sslSenderTrustStoreHolder = SslSenderTrustStoreHolder.getInstance();
KeyStore sslSenderTrustStore = sslSenderTrustStoreHolder.getKeyStore();
SslSenderTrustStoreHolder sslSenderTrustStoreHolder = SslSenderTrustStoreHolder.getInstance();
if (sslSenderTrustStoreHolder.isValid()) {
try (FileInputStream certificateFileInputStream = FileUtils.openInputStream(new File(certificateFilePath))) {
KeyStore sslSenderTrustStore = sslSenderTrustStoreHolder.getKeyStore();

CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate certificate = certificateFactory.generateCertificate(certificateFileInputStream);
sslSenderTrustStore.setCertificateEntry(certificateAlias, certificate);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate certificate = certificateFactory.generateCertificate(certificateFileInputStream);
sslSenderTrustStore.setCertificateEntry(certificateAlias, certificate);

try (FileOutputStream fileOutputStream = new FileOutputStream(sslSenderTrustStoreHolder.getLocation())) {
sslSenderTrustStore.store(fileOutputStream, sslSenderTrustStoreHolder.getPassword().toCharArray());
try (FileOutputStream fileOutputStream = new FileOutputStream(sslSenderTrustStoreHolder.getLocation())) {
sslSenderTrustStore.store(fileOutputStream, sslSenderTrustStoreHolder.getPassword().toCharArray());
}
} catch (CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException e) {
throw new DeploymentException("Failed to load certificate file to store: " + certificateFilePath, e);
}
}
}

private void loadUpdatedSSL() throws DeploymentException {
SslSenderTrustStoreHolder sslSenderTrustStoreHolder = SslSenderTrustStoreHolder.getInstance();
KeyStore sslSenderTrustStore = sslSenderTrustStoreHolder.getKeyStore();
if (sslSenderTrustStoreHolder.isValid()) {
try (
FileInputStream fileInputStream = new FileInputStream(sslSenderTrustStoreHolder.getLocation());
InputStream bufferedInputStream = IOUtils.toBufferedInputStream(fileInputStream)
FileInputStream fileInputStream = new FileInputStream(sslSenderTrustStoreHolder.getLocation());
InputStream bufferedInputStream = IOUtils.toBufferedInputStream(fileInputStream)
) {
sslSenderTrustStore.load(bufferedInputStream, sslSenderTrustStoreHolder.getPassword().toCharArray());
sslSenderTrustStoreHolder.setKeyStore(sslSenderTrustStore);
KeyStoreReloaderHolder.getInstance().reloadAllKeyStores();
} catch (IOException | CertificateException | NoSuchAlgorithmException e) {
throw new DeploymentException("Failed to load updated SSL configuration from the trust store at: " + sslSenderTrustStoreHolder.getLocation(), e);
}

sslSenderTrustStoreHolder.setKeyStore(sslSenderTrustStore);
KeyStoreReloaderHolder.getInstance().reloadAllKeyStores();
} catch (CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException e) {
throw new DeploymentException("Failed to load certificate file to store: " + certificateFilePath, e);
}
}

Expand Down
5 changes: 5 additions & 0 deletions ...tp/src/main/java/org/apache/synapse/transport/nhttp/config/SslSenderTrustStoreHolder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,4 +83,9 @@ public void setType(String type) {
public String getType() {
return this.type;
}

public boolean isValid() {
return keyStore != null && location != null && !location.isEmpty() &&
password != null && !password.isEmpty();
}
}

0 comments on commit 7a2806c

Please sign in to comment.