From 7a2806cb1e31f490818db2ac9d231885cd0f2889 Mon Sep 17 00:00:00 2001 From: chathurangaj Date: Wed, 4 Dec 2024 22:15:12 +0530 Subject: [PATCH] separate loading certificate to jks and getting updated ssl --- .../synapse/deployers/LocalEntryDeployer.java | 48 +++++++++++-------- .../config/SslSenderTrustStoreHolder.java | 5 ++ 2 files changed, 34 insertions(+), 19 deletions(-) diff --git a/modules/core/src/main/java/org/apache/synapse/deployers/LocalEntryDeployer.java b/modules/core/src/main/java/org/apache/synapse/deployers/LocalEntryDeployer.java index b7457bdd0d..97539f8094 100644 --- a/modules/core/src/main/java/org/apache/synapse/deployers/LocalEntryDeployer.java +++ b/modules/core/src/main/java/org/apache/synapse/deployers/LocalEntryDeployer.java @@ -88,7 +88,7 @@ public String deploySynapseArtifact(OMElement artifactConfig, String fileName, } log.info("LocalEntry named '" + e.getKey() + "' has been deployed from file : " + fileName); - handleHttpConnectorCertificates(artifactConfig); + handleSSLSenderCertificates(artifactConfig); return e.getKey(); } else { handleSynapseArtifactDeploymentError("LocalEntry Deployment Failed. The artifact " + @@ -102,7 +102,7 @@ public String deploySynapseArtifact(OMElement artifactConfig, String fileName, return null; } - private void handleHttpConnectorCertificates(OMElement element) throws DeploymentException { + private void handleSSLSenderCertificates(OMElement element) throws DeploymentException { OMElement httpInitElement = element.getFirstChildWithName(new QName(SynapseConstants.SYNAPSE_NAMESPACE, HTTP_CONNECTION_IDENTIFIER)); @@ -113,40 +113,50 @@ private void handleHttpConnectorCertificates(OMElement element) throws Deploymen String childElementValue = childElement.getText(); String transformedElementValue = getTransformedElementValue(childElementValue); if (transformedElementValue.endsWith(CERTIFICATE_EXTENSION)) { - loadCertificateFileToStore(transformedElementValue); + loadCertificateFileToSSLSenderTrustStore(transformedElementValue); + loadUpdatedSSL(); } } } } - private void loadCertificateFileToStore(String certificateFileResourceKey) throws DeploymentException { + private void loadCertificateFileToSSLSenderTrustStore(String certificateFileResourceKey) throws DeploymentException { String certificateFilePath = getSynapseConfiguration().getRegistry().getRegistryEntry(certificateFileResourceKey).getName(); File certificateFile = new File(certificateFilePath); String certificateAlias = certificateFile.getName().split("\\.")[0]; - try (FileInputStream certificateFileInputStream = FileUtils.openInputStream(new File(certificateFilePath))) { - SslSenderTrustStoreHolder sslSenderTrustStoreHolder = SslSenderTrustStoreHolder.getInstance(); - KeyStore sslSenderTrustStore = sslSenderTrustStoreHolder.getKeyStore(); + SslSenderTrustStoreHolder sslSenderTrustStoreHolder = SslSenderTrustStoreHolder.getInstance(); + if (sslSenderTrustStoreHolder.isValid()) { + try (FileInputStream certificateFileInputStream = FileUtils.openInputStream(new File(certificateFilePath))) { + KeyStore sslSenderTrustStore = sslSenderTrustStoreHolder.getKeyStore(); - CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); - Certificate certificate = certificateFactory.generateCertificate(certificateFileInputStream); - sslSenderTrustStore.setCertificateEntry(certificateAlias, certificate); + CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); + Certificate certificate = certificateFactory.generateCertificate(certificateFileInputStream); + sslSenderTrustStore.setCertificateEntry(certificateAlias, certificate); - try (FileOutputStream fileOutputStream = new FileOutputStream(sslSenderTrustStoreHolder.getLocation())) { - sslSenderTrustStore.store(fileOutputStream, sslSenderTrustStoreHolder.getPassword().toCharArray()); + try (FileOutputStream fileOutputStream = new FileOutputStream(sslSenderTrustStoreHolder.getLocation())) { + sslSenderTrustStore.store(fileOutputStream, sslSenderTrustStoreHolder.getPassword().toCharArray()); + } + } catch (CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException e) { + throw new DeploymentException("Failed to load certificate file to store: " + certificateFilePath, e); } + } + } + private void loadUpdatedSSL() throws DeploymentException { + SslSenderTrustStoreHolder sslSenderTrustStoreHolder = SslSenderTrustStoreHolder.getInstance(); + KeyStore sslSenderTrustStore = sslSenderTrustStoreHolder.getKeyStore(); + if (sslSenderTrustStoreHolder.isValid()) { try ( - FileInputStream fileInputStream = new FileInputStream(sslSenderTrustStoreHolder.getLocation()); - InputStream bufferedInputStream = IOUtils.toBufferedInputStream(fileInputStream) + FileInputStream fileInputStream = new FileInputStream(sslSenderTrustStoreHolder.getLocation()); + InputStream bufferedInputStream = IOUtils.toBufferedInputStream(fileInputStream) ) { sslSenderTrustStore.load(bufferedInputStream, sslSenderTrustStoreHolder.getPassword().toCharArray()); + sslSenderTrustStoreHolder.setKeyStore(sslSenderTrustStore); + KeyStoreReloaderHolder.getInstance().reloadAllKeyStores(); + } catch (IOException | CertificateException | NoSuchAlgorithmException e) { + throw new DeploymentException("Failed to load updated SSL configuration from the trust store at: " + sslSenderTrustStoreHolder.getLocation(), e); } - - sslSenderTrustStoreHolder.setKeyStore(sslSenderTrustStore); - KeyStoreReloaderHolder.getInstance().reloadAllKeyStores(); - } catch (CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException e) { - throw new DeploymentException("Failed to load certificate file to store: " + certificateFilePath, e); } } diff --git a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/config/SslSenderTrustStoreHolder.java b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/config/SslSenderTrustStoreHolder.java index cb7ef8884c..5177acbb46 100644 --- a/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/config/SslSenderTrustStoreHolder.java +++ b/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/config/SslSenderTrustStoreHolder.java @@ -83,4 +83,9 @@ public void setType(String type) { public String getType() { return this.type; } + + public boolean isValid() { + return keyStore != null && location != null && !location.isEmpty() && + password != null && !password.isEmpty(); + } }