com.example.consumer1.ConsumerUtil Maven / Gradle / Ivy
package com.example.consumer1;
import com.example.BaseUtil;
import com.google.inject.Guice;
import com.google.inject.Injector;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.core.config.Configurator;
import org.apache.logging.log4j.core.config.DefaultConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.somda.sdc.biceps.guice.DefaultBicepsConfigModule;
import org.somda.sdc.biceps.guice.DefaultBicepsModule;
import org.somda.sdc.common.guice.DefaultHelperModule;
import org.somda.sdc.dpws.DpwsConfig;
import org.somda.sdc.dpws.crypto.CryptoConfig;
import org.somda.sdc.dpws.crypto.CryptoSettings;
import org.somda.sdc.dpws.guice.DefaultDpwsModule;
import org.somda.sdc.glue.GlueConstants;
import org.somda.sdc.glue.guice.DefaultGlueConfigModule;
import org.somda.sdc.glue.guice.DefaultGlueModule;
import org.somda.sdc.glue.guice.GlueDpwsConfigModule;
import javax.net.ssl.HostnameVerifier;
import java.net.URI;
import java.security.cert.X509Certificate;
import java.util.List;
/**
* This class provides the configuration used for the consumer instance.
*
* Overwriting configuration steps allows customizing the behavior of the framework through
* injection.
*/
public class ConsumerUtil extends BaseUtil {
private static final Logger LOG = LoggerFactory.getLogger(ConsumerUtil.class);
private final Injector injector;
public ConsumerUtil(String[] args) {
super(args);
Configurator.initialize(new DefaultConfiguration());
Configurator.setRootLevel(Level.INFO);
injector = Guice.createInjector(
new DefaultGlueModule(),
new DefaultGlueConfigModule(),
new DefaultBicepsModule(),
new DefaultBicepsConfigModule(),
new DefaultHelperModule(),
new DefaultDpwsModule(),
new GlueDpwsConfigModule() {
@Override
protected void customConfigure() {
super.customConfigure();
bind(CryptoConfig.CRYPTO_SETTINGS,
CryptoSettings.class,
createCustomCryptoSettings()
);
bind(DpwsConfig.HTTPS_SUPPORT, Boolean.class, isUseTls());
bind(DpwsConfig.HTTP_SUPPORT, Boolean.class, !isUseTls());
bind(CryptoConfig.CRYPTO_CLIENT_HOSTNAME_VERIFIER,
HostnameVerifier.class,
(hostname, session) -> {
try {
// since this is not a real implementation, we still want to allow all peers
// which is why this doesn't really filter anything
// returning false in this filter would reject an incoming request
var peerCerts = session.getPeerCertificates();
final X509Certificate x509 = (X509Certificate) peerCerts[0];
List extendedKeyUsage = x509.getExtendedKeyUsage();
if (extendedKeyUsage == null || extendedKeyUsage.isEmpty()) {
LOG.warn("No EKU in peer certificate");
return true;
}
// find matching provider key purpose
for (String key : extendedKeyUsage) {
try {
URI keyUri = URI.create(key);
if (keyUri.equals(URI.create(GlueConstants.OID_KEY_PURPOSE_SDC_SERVICE_PROVIDER))) {
LOG.debug("SDC Service Provider PKP found");
return true;
}
} catch (IllegalArgumentException e) {
// don't care, was no uri
}
}
return true;
} catch (Exception e) {
LOG.error("Error while validating provider certificate: {}", e.getMessage());
LOG.trace("Error while validating provider certificate", e);
}
return false;
});
}
});
}
public Injector getInjector() {
return injector;
}
}