Skip to content

Instantly share code, notes, and snippets.

@smoldovansky
Created November 13, 2015 09:01
Show Gist options
  • Save smoldovansky/9e7e0582f4683c455a7d to your computer and use it in GitHub Desktop.
Save smoldovansky/9e7e0582f4683c455a7d to your computer and use it in GitHub Desktop.
Spring OAuthClient setup for accessing a server with self signed certificate
package com.synergygfs.cards;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
public class OAuth2RestTemplateSelfSignedCert extends OAuth2RestTemplate {
private static final String CERTIFICATE_MWBACKEND_RESOURCE_PATH = "mwbackend.cer";
public OAuth2RestTemplateSelfSignedCert(OAuth2ProtectedResourceDetails resource, OAuth2ClientContext context) {
super(resource, context);
try {
SimpleSSLClientHttpRequestFactory requestFactory = new SimpleSSLClientHttpRequestFactory(hostNameVerifier(), certificate());
this.setRequestFactory(requestFactory);
AuthorizationCodeAccessTokenProvider authCodeTokenProvider = new AuthorizationCodeAccessTokenProvider();
authCodeTokenProvider.setRequestFactory(requestFactory);
ImplicitAccessTokenProvider implicitAccessTokenProvider = new ImplicitAccessTokenProvider();
implicitAccessTokenProvider.setRequestFactory(requestFactory);
ResourceOwnerPasswordAccessTokenProvider resourceOwnerPasswordAccessTokenProvider = new ResourceOwnerPasswordAccessTokenProvider();
resourceOwnerPasswordAccessTokenProvider.setRequestFactory(requestFactory);
ClientCredentialsAccessTokenProvider clientCredentialsAccessTokenProvider = new ClientCredentialsAccessTokenProvider();
clientCredentialsAccessTokenProvider.setRequestFactory(requestFactory);
this.setAccessTokenProvider(new AccessTokenProviderChain(
Arrays.<AccessTokenProvider> asList(authCodeTokenProvider, implicitAccessTokenProvider,
resourceOwnerPasswordAccessTokenProvider, clientCredentialsAccessTokenProvider)));
} catch (Exception e) {
e.printStackTrace();
}
}
protected static Certificate certificate() throws Exception {
Certificate certificate = null;
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ClassPathResource resource = new ClassPathResource(CERTIFICATE_MWBACKEND_RESOURCE_PATH);
InputStream caInput = resource.getInputStream();
try {
certificate = cf.generateCertificate(caInput);
} finally {
caInput.close();
}
return certificate;
}
protected static HostnameVerifier hostNameVerifier() {
return new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
}
protected class SimpleSSLClientHttpRequestFactory extends SimpleClientHttpRequestFactory {
private final HostnameVerifier hostNameVerifier;
private final Certificate certificate;
public SimpleSSLClientHttpRequestFactory(final HostnameVerifier hostNameVerifier, Certificate certificate) {
this.hostNameVerifier = hostNameVerifier;
this.certificate = certificate;
}
@Override
protected void prepareConnection(final HttpURLConnection connection, final String httpMethod)
throws IOException {
if (connection instanceof HttpsURLConnection) {
((HttpsURLConnection) connection).setHostnameVerifier(hostNameVerifier);
((HttpsURLConnection) connection).setSSLSocketFactory(initSSLContext().getSocketFactory());
}
super.prepareConnection(connection, httpMethod);
}
private SSLContext initSSLContext() {
try {
Certificate ca = certificate;
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
return context;
} catch (final Exception ex) {
return null;
}
}
}
}
@ndtreviv
Copy link

Got a newer version of this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment