https://github.com/marschall/ssl-socket-factory-factory-bean
A Spring FactoryBean for an SSLSocketFactory
https://github.com/marschall/ssl-socket-factory-factory-bean
Last synced: 3 months ago
JSON representation
A Spring FactoryBean for an SSLSocketFactory
- Host: GitHub
- URL: https://github.com/marschall/ssl-socket-factory-factory-bean
- Owner: marschall
- Created: 2021-02-04T19:34:25.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2021-12-04T10:27:48.000Z (over 3 years ago)
- Last Synced: 2025-01-16T02:44:58.019Z (4 months ago)
- Language: Java
- Size: 49.8 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
SSLSocketFactory FactoryBean [](https://maven-badges.herokuapp.com/maven-central/com.github.marschall/ssl-socket-factory-factory-bean) [](https://travis-ci.org/marschall/ssl-socket-factory-factory-bean)
============================
A Spring [FactoryBean](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/beans/factory/FactoryBean.html) for a [SSLSocketFactory](https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/net/ssl/SSLSocketFactory.html) or `SSLSocketFactory` class.
Sometimes a framework or library does not support configuring SSL parameters like truststore, keystore, cipher suites or TLS versions directly but only by providing a `javax.net.ssl.SSLSocketFactory` instance or `javax.net.ssl.SSLSocketFactory` class. As `javax.net.ssl.SSLSocketFactory` is an abstract class a subclass has to be created that delegates to the implementation instance. This project aims to make this simpler by providing a Spring `FactoryBean` that takes care of this.
This project has an optional dependency on [Byte Buddy](https://bytebuddy.net/) which is needed when a `SSLSocketFactory` class rather than a `SSLSocketFactory` is desired, eg for `com.sun.jndi.ldap.LdapCtx#SOCKET_FACTORY`.
```xml
com.github.marschall
ssl-socket-factory-factory-bean
0.1.0
```
Usage
-----
Define a bean of type `SSLSocketFactoryFactoryBean` and a bean of type `SSLSocketFactory` will be available in the application context.
```java
@Configuration
public class SSLConfiguration {
// there are various ways how configuration could happen, Spring properties is just one option
@Value("${truststore.type}")
private String truststoreType;
@Value("${truststore.location}")
private String truststoreLocation;
@Value("${truststore.password}")
private String truststorePassword;
// define the SSLSocketFactoryFactoryBean
@Bean
FactoryBean sslSocketFactory() {
SSLSocketFactoryFactoryBean factoryBean = new SSLSocketFactoryFactoryBean();
factoryBean.setTruststoreType(this.truststoreType);
factoryBean.setTruststoreLocation(this.truststoreLocation);
factoryBean.setTruststorePassword(this.truststorePassword);
// these values could also be configurable
factoryBean.setProtocol("TLSv1.2");
factoryBean.setCipherSuites(Collections.singletonList("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"));
return factoryBean;
}
@Bean
RestOperations restTemplate(SSLSocketFactory sslSocketFactory /* created by the bean defined in #sslSocketFactory */) {
ClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory() {
@Override
protected void prepareConnection(HttpURLConnection connection, String httpMethod) throws IOException {
if (connection instanceof HttpsURLConnection) {
HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
httpsConnection.setSSLSocketFactory(sslSocketFactory);
}
super.prepareConnection(connection, httpMethod);
}
};
return new RestTemplate(requestFactory);
}
}
```
Debugging
---------
To easily verify that all configuration options are passed as desired use
```
-Djavax.net.debug=ssl:handshake
```
You may also want to check out [sslcontext-kickstart](https://github.com/Hakky54/sslcontext-kickstart)