Setting SSLContext with Sprint Boot for CXF and Mllp based clients

1,339 views
Skip to first unread message

Alexander Bagerman

unread,
Nov 25, 2015, 2:05:10 AM11/25/15
to ipf-user
Hi,
My organization moved to Spring Boot and now I am facing a challenge of how to make SSLContext available to XDS and PIX clients, i.e. "xds-iti18" and "pix-iti8". 

For "pix-iti8" I inject SSLContext into Spring context but upon inspection Mina2Configuration.sslContextParameters is null when its getter is invoked.

For "xds-iti18" i have hard time translating <http:conduit name="*.http-conduit">... recommended here: https://github.com/oehf/ipf/blob/master/platform-camel/ihe/ws/src/site/markdown/secureTransport.md into the java code.

I would appreciate any pointers,

Thanks,
Alex

Dmytro Rud

unread,
Nov 25, 2015, 3:21:02 AM11/25/15
to ipf-...@googlegroups.com
Hi Alex,

Could you please provide us a small project which reproduces the problem?  

Best regards
Dmytro


--
You received this message because you are subscribed to the Google Groups "ipf-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ipf-user+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Alexander Bagerman

unread,
Nov 25, 2015, 12:00:49 PM11/25/15
to ipf-user
Dmytro,
Please find modified iheclient project attached. It's slight modification of the tutorial ihe client with a new @Configuration class - IHEWebServiceClientConfiguration - to set HL7MLLPCodec and SSLContext. The file does not contain the certificate and I masked actual host addresses I was using for my testing. Please let me know if i can help in further diagnosing the issue,
Alex
iheclient.zip

Boris Stanojević

unread,
Nov 26, 2015, 10:43:25 AM11/26/15
to ipf-...@googlegroups.com

Hi Alexandar,

 

Well that’s the way how would I do that…

In spring-boot normally you have the main Application-Class where you can tell which spring-context files are used:

 

@SpringBootApplication

@ImportResource({"classpath:/application-context.xml", "classpath:/cxf-conduit-context.xml", "classpath:/mllp-ssl-context.xml"})

public class Application extends SpringBootServletInitializer {

 

    public static void main(String[] args) {

        SpringApplication.run(Application.class, args);

    }

}

 

Your e.g. "cxf-conduit-context.xml" defines CXF-Client-Conduit configuration where you can define TLS keystore/truststore usage like described on that page you’ve shared:

….

<http:conduit name="*.http-conduit">

...

            <!-- TLS configuration -->

            <http:tlsClientParameters disableCNCheck="true">

                <sec:keyManagers keyPassword="changeit">

                    <sec:keyStore type="JKS" password="changeit" file="xds-keystore.jks" />

                </sec:keyManagers>

                <sec:trustManagers>

                    <sec:keyStore type="JKS" password="changeit" file="xds-keystore.jks" />

                </sec:trustManagers

….


and then it should be automatically picked up by the client when using the "secure=true" option like shown below:


...

.to("xds-iti18://localhost:8181/xds-iti18-service?secure=true")

 

For MLLP based Endpoints you need to define another SSLContext in e.g. "mllp-ssl-context.xml"

 

<bean id="sslContext" class="javax.net.ssl.SSLContext"

          factory-bean="sslContextFactory"

          factory-method="newInstance" />

 

    <bean id="sslContextFactory" class="org.apache.mina.filter.ssl.SslContextFactory">

        <property name="keyManagerFactoryAlgorithm" value="SunX509"/>

        <property name="keyManagerFactoryKeyStore" ref="keyStore"/>

        <property name="keyManagerFactoryKeyStorePassword" value="changeit"/>

        <property name="trustManagerFactoryAlgorithmUseDefault" value="true"/>

        <property name="trustManagerFactoryKeyStore" ref="keyStore"/>

    </bean>

 

    <bean id="keyStoreFactory" class="org.apache.mina.filter.ssl.KeyStoreFactory">

        <property name="dataUrl" value="iti8/keystore.jks"/>

        <property name="password" value="changeit"/>

    </bean>

 

    <bean id="keyStore" class="java.security.KeyStore"

          factory-bean="keyStoreFactory"

          factory-method="newInstance" />

...

 

and important to reference this sslContext in your Endpoint-URI:

 

...

.to("pdq-iti8://localhost:5656?secure=true&sslContext=#sslContext”)



That's it, hope it works,

best regards,

Boris

Reply all
Reply to author
Forward
0 new messages