Using spring boot right now with hsm & mssql jdbc & rest & soap services running in one single microservice.
MainApplication.java
@SpringBootApplication
public class MainApplication {
@Autowired
public Environment env;
public static void main(String[] args) {
SpringApplication.run(MainApplication.class, args);
}
/**
* init keystores
*/
@PostConstruct
public void keystoresInit() {
logger.info("Starting keystores Init");
// INIT Keystore - soap service
KeyStore ks = KeyStore.getInstance(env.getProperty("keyserver.ssl.key-store-type"));
ksFile = new FileInputStream(env.getProperty("keyserver.ssl.key-store"));
ks.load(ksFile, pass);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, pass);
// INIT Truststore
KeyStore trustKeystore = KeyStore.getInstance(env.getProperty("cacert.ssl.key-store-type"));
tsFile = new FileInputStream(env.getProperty("cacert.ssl.key-store"));
trustKeystore.load(tsFile, env.getProperty("cacert.ssl.key-store-password").toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustKeystore);
// INIT SSLContext
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
SSLContext.setDefault(context);
Map<String, String> samplekeys = new HashMap<String, String>();
CustomSSLContext cssc = CustomSSLContext.getInstance(); //which is used for soap services
cssc.initSSLContexts(env.getProperty("keyserver.ssl.key-store"),
env.getProperty("keyserver.ssl.key-store-type"), pass, samplekeys);
} catch (Exception e) {
--
} finally {
--
}
}
/**
* Configuring Hikari datasource and setting password from vault.
* @return
*/
@Bean
@ConfigurationProperties(prefix = "spring.datasource.hikari")
public DataSource dataSource() {
HikariDataSource ds = null;
try {
password = getting from vault;
ds = new HikariDataSource();
ds.setPassword(new String(password));
} catch (Exception e) {
--
} finally {
--
}
return ds;
}
}
application.yml
keyserver:
ssl:
key-store: sample.keystore
key-store-type: Luna
cacert:
ssl:
key-store: cacerts #same cacerts placed in running JDK instance as well
key-store-password: samplepass
key-store-type: jks
java.security
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.safenetinc.luna.provider.LunaProvider
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
..etc
Problem:
Postcontruct method has the keystore & truststore initialized, all the connections use the LunaProvider which i configured in java.security file listed as 3rd item (security provider). This ssl connections used by SOAP calls. This works well.
The database bean also uses same lunaprovider which i dont want to work in that ssl. because it causes so many problems. i need to use different ssl context for database so that i works parallel. how do i do that.
I have rest calls incoming & outgoing from this service. wanted to know if can use another ssl context for that? without touching lunaprovider?
Thanks in advance.
