- // Set up keystore
- String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY;
- String store = Main.aafPropsUtils.getKeystorePathProperty();
- String pass = Main.aafPropsUtils.getKeystorePassProperty();
- KeyStore keyStore = readStore(store, pass, type);
- // Set up truststore
- store = Main.aafPropsUtils.getTruststorePathProperty();
- pass = Main.aafPropsUtils.getTruststorePassProperty();
- if (store == null || store.length() == 0) {
- store = AafPropsUtils.DEFAULT_TRUSTSTORE;
- pass = "changeit";
+ if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) {
+ // Set up keystore
+ String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY;
+ String store = ProvRunner.getAafPropsUtils().getKeystorePathProperty();
+ String pass = ProvRunner.getAafPropsUtils().getKeystorePassProperty();
+ KeyStore keyStore = readStore(store, pass, type);
+ // Set up truststore
+ store = ProvRunner.getAafPropsUtils().getTruststorePathProperty();
+ pass = ProvRunner.getAafPropsUtils().getTruststorePassProperty();
+ KeyStore trustStore = readStore(store, pass, AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY);
+
+ // We are connecting with the node name, but the certificate will have the CNAME
+ // So we need to accept a non-matching certificate name
+ SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore,
+ ProvRunner.getAafPropsUtils().getKeystorePassProperty(), trustStore);
+ socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+ sch = new Scheme("https", 443, socketFactory);
+ } else {
+ PlainSocketFactory socketFactory = new PlainSocketFactory();
+ sch = new Scheme("http", 80, socketFactory);