- // Set up keystore
- Properties props = (new DB()).getProperties();
- String type = props.getProperty(Main.KEYSTORE_TYPE_PROPERTY, "jks");
- String store = props.getProperty(Main.KEYSTORE_PATH_PROPERTY);
- String pass = props.getProperty(Main.KEYSTORE_PASS_PROPERTY);
- KeyStore keyStore = readStore(store, pass, type);
-
- store = props.getProperty(Main.TRUSTSTORE_PATH_PROPERTY);
- pass = props.getProperty(Main.TRUSTSTORE_PASS_PROPERTY);
- if (store == null || store.length() == 0) {
- store = Main.DEFAULT_TRUSTSTORE;
- pass = "changeit";
+ if (Boolean.TRUE.equals(ProvRunner.getTlsEnabled())) {
+ // Set up keystore
+ String type = AafPropsUtils.KEYSTORE_TYPE_PROPERTY;
+ String store = ProvRunner.getAafPropsUtils().getKeystorePathProperty();
+ String pass = ProvRunner.getAafPropsUtils().getKeystorePassProperty();
+ KeyStore keyStore = readStore(store, pass, type);
+ // Set up truststore
+ store = ProvRunner.getAafPropsUtils().getTruststorePathProperty();
+ pass = ProvRunner.getAafPropsUtils().getTruststorePassProperty();
+ KeyStore trustStore = readStore(store, pass, AafPropsUtils.TRUESTSTORE_TYPE_PROPERTY);
+
+ // We are connecting with the node name, but the certificate will have the CNAME
+ // So we need to accept a non-matching certificate name
+ SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore,
+ ProvRunner.getAafPropsUtils().getKeystorePassProperty(), trustStore);
+ socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+ sch = new Scheme("https", 443, socketFactory);
+ } else {
+ PlainSocketFactory socketFactory = new PlainSocketFactory();
+ sch = new Scheme("http", 80, socketFactory);