This documentation is for WSO2 Carbon 4.4.0. View documentation for the latest release.
HTTPS-NIO Transport - Carbon 4.4.0 - WSO2 Documentation
Due to a known issue do not use JDK1.8.0_151 with WSO2 products. Use JDK 1.8.0_144 until JDK 1.8.0_162-ea is released.
||
Skip to end of metadata
Go to start of metadata

HTTPS-NIO transport is also a module that comes from the Apache Synapse code base. Apache Synapse (as well as the WSO2 ESB) ships the HTTPS-NIO transport as the default HTTPS transport implementation; however, other products can install the feature that has this transport if needed. The receiver class is named as follows:

org.apache.synapse.transport.nhttp.HttpCoreNIOSSLListener

The sender class is named as follows:

org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender

As far as the actual implementation of the transport is concerned, these two classes simply extend the HTTP-NIO implementation by adding SSL support to it. Therefore, they support all the configuration parameters supported by the HTTP-NIO receiver and sender. In addition to that, both HTTPS-NIO listener and the HTTPS-NIO sender support the following two parameters. The above mentioned classes are available in the synapse-nhttp-transport.jar bundle.

Transport Parameters (Common to both receiver and the sender):

Parameter Name

Description

Requried

Possible Values

Default Value

keystore

The default keystore to be used by the receiver or the sender should be specified here along with its related parameters as an XML fragment. The path to the keystore file, its type and the passwords to access the keystore should be stated in the XML. The keystore would be used by the transport to initialize a set of key managers.

Yes

<parameter name="keystore">
<KeyStore>
<Location>lib/identity.jks</Location>
<Type>JKS</Type>
<Password>password</Password>
<KeyPassword>password</KeyPassword>
</KeyStore>
</parameter>

 

truststore

The default trust store to be used by the receiver or the sender should be specified here along with its related parameters as an XML fragment. The location of the trust store file, its type and the password should be stated in the XML body. The truststore is used by the transport to initialize a set of trust managers.

Yes

<parameter name="truststore">
<TrustStore>
<Location>lib/identity.jks</Location>
<Type>JKS</Type>
<Password>password</Password>
</TrustStore>
</parameter>

 

The HTTPS NIO transport sender supports the concept of custom SSL profiles. An SSL profile is a user defined keystore-truststore pair. Such an SSL profile can be associated with one or more target servers. When the HTTPS sender connects to a target server, it will use the SSL profile associated with the target server. If no custom SSL profiles are configured for the target server, the default keystore-truststore pair will be used. Using this feature the NIO HTTPS sender can connect to different target servers using different certificates and identities. The following table shows how to configure custom SSL profiles. The given example only contains a single SSL profile, but there can be as many profiles as required.

Parameter Name

Description

Requried

Possible Values

Default Value

customSSLProfiles

Define one or more custom SSL profiles and associate them with
target servers. Each profile must be associated with at least one
target server. If a profile should be associated with multiple target
servers, the server list should be specified as a comma separated
list. A target server is identified by a host-port pair.

No

<parameter name="customSSLProfiles>
<profile>
<servers>www.test.org:80,
www.test2.com:9763</servers>
<KeyStore>
<Location>/path/to/identity/store
</Location>
<Type>JKS</Type>
<Password>password</Password>
<KeyPassword>password
</KeyPassword>
</KeyStore>
<TrustStore>
<Location>path/to/trust/store
</Location>
<Type>JKS</Type>
<Password>password</Password>
</TrustStore>
</profile>
</parameter>

 

  • No labels