Example 26 with KeyManagementException
use of java.security.KeyManagementException in project robovm by robovm.
the class SSLEngineTest method getEngine.
private SSLEngine getEngine(String host, int port) {
SSLContext context = null;
try {
context = SSLContext.getInstance("TLS");
context.init(null, null, null);
} catch (KeyManagementException e) {
fail("Could not get SSLEngine: key management exception " + e.getMessage());
} catch (NoSuchAlgorithmException e) {
fail("Could not get SSLEngine: no such algorithm " + e.getMessage());
}
return context.createSSLEngine(host, port);
}
Also used :
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyManagementException(java.security.KeyManagementException)
Example 27 with KeyManagementException
use of java.security.KeyManagementException in project spring-boot by spring-projects.
the class UndertowServletWebServerFactory method configureSsl.
private void configureSsl(Ssl ssl, int port, Builder builder) {
try {
SSLContext sslContext = SSLContext.getInstance(ssl.getProtocol());
sslContext.init(getKeyManagers(), getTrustManagers(), null);
builder.addHttpsListener(port, getListenAddress(), sslContext);
builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE, getSslClientAuthMode(ssl));
if (ssl.getEnabledProtocols() != null) {
builder.setSocketOption(Options.SSL_ENABLED_PROTOCOLS, Sequence.of(ssl.getEnabledProtocols()));
}
if (ssl.getCiphers() != null) {
builder.setSocketOption(Options.SSL_ENABLED_CIPHER_SUITES, Sequence.of(ssl.getCiphers()));
}
} catch (NoSuchAlgorithmException ex) {
throw new IllegalStateException(ex);
} catch (KeyManagementException ex) {
throw new IllegalStateException(ex);
}
}
Also used :
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyManagementException(java.security.KeyManagementException)
Example 28 with KeyManagementException
use of java.security.KeyManagementException in project Conversations by siacs.
the class XmppConnection method switchOverToTls.
private void switchOverToTls(final Tag currentTag) throws XmlPullParserException, IOException {
tagReader.readTag();
try {
final TlsFactoryVerifier tlsFactoryVerifier = getTlsFactoryVerifier();
final InetAddress address = socket == null ? null : socket.getInetAddress();
if (address == null) {
throw new IOException("could not setup ssl");
}
final SSLSocket sslSocket = (SSLSocket) tlsFactoryVerifier.factory.createSocket(socket, address.getHostAddress(), socket.getPort(), true);
if (sslSocket == null) {
throw new IOException("could not initialize ssl socket");
}
SSLSocketHelper.setSecurity(sslSocket);
if (!tlsFactoryVerifier.verifier.verify(account.getServer().getDomainpart(), sslSocket.getSession())) {
Log.d(Config.LOGTAG, account.getJid().toBareJid() + ": TLS certificate verification failed");
throw new SecurityException();
}
tagReader.setInputStream(sslSocket.getInputStream());
tagWriter.setOutputStream(sslSocket.getOutputStream());
sendStartStream();
Log.d(Config.LOGTAG, account.getJid().toBareJid() + ": TLS connection established");
features.encryptionEnabled = true;
final Tag tag = tagReader.readTag();
if (tag != null && tag.isStart("stream")) {
processStream();
} else {
throw new IOException("server didn't restart stream after STARTTLS");
}
sslSocket.close();
} catch (final NoSuchAlgorithmException | KeyManagementException e1) {
Log.d(Config.LOGTAG, account.getJid().toBareJid() + ": TLS certificate verification failed");
throw new SecurityException();
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
IOException(java.io.IOException)
Tag(eu.siacs.conversations.xml.Tag)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InetAddress(java.net.InetAddress)
KeyManagementException(java.security.KeyManagementException)
Example 29 with KeyManagementException
use of java.security.KeyManagementException in project AsmackService by rtreffer.
the class FeatureNegotiationEngine method open.
/*
* From RFC 3920-bis-13#page-26
* 4.2.7. Flow Chart
*
* +------------+
* | open TCP |
* | connection |
* +------------+
* |
* | <------------ open() starts here
* |
* v
* +---------------+
* | send initial |<-------------------------+
* | stream header | ^
* +---------------+ |
* | |
* v |
* +------------------+ |
* | receive response | |
* | stream header | |
* +------------------+ |
* | |
* v |
* +----------------+ |
* | receive stream | |
* +------------------>| features | |
* ^ +----------------+ |
* | | |
* | v |
* | +<-----------------+ |
* | | |
* | {empty?} ----> {all voluntary?} ----> {some mandatory?} |
* | | no | no | |
* | | yes | yes | yes |
* | | v v |
* | | +---------------+ +----------------+ |
* | | | MAY negotiate | | MUST negotiate | |
* | | | any or none | | one feature | |
* | | +---------------+ +----------------+ |
* | | | | |
* | v v | |
* | +----------+ +-----------+ | |
* | | process |<-----| negotiate | | |
* | | complete | no | a feature | | |
* | +----------+ +-----------+ | |
* | | | |
* | yes | | |
* | v v |
* | +--------->+<---------+ |
* | | |
* | v |
* +<-------------------------- {restart mandatory?} ------------>+
* no yes
*
* The "open" method starts directly after opening the TCP streams,
* negotiates the connection and returns true if the xmpp stream is ready
* for a bind.
*
* The usual way to bind is
* if (streamEngine.open(account)) {
* String resource = streamEngine.bind(account.getResource);
* }
*
* Interresting and available features that require restarts:
* - SASL
* - TLS
* - Compression
*/
/**
* <p>Open a connection for a given account. This will run the full
* negotiation with the following precedence:
* <ol>
* <li>TLS (if available)</li>
* <li>Compression (if available)</li>
* <li>SASL</li>
* <ol></p>
*
* <p><b>Note:</b> Servers should not offer compression befor SASL is
* completed. This is not violated by the rule, mobile devices love xml
* compression, thus a higher preference. Everything will work as expected
* when compression is offered after SASL.</p>
*
* <p>This method requires a call to bind (if you wish to bind) afterwards.
* </p>
*
* @param account XmppAccount The account used for negotiation.
* @throws XmppException In case of an error.
*/
public void open(XmppAccount account) throws XmppException {
boolean rerun = true;
boolean canBind = false;
while (rerun) {
try {
rerun = false;
xmppOutput.open(XMPPUtils.getDomain(account.getJid()), null);
xmppInput.readOpening();
Node features = null;
do {
Node stanza = xmppInput.nextStanza().getDocumentNode();
if (XMLUtils.isInstance(stanza, "http://etherx.jabber.org/streams", "features")) {
features = stanza;
}
} while (features == null);
// check basic stream features
rosterVersioningSupported |= XMLUtils.hasChild(features, "urn:xmpp:features:rosterver", "ver");
sessionsSupported |= XMLUtils.hasChild(features, "urn:ietf:params:xml:ns:xmpp-session", "session");
canBind |= XMLUtils.hasChild(features, "urn:ietf:params:xml:ns:xmpp-bind", "bind");
hasTLS = XMLUtils.hasChild(features, "urn:ietf:params:xml:ns:xmpp-tls", "starttls");
Node compression = XMLUtils.getFirstChild(features, "http://jabber.org/features/compress", "compression");
if (compression != null) {
NodeList methods = compression.getChildNodes();
for (int i = 0, l = methods.getLength(); i < l; i++) {
Node method = methods.item(i);
if (method.getNodeType() != Node.ELEMENT_NODE) {
continue;
}
if (!"method".equals(method.getNodeName())) {
continue;
}
String methodName = method.getFirstChild().getNodeValue();
methodName = methodName.trim();
compressionSupported |= "zlib".equals(methodName);
}
}
Node saslMechanisms = XMLUtils.getFirstChild(features, "urn:ietf:params:xml:ns:xmpp-sasl", "mechanisms");
SASLSupported |= saslMechanisms != null;
if (hasTLS && !secure) {
// enable tls
xmppOutput.sendUnchecked("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
boolean startTLS = XMLUtils.isInstance(xmppInput.nextStanza().getDocumentNode(), "urn:ietf:params:xml:ns:xmpp-tls", "proceed");
if (startTLS) {
startTLS();
secure = true;
rerun = true;
continue;
}
}
if (compressionSupported && !compressed && ZLibOutputStream.SUPPORTED) {
startCompress();
rerun = true;
continue;
}
if (SASLSupported && !authenticated) {
if (saslLogin(saslMechanisms, account)) {
authenticated = true;
rerun = true;
continue;
}
}
} catch (IllegalArgumentException e) {
throw new XmppMalformedException("Can't negotiate features", e);
} catch (IllegalStateException e) {
throw new XmppMalformedException("Can't negotiate features", e);
} catch (IOException e) {
throw new XmppTransportException("Can't negotiate features", e);
} catch (XmlPullParserException e) {
throw new XmppMalformedException("Can't negotiate features", e);
} catch (NoSuchAlgorithmException e) {
// Should never happen - TLS not available?
throw new XmppTransportException("Can't enable tls", e);
} catch (KeyManagementException e) {
throw new XmppTransportException("Can't trust server", e);
}
}
if (!canBind) {
throw new XmppTransportException("Couldn't reach bind state.");
}
}
Also used :
Node(org.w3c.dom.Node)
NodeList(org.w3c.dom.NodeList)
XmppTransportException(com.googlecode.asmack.connection.XmppTransportException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyManagementException(java.security.KeyManagementException)
XmppMalformedException(com.googlecode.asmack.XmppMalformedException)
XmlPullParserException(org.xmlpull.v1.XmlPullParserException)
Example 30 with KeyManagementException
use of java.security.KeyManagementException in project platform_frameworks_base by android.
the class SSLCertificateSocketFactory method makeSocketFactory.
private SSLSocketFactory makeSocketFactory(KeyManager[] keyManagers, TrustManager[] trustManagers) {
try {
OpenSSLContextImpl sslContext = OpenSSLContextImpl.getPreferred();
sslContext.engineInit(keyManagers, trustManagers, null);
sslContext.engineGetClientSessionContext().setPersistentCache(mSessionCache);
return sslContext.engineGetSocketFactory();
} catch (KeyManagementException e) {
Log.wtf(TAG, e);
// Fallback
return (SSLSocketFactory) SSLSocketFactory.getDefault();
}
}
Also used :
OpenSSLContextImpl(com.android.org.conscrypt.OpenSSLContextImpl)
KeyManagementException(java.security.KeyManagementException)
Aggregations
KeyManagementException (java.security.KeyManagementException)132
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)86
SSLContext (javax.net.ssl.SSLContext)65
KeyStoreException (java.security.KeyStoreException)43
TrustManager (javax.net.ssl.TrustManager)39
IOException (java.io.IOException)38
CertificateException (java.security.cert.CertificateException)23
X509TrustManager (javax.net.ssl.X509TrustManager)22
SecureRandom (java.security.SecureRandom)21
X509Certificate (java.security.cert.X509Certificate)19
UnrecoverableKeyException (java.security.UnrecoverableKeyException)18
KeyManager (javax.net.ssl.KeyManager)18
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)16
KeyStore (java.security.KeyStore)13
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)13
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)10
HostnameVerifier (javax.net.ssl.HostnameVerifier)9
NoSuchProviderException (java.security.NoSuchProviderException)7
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)7
SSLSocket (javax.net.ssl.SSLSocket)7
