Example 1 with CertPathTrustManagerParameters
use of javax.net.ssl.CertPathTrustManagerParameters in project jetty.project by eclipse.
the class SslContextFactory method getTrustManagers.
protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception {
TrustManager[] managers = null;
if (trustStore != null) {
// Revocation checking is only supported for PKIX algorithm
if (isValidatePeerCerts() && "PKIX".equalsIgnoreCase(getTrustManagerFactoryAlgorithm())) {
PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
// Set maximum certification path length
pbParams.setMaxPathLength(_maxCertPathLength);
// Make sure revocation checking is enabled
pbParams.setRevocationEnabled(true);
if (crls != null && !crls.isEmpty()) {
pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
}
if (_enableCRLDP) {
// Enable Certificate Revocation List Distribution Points (CRLDP) support
System.setProperty("com.sun.security.enableCRLDP", "true");
}
if (_enableOCSP) {
// Enable On-Line Certificate Status Protocol (OCSP) support
Security.setProperty("ocsp.enable", "true");
if (_ocspResponderURL != null) {
// Override location of OCSP Responder
Security.setProperty("ocsp.responderURL", _ocspResponderURL);
}
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
trustManagerFactory.init(new CertPathTrustManagerParameters(pbParams));
managers = trustManagerFactory.getTrustManagers();
} else {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
trustManagerFactory.init(trustStore);
managers = trustManagerFactory.getTrustManagers();
}
}
return managers;
}
Also used :
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters)
X509CertSelector(java.security.cert.X509CertSelector)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Example 2 with CertPathTrustManagerParameters
use of javax.net.ssl.CertPathTrustManagerParameters in project robovm by robovm.
the class TrustManagerFactoryTest method test_TrustManagerFactory.
private void test_TrustManagerFactory(TrustManagerFactory tmf) throws Exception {
assertNotNull(tmf);
assertNotNull(tmf.getAlgorithm());
assertNotNull(tmf.getProvider());
// before init
try {
tmf.getTrustManagers();
fail();
} catch (IllegalStateException expected) {
}
// init with null ManagerFactoryParameters
try {
tmf.init((ManagerFactoryParameters) null);
fail();
} catch (InvalidAlgorithmParameterException expected) {
}
// init with useless ManagerFactoryParameters
try {
tmf.init(new UselessManagerFactoryParameters());
fail();
} catch (InvalidAlgorithmParameterException expected) {
}
// init with PKIXParameters ManagerFactoryParameters
try {
PKIXParameters pp = new PKIXParameters(getTestKeyStore().keyStore);
CertPathTrustManagerParameters cptmp = new CertPathTrustManagerParameters(pp);
tmf.init(cptmp);
fail();
} catch (InvalidAlgorithmParameterException expected) {
}
// init with PKIXBuilderParameters ManagerFactoryParameters
X509CertSelector xcs = new X509CertSelector();
PKIXBuilderParameters pbp = new PKIXBuilderParameters(getTestKeyStore().keyStore, xcs);
CertPathTrustManagerParameters cptmp = new CertPathTrustManagerParameters(pbp);
if (supportsManagerFactoryParameters(tmf.getAlgorithm())) {
tmf.init(cptmp);
test_TrustManagerFactory_getTrustManagers(tmf);
} else {
try {
tmf.init(cptmp);
fail();
} catch (InvalidAlgorithmParameterException expected) {
}
}
// init with null for default KeyStore
tmf.init((KeyStore) null);
test_TrustManagerFactory_getTrustManagers(tmf);
// init with specific key store
tmf.init(getTestKeyStore().keyStore);
test_TrustManagerFactory_getTrustManagers(tmf);
}
Also used :
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
PKIXParameters(java.security.cert.PKIXParameters)
PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters)
CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters)
X509CertSelector(java.security.cert.X509CertSelector)
Example 3 with CertPathTrustManagerParameters
use of javax.net.ssl.CertPathTrustManagerParameters in project robovm by robovm.
the class MyCertPathParameters method test_ConstructorLjava_security_cert_CertPathParameters.
/**
* javax.net.ssl.CertPathTrustManagerParameters#
* CertPathTrustManagerParameters(java.security.cert.CertPathParameters)
* Case 1: Try to construct object.
* Case 2: Check NullPointerException.
*/
public void test_ConstructorLjava_security_cert_CertPathParameters() {
// case 1: Try to construct object.
try {
CertPathParameters parameters = new MyCertPathParameters();
CertPathTrustManagerParameters p = new CertPathTrustManagerParameters(parameters);
assertNotSame("Parameters were cloned incorrectly", parameters, p.getParameters());
} catch (Exception e) {
fail("Unexpected exception " + e.toString());
}
// case 2: Check NullPointerException.
try {
new CertPathTrustManagerParameters(null);
fail("Expected CertPathTrustManagerParameters was not thrown");
} catch (NullPointerException npe) {
// expected
}
}
Also used :
CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters)
CertPathParameters(java.security.cert.CertPathParameters)
Example 4 with CertPathTrustManagerParameters
use of javax.net.ssl.CertPathTrustManagerParameters in project robovm by robovm.
the class MyCertPathParameters method test_getParameters.
/**
* javax.net.ssl.CertPathTrustManagerParameters#getParameters()
*/
public void test_getParameters() {
CertPathParameters parameters = new MyCertPathParameters();
CertPathTrustManagerParameters p = new CertPathTrustManagerParameters(parameters);
if (!(p.getParameters() instanceof MyCertPathParameters)) {
fail("incorrect parameters");
}
assertNotSame("Parameters were cloned incorrectly", parameters, p.getParameters());
}
Also used :
CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters)
CertPathParameters(java.security.cert.CertPathParameters)
Example 5 with CertPathTrustManagerParameters
use of javax.net.ssl.CertPathTrustManagerParameters in project tomcat70 by apache.
the class JSSESocketFactory method getTrustManagers.
/**
* Gets the initialized trust managers.
*/
protected TrustManager[] getTrustManagers(String keystoreType, String keystoreProvider, String algorithm) throws Exception {
String crlf = endpoint.getCrlFile();
String className = endpoint.getTrustManagerClassName();
if (className != null && className.length() > 0) {
ClassLoader classLoader = getClass().getClassLoader();
Class<?> clazz = classLoader.loadClass(className);
if (!(TrustManager.class.isAssignableFrom(clazz))) {
throw new InstantiationException(sm.getString("jsse.invalidTrustManagerClassName", className));
}
Object trustManagerObject = clazz.newInstance();
TrustManager trustManager = (TrustManager) trustManagerObject;
return new TrustManager[] { trustManager };
}
TrustManager[] tms = null;
KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider);
if (trustStore != null || endpoint.getTrustManagerClassName() != null) {
if (crlf == null) {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(trustStore);
tms = tmf.getTrustManagers();
} else {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
CertPathParameters params = getParameters(algorithm, crlf, trustStore);
ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
tmf.init(mfp);
tms = tmf.getTrustManagers();
}
}
return tms;
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters)
CertPathParameters(java.security.cert.CertPathParameters)
KeyStore(java.security.KeyStore)
ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters)
TrustManager(javax.net.ssl.TrustManager)
Aggregations
CertPathTrustManagerParameters (javax.net.ssl.CertPathTrustManagerParameters)22
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)16
PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)15
X509CertSelector (java.security.cert.X509CertSelector)15
KeyStore (java.security.KeyStore)13
CertPathParameters (java.security.cert.CertPathParameters)6
TrustManager (javax.net.ssl.TrustManager)6
ManagerFactoryParameters (javax.net.ssl.ManagerFactoryParameters)5
Bus (org.apache.cxf.Bus)5
URL (java.net.URL)4
GeneralSecurityException (java.security.GeneralSecurityException)4
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)4
TLSClientParameters (org.apache.cxf.configuration.jsse.TLSClientParameters)4
Client (org.apache.cxf.endpoint.Client)4
HTTPConduit (org.apache.cxf.transport.http.HTTPConduit)4
IOException (java.io.IOException)3
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3
CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)3
QName (javax.xml.namespace.QName)3
Service (javax.xml.ws.Service)3
