Example 1 with SystemException
use of com.netflix.spinnaker.kork.exceptions.SystemException in project kork by spinnaker.
the class InsecureOkHttpClientBuilderProvider method setSSLSocketFactory.
private OkHttpClient.Builder setSSLSocketFactory(OkHttpClient.Builder builder, ServiceEndpoint service) {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustManagers = new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[] {};
}
} };
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManagers, null);
builder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) trustManagers[0]);
builder.hostnameVerifier((hostname, session) -> true);
} catch (Exception e) {
log.error("Unable to set ssl socket factory for {}", service.getBaseUrl(), e);
throw new SystemException(format("Unable to set ssl socket factory for (%s)", service.getBaseUrl()), e);
}
return builder;
}
Also used :
SystemException(com.netflix.spinnaker.kork.exceptions.SystemException)
X509TrustManager(javax.net.ssl.X509TrustManager)
SSLContext(javax.net.ssl.SSLContext)
SystemException(com.netflix.spinnaker.kork.exceptions.SystemException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Example 2 with SystemException
use of com.netflix.spinnaker.kork.exceptions.SystemException in project kork by spinnaker.
the class DefaultOkHttpClientBuilderProvider method setSSLSocketFactory.
protected OkHttpClient.Builder setSSLSocketFactory(OkHttpClient.Builder builder, ServiceEndpoint serviceEndpoint) {
if ((okHttpClientConfigurationProperties.getKeyStore() == null && okHttpClientConfigurationProperties.getTrustStore() == null) || serviceEndpoint.isUseDefaultSslSocketFactory()) {
return builder;
}
try {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance(okHttpClientConfigurationProperties.getKeyStoreType());
ks.load(new FileInputStream(okHttpClientConfigurationProperties.getKeyStore()), okHttpClientConfigurationProperties.getKeyStorePassword().toCharArray());
keyManagerFactory.init(ks, okHttpClientConfigurationProperties.getKeyStorePassword().toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ts = KeyStore.getInstance(okHttpClientConfigurationProperties.getTrustStoreType());
ts.load(new FileInputStream(okHttpClientConfigurationProperties.getTrustStore()), okHttpClientConfigurationProperties.getTrustStorePassword().toCharArray());
trustManagerFactory.init(ts);
SecureRandom secureRandom = SecureRandom.getInstance(okHttpClientConfigurationProperties.getSecureRandomInstanceType());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), secureRandom);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
checkState(trustManagers.length == 1, "Found multiple trust managers; don't know which one to use");
checkState(trustManagers[0] instanceof X509TrustManager, "Configured TrustManager is a %s, not an X509TrustManager; don't know how to configure it", trustManagers[0].getClass().getSimpleName());
builder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) trustManagers[0]);
} catch (Exception e) {
log.error("Unable to set ssl socket factory for {}", serviceEndpoint.getBaseUrl(), e);
throw new SystemException(format("Unable to set ssl socket factory for (%s)", serviceEndpoint.getBaseUrl()), e);
}
return builder;
}
Also used :
SystemException(com.netflix.spinnaker.kork.exceptions.SystemException)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
SystemException(com.netflix.spinnaker.kork.exceptions.SystemException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Aggregations
SystemException (com.netflix.spinnaker.kork.exceptions.SystemException)2
SSLContext (javax.net.ssl.SSLContext)2
TrustManager (javax.net.ssl.TrustManager)2
X509TrustManager (javax.net.ssl.X509TrustManager)2
FileInputStream (java.io.FileInputStream)1
KeyStore (java.security.KeyStore)1
SecureRandom (java.security.SecureRandom)1
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)1
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)1
