Example 56 with KeyManagementException
use of java.security.KeyManagementException in project ddf by codice.
the class CometDClient method doTrustAllCertificates.
private void doTrustAllCertificates() throws NoSuchAlgorithmException, KeyManagementException {
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
} };
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HostnameVerifier hostnameVerifier = (s, sslSession) -> s.equalsIgnoreCase(sslSession.getPeerHost());
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
SSLContext(javax.net.ssl.SSLContext)
StringUtils(org.apache.commons.lang.StringUtils)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
LongPollingTransport(org.cometd.client.transport.LongPollingTransport)
LocalDateTime(java.time.LocalDateTime)
LoggerFactory(org.slf4j.LoggerFactory)
TrustManager(javax.net.ssl.TrustManager)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
SecureRandom(java.security.SecureRandom)
HashSet(java.util.HashSet)
HttpClient(org.eclipse.jetty.client.HttpClient)
CollectionUtils(org.apache.commons.collections.CollectionUtils)
ISO_DATE_TIME(java.time.format.DateTimeFormatter.ISO_DATE_TIME)
Map(java.util.Map)
LocalTime(java.time.LocalTime)
ClientSessionChannel(org.cometd.bayeux.client.ClientSessionChannel)
ConnectException(java.net.ConnectException)
Channel(org.cometd.bayeux.Channel)
URI(java.net.URI)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
Logger(org.slf4j.Logger)
JsonPath(com.jayway.restassured.path.json.JsonPath)
Set(java.util.Set)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
Collectors(java.util.stream.Collectors)
TimeUnit(java.util.concurrent.TimeUnit)
List(java.util.List)
X509TrustManager(javax.net.ssl.X509TrustManager)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Optional(java.util.Optional)
ClientTransport(org.cometd.client.transport.ClientTransport)
BasicAuthentication(org.eclipse.jetty.client.util.BasicAuthentication)
Comparator(java.util.Comparator)
Collections(java.util.Collections)
Message(org.cometd.bayeux.Message)
BayeuxClient(org.cometd.client.BayeuxClient)
X509TrustManager(javax.net.ssl.X509TrustManager)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
X509Certificate(java.security.cert.X509Certificate)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
Example 57 with KeyManagementException
use of java.security.KeyManagementException in project ddf by codice.
the class SolrHttpWrapper method getSslContext.
private SSLContext getSslContext() {
String keystorePath = System.getProperty(SecurityConstants.KEYSTORE_PATH);
String keystorePassword = System.getProperty(SecurityConstants.KEYSTORE_PASSWORD);
String truststorePath = System.getProperty(SecurityConstants.TRUSTSTORE_PATH);
String truststorePassword = System.getProperty(SecurityConstants.TRUSTSTORE_PASSWORD);
if (keystorePath == null || keystorePassword == null || truststorePath == null || truststorePassword == null) {
throw new IllegalArgumentException("KeyStore and TrustStore system properties must be set.");
}
KeyStore trustStore = getKeyStore(truststorePath, truststorePassword);
KeyStore keyStore = getKeyStore(keystorePath, keystorePassword);
SSLContext sslContext;
try {
sslContext = SSLContexts.custom().loadKeyMaterial(keyStore, keystorePassword.toCharArray()).loadTrustMaterial(trustStore).useTLS().build();
} catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
LOGGER.error("Unable to create secure HttpClient for Solr. The server should not be used in this state.", e);
return null;
}
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
sslContext.getDefaultSSLParameters().setWantClientAuth(true);
return sslContext;
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
KeyManagementException(java.security.KeyManagementException)
Example 58 with KeyManagementException
use of java.security.KeyManagementException in project pact-jvm by DiUS.
the class InsecureHttpsRequest method setupInsecureSSL.
private void setupInsecureSSL() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
HttpClientBuilder b = HttpClientBuilder.create();
// setup a Trust Strategy that allows all certificates.
//
TrustStrategy trustStrategy = (chain, authType) -> true;
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, trustStrategy).build();
b.setSSLContext(sslContext);
// don't check Hostnames, either.
// -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken
HostnameVerifier hostnameVerifier = new NoopHostnameVerifier();
// here's the special part:
// -- need to create an SSL Socket Factory, to use our weakened "trust strategy";
// -- and create a Registry, to register it.
//
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory).build();
// now, we create connection-manager using our Registry.
// -- allows multi-threaded use
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
b.setConnectionManager(connMgr);
// finally, build the HttpClient;
// -- done!
this.httpclient = b.build();
}
Also used :
HttpPost(org.apache.http.client.methods.HttpPost)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
TrustStrategy(org.apache.http.ssl.TrustStrategy)
SSLContext(javax.net.ssl.SSLContext)
RegistryBuilder(org.apache.http.config.RegistryBuilder)
HttpOptions(org.apache.http.client.methods.HttpOptions)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
KeyStoreException(java.security.KeyStoreException)
SSLContextBuilder(org.apache.http.ssl.SSLContextBuilder)
HttpPut(org.apache.http.client.methods.HttpPut)
Registry(org.apache.http.config.Registry)
HttpGet(org.apache.http.client.methods.HttpGet)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)
NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier)
HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder)
URI(java.net.URI)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
TrustStrategy(org.apache.http.ssl.TrustStrategy)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier)
HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder)
SSLContext(javax.net.ssl.SSLContext)
SSLContextBuilder(org.apache.http.ssl.SSLContextBuilder)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)
Example 59 with KeyManagementException
use of java.security.KeyManagementException in project ddf by codice.
the class HttpSolrClientFactory method getSslContext.
private static SSLContext getSslContext() {
if (//
System.getProperty("javax.net.ssl.keyStore") == null || //
System.getProperty("javax.net.ssl.keyStorePassword") == null || //
System.getProperty("javax.net.ssl.trustStore") == null || System.getProperty("javax.net.ssl.trustStorePassword") == null) {
throw new IllegalArgumentException("KeyStore and TrustStore system properties must be set.");
}
KeyStore trustStore = getKeyStore(System.getProperty("javax.net.ssl.trustStore"), System.getProperty("javax.net.ssl.trustStorePassword"));
KeyStore keyStore = getKeyStore(System.getProperty("javax.net.ssl.keyStore"), System.getProperty("javax.net.ssl.keyStorePassword"));
SSLContext sslContext = null;
try {
sslContext = SSLContexts.custom().loadKeyMaterial(keyStore, System.getProperty("javax.net.ssl.keyStorePassword").toCharArray()).loadTrustMaterial(trustStore).useTLS().build();
} catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
throw new IllegalArgumentException("Unable to use javax.net.ssl.keyStorePassword to load key material to create SSL context for Solr client.");
}
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
sslContext.getDefaultSSLParameters().setWantClientAuth(true);
return sslContext;
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
KeyManagementException(java.security.KeyManagementException)
Example 60 with KeyManagementException
use of java.security.KeyManagementException in project android_frameworks_base by crdroidandroid.
the class SSLCertificateSocketFactory method makeSocketFactory.
private SSLSocketFactory makeSocketFactory(KeyManager[] keyManagers, TrustManager[] trustManagers) {
try {
OpenSSLContextImpl sslContext = OpenSSLContextImpl.getPreferred();
sslContext.engineInit(keyManagers, trustManagers, null);
sslContext.engineGetClientSessionContext().setPersistentCache(mSessionCache);
return sslContext.engineGetSocketFactory();
} catch (KeyManagementException e) {
Log.wtf(TAG, e);
// Fallback
return (SSLSocketFactory) SSLSocketFactory.getDefault();
}
}
Also used :
OpenSSLContextImpl(com.android.org.conscrypt.OpenSSLContextImpl)
KeyManagementException(java.security.KeyManagementException)
Aggregations
KeyManagementException (java.security.KeyManagementException)157
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)111
SSLContext (javax.net.ssl.SSLContext)83
KeyStoreException (java.security.KeyStoreException)60
IOException (java.io.IOException)55
TrustManager (javax.net.ssl.TrustManager)45
CertificateException (java.security.cert.CertificateException)35
X509TrustManager (javax.net.ssl.X509TrustManager)28
SecureRandom (java.security.SecureRandom)27
X509Certificate (java.security.cert.X509Certificate)26
UnrecoverableKeyException (java.security.UnrecoverableKeyException)24
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)24
KeyStore (java.security.KeyStore)22
KeyManager (javax.net.ssl.KeyManager)19
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)16
HostnameVerifier (javax.net.ssl.HostnameVerifier)15
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)15
InputStream (java.io.InputStream)12
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)11
SSLSession (javax.net.ssl.SSLSession)10
