Examples with KeyManagementException java.security.KeyManagementException used on opensource projects

Example 91 with KeyManagementException

use of java.security.KeyManagementException in project Smack by igniterealtime.

the class XMPPTCPConnection method proceedTLSReceived.

/**
     * The server has indicated that TLS negotiation can start. We now need to secure the
     * existing plain connection and perform a handshake. This method won't return until the
     * connection has finished the handshake or an error occurred while securing the connection.
     * @throws IOException 
     * @throws CertificateException 
     * @throws NoSuchAlgorithmException 
     * @throws NoSuchProviderException 
     * @throws KeyStoreException 
     * @throws UnrecoverableKeyException 
     * @throws KeyManagementException 
     * @throws SmackException 
     * @throws Exception if an exception occurs.
     */
@SuppressWarnings("LiteralClassName")
private void proceedTLSReceived() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, NoSuchProviderException, UnrecoverableKeyException, KeyManagementException, SmackException {
    SSLContext context = this.config.getCustomSSLContext();
    KeyStore ks = null;
    KeyManager[] kms = null;
    PasswordCallback pcb = null;
    SmackDaneVerifier daneVerifier = null;
    if (config.getDnssecMode() == DnssecMode.needsDnssecAndDane) {
        SmackDaneProvider daneProvider = DNSUtil.getDaneProvider();
        if (daneProvider == null) {
            throw new UnsupportedOperationException("DANE enabled but no SmackDaneProvider configured");
        }
        daneVerifier = daneProvider.newInstance();
        if (daneVerifier == null) {
            throw new IllegalStateException("DANE requested but DANE provider did not return a DANE verifier");
        }
    }
    if (context == null) {
        final String keyStoreType = config.getKeystoreType();
        final CallbackHandler callbackHandler = config.getCallbackHandler();
        final String keystorePath = config.getKeystorePath();
        if ("PKCS11".equals(keyStoreType)) {
            try {
                Constructor<?> c = Class.forName("sun.security.pkcs11.SunPKCS11").getConstructor(InputStream.class);
                String pkcs11Config = "name = SmartCard\nlibrary = " + config.getPKCS11Library();
                ByteArrayInputStream config = new ByteArrayInputStream(pkcs11Config.getBytes(StringUtils.UTF8));
                Provider p = (Provider) c.newInstance(config);
                Security.addProvider(p);
                ks = KeyStore.getInstance("PKCS11", p);
                pcb = new PasswordCallback("PKCS11 Password: ", false);
                callbackHandler.handle(new Callback[] { pcb });
                ks.load(null, pcb.getPassword());
            } catch (Exception e) {
                LOGGER.log(Level.WARNING, "Exception", e);
                ks = null;
            }
        } else if ("Apple".equals(keyStoreType)) {
            ks = KeyStore.getInstance("KeychainStore", "Apple");
            ks.load(null, null);
        //pcb = new PasswordCallback("Apple Keychain",false);
        //pcb.setPassword(null);
        } else if (keyStoreType != null) {
            ks = KeyStore.getInstance(keyStoreType);
            if (callbackHandler != null && StringUtils.isNotEmpty(keystorePath)) {
                try {
                    pcb = new PasswordCallback("Keystore Password: ", false);
                    callbackHandler.handle(new Callback[] { pcb });
                    ks.load(new FileInputStream(keystorePath), pcb.getPassword());
                } catch (Exception e) {
                    LOGGER.log(Level.WARNING, "Exception", e);
                    ks = null;
                }
            } else {
                ks.load(null, null);
            }
        }
        if (ks != null) {
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            try {
                if (pcb == null) {
                    kmf.init(ks, null);
                } else {
                    kmf.init(ks, pcb.getPassword());
                    pcb.clearPassword();
                }
                kms = kmf.getKeyManagers();
            } catch (NullPointerException npe) {
                LOGGER.log(Level.WARNING, "NullPointerException", npe);
            }
        }
        // If the user didn't specify a SSLContext, use the default one
        context = SSLContext.getInstance("TLS");
        final SecureRandom secureRandom = new java.security.SecureRandom();
        X509TrustManager customTrustManager = config.getCustomX509TrustManager();
        if (daneVerifier != null) {
            // User requested DANE verification.
            daneVerifier.init(context, kms, customTrustManager, secureRandom);
        } else {
            TrustManager[] customTrustManagers = null;
            if (customTrustManager != null) {
                customTrustManagers = new TrustManager[] { customTrustManager };
            }
            context.init(kms, customTrustManagers, secureRandom);
        }
    }
    Socket plain = socket;
    // Secure the plain connection
    socket = context.getSocketFactory().createSocket(plain, host, plain.getPort(), true);
    final SSLSocket sslSocket = (SSLSocket) socket;
    // Immediately set the enabled SSL protocols and ciphers. See SMACK-712 why this is
    // important (at least on certain platforms) and it seems to be a good idea anyways to
    // prevent an accidental implicit handshake.
    TLSUtils.setEnabledProtocolsAndCiphers(sslSocket, config.getEnabledSSLProtocols(), config.getEnabledSSLCiphers());
    // Initialize the reader and writer with the new secured version
    initReaderAndWriter();
    // Proceed to do the handshake
    sslSocket.startHandshake();
    if (daneVerifier != null) {
        daneVerifier.finish(sslSocket);
    }
    final HostnameVerifier verifier = getConfiguration().getHostnameVerifier();
    if (verifier == null) {
        throw new IllegalStateException("No HostnameVerifier set. Use connectionConfiguration.setHostnameVerifier() to configure.");
    } else if (!verifier.verify(getXMPPServiceDomain().toString(), sslSocket.getSession())) {
        throw new CertificateException("Hostname verification of certificate failed. Certificate does not authenticate " + getXMPPServiceDomain());
    }
    // Set that TLS was successful
    secureSocket = sslSocket;
}

Example 92 with KeyManagementException

use of java.security.KeyManagementException in project robovm by robovm.

the class SystemScope method removeIdentity.

/**
     * @see java.security.IdentityScope#removeIdentity(java.security.Identity)
     */
public synchronized void removeIdentity(Identity identity) throws KeyManagementException {
    //Exception caught = null;
    if (identity == null) {
        throw new NullPointerException("identity == null");
    }
    String name = identity.getName();
    if (name == null) {
        throw new NullPointerException("name == null");
    }
    boolean contains = names.containsKey(name);
    names.remove(name);
    PublicKey key = identity.getPublicKey();
    if (key != null) {
        contains = contains || keys.containsKey(key);
        keys.remove(key);
    }
    if (!contains) {
        throw new KeyManagementException("identity not found");
    }
}

Example 93 with KeyManagementException

use of java.security.KeyManagementException in project robovm by robovm.

the class SystemScope method addIdentity.

/**
     * @see java.security.IdentityScope#addIdentity(java.security.Identity)
     */
public synchronized void addIdentity(Identity identity) throws KeyManagementException {
    if (identity == null) {
        throw new NullPointerException("identity == null");
    }
    String name = identity.getName();
    if (names.containsKey(name)) {
        throw new KeyManagementException("name '" + name + "' is already used");
    }
    PublicKey key = identity.getPublicKey();
    if (key != null && keys.containsKey(key)) {
        throw new KeyManagementException("key '" + key + "' is already used");
    }
    names.put(name, identity);
    if (key != null) {
        keys.put(key, identity);
    }
}

Example 94 with KeyManagementException

use of java.security.KeyManagementException in project scdl by passy.

the class SecureSoundcloudApiQueryImpl method pinSSLConnection.

/**
	 * Applies the pinning SSL manager to the connection.
	 * 
	 * @param connection
	 */
private void pinSSLConnection(final HttpURLConnection connection) {
    if (!(connection instanceof HttpsURLConnection)) {
        throw new IllegalStateException("Not an SSL connection!");
    }
    final TrustManager[] trustManagers = getPinningTrustManagers();
    final SSLContext sslContext;
    try {
        sslContext = SSLContext.getInstance("TLS");
    } catch (final NoSuchAlgorithmException e) {
        // Again, should not happen if I didn't type it wrong.
        throw new IllegalArgumentException(e);
    }
    try {
        sslContext.init(null, trustManagers, null);
    } catch (final KeyManagementException e) {
        throw new IllegalStateException(e);
    }
    ((HttpsURLConnection) connection).setSSLSocketFactory(sslContext.getSocketFactory());
}

Example 95 with KeyManagementException

use of java.security.KeyManagementException in project twitter-2-weibo by rjyo.

the class MySSLSocketFactory method createSSLContext.

private SSLContext createSSLContext() {
    SSLContext sslcontext = null;
    try {
        sslcontext = SSLContext.getInstance("SSL");
        sslcontext.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new java.security.SecureRandom());
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (KeyManagementException e) {
        e.printStackTrace();
    }
    return sslcontext;
}