Example 41 with KeyStore
use of java.security.KeyStore in project camel by apache.
the class TestKeystore method getKeyStore.
public static KeyStore getKeyStore() throws GeneralSecurityException, IOException {
KeyStore ks = KeyStore.getInstance("JKS");
InputStream is = TestKeystore.class.getClassLoader().getResourceAsStream("org/apache/camel/component/xmlsecurity/keystore.jks");
ks.load(is, null);
return ks;
}
Also used :
InputStream(java.io.InputStream)
KeyStore(java.security.KeyStore)
Example 42 with KeyStore
use of java.security.KeyStore in project XobotOS by xamarin.
the class DefaultSSLContextImpl method getTrustManagers.
// TODO javax.net.ssl.trustStoreProvider system property
TrustManager[] getTrustManagers() throws GeneralSecurityException, IOException {
if (TRUST_MANAGERS != null) {
return TRUST_MANAGERS;
}
// find TrustStore, TrustManagers
String keystore = System.getProperty("javax.net.ssl.trustStore");
if (keystore == null) {
return null;
}
String keystorepwd = System.getProperty("javax.net.ssl.trustStorePassword");
char[] pwd = (keystorepwd == null) ? null : keystorepwd.toCharArray();
// TODO Defaults: jssecacerts; cacerts
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream is = null;
try {
is = new BufferedInputStream(new FileInputStream(keystore));
ks.load(is, pwd);
} finally {
if (is != null) {
is.close();
}
}
String tmfAlg = Security.getProperty("ssl.TrustManagerFactory.algorithm");
if (tmfAlg == null) {
tmfAlg = "PKIX";
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlg);
tmf.init(ks);
TRUST_MANAGERS = tmf.getTrustManagers();
return TRUST_MANAGERS;
}
Also used :
BufferedInputStream(java.io.BufferedInputStream)
BufferedInputStream(java.io.BufferedInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
Example 43 with KeyStore
use of java.security.KeyStore in project zaproxy by zaproxy.
the class RelaxedX509TrustManager method getTunnelSSLSocketFactory.
// ZAP: added new ServerSocketFaktory with support of dynamic SSL certificates
public SSLSocketFactory getTunnelSSLSocketFactory(String hostname) {
// KeyStore ks;
try {
SSLContext ctx = SSLContext.getInstance(SSL);
// Normally "SunX509", "IbmX509"...
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
SslCertificateService scs = CachedSslCertifificateServiceImpl.getService();
KeyStore ks = scs.createCertForHost(hostname);
kmf.init(ks, SslCertificateService.PASSPHRASE);
java.security.SecureRandom x = new java.security.SecureRandom();
x.setSeed(System.currentTimeMillis());
ctx.init(kmf.getKeyManagers(), null, x);
SSLSocketFactory tunnelSSLFactory = createDecoratedServerSslSocketFactory(ctx.getSocketFactory());
return tunnelSSLFactory;
} catch (NoSuchAlgorithmException | KeyStoreException | CertificateException | UnrecoverableKeyException | KeyManagementException | InvalidKeyException | NoSuchProviderException | SignatureException | IOException e) {
// friendly way?
throw new RuntimeException(e);
}
}
Also used :
SslCertificateService(org.parosproxy.paros.security.SslCertificateService)
CertificateException(java.security.cert.CertificateException)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
SignatureException(java.security.SignatureException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
KeyStore(java.security.KeyStore)
KeyManagementException(java.security.KeyManagementException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 44 with KeyStore
use of java.security.KeyStore in project zaproxy by zaproxy.
the class SslCertificateServiceImpl method createCertForHost.
@Override
public KeyStore createCertForHost(String hostname) throws NoSuchAlgorithmException, InvalidKeyException, CertificateException, NoSuchProviderException, SignatureException, KeyStoreException, IOException, UnrecoverableKeyException {
if (hostname == null) {
throw new IllegalArgumentException("Error, 'hostname' is not allowed to be null!");
}
if (this.caCert == null || this.caPrivKey == null || this.caPubKey == null) {
throw new MissingRootCertificateException(this.getClass() + " wasn't initialized! Got to options 'Dynamic SSL Certs' and create one.");
}
final KeyPair mykp = this.createKeyPair();
final PrivateKey privKey = mykp.getPrivate();
final PublicKey pubKey = mykp.getPublic();
X500NameBuilder namebld = new X500NameBuilder(BCStyle.INSTANCE);
namebld.addRDN(BCStyle.CN, hostname);
namebld.addRDN(BCStyle.OU, "Zed Attack Proxy Project");
namebld.addRDN(BCStyle.O, "OWASP");
namebld.addRDN(BCStyle.C, "xx");
namebld.addRDN(BCStyle.EmailAddress, "owasp-zed-attack-proxy@lists.owasp.org");
X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(new X509CertificateHolder(caCert.getEncoded()).getSubject(), BigInteger.valueOf(serial.getAndIncrement()), new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), new Date(System.currentTimeMillis() + 100 * (1000L * 60 * 60 * 24 * 30)), namebld.build(), pubKey);
certGen.addExtension(Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifier(pubKey.getEncoded()));
certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(false));
certGen.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.dNSName, hostname)));
ContentSigner sigGen;
try {
sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(caPrivKey);
} catch (OperatorCreationException e) {
throw new CertificateException(e);
}
final X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen));
cert.checkValidity(new Date());
cert.verify(caPubKey);
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
final Certificate[] chain = new Certificate[2];
chain[1] = this.caCert;
chain[0] = cert;
ks.setKeyEntry(ZAPROXY_JKS_ALIAS, privKey, PASSPHRASE, chain);
return ks;
}
Also used :
KeyPair(java.security.KeyPair)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder)
PublicKey(java.security.PublicKey)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
CertificateException(java.security.cert.CertificateException)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
KeyStore(java.security.KeyStore)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 45 with KeyStore
use of java.security.KeyStore in project zaproxy by zaproxy.
the class DynamicSSLPanel method doGenerate.
/**
* Generates a new Root CA certificate ...
*/
private void doGenerate() {
if (checkExistingCertificate()) {
// prevent overwriting
return;
}
try {
final KeyStore newrootca = SslCertificateUtils.createRootCA();
setRootca(newrootca);
} catch (final Exception e) {
logger.error("Error while generating Root CA certificate", e);
}
}
Also used :
KeyStore(java.security.KeyStore)
IOException(java.io.IOException)
Aggregations
KeyStore (java.security.KeyStore)899
IOException (java.io.IOException)226
X509Certificate (java.security.cert.X509Certificate)216
FileInputStream (java.io.FileInputStream)186
InputStream (java.io.InputStream)177
KeyStoreException (java.security.KeyStoreException)174
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)165
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)146
Certificate (java.security.cert.Certificate)144
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)136
SSLContext (javax.net.ssl.SSLContext)130
CertificateException (java.security.cert.CertificateException)115
PrivateKey (java.security.PrivateKey)104
File (java.io.File)95
CertificateFactory (java.security.cert.CertificateFactory)80
ByteArrayInputStream (java.io.ByteArrayInputStream)78
UnrecoverableKeyException (java.security.UnrecoverableKeyException)64
Key (java.security.Key)63
TrustManager (javax.net.ssl.TrustManager)60
Test (org.junit.Test)54
