Search in sources :

Example 1 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project jetty.project by eclipse.

the class SslContextFactory method getTrustManagers.

protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception {
    TrustManager[] managers = null;
    if (trustStore != null) {
        // Revocation checking is only supported for PKIX algorithm
        if (isValidatePeerCerts() && "PKIX".equalsIgnoreCase(getTrustManagerFactoryAlgorithm())) {
            PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
            // Set maximum certification path length
            pbParams.setMaxPathLength(_maxCertPathLength);
            // Make sure revocation checking is enabled
            pbParams.setRevocationEnabled(true);
            if (crls != null && !crls.isEmpty()) {
                pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
            }
            if (_enableCRLDP) {
                // Enable Certificate Revocation List Distribution Points (CRLDP) support
                System.setProperty("com.sun.security.enableCRLDP", "true");
            }
            if (_enableOCSP) {
                // Enable On-Line Certificate Status Protocol (OCSP) support
                Security.setProperty("ocsp.enable", "true");
                if (_ocspResponderURL != null) {
                    // Override location of OCSP Responder
                    Security.setProperty("ocsp.responderURL", _ocspResponderURL);
                }
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
            trustManagerFactory.init(new CertPathTrustManagerParameters(pbParams));
            managers = trustManagerFactory.getTrustManagers();
        } else {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
            trustManagerFactory.init(trustStore);
            managers = trustManagerFactory.getTrustManagers();
        }
    }
    return managers;
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) X509CertSelector(java.security.cert.X509CertSelector) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 2 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project robovm by robovm.

the class TrustManagerFactoryTest method test_TrustManagerFactory.

private void test_TrustManagerFactory(TrustManagerFactory tmf) throws Exception {
    assertNotNull(tmf);
    assertNotNull(tmf.getAlgorithm());
    assertNotNull(tmf.getProvider());
    // before init
    try {
        tmf.getTrustManagers();
        fail();
    } catch (IllegalStateException expected) {
    }
    // init with null ManagerFactoryParameters
    try {
        tmf.init((ManagerFactoryParameters) null);
        fail();
    } catch (InvalidAlgorithmParameterException expected) {
    }
    // init with useless ManagerFactoryParameters
    try {
        tmf.init(new UselessManagerFactoryParameters());
        fail();
    } catch (InvalidAlgorithmParameterException expected) {
    }
    // init with PKIXParameters ManagerFactoryParameters
    try {
        PKIXParameters pp = new PKIXParameters(getTestKeyStore().keyStore);
        CertPathTrustManagerParameters cptmp = new CertPathTrustManagerParameters(pp);
        tmf.init(cptmp);
        fail();
    } catch (InvalidAlgorithmParameterException expected) {
    }
    // init with PKIXBuilderParameters ManagerFactoryParameters
    X509CertSelector xcs = new X509CertSelector();
    PKIXBuilderParameters pbp = new PKIXBuilderParameters(getTestKeyStore().keyStore, xcs);
    CertPathTrustManagerParameters cptmp = new CertPathTrustManagerParameters(pbp);
    if (supportsManagerFactoryParameters(tmf.getAlgorithm())) {
        tmf.init(cptmp);
        test_TrustManagerFactory_getTrustManagers(tmf);
    } else {
        try {
            tmf.init(cptmp);
            fail();
        } catch (InvalidAlgorithmParameterException expected) {
        }
    }
    // init with null for default KeyStore
    tmf.init((KeyStore) null);
    test_TrustManagerFactory_getTrustManagers(tmf);
    // init with specific key store
    tmf.init(getTestKeyStore().keyStore);
    test_TrustManagerFactory_getTrustManagers(tmf);
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PKIXParameters(java.security.cert.PKIXParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) X509CertSelector(java.security.cert.X509CertSelector)

Example 3 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project robovm by robovm.

the class MyCertPathParameters method test_ConstructorLjava_security_cert_CertPathParameters.

/**
     * javax.net.ssl.CertPathTrustManagerParameters#
     *     CertPathTrustManagerParameters(java.security.cert.CertPathParameters)
     * Case 1: Try to construct object.
     * Case 2: Check NullPointerException.
     */
public void test_ConstructorLjava_security_cert_CertPathParameters() {
    // case 1: Try to construct object.
    try {
        CertPathParameters parameters = new MyCertPathParameters();
        CertPathTrustManagerParameters p = new CertPathTrustManagerParameters(parameters);
        assertNotSame("Parameters were cloned incorrectly", parameters, p.getParameters());
    } catch (Exception e) {
        fail("Unexpected exception " + e.toString());
    }
    // case 2: Check NullPointerException.
    try {
        new CertPathTrustManagerParameters(null);
        fail("Expected CertPathTrustManagerParameters was not thrown");
    } catch (NullPointerException npe) {
    // expected
    }
}
Also used : CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) CertPathParameters(java.security.cert.CertPathParameters)

Example 4 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project robovm by robovm.

the class MyCertPathParameters method test_getParameters.

/**
     * javax.net.ssl.CertPathTrustManagerParameters#getParameters()
     */
public void test_getParameters() {
    CertPathParameters parameters = new MyCertPathParameters();
    CertPathTrustManagerParameters p = new CertPathTrustManagerParameters(parameters);
    if (!(p.getParameters() instanceof MyCertPathParameters)) {
        fail("incorrect parameters");
    }
    assertNotSame("Parameters were cloned incorrectly", parameters, p.getParameters());
}
Also used : CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) CertPathParameters(java.security.cert.CertPathParameters)

Example 5 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project tomcat70 by apache.

the class JSSESocketFactory method getTrustManagers.

/**
 * Gets the initialized trust managers.
 */
protected TrustManager[] getTrustManagers(String keystoreType, String keystoreProvider, String algorithm) throws Exception {
    String crlf = endpoint.getCrlFile();
    String className = endpoint.getTrustManagerClassName();
    if (className != null && className.length() > 0) {
        ClassLoader classLoader = getClass().getClassLoader();
        Class<?> clazz = classLoader.loadClass(className);
        if (!(TrustManager.class.isAssignableFrom(clazz))) {
            throw new InstantiationException(sm.getString("jsse.invalidTrustManagerClassName", className));
        }
        Object trustManagerObject = clazz.newInstance();
        TrustManager trustManager = (TrustManager) trustManagerObject;
        return new TrustManager[] { trustManager };
    }
    TrustManager[] tms = null;
    KeyStore trustStore = getTrustStore(keystoreType, keystoreProvider);
    if (trustStore != null || endpoint.getTrustManagerClassName() != null) {
        if (crlf == null) {
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
            tmf.init(trustStore);
            tms = tmf.getTrustManagers();
        } else {
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
            CertPathParameters params = getParameters(algorithm, crlf, trustStore);
            ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
            tmf.init(mfp);
            tms = tmf.getTrustManagers();
        }
    }
    return tms;
}
Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) CertPathParameters(java.security.cert.CertPathParameters) KeyStore(java.security.KeyStore) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters) TrustManager(javax.net.ssl.TrustManager)

Aggregations

CertPathTrustManagerParameters (javax.net.ssl.CertPathTrustManagerParameters)22 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)16 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)15 X509CertSelector (java.security.cert.X509CertSelector)15 KeyStore (java.security.KeyStore)13 CertPathParameters (java.security.cert.CertPathParameters)6 TrustManager (javax.net.ssl.TrustManager)6 ManagerFactoryParameters (javax.net.ssl.ManagerFactoryParameters)5 Bus (org.apache.cxf.Bus)5 URL (java.net.URL)4 GeneralSecurityException (java.security.GeneralSecurityException)4 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)4 TLSClientParameters (org.apache.cxf.configuration.jsse.TLSClientParameters)4 Client (org.apache.cxf.endpoint.Client)4 HTTPConduit (org.apache.cxf.transport.http.HTTPConduit)4 IOException (java.io.IOException)3 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)3 QName (javax.xml.namespace.QName)3 Service (javax.xml.ws.Service)3