Search in sources :

Example 6 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project testcases by coheigea.

the class ClientAuthServer method run.

protected void run() {
    Bus busLocal = BusFactory.getDefaultBus(true);
    setBus(busLocal);
    String address = "https://localhost:" + TLSOCSPClientAuthTest.PORT + "/doubleit/services/doubleittlsocspclientauth";
    try {
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(ClassLoaderUtils.getResourceAsStream("servicestore.jks", this.getClass()), "sspass".toCharArray());
        PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        param.setRevocationEnabled(true);
        tmf.init(new CertPathTrustManagerParameters(param));
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(keyStore, "skpass".toCharArray());
        ClientAuthentication clientAuthentication = new ClientAuthentication();
        clientAuthentication.setRequired(true);
        clientAuthentication.setWant(true);
        TLSServerParameters tlsParams = new TLSServerParameters();
        tlsParams.setTrustManagers(tmf.getTrustManagers());
        tlsParams.setKeyManagers(kmf.getKeyManagers());
        tlsParams.setClientAuthentication(clientAuthentication);
        Map<String, TLSServerParameters> map = new HashMap<>();
        map.put("tlsId", tlsParams);
        JettyHTTPServerEngineFactory factory = busLocal.getExtension(JettyHTTPServerEngineFactory.class);
        factory.setTlsServerParametersMap(map);
        factory.createJettyHTTPServerEngine("localhost", Integer.parseInt(TLSOCSPClientAuthTest.PORT), "https", "tlsId");
        factory.initComplete();
    } catch (Exception ex) {
        ex.printStackTrace();
    }
    Endpoint.publish(address, new DoubleItPortTypeImpl());
}
Also used : Bus(org.apache.cxf.Bus) HashMap(java.util.HashMap) DoubleItPortTypeImpl(org.apache.coheigea.cxf.ocsp.common.DoubleItPortTypeImpl) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) TLSServerParameters(org.apache.cxf.configuration.jsse.TLSServerParameters) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) JettyHTTPServerEngineFactory(org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory) ClientAuthentication(org.apache.cxf.configuration.security.ClientAuthentication)

Example 7 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project tomee by apache.

the class TLSParameterJaxBUtils method getTrustManagers.

public static TrustManager[] getTrustManagers(TrustManagersType tmc, boolean enableRevocation) throws GeneralSecurityException, IOException {
    final KeyStore keyStore = tmc.isSetKeyStore() ? getKeyStore(tmc.getKeyStore(), true) : (tmc.isSetCertStore() ? getKeyStore(tmc.getCertStore()) : null);
    String alg = tmc.isSetFactoryAlgorithm() ? tmc.getFactoryAlgorithm() : TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory fac = tmc.isSetProvider() ? TrustManagerFactory.getInstance(alg, tmc.getProvider()) : TrustManagerFactory.getInstance(alg);
    if (enableRevocation) {
        PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        param.setRevocationEnabled(true);
        fac.init(new CertPathTrustManagerParameters(param));
    } else {
        fac.init(keyStore);
    }
    return fac.getTrustManagers();
}
Also used : PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore)

Example 8 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project Payara by payara.

the class JSSE14SocketFactory method getTrustManagers.

/**
 * Gets the initialized trust managers.
 */
protected TrustManager[] getTrustManagers(String algorithm) throws Exception {
    String crlFile = (String) attributes.get("crlFile");
    TrustManager[] tms = null;
    KeyStore[] trustStores = getTrustStore();
    if (trustStores != null) {
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
        if (crlFile == null) {
            for (KeyStore trustStore : trustStores) {
                tmf.init(trustStore);
            }
        } else {
            for (KeyStore trustStore : trustStores) {
                CertPathParameters params = getParameters(algorithm, crlFile, trustStore);
                ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
                tmf.init(mfp);
            }
        }
        tms = tmf.getTrustManagers();
    }
    return tms;
}
Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) CertPathParameters(java.security.cert.CertPathParameters) KeyStore(java.security.KeyStore) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters) TrustManager(javax.net.ssl.TrustManager)

Example 9 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project qpid-broker-j by apache.

the class AbstractTrustStore method getTrustManagers.

protected TrustManager[] getTrustManagers(KeyStore ts) {
    try {
        final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(new CertPathTrustManagerParameters(getParameters(ts)));
        return tmf.getTrustManagers();
    } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) {
        throw new IllegalConfigurationException("Cannot create trust manager factory for truststore '" + getName() + "' :" + e, e);
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 10 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project cxf by apache.

the class TrustManagerTest method testOSCPOverride.

@org.junit.Test
public void testOSCPOverride() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = TrustManagerTest.class.getResource("client-trust.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL url = SOAPService.WSDL_LOCATION;
    SOAPService service = new SOAPService(url, SOAPService.SERVICE);
    assertNotNull("Service is null", service);
    final Greeter port = service.getHttpsPort();
    assertNotNull("Port is null", port);
    updateAddressPort(port, PORT2);
    // Enable Async
    if (async) {
        ((BindingProvider) port).getRequestContext().put("use.async.http.conduit", true);
    }
    // Read truststore
    KeyStore ts = KeyStore.getInstance("JKS");
    try (InputStream trustStore = ClassLoaderUtils.getResourceAsStream("keys/cxfca.jks", TrustManagerTest.class)) {
        ts.load(trustStore, "password".toCharArray());
    }
    try {
        Security.setProperty("ocsp.enable", "true");
        PKIXBuilderParameters param = new PKIXBuilderParameters(ts, new X509CertSelector());
        param.setRevocationEnabled(true);
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(new CertPathTrustManagerParameters(param));
        TLSClientParameters tlsParams = new TLSClientParameters();
        tlsParams.setTrustManagers(tmf.getTrustManagers());
        tlsParams.setDisableCNCheck(true);
        Client client = ClientProxy.getClient(port);
        HTTPConduit http = (HTTPConduit) client.getConduit();
        http.setTlsClientParameters(tlsParams);
        try {
            port.greetMe("Kitty");
            fail("Failure expected on an invalid OCSP responder URL");
        } catch (Exception ex) {
        // expected
        }
    } finally {
        Security.setProperty("ocsp.enable", "false");
    }
    ((java.io.Closeable) port).close();
    bus.shutdown(true);
}
Also used : SOAPService(org.apache.hello_world.services.SOAPService) Bus(org.apache.cxf.Bus) TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) InputStream(java.io.InputStream) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) URL(java.net.URL) CertificateException(java.security.cert.CertificateException) HTTPConduit(org.apache.cxf.transport.http.HTTPConduit) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) Greeter(org.apache.hello_world.Greeter) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) Client(org.apache.cxf.endpoint.Client)

Aggregations

CertPathTrustManagerParameters (javax.net.ssl.CertPathTrustManagerParameters)22 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)16 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)15 X509CertSelector (java.security.cert.X509CertSelector)15 KeyStore (java.security.KeyStore)13 CertPathParameters (java.security.cert.CertPathParameters)6 TrustManager (javax.net.ssl.TrustManager)6 ManagerFactoryParameters (javax.net.ssl.ManagerFactoryParameters)5 Bus (org.apache.cxf.Bus)5 URL (java.net.URL)4 GeneralSecurityException (java.security.GeneralSecurityException)4 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)4 TLSClientParameters (org.apache.cxf.configuration.jsse.TLSClientParameters)4 Client (org.apache.cxf.endpoint.Client)4 HTTPConduit (org.apache.cxf.transport.http.HTTPConduit)4 IOException (java.io.IOException)3 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)3 QName (javax.xml.namespace.QName)3 Service (javax.xml.ws.Service)3