use of javax.net.ssl.CertPathTrustManagerParameters in project testcases by coheigea.
the class ClientAuthServer method run.
protected void run() {
Bus busLocal = BusFactory.getDefaultBus(true);
setBus(busLocal);
String address = "https://localhost:" + TLSOCSPClientAuthTest.PORT + "/doubleit/services/doubleittlsocspclientauth";
try {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(ClassLoaderUtils.getResourceAsStream("servicestore.jks", this.getClass()), "sspass".toCharArray());
PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
param.setRevocationEnabled(true);
tmf.init(new CertPathTrustManagerParameters(param));
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, "skpass".toCharArray());
ClientAuthentication clientAuthentication = new ClientAuthentication();
clientAuthentication.setRequired(true);
clientAuthentication.setWant(true);
TLSServerParameters tlsParams = new TLSServerParameters();
tlsParams.setTrustManagers(tmf.getTrustManagers());
tlsParams.setKeyManagers(kmf.getKeyManagers());
tlsParams.setClientAuthentication(clientAuthentication);
Map<String, TLSServerParameters> map = new HashMap<>();
map.put("tlsId", tlsParams);
JettyHTTPServerEngineFactory factory = busLocal.getExtension(JettyHTTPServerEngineFactory.class);
factory.setTlsServerParametersMap(map);
factory.createJettyHTTPServerEngine("localhost", Integer.parseInt(TLSOCSPClientAuthTest.PORT), "https", "tlsId");
factory.initComplete();
} catch (Exception ex) {
ex.printStackTrace();
}
Endpoint.publish(address, new DoubleItPortTypeImpl());
}
use of javax.net.ssl.CertPathTrustManagerParameters in project tomee by apache.
the class TLSParameterJaxBUtils method getTrustManagers.
public static TrustManager[] getTrustManagers(TrustManagersType tmc, boolean enableRevocation) throws GeneralSecurityException, IOException {
final KeyStore keyStore = tmc.isSetKeyStore() ? getKeyStore(tmc.getKeyStore(), true) : (tmc.isSetCertStore() ? getKeyStore(tmc.getCertStore()) : null);
String alg = tmc.isSetFactoryAlgorithm() ? tmc.getFactoryAlgorithm() : TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory fac = tmc.isSetProvider() ? TrustManagerFactory.getInstance(alg, tmc.getProvider()) : TrustManagerFactory.getInstance(alg);
if (enableRevocation) {
PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
param.setRevocationEnabled(true);
fac.init(new CertPathTrustManagerParameters(param));
} else {
fac.init(keyStore);
}
return fac.getTrustManagers();
}
use of javax.net.ssl.CertPathTrustManagerParameters in project Payara by payara.
the class JSSE14SocketFactory method getTrustManagers.
/**
* Gets the initialized trust managers.
*/
protected TrustManager[] getTrustManagers(String algorithm) throws Exception {
String crlFile = (String) attributes.get("crlFile");
TrustManager[] tms = null;
KeyStore[] trustStores = getTrustStore();
if (trustStores != null) {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
if (crlFile == null) {
for (KeyStore trustStore : trustStores) {
tmf.init(trustStore);
}
} else {
for (KeyStore trustStore : trustStores) {
CertPathParameters params = getParameters(algorithm, crlFile, trustStore);
ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
tmf.init(mfp);
}
}
tms = tmf.getTrustManagers();
}
return tms;
}
use of javax.net.ssl.CertPathTrustManagerParameters in project qpid-broker-j by apache.
the class AbstractTrustStore method getTrustManagers.
protected TrustManager[] getTrustManagers(KeyStore ts) {
try {
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(new CertPathTrustManagerParameters(getParameters(ts)));
return tmf.getTrustManagers();
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) {
throw new IllegalConfigurationException("Cannot create trust manager factory for truststore '" + getName() + "' :" + e, e);
}
}
use of javax.net.ssl.CertPathTrustManagerParameters in project cxf by apache.
the class TrustManagerTest method testOSCPOverride.
@org.junit.Test
public void testOSCPOverride() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = TrustManagerTest.class.getResource("client-trust.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL url = SOAPService.WSDL_LOCATION;
SOAPService service = new SOAPService(url, SOAPService.SERVICE);
assertNotNull("Service is null", service);
final Greeter port = service.getHttpsPort();
assertNotNull("Port is null", port);
updateAddressPort(port, PORT2);
// Enable Async
if (async) {
((BindingProvider) port).getRequestContext().put("use.async.http.conduit", true);
}
// Read truststore
KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore = ClassLoaderUtils.getResourceAsStream("keys/cxfca.jks", TrustManagerTest.class)) {
ts.load(trustStore, "password".toCharArray());
}
try {
Security.setProperty("ocsp.enable", "true");
PKIXBuilderParameters param = new PKIXBuilderParameters(ts, new X509CertSelector());
param.setRevocationEnabled(true);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(new CertPathTrustManagerParameters(param));
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(tmf.getTrustManagers());
tlsParams.setDisableCNCheck(true);
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
try {
port.greetMe("Kitty");
fail("Failure expected on an invalid OCSP responder URL");
} catch (Exception ex) {
// expected
}
} finally {
Security.setProperty("ocsp.enable", "false");
}
((java.io.Closeable) port).close();
bus.shutdown(true);
}
Aggregations