use of javax.net.ssl.CertPathTrustManagerParameters in project tomcat by apache.
the class JSSEUtil method getTrustManagers.
@Override
public TrustManager[] getTrustManagers() throws Exception {
String className = sslHostConfig.getTrustManagerClassName();
if (className != null && className.length() > 0) {
ClassLoader classLoader = getClass().getClassLoader();
Class<?> clazz = classLoader.loadClass(className);
if (!(TrustManager.class.isAssignableFrom(clazz))) {
throw new InstantiationException(sm.getString("jsse.invalidTrustManagerClassName", className));
}
Object trustManagerObject = clazz.newInstance();
TrustManager trustManager = (TrustManager) trustManagerObject;
return new TrustManager[] { trustManager };
}
TrustManager[] tms = null;
KeyStore trustStore = sslHostConfig.getTruststore();
if (trustStore != null) {
checkTrustStoreEntries(trustStore);
String algorithm = sslHostConfig.getTruststoreAlgorithm();
String crlf = sslHostConfig.getCertificateRevocationListFile();
boolean revocationEnabled = sslHostConfig.getRevocationEnabled();
if ("PKIX".equalsIgnoreCase(algorithm)) {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
CertPathParameters params = getParameters(crlf, trustStore, revocationEnabled);
ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
tmf.init(mfp);
tms = tmf.getTrustManagers();
} else {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(trustStore);
tms = tmf.getTrustManagers();
if (crlf != null && crlf.length() > 0) {
throw new CRLException(sm.getString("jsseUtil.noCrlSupport", algorithm));
}
log.warn(sm.getString("jsseUtil.noVerificationDepth", algorithm));
}
}
return tms;
}
use of javax.net.ssl.CertPathTrustManagerParameters in project robovm by robovm.
the class myTrustManagerFactory method test_initLjavax_net_ssl_ManagerFactoryParameters.
/**
* Test for <code>init(ManagerFactoryParameters params)</code>
* Assertion:
* throws InvalidAlgorithmParameterException when params is null
*/
@KnownFailure("ManagerFactoryParameters object is not supported " + "and InvalidAlgorithmParameterException was thrown.")
public void test_initLjavax_net_ssl_ManagerFactoryParameters() throws Exception {
ManagerFactoryParameters par = null;
TrustManagerFactory[] trustMF = createTMFac();
assertNotNull("TrustManagerFactory objects were not created", trustMF);
for (int i = 0; i < trustMF.length; i++) {
try {
trustMF[i].init(par);
fail("InvalidAlgorithmParameterException must be thrown");
} catch (InvalidAlgorithmParameterException e) {
}
}
String keyAlg = "DSA";
String validCaNameRfc2253 = ("CN=Test CA," + "OU=Testing Division," + "O=Test It All," + "L=Test Town," + "ST=Testifornia," + "C=Testland");
try {
KeyStore kStore = KeyStore.getInstance(KeyStore.getDefaultType());
kStore.load(null, null);
PublicKey pk = new TestKeyPair(keyAlg).getPublic();
TrustAnchor ta = new TrustAnchor(validCaNameRfc2253, pk, getFullEncoding());
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
trustAnchors.add(ta);
X509CertSelector xcs = new X509CertSelector();
PKIXBuilderParameters pkixBP = new PKIXBuilderParameters(trustAnchors, xcs);
CertPathTrustManagerParameters cptmp = new CertPathTrustManagerParameters(pkixBP);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(getDefaultAlgorithm());
try {
tmf.init(cptmp);
} catch (Exception ex) {
fail(ex + " was thrown for init(ManagerFactoryParameters spec)");
}
} catch (Exception e) {
fail("Unexpected exception for configuration: " + e);
}
}
use of javax.net.ssl.CertPathTrustManagerParameters in project testcases by coheigea.
the class TLSOCSPCertTest method testTLSOCSPPass.
@org.junit.Test
public void testTLSOCSPPass() throws Exception {
try {
Security.setProperty("ocsp.responderURL", "http://localhost:12345");
Security.setProperty("ocsp.enable", "true");
Security.setProperty("ocsp.responderCertIssuerName", "CN=Werner, OU=Apache WSS4J, O=Home, L=Munich, ST=Bayern, C=DE");
Security.setProperty("ocsp.responderCertSerialNumber", "1b");
SpringBusFactory bf = new SpringBusFactory();
URL busFile = TLSOCSPCertTest.class.getResource("cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
URL wsdl = TLSOCSPCertTest.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItTLSOCSPPort");
DoubleItPortType transportPort = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(transportPort, PORT);
// Configure TLS
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(ClassLoaderUtils.getResourceAsStream("clientstoreocsp.jks", this.getClass()), "cspass".toCharArray());
PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
param.setRevocationEnabled(true);
tmf.init(new CertPathTrustManagerParameters(param));
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(tmf.getTrustManagers());
tlsParams.setDisableCNCheck(true);
Client client = ClientProxy.getClient(transportPort);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
doubleIt(transportPort, 25);
} finally {
Security.setProperty("ocsp.responderURL", "");
Security.setProperty("ocsp.enable", "false");
Security.setProperty("ocsp.responderCertIssuerName", "");
Security.setProperty("ocsp.responderCertSerialNumber", "");
}
}
use of javax.net.ssl.CertPathTrustManagerParameters in project testcases by coheigea.
the class TLSOCSPCertTest method testTLSOCSPFail.
@org.junit.Test
public void testTLSOCSPFail() throws Exception {
try {
Security.setProperty("ocsp.responderURL", "http://localhost:12345");
Security.setProperty("ocsp.enable", "true");
SpringBusFactory bf = new SpringBusFactory();
URL busFile = TLSOCSPCertTest.class.getResource("cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
URL wsdl = TLSOCSPCertTest.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItTLSOCSPPort");
DoubleItPortType transportPort = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(transportPort, PORT);
// Configure TLS
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(ClassLoaderUtils.getResourceAsStream("clientstoreocsp.jks", this.getClass()), "cspass".toCharArray());
PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
param.setRevocationEnabled(true);
tmf.init(new CertPathTrustManagerParameters(param));
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(tmf.getTrustManagers());
tlsParams.setDisableCNCheck(true);
Client client = ClientProxy.getClient(transportPort);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
doubleIt(transportPort, 25);
fail("Failure expected due to unknown OCSP response certificate");
} catch (Exception ex) {
// expected
} finally {
Security.setProperty("ocsp.responderURL", "");
Security.setProperty("ocsp.enable", "false");
}
}
use of javax.net.ssl.CertPathTrustManagerParameters in project testcases by coheigea.
the class TLSOCSPTest method testTLSOCSPPass.
@org.junit.Test
public void testTLSOCSPPass() throws Exception {
try {
Security.setProperty("ocsp.responderURL", "http://localhost:12345");
Security.setProperty("ocsp.enable", "true");
SpringBusFactory bf = new SpringBusFactory();
URL busFile = TLSOCSPTest.class.getResource("cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
URL wsdl = TLSOCSPTest.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItTLSOCSPPort");
DoubleItPortType transportPort = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(transportPort, PORT);
// Configure TLS
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(ClassLoaderUtils.getResourceAsStream("clientstore.jks", this.getClass()), "cspass".toCharArray());
PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
param.setRevocationEnabled(true);
tmf.init(new CertPathTrustManagerParameters(param));
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(tmf.getTrustManagers());
tlsParams.setDisableCNCheck(true);
Client client = ClientProxy.getClient(transportPort);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
doubleIt(transportPort, 25);
} finally {
Security.setProperty("ocsp.responderURL", "");
Security.setProperty("ocsp.enable", "false");
}
}
Aggregations