Search in sources :

Example 11 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project tomcat by apache.

the class JSSEUtil method getTrustManagers.

@Override
public TrustManager[] getTrustManagers() throws Exception {
    String className = sslHostConfig.getTrustManagerClassName();
    if (className != null && className.length() > 0) {
        ClassLoader classLoader = getClass().getClassLoader();
        Class<?> clazz = classLoader.loadClass(className);
        if (!(TrustManager.class.isAssignableFrom(clazz))) {
            throw new InstantiationException(sm.getString("jsse.invalidTrustManagerClassName", className));
        }
        Object trustManagerObject = clazz.newInstance();
        TrustManager trustManager = (TrustManager) trustManagerObject;
        return new TrustManager[] { trustManager };
    }
    TrustManager[] tms = null;
    KeyStore trustStore = sslHostConfig.getTruststore();
    if (trustStore != null) {
        checkTrustStoreEntries(trustStore);
        String algorithm = sslHostConfig.getTruststoreAlgorithm();
        String crlf = sslHostConfig.getCertificateRevocationListFile();
        boolean revocationEnabled = sslHostConfig.getRevocationEnabled();
        if ("PKIX".equalsIgnoreCase(algorithm)) {
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
            CertPathParameters params = getParameters(crlf, trustStore, revocationEnabled);
            ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
            tmf.init(mfp);
            tms = tmf.getTrustManagers();
        } else {
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
            tmf.init(trustStore);
            tms = tmf.getTrustManagers();
            if (crlf != null && crlf.length() > 0) {
                throw new CRLException(sm.getString("jsseUtil.noCrlSupport", algorithm));
            }
            log.warn(sm.getString("jsseUtil.noVerificationDepth", algorithm));
        }
    }
    return tms;
}
Also used : CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) CertPathParameters(java.security.cert.CertPathParameters) KeyStore(java.security.KeyStore) TrustManager(javax.net.ssl.TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CRLException(java.security.cert.CRLException) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters)

Example 12 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project robovm by robovm.

the class myTrustManagerFactory method test_initLjavax_net_ssl_ManagerFactoryParameters.

/**
     * Test for <code>init(ManagerFactoryParameters params)</code>
     * Assertion:
     * throws InvalidAlgorithmParameterException when params is null
     */
@KnownFailure("ManagerFactoryParameters object is not supported " + "and InvalidAlgorithmParameterException was thrown.")
public void test_initLjavax_net_ssl_ManagerFactoryParameters() throws Exception {
    ManagerFactoryParameters par = null;
    TrustManagerFactory[] trustMF = createTMFac();
    assertNotNull("TrustManagerFactory objects were not created", trustMF);
    for (int i = 0; i < trustMF.length; i++) {
        try {
            trustMF[i].init(par);
            fail("InvalidAlgorithmParameterException must be thrown");
        } catch (InvalidAlgorithmParameterException e) {
        }
    }
    String keyAlg = "DSA";
    String validCaNameRfc2253 = ("CN=Test CA," + "OU=Testing Division," + "O=Test It All," + "L=Test Town," + "ST=Testifornia," + "C=Testland");
    try {
        KeyStore kStore = KeyStore.getInstance(KeyStore.getDefaultType());
        kStore.load(null, null);
        PublicKey pk = new TestKeyPair(keyAlg).getPublic();
        TrustAnchor ta = new TrustAnchor(validCaNameRfc2253, pk, getFullEncoding());
        Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
        trustAnchors.add(ta);
        X509CertSelector xcs = new X509CertSelector();
        PKIXBuilderParameters pkixBP = new PKIXBuilderParameters(trustAnchors, xcs);
        CertPathTrustManagerParameters cptmp = new CertPathTrustManagerParameters(pkixBP);
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(getDefaultAlgorithm());
        try {
            tmf.init(cptmp);
        } catch (Exception ex) {
            fail(ex + " was thrown for init(ManagerFactoryParameters spec)");
        }
    } catch (Exception e) {
        fail("Unexpected exception for configuration: " + e);
    }
}
Also used : TestKeyPair(org.apache.harmony.security.tests.support.TestKeyPair) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PublicKey(java.security.PublicKey) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) TrustAnchor(java.security.cert.TrustAnchor) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters) HashSet(java.util.HashSet) KnownFailure(dalvik.annotation.KnownFailure)

Example 13 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project testcases by coheigea.

the class TLSOCSPCertTest method testTLSOCSPPass.

@org.junit.Test
public void testTLSOCSPPass() throws Exception {
    try {
        Security.setProperty("ocsp.responderURL", "http://localhost:12345");
        Security.setProperty("ocsp.enable", "true");
        Security.setProperty("ocsp.responderCertIssuerName", "CN=Werner, OU=Apache WSS4J, O=Home, L=Munich, ST=Bayern, C=DE");
        Security.setProperty("ocsp.responderCertSerialNumber", "1b");
        SpringBusFactory bf = new SpringBusFactory();
        URL busFile = TLSOCSPCertTest.class.getResource("cxf-client.xml");
        Bus bus = bf.createBus(busFile.toString());
        SpringBusFactory.setDefaultBus(bus);
        SpringBusFactory.setThreadDefaultBus(bus);
        URL wsdl = TLSOCSPCertTest.class.getResource("DoubleIt.wsdl");
        Service service = Service.create(wsdl, SERVICE_QNAME);
        QName portQName = new QName(NAMESPACE, "DoubleItTLSOCSPPort");
        DoubleItPortType transportPort = service.getPort(portQName, DoubleItPortType.class);
        updateAddressPort(transportPort, PORT);
        // Configure TLS
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(ClassLoaderUtils.getResourceAsStream("clientstoreocsp.jks", this.getClass()), "cspass".toCharArray());
        PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        param.setRevocationEnabled(true);
        tmf.init(new CertPathTrustManagerParameters(param));
        TLSClientParameters tlsParams = new TLSClientParameters();
        tlsParams.setTrustManagers(tmf.getTrustManagers());
        tlsParams.setDisableCNCheck(true);
        Client client = ClientProxy.getClient(transportPort);
        HTTPConduit http = (HTTPConduit) client.getConduit();
        http.setTlsClientParameters(tlsParams);
        doubleIt(transportPort, 25);
    } finally {
        Security.setProperty("ocsp.responderURL", "");
        Security.setProperty("ocsp.enable", "false");
        Security.setProperty("ocsp.responderCertIssuerName", "");
        Security.setProperty("ocsp.responderCertSerialNumber", "");
    }
}
Also used : Bus(org.apache.cxf.Bus) TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) QName(javax.xml.namespace.QName) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) Service(javax.xml.ws.Service) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) URL(java.net.URL) HTTPConduit(org.apache.cxf.transport.http.HTTPConduit) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) Client(org.apache.cxf.endpoint.Client)

Example 14 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project testcases by coheigea.

the class TLSOCSPCertTest method testTLSOCSPFail.

@org.junit.Test
public void testTLSOCSPFail() throws Exception {
    try {
        Security.setProperty("ocsp.responderURL", "http://localhost:12345");
        Security.setProperty("ocsp.enable", "true");
        SpringBusFactory bf = new SpringBusFactory();
        URL busFile = TLSOCSPCertTest.class.getResource("cxf-client.xml");
        Bus bus = bf.createBus(busFile.toString());
        SpringBusFactory.setDefaultBus(bus);
        SpringBusFactory.setThreadDefaultBus(bus);
        URL wsdl = TLSOCSPCertTest.class.getResource("DoubleIt.wsdl");
        Service service = Service.create(wsdl, SERVICE_QNAME);
        QName portQName = new QName(NAMESPACE, "DoubleItTLSOCSPPort");
        DoubleItPortType transportPort = service.getPort(portQName, DoubleItPortType.class);
        updateAddressPort(transportPort, PORT);
        // Configure TLS
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(ClassLoaderUtils.getResourceAsStream("clientstoreocsp.jks", this.getClass()), "cspass".toCharArray());
        PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        param.setRevocationEnabled(true);
        tmf.init(new CertPathTrustManagerParameters(param));
        TLSClientParameters tlsParams = new TLSClientParameters();
        tlsParams.setTrustManagers(tmf.getTrustManagers());
        tlsParams.setDisableCNCheck(true);
        Client client = ClientProxy.getClient(transportPort);
        HTTPConduit http = (HTTPConduit) client.getConduit();
        http.setTlsClientParameters(tlsParams);
        doubleIt(transportPort, 25);
        fail("Failure expected due to unknown OCSP response certificate");
    } catch (Exception ex) {
    // expected
    } finally {
        Security.setProperty("ocsp.responderURL", "");
        Security.setProperty("ocsp.enable", "false");
    }
}
Also used : Bus(org.apache.cxf.Bus) TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) QName(javax.xml.namespace.QName) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) Service(javax.xml.ws.Service) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) URL(java.net.URL) HTTPConduit(org.apache.cxf.transport.http.HTTPConduit) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) Client(org.apache.cxf.endpoint.Client)

Example 15 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project testcases by coheigea.

the class TLSOCSPTest method testTLSOCSPPass.

@org.junit.Test
public void testTLSOCSPPass() throws Exception {
    try {
        Security.setProperty("ocsp.responderURL", "http://localhost:12345");
        Security.setProperty("ocsp.enable", "true");
        SpringBusFactory bf = new SpringBusFactory();
        URL busFile = TLSOCSPTest.class.getResource("cxf-client.xml");
        Bus bus = bf.createBus(busFile.toString());
        SpringBusFactory.setDefaultBus(bus);
        SpringBusFactory.setThreadDefaultBus(bus);
        URL wsdl = TLSOCSPTest.class.getResource("DoubleIt.wsdl");
        Service service = Service.create(wsdl, SERVICE_QNAME);
        QName portQName = new QName(NAMESPACE, "DoubleItTLSOCSPPort");
        DoubleItPortType transportPort = service.getPort(portQName, DoubleItPortType.class);
        updateAddressPort(transportPort, PORT);
        // Configure TLS
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(ClassLoaderUtils.getResourceAsStream("clientstore.jks", this.getClass()), "cspass".toCharArray());
        PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        param.setRevocationEnabled(true);
        tmf.init(new CertPathTrustManagerParameters(param));
        TLSClientParameters tlsParams = new TLSClientParameters();
        tlsParams.setTrustManagers(tmf.getTrustManagers());
        tlsParams.setDisableCNCheck(true);
        Client client = ClientProxy.getClient(transportPort);
        HTTPConduit http = (HTTPConduit) client.getConduit();
        http.setTlsClientParameters(tlsParams);
        doubleIt(transportPort, 25);
    } finally {
        Security.setProperty("ocsp.responderURL", "");
        Security.setProperty("ocsp.enable", "false");
    }
}
Also used : Bus(org.apache.cxf.Bus) TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) QName(javax.xml.namespace.QName) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) Service(javax.xml.ws.Service) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) URL(java.net.URL) HTTPConduit(org.apache.cxf.transport.http.HTTPConduit) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) Client(org.apache.cxf.endpoint.Client)

Aggregations

CertPathTrustManagerParameters (javax.net.ssl.CertPathTrustManagerParameters)22 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)16 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)15 X509CertSelector (java.security.cert.X509CertSelector)15 KeyStore (java.security.KeyStore)13 CertPathParameters (java.security.cert.CertPathParameters)6 TrustManager (javax.net.ssl.TrustManager)6 ManagerFactoryParameters (javax.net.ssl.ManagerFactoryParameters)5 Bus (org.apache.cxf.Bus)5 URL (java.net.URL)4 GeneralSecurityException (java.security.GeneralSecurityException)4 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)4 TLSClientParameters (org.apache.cxf.configuration.jsse.TLSClientParameters)4 Client (org.apache.cxf.endpoint.Client)4 HTTPConduit (org.apache.cxf.transport.http.HTTPConduit)4 IOException (java.io.IOException)3 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)3 QName (javax.xml.namespace.QName)3 Service (javax.xml.ws.Service)3