use of javax.net.ssl.CertPathTrustManagerParameters in project neo4j by neo4j.
the class SslPolicyLoader method createTrustManagerFactory.
private static TrustManagerFactory createTrustManagerFactory(boolean trustAll, Collection<X509CRL> crls, KeyStore trustStore) throws Exception {
if (trustAll) {
return InsecureTrustManagerFactory.INSTANCE;
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
if (!crls.isEmpty()) {
PKIXBuilderParameters pkixParamsBuilder = new PKIXBuilderParameters(trustStore, new X509CertSelector());
pkixParamsBuilder.setRevocationEnabled(true);
pkixParamsBuilder.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
trustManagerFactory.init(new CertPathTrustManagerParameters(pkixParamsBuilder));
} else {
trustManagerFactory.init(trustStore);
}
return trustManagerFactory;
}
use of javax.net.ssl.CertPathTrustManagerParameters in project tomcat by apache.
the class SSLUtilBase method getTrustManagers.
@Override
public TrustManager[] getTrustManagers() throws Exception {
String className = sslHostConfig.getTrustManagerClassName();
if (className != null && className.length() > 0) {
ClassLoader classLoader = getClass().getClassLoader();
Class<?> clazz = classLoader.loadClass(className);
if (!(TrustManager.class.isAssignableFrom(clazz))) {
throw new InstantiationException(sm.getString("sslUtilBase.invalidTrustManagerClassName", className));
}
Object trustManagerObject = clazz.getConstructor().newInstance();
TrustManager trustManager = (TrustManager) trustManagerObject;
return new TrustManager[] { trustManager };
}
TrustManager[] tms = null;
KeyStore trustStore = sslHostConfig.getTruststore();
if (trustStore != null) {
checkTrustStoreEntries(trustStore);
String algorithm = sslHostConfig.getTruststoreAlgorithm();
String crlf = sslHostConfig.getCertificateRevocationListFile();
boolean revocationEnabled = sslHostConfig.getRevocationEnabled();
if ("PKIX".equalsIgnoreCase(algorithm)) {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
CertPathParameters params = getParameters(crlf, trustStore, revocationEnabled);
ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
tmf.init(mfp);
tms = tmf.getTrustManagers();
} else {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(trustStore);
tms = tmf.getTrustManagers();
if (crlf != null && crlf.length() > 0) {
throw new CRLException(sm.getString("sslUtilBase.noCrlSupport", algorithm));
}
// Only warn if the attribute has been explicitly configured
if (sslHostConfig.isCertificateVerificationDepthConfigured()) {
log.warn(sm.getString("sslUtilBase.noVerificationDepth", algorithm));
}
}
}
return tms;
}
Aggregations