Search in sources :

Example 21 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project neo4j by neo4j.

the class SslPolicyLoader method createTrustManagerFactory.

private static TrustManagerFactory createTrustManagerFactory(boolean trustAll, Collection<X509CRL> crls, KeyStore trustStore) throws Exception {
    if (trustAll) {
        return InsecureTrustManagerFactory.INSTANCE;
    }
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    if (!crls.isEmpty()) {
        PKIXBuilderParameters pkixParamsBuilder = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        pkixParamsBuilder.setRevocationEnabled(true);
        pkixParamsBuilder.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
        trustManagerFactory.init(new CertPathTrustManagerParameters(pkixParamsBuilder));
    } else {
        trustManagerFactory.init(trustStore);
    }
    return trustManagerFactory;
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) InsecureTrustManagerFactory(io.netty.handler.ssl.util.InsecureTrustManagerFactory) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) X509CertSelector(java.security.cert.X509CertSelector)

Example 22 with CertPathTrustManagerParameters

use of javax.net.ssl.CertPathTrustManagerParameters in project tomcat by apache.

the class SSLUtilBase method getTrustManagers.

@Override
public TrustManager[] getTrustManagers() throws Exception {
    String className = sslHostConfig.getTrustManagerClassName();
    if (className != null && className.length() > 0) {
        ClassLoader classLoader = getClass().getClassLoader();
        Class<?> clazz = classLoader.loadClass(className);
        if (!(TrustManager.class.isAssignableFrom(clazz))) {
            throw new InstantiationException(sm.getString("sslUtilBase.invalidTrustManagerClassName", className));
        }
        Object trustManagerObject = clazz.getConstructor().newInstance();
        TrustManager trustManager = (TrustManager) trustManagerObject;
        return new TrustManager[] { trustManager };
    }
    TrustManager[] tms = null;
    KeyStore trustStore = sslHostConfig.getTruststore();
    if (trustStore != null) {
        checkTrustStoreEntries(trustStore);
        String algorithm = sslHostConfig.getTruststoreAlgorithm();
        String crlf = sslHostConfig.getCertificateRevocationListFile();
        boolean revocationEnabled = sslHostConfig.getRevocationEnabled();
        if ("PKIX".equalsIgnoreCase(algorithm)) {
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
            CertPathParameters params = getParameters(crlf, trustStore, revocationEnabled);
            ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
            tmf.init(mfp);
            tms = tmf.getTrustManagers();
        } else {
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
            tmf.init(trustStore);
            tms = tmf.getTrustManagers();
            if (crlf != null && crlf.length() > 0) {
                throw new CRLException(sm.getString("sslUtilBase.noCrlSupport", algorithm));
            }
            // Only warn if the attribute has been explicitly configured
            if (sslHostConfig.isCertificateVerificationDepthConfigured()) {
                log.warn(sm.getString("sslUtilBase.noVerificationDepth", algorithm));
            }
        }
    }
    return tms;
}
Also used : CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) CertPathParameters(java.security.cert.CertPathParameters) KeyStore(java.security.KeyStore) TrustManager(javax.net.ssl.TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CRLException(java.security.cert.CRLException) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters)

Aggregations

CertPathTrustManagerParameters (javax.net.ssl.CertPathTrustManagerParameters)22 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)16 PKIXBuilderParameters (java.security.cert.PKIXBuilderParameters)15 X509CertSelector (java.security.cert.X509CertSelector)15 KeyStore (java.security.KeyStore)13 CertPathParameters (java.security.cert.CertPathParameters)6 TrustManager (javax.net.ssl.TrustManager)6 ManagerFactoryParameters (javax.net.ssl.ManagerFactoryParameters)5 Bus (org.apache.cxf.Bus)5 URL (java.net.URL)4 GeneralSecurityException (java.security.GeneralSecurityException)4 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)4 TLSClientParameters (org.apache.cxf.configuration.jsse.TLSClientParameters)4 Client (org.apache.cxf.endpoint.Client)4 HTTPConduit (org.apache.cxf.transport.http.HTTPConduit)4 IOException (java.io.IOException)3 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3 CollectionCertStoreParameters (java.security.cert.CollectionCertStoreParameters)3 QName (javax.xml.namespace.QName)3 Service (javax.xml.ws.Service)3