Example 1 with KeyManager
use of javax.net.ssl.KeyManager in project okhttp-OkGo by jeasonlzy.
the class HttpsUtils method getSslSocketFactory.
public static SSLParams getSslSocketFactory(X509TrustManager trustManager, InputStream bksFile, String password, InputStream[] certificates) {
SSLParams sslParams = new SSLParams();
try {
KeyManager[] keyManagers = prepareKeyManager(bksFile, password);
TrustManager[] trustManagers = prepareTrustManager(certificates);
X509TrustManager manager;
if (trustManager != null) {
//优先使用用户自定义的TrustManager
manager = trustManager;
} else if (trustManagers != null) {
//然后使用默认的TrustManager
manager = chooseTrustManager(trustManagers);
} else {
//否则使用不安全的TrustManager
manager = UnSafeTrustManager;
}
// 创建TLS类型的SSLContext对象, that uses our TrustManager
SSLContext sslContext = SSLContext.getInstance("TLS");
// 用上面得到的trustManagers初始化SSLContext,这样sslContext就会信任keyStore中的证书
// 第一个参数是授权的密钥管理器,用来授权验证,比如授权自签名的证书验证。第二个是被授权的证书管理器,用来验证服务器端的证书
sslContext.init(keyManagers, new TrustManager[] { manager }, null);
// 通过sslContext获取SSLSocketFactory对象
sslParams.sSLSocketFactory = sslContext.getSocketFactory();
sslParams.trustManager = manager;
return sslParams;
} catch (NoSuchAlgorithmException e) {
throw new AssertionError(e);
} catch (KeyManagementException e) {
throw new AssertionError(e);
}
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyManager(javax.net.ssl.KeyManager)
KeyManagementException(java.security.KeyManagementException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Example 2 with KeyManager
use of javax.net.ssl.KeyManager in project voltdb by VoltDB.
the class SSLConfiguration method createSslContext.
public static SSLContext createSslContext(SslConfig sslConfig) {
if (sslConfig == null) {
throw new IllegalArgumentException("sslConfig is null");
}
KeyManager[] keyManagers = null;
TrustManager[] trustManagers = null;
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
if (sslConfig.keyStorePath != null && sslConfig.keyStorePassword != null) {
keyManagers = createKeyManagers(sslConfig.keyStorePath, sslConfig.keyStorePassword, sslConfig.keyStorePassword);
}
if (sslConfig.trustStorePath != null && sslConfig.trustStorePassword != null) {
trustManagers = createTrustManagers(sslConfig.trustStorePath, sslConfig.trustStorePassword);
}
sslContext.init(keyManagers, trustManagers, new SecureRandom());
return sslContext;
} catch (IOException | NoSuchAlgorithmException | KeyStoreException | CertificateException | UnrecoverableKeyException | KeyManagementException ex) {
throw new IllegalArgumentException("Failed to initialize SSL using " + sslConfig, ex);
}
}
Also used :
SecureRandom(java.security.SecureRandom)
CertificateException(java.security.cert.CertificateException)
SSLContext(javax.net.ssl.SSLContext)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
KeyManagementException(java.security.KeyManagementException)
TrustManager(javax.net.ssl.TrustManager)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
KeyManager(javax.net.ssl.KeyManager)
Example 3 with KeyManager
use of javax.net.ssl.KeyManager in project java-chassis by ServiceComb.
the class SSLManager method createSSLContext.
public static SSLContext createSSLContext(SSLOption option, SSLCustom custom) {
try {
String keyStoreName = custom.getFullPath(option.getKeyStore());
KeyManager[] keymanager;
if (keyStoreName != null && new File(keyStoreName).exists()) {
char[] keyStoreValue = custom.decode(option.getKeyStoreValue().toCharArray());
KeyStore keyStore = KeyStoreUtil.createKeyStore(keyStoreName, option.getKeyStoreType(), keyStoreValue);
keymanager = KeyStoreUtil.createKeyManagers(keyStore, keyStoreValue);
} else {
keymanager = null;
}
String trustStoreName = custom.getFullPath(option.getTrustStore());
TrustManager[] trustManager;
if (trustStoreName != null && new File(trustStoreName).exists()) {
char[] trustStoreValue = custom.decode(option.getTrustStoreValue().toCharArray());
KeyStore trustStore = KeyStoreUtil.createKeyStore(trustStoreName, option.getTrustStoreType(), trustStoreValue);
trustManager = KeyStoreUtil.createTrustManagers(trustStore);
} else {
trustManager = new TrustManager[] { new TrustAllManager() };
}
TrustManager[] wrapped = new TrustManager[trustManager.length];
for (int i = 0; i < trustManager.length; i++) {
wrapped[i] = new TrustManagerExt((X509ExtendedTrustManager) trustManager[i], option, custom);
}
// ?: ssl context version
SSLContext context = SSLContext.getInstance("TLS");
context.init(keymanager, wrapped, new SecureRandom());
return context;
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException("NoSuchAlgorithmException." + e.getMessage());
} catch (KeyManagementException e) {
throw new IllegalArgumentException("KeyManagementException." + e.getMessage());
}
}
Also used :
X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStore(java.security.KeyStore)
KeyManagementException(java.security.KeyManagementException)
TrustManager(javax.net.ssl.TrustManager)
X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager)
KeyManager(javax.net.ssl.KeyManager)
File(java.io.File)
Example 4 with KeyManager
use of javax.net.ssl.KeyManager in project java-chassis by ServiceComb.
the class TestHttpsClient method testInitKeyStore.
@Test
public void testInitKeyStore(@Mocked final HttpsConfigInfoBean configInfoBean, @Mocked final KeyManagerFactory factory) {
HttpsConfigInfoBean oBean = new HttpsConfigInfoBean();
new Expectations() {
{
configInfoBean.getKeyStorePath();
result = "/foundation-common/src/test/resources/config/test.1.properties";
configInfoBean.getKeyStorePasswd();
result = "1769";
configInfoBean.getTrustStorePath();
result = "/foundation-common/src/test/resources/config/test.1.properties";
configInfoBean.getTrustStorePasswd();
result = "1769";
}
};
new MockUp<KeyManagerFactory>() {
@Mock
public final void init(KeyStore ks, char[] password) {
}
@Mock
public final KeyManager[] getKeyManagers() {
return null;
}
};
String keyStoreType = KeyStore.getDefaultType();
try {
final KeyStore keyStore = KeyStore.getInstance(keyStoreType);
new MockUp<HttpsClient>() {
@Mock
private KeyStore initKeyStore(String storePath, String storePasswd, String storeType) throws IOException {
return keyStore;
}
};
} catch (KeyStoreException e) {
Assert.assertTrue(false);
}
HttpsClient.getHttpsClient(oBean);
Assert.assertNotEquals(null, HttpsClient.getHttpsClient(Mockito.mock(HttpsConfigInfoBean.class)));
}
Also used :
Expectations(mockit.Expectations)
MockUp(mockit.MockUp)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
KeyManager(javax.net.ssl.KeyManager)
HttpsConfigInfoBean(io.servicecomb.foundation.common.entities.HttpsConfigInfoBean)
Test(org.junit.Test)
Example 5 with KeyManager
use of javax.net.ssl.KeyManager in project GNS by MobilityFirst.
the class AuthTestClient method getSSLFactory.
private static SSLSocketFactory getSSLFactory(String jksFile) throws Exception {
// Create key store
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
KeyManager[] kmfs = null;
if (jksFile.length() > 0) {
keyStore.load(new FileInputStream(jksFile), CLIENT_PWD.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, CLIENT_PWD.toCharArray());
kmfs = kmf.getKeyManagers();
}
// create trust store (validates the self-signed server!)
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(new FileInputStream(TRUSTSTORE), CLIENT_PWD.toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmfs, trustFactory.getTrustManagers(), null);
return sslContext.getSocketFactory();
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
KeyManager(javax.net.ssl.KeyManager)
FileInputStream(java.io.FileInputStream)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Aggregations
KeyManager (javax.net.ssl.KeyManager)210
SSLContext (javax.net.ssl.SSLContext)127
TrustManager (javax.net.ssl.TrustManager)127
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)103
KeyStore (java.security.KeyStore)95
IOException (java.io.IOException)59
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)59
SecureRandom (java.security.SecureRandom)54
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)54
KeyManagementException (java.security.KeyManagementException)46
X509TrustManager (javax.net.ssl.X509TrustManager)45
KeyStoreException (java.security.KeyStoreException)42
X509KeyManager (javax.net.ssl.X509KeyManager)40
InputStream (java.io.InputStream)33
UnrecoverableKeyException (java.security.UnrecoverableKeyException)32
FileInputStream (java.io.FileInputStream)31
CertificateException (java.security.cert.CertificateException)30
GeneralSecurityException (java.security.GeneralSecurityException)24
X509Certificate (java.security.cert.X509Certificate)23
File (java.io.File)15
