Examples with KeyManager javax.net.ssl.KeyManager used on opensource projects

Search in sources :

Example 51 with KeyManager

use of javax.net.ssl.KeyManager in project ecf by eclipse.

the class XMPPConnection method proceedTLSReceived.

/**
 * The server has indicated that TLS negotiation can start. We now need to secure the
 * existing plain connection and perform a handshake. This method won't return until the
 * connection has finished the handshake or an error occured while securing the connection.
 *
 * @throws Exception if an exception occurs.
 */
void proceedTLSReceived() throws Exception {
    SSLContext context = this.config.getCustomSSLContext();
    KeyStore ks = null;
    KeyManager[] kms = null;
    PasswordCallback pcb = null;
    if (config.getCallbackHandler() == null) {
        ks = null;
    } else if (context == null) {
        // System.out.println("Keystore type: "+configuration.getKeystoreType());
        if (config.getKeystoreType().equals("NONE")) {
            ks = null;
            pcb = null;
        } else if (config.getKeystoreType().equals("PKCS11")) {
            try {
                Constructor<?> c = Class.forName("sun.security.pkcs11.SunPKCS11").getConstructor(InputStream.class);
                String pkcs11Config = "name = SmartCard\nlibrary = " + config.getPKCS11Library();
                ByteArrayInputStream config = new ByteArrayInputStream(pkcs11Config.getBytes());
                Provider p = (Provider) c.newInstance(config);
                Security.addProvider(p);
                ks = KeyStore.getInstance("PKCS11", p);
                pcb = new PasswordCallback("PKCS11 Password: ", false);
                this.config.getCallbackHandler().handle(new Callback[] { pcb });
                ks.load(null, pcb.getPassword());
            } catch (Exception e) {
                ks = null;
                pcb = null;
            }
        } else if (config.getKeystoreType().equals("Apple")) {
            ks = KeyStore.getInstance("KeychainStore", "Apple");
            ks.load(null, null);
        // pcb = new PasswordCallback("Apple Keychain",false);
        // pcb.setPassword(null);
        } else {
            ks = KeyStore.getInstance(config.getKeystoreType());
            try {
                pcb = new PasswordCallback("Keystore Password: ", false);
                config.getCallbackHandler().handle(new Callback[] { pcb });
                ks.load(new FileInputStream(config.getKeystorePath()), pcb.getPassword());
            } catch (Exception e) {
                ks = null;
                pcb = null;
            }
        }
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        try {
            if (pcb == null) {
                kmf.init(ks, null);
            } else {
                kmf.init(ks, pcb.getPassword());
                pcb.clearPassword();
            }
            kms = kmf.getKeyManagers();
        } catch (NullPointerException npe) {
            kms = null;
        }
    }
    // Verify certificate presented by the server
    if (context == null) {
        context = SSLContext.getInstance("TLS");
        context.init(kms, new javax.net.ssl.TrustManager[] { new ServerTrustManager(getServiceName(), config) }, new java.security.SecureRandom());
    }
    Socket plain = socket;
    // Secure the plain connection
    socket = context.getSocketFactory().createSocket(plain, plain.getInetAddress().getHostAddress(), plain.getPort(), true);
    socket.setSoTimeout(0);
    socket.setKeepAlive(true);
    // Initialize the reader and writer with the new secured version
    initReaderAndWriter();
    // Proceed to do the handshake
    ((SSLSocket) socket).startHandshake();
    // if (((SSLSocket) socket).getWantClientAuth()) {
    // System.err.println("Connection wants client auth");
    // }
    // else if (((SSLSocket) socket).getNeedClientAuth()) {
    // System.err.println("Connection needs client auth");
    // }
    // else {
    // System.err.println("Connection does not require client auth");
    // }
    // Set that TLS was successful
    usingTLS = true;
    // Set the new  writer to use
    packetWriter.setWriter(writer);
    // Send a new opening stream to the server
    packetWriter.openStream();
}
Also used : SSLSocket(javax.net.ssl.SSLSocket) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) FileInputStream(java.io.FileInputStream) Provider(java.security.Provider) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) PasswordCallback(javax.security.auth.callback.PasswordCallback) Callback(javax.security.auth.callback.Callback) ByteArrayInputStream(java.io.ByteArrayInputStream) PasswordCallback(javax.security.auth.callback.PasswordCallback) KeyManager(javax.net.ssl.KeyManager) Socket(java.net.Socket) SSLSocket(javax.net.ssl.SSLSocket)

Example 52 with KeyManager

use of javax.net.ssl.KeyManager in project ultrasonic by ultrasonic.

the class SSLSocketFactory method createSSLContext.

private static SSLContext createSSLContext(String algorithm, final KeyStore keystore, final String keyStorePassword, final SecureRandom random, final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException {
    if (algorithm == null) {
        algorithm = TLS;
    }
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keystore, keyStorePassword != null ? keyStorePassword.toCharArray() : null);
    KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(keystore);
    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
    if (trustManagers != null && trustStrategy != null) {
        for (int i = 0; i < trustManagers.length; i++) {
            TrustManager tm = trustManagers[i];
            if (tm instanceof X509TrustManager) {
                trustManagers[i] = new TrustManagerDecorator((X509TrustManager) tm, trustStrategy);
            }
        }
    }
    SSLContext sslcontext = SSLContext.getInstance(algorithm);
    sslcontext.init(keyManagers, trustManagers, random);
    return sslcontext;
}
Also used : X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SSLContext(javax.net.ssl.SSLContext) KeyManager(javax.net.ssl.KeyManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 53 with KeyManager

use of javax.net.ssl.KeyManager in project nimbus by nimbus-org.

the class SSLServerSocketFactory method getKeyManagers.

protected KeyManager[] getKeyManagers() throws Exception {
    KeyManager[] keyManager = null;
    KeyStore store = getKeyStore();
    if (keyAlias != null && !store.isKeyEntry(keyAlias)) {
        throw new IOException("KeyAlias is not entried. " + keyAlias);
    }
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyStoreAlgorithm);
    keyManagerFactory.init(store, keyPassword.toCharArray());
    keyManager = keyManagerFactory.getKeyManagers();
    if (keyAlias != null) {
        if (DEFAULT_KEYSTORE_TYPE.equals(keyStoreType)) {
            keyAlias = keyAlias.toLowerCase();
        }
        for (int i = 0; i < keyManager.length; i++) {
            keyManager[i] = new X509KeyManagerWrapper((X509KeyManager) keyManager[i], keyAlias);
        }
    }
    return keyManager;
}
Also used : X509KeyManager(javax.net.ssl.X509KeyManager) IOException(java.io.IOException) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager) KeyStore(java.security.KeyStore) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 54 with KeyManager

use of javax.net.ssl.KeyManager in project goodies by sonatype.

the class JettyServerProvider method addCertificate.

/**
 * Adds the given certificate to the keystore for use with AUTH-CERT.
 *
 * @param alias      The alias to use for the key in the keystore.
 * @param certHolder The key and certificate to use.
 */
public void addCertificate(String alias, CertificateHolder certHolder) throws Exception {
    checkArgument(sslContextFactory != null, "Cannot add user CERT w/o SSL configured!");
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    InputStream in = null;
    try {
        try {
            in = new FileInputStream(resourceFile(sslKeystore));
        } catch (Exception e) {
            in = new FileInputStream(sslKeystore);
        }
        KeyStore keystore = KeyStore.getInstance("JKS");
        keystore.load(in, sslKeystorePassword == null ? null : sslKeystorePassword.toString().toCharArray());
        keystore.setCertificateEntry(alias, certHolder.getCertificate());
        Certificate[] chain = certHolder.getChain();
        for (int i = 1; i < chain.length; i++) {
            keystore.setCertificateEntry(alias + "chain" + i, chain[i]);
        }
        // PrivateKey key = certHolder.getKey();
        // Certificate[] chain = new Certificate[] { certHolder.getCertificate() };
        // keystore.setEntry( alias, new PrivateKeyEntry( key, chain ),
        // new PasswordProtection( sslKeystorePassword.toCharArray() ) );
        keyManagerFactory.init(keystore, sslKeystorePassword == null ? null : sslKeystorePassword.toString().toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(keyManagers, new TrustManager[] { new CustomTrustManager() }, null);
        sslContextFactory.setSslContext(context);
        sslContextFactory.setNeedClientAuth(true);
        if (certHolder.getCertificate() instanceof X509Certificate) {
            X509Certificate x509cert = (X509Certificate) certHolder.getCertificate();
            Principal principal = x509cert.getSubjectDN();
            if (principal == null) {
                principal = x509cert.getIssuerDN();
            }
            final String username = principal == null ? "clientcert" : principal.getName();
            final char[] credential = B64Code.encode(x509cert.getSignature());
            addUser(username, String.valueOf(credential));
        } else {
            throw new IllegalArgumentException("Unsupported Certificate Type (need X509Certificate): " + certHolder.getCertificate().getClass());
        }
    } finally {
        if (in != null) {
            in.close();
        }
    }
}
Also used : FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) MalformedURLException(java.net.MalformedURLException) CertificateException(java.security.cert.CertificateException) Constraint(org.eclipse.jetty.util.security.Constraint) X509Certificate(java.security.cert.X509Certificate) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) KeyManager(javax.net.ssl.KeyManager) Principal(java.security.Principal) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 55 with KeyManager

use of javax.net.ssl.KeyManager in project nifi-registry by apache.

the class NiFiRegistryClientConfig method getSslContext.

public SSLContext getSslContext() {
    if (sslContext != null) {
        return sslContext;
    }
    final KeyManagerFactory keyManagerFactory;
    if (keystoreFilename != null && keystorePass != null && keystoreType != null) {
        try {
            // prepare the keystore
            final KeyStore keyStore = KeyStoreUtils.getKeyStore(keystoreType.name());
            try (final InputStream keyStoreStream = new FileInputStream(new File(keystoreFilename))) {
                keyStore.load(keyStoreStream, keystorePass.toCharArray());
            }
            keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            if (keyPass == null) {
                keyManagerFactory.init(keyStore, keystorePass.toCharArray());
            } else {
                keyManagerFactory.init(keyStore, keyPass.toCharArray());
            }
        } catch (final Exception e) {
            throw new IllegalStateException("Failed to load Keystore", e);
        }
    } else {
        keyManagerFactory = null;
    }
    final TrustManagerFactory trustManagerFactory;
    if (truststoreFilename != null && truststorePass != null && truststoreType != null) {
        try {
            // prepare the truststore
            final KeyStore trustStore = KeyStoreUtils.getTrustStore(truststoreType.name());
            try (final InputStream trustStoreStream = new FileInputStream(new File(truststoreFilename))) {
                trustStore.load(trustStoreStream, truststorePass.toCharArray());
            }
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(trustStore);
        } catch (final Exception e) {
            throw new IllegalStateException("Failed to load Truststore", e);
        }
    } else {
        trustManagerFactory = null;
    }
    if (keyManagerFactory != null || trustManagerFactory != null) {
        try {
            // initialize the ssl context
            KeyManager[] keyManagers = keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null;
            TrustManager[] trustManagers = trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null;
            final SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(keyManagers, trustManagers, new SecureRandom());
            sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
            return sslContext;
        } catch (final Exception e) {
            throw new IllegalStateException("Created keystore and truststore but failed to initialize SSLContext", e);
        }
    } else {
        return null;
    }
}
Also used : FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) File(java.io.File) KeyManager(javax.net.ssl.KeyManager)

Aggregations

KeyManager (javax.net.ssl.KeyManager)210 SSLContext (javax.net.ssl.SSLContext)127 TrustManager (javax.net.ssl.TrustManager)127 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)103 KeyStore (java.security.KeyStore)95 IOException (java.io.IOException)59 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)59 SecureRandom (java.security.SecureRandom)54 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)54 KeyManagementException (java.security.KeyManagementException)46 X509TrustManager (javax.net.ssl.X509TrustManager)45 KeyStoreException (java.security.KeyStoreException)42 X509KeyManager (javax.net.ssl.X509KeyManager)40 InputStream (java.io.InputStream)33 UnrecoverableKeyException (java.security.UnrecoverableKeyException)32 FileInputStream (java.io.FileInputStream)31 CertificateException (java.security.cert.CertificateException)30 GeneralSecurityException (java.security.GeneralSecurityException)24 X509Certificate (java.security.cert.X509Certificate)23 File (java.io.File)15
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial