use of javax.net.ssl.KeyManager in project ecf by eclipse.
the class XMPPConnection method proceedTLSReceived.
/**
* The server has indicated that TLS negotiation can start. We now need to secure the
* existing plain connection and perform a handshake. This method won't return until the
* connection has finished the handshake or an error occured while securing the connection.
*
* @throws Exception if an exception occurs.
*/
void proceedTLSReceived() throws Exception {
SSLContext context = this.config.getCustomSSLContext();
KeyStore ks = null;
KeyManager[] kms = null;
PasswordCallback pcb = null;
if (config.getCallbackHandler() == null) {
ks = null;
} else if (context == null) {
// System.out.println("Keystore type: "+configuration.getKeystoreType());
if (config.getKeystoreType().equals("NONE")) {
ks = null;
pcb = null;
} else if (config.getKeystoreType().equals("PKCS11")) {
try {
Constructor<?> c = Class.forName("sun.security.pkcs11.SunPKCS11").getConstructor(InputStream.class);
String pkcs11Config = "name = SmartCard\nlibrary = " + config.getPKCS11Library();
ByteArrayInputStream config = new ByteArrayInputStream(pkcs11Config.getBytes());
Provider p = (Provider) c.newInstance(config);
Security.addProvider(p);
ks = KeyStore.getInstance("PKCS11", p);
pcb = new PasswordCallback("PKCS11 Password: ", false);
this.config.getCallbackHandler().handle(new Callback[] { pcb });
ks.load(null, pcb.getPassword());
} catch (Exception e) {
ks = null;
pcb = null;
}
} else if (config.getKeystoreType().equals("Apple")) {
ks = KeyStore.getInstance("KeychainStore", "Apple");
ks.load(null, null);
// pcb = new PasswordCallback("Apple Keychain",false);
// pcb.setPassword(null);
} else {
ks = KeyStore.getInstance(config.getKeystoreType());
try {
pcb = new PasswordCallback("Keystore Password: ", false);
config.getCallbackHandler().handle(new Callback[] { pcb });
ks.load(new FileInputStream(config.getKeystorePath()), pcb.getPassword());
} catch (Exception e) {
ks = null;
pcb = null;
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
try {
if (pcb == null) {
kmf.init(ks, null);
} else {
kmf.init(ks, pcb.getPassword());
pcb.clearPassword();
}
kms = kmf.getKeyManagers();
} catch (NullPointerException npe) {
kms = null;
}
}
// Verify certificate presented by the server
if (context == null) {
context = SSLContext.getInstance("TLS");
context.init(kms, new javax.net.ssl.TrustManager[] { new ServerTrustManager(getServiceName(), config) }, new java.security.SecureRandom());
}
Socket plain = socket;
// Secure the plain connection
socket = context.getSocketFactory().createSocket(plain, plain.getInetAddress().getHostAddress(), plain.getPort(), true);
socket.setSoTimeout(0);
socket.setKeepAlive(true);
// Initialize the reader and writer with the new secured version
initReaderAndWriter();
// Proceed to do the handshake
((SSLSocket) socket).startHandshake();
// if (((SSLSocket) socket).getWantClientAuth()) {
// System.err.println("Connection wants client auth");
// }
// else if (((SSLSocket) socket).getNeedClientAuth()) {
// System.err.println("Connection needs client auth");
// }
// else {
// System.err.println("Connection does not require client auth");
// }
// Set that TLS was successful
usingTLS = true;
// Set the new writer to use
packetWriter.setWriter(writer);
// Send a new opening stream to the server
packetWriter.openStream();
}
use of javax.net.ssl.KeyManager in project ultrasonic by ultrasonic.
the class SSLSocketFactory method createSSLContext.
private static SSLContext createSSLContext(String algorithm, final KeyStore keystore, final String keyStorePassword, final SecureRandom random, final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException {
if (algorithm == null) {
algorithm = TLS;
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, keyStorePassword != null ? keyStorePassword.toCharArray() : null);
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers != null && trustStrategy != null) {
for (int i = 0; i < trustManagers.length; i++) {
TrustManager tm = trustManagers[i];
if (tm instanceof X509TrustManager) {
trustManagers[i] = new TrustManagerDecorator((X509TrustManager) tm, trustStrategy);
}
}
}
SSLContext sslcontext = SSLContext.getInstance(algorithm);
sslcontext.init(keyManagers, trustManagers, random);
return sslcontext;
}
use of javax.net.ssl.KeyManager in project nimbus by nimbus-org.
the class SSLServerSocketFactory method getKeyManagers.
protected KeyManager[] getKeyManagers() throws Exception {
KeyManager[] keyManager = null;
KeyStore store = getKeyStore();
if (keyAlias != null && !store.isKeyEntry(keyAlias)) {
throw new IOException("KeyAlias is not entried. " + keyAlias);
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyStoreAlgorithm);
keyManagerFactory.init(store, keyPassword.toCharArray());
keyManager = keyManagerFactory.getKeyManagers();
if (keyAlias != null) {
if (DEFAULT_KEYSTORE_TYPE.equals(keyStoreType)) {
keyAlias = keyAlias.toLowerCase();
}
for (int i = 0; i < keyManager.length; i++) {
keyManager[i] = new X509KeyManagerWrapper((X509KeyManager) keyManager[i], keyAlias);
}
}
return keyManager;
}
use of javax.net.ssl.KeyManager in project goodies by sonatype.
the class JettyServerProvider method addCertificate.
/**
* Adds the given certificate to the keystore for use with AUTH-CERT.
*
* @param alias The alias to use for the key in the keystore.
* @param certHolder The key and certificate to use.
*/
public void addCertificate(String alias, CertificateHolder certHolder) throws Exception {
checkArgument(sslContextFactory != null, "Cannot add user CERT w/o SSL configured!");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
InputStream in = null;
try {
try {
in = new FileInputStream(resourceFile(sslKeystore));
} catch (Exception e) {
in = new FileInputStream(sslKeystore);
}
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(in, sslKeystorePassword == null ? null : sslKeystorePassword.toString().toCharArray());
keystore.setCertificateEntry(alias, certHolder.getCertificate());
Certificate[] chain = certHolder.getChain();
for (int i = 1; i < chain.length; i++) {
keystore.setCertificateEntry(alias + "chain" + i, chain[i]);
}
// PrivateKey key = certHolder.getKey();
// Certificate[] chain = new Certificate[] { certHolder.getCertificate() };
// keystore.setEntry( alias, new PrivateKeyEntry( key, chain ),
// new PasswordProtection( sslKeystorePassword.toCharArray() ) );
keyManagerFactory.init(keystore, sslKeystorePassword == null ? null : sslKeystorePassword.toString().toCharArray());
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagers, new TrustManager[] { new CustomTrustManager() }, null);
sslContextFactory.setSslContext(context);
sslContextFactory.setNeedClientAuth(true);
if (certHolder.getCertificate() instanceof X509Certificate) {
X509Certificate x509cert = (X509Certificate) certHolder.getCertificate();
Principal principal = x509cert.getSubjectDN();
if (principal == null) {
principal = x509cert.getIssuerDN();
}
final String username = principal == null ? "clientcert" : principal.getName();
final char[] credential = B64Code.encode(x509cert.getSignature());
addUser(username, String.valueOf(credential));
} else {
throw new IllegalArgumentException("Unsupported Certificate Type (need X509Certificate): " + certHolder.getCertificate().getClass());
}
} finally {
if (in != null) {
in.close();
}
}
}
use of javax.net.ssl.KeyManager in project nifi-registry by apache.
the class NiFiRegistryClientConfig method getSslContext.
public SSLContext getSslContext() {
if (sslContext != null) {
return sslContext;
}
final KeyManagerFactory keyManagerFactory;
if (keystoreFilename != null && keystorePass != null && keystoreType != null) {
try {
// prepare the keystore
final KeyStore keyStore = KeyStoreUtils.getKeyStore(keystoreType.name());
try (final InputStream keyStoreStream = new FileInputStream(new File(keystoreFilename))) {
keyStore.load(keyStoreStream, keystorePass.toCharArray());
}
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
if (keyPass == null) {
keyManagerFactory.init(keyStore, keystorePass.toCharArray());
} else {
keyManagerFactory.init(keyStore, keyPass.toCharArray());
}
} catch (final Exception e) {
throw new IllegalStateException("Failed to load Keystore", e);
}
} else {
keyManagerFactory = null;
}
final TrustManagerFactory trustManagerFactory;
if (truststoreFilename != null && truststorePass != null && truststoreType != null) {
try {
// prepare the truststore
final KeyStore trustStore = KeyStoreUtils.getTrustStore(truststoreType.name());
try (final InputStream trustStoreStream = new FileInputStream(new File(truststoreFilename))) {
trustStore.load(trustStoreStream, truststorePass.toCharArray());
}
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
} catch (final Exception e) {
throw new IllegalStateException("Failed to load Truststore", e);
}
} else {
trustManagerFactory = null;
}
if (keyManagerFactory != null || trustManagerFactory != null) {
try {
// initialize the ssl context
KeyManager[] keyManagers = keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null;
TrustManager[] trustManagers = trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null;
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, new SecureRandom());
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
return sslContext;
} catch (final Exception e) {
throw new IllegalStateException("Created keystore and truststore but failed to initialize SSLContext", e);
}
} else {
return null;
}
}
Aggregations