Examples with KeyManager javax.net.ssl.KeyManager used on opensource projects

Search in sources :

Example 61 with KeyManager

use of javax.net.ssl.KeyManager in project presto by prestodb.

the class OkHttpUtil method setupSsl.

public static void setupSsl(OkHttpClient.Builder clientBuilder, Optional<String> keyStorePath, Optional<String> keyStorePassword, Optional<String> trustStorePath, Optional<String> trustStorePassword) {
    if (!keyStorePath.isPresent() && !trustStorePath.isPresent()) {
        return;
    }
    try {
        // load KeyStore if configured and get KeyManagers
        KeyStore keyStore = null;
        KeyManager[] keyManagers = null;
        if (keyStorePath.isPresent()) {
            char[] keyManagerPassword;
            try {
                // attempt to read the key store as a PEM file
                keyStore = PemReader.loadKeyStore(new File(keyStorePath.get()), new File(keyStorePath.get()), keyStorePassword);
                // for PEM encoded keys, the password is used to decrypt the specific key (and does not protect the keystore itself)
                keyManagerPassword = new char[0];
            } catch (IOException | GeneralSecurityException ignored) {
                keyManagerPassword = keyStorePassword.map(String::toCharArray).orElse(null);
                keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                try (InputStream in = new FileInputStream(keyStorePath.get())) {
                    keyStore.load(in, keyManagerPassword);
                }
            }
            validateCertificates(keyStore);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, keyManagerPassword);
            keyManagers = keyManagerFactory.getKeyManagers();
        }
        // load TrustStore if configured, otherwise use KeyStore
        KeyStore trustStore = keyStore;
        if (trustStorePath.isPresent()) {
            trustStore = loadTrustStore(new File(trustStorePath.get()), trustStorePassword);
        }
        // create TrustManagerFactory
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);
        // get X509TrustManager
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if ((trustManagers.length != 1) || !(trustManagers[0] instanceof X509TrustManager)) {
            throw new RuntimeException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
        }
        X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
        // create SSLContext
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(keyManagers, new TrustManager[] { trustManager }, null);
        clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
    } catch (GeneralSecurityException | IOException e) {
        throw new ClientException("Error setting up SSL: " + e.getMessage(), e);
    }
}
Also used : FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyManager(javax.net.ssl.KeyManager) File(java.io.File)

Example 62 with KeyManager

use of javax.net.ssl.KeyManager in project presto by prestodb.

the class SslContextProvider method buildSslContext.

public Optional<SSLContext> buildSslContext() {
    if (!keystorePath.isPresent() && !truststorePath.isPresent()) {
        return Optional.empty();
    }
    try {
        // load KeyStore if configured and get KeyManagers
        KeyStore keystore = null;
        KeyManager[] keyManagers = null;
        if (keystorePath.isPresent()) {
            char[] keyManagerPassword;
            try {
                // attempt to read the key store as a PEM file
                keystore = loadKeyStore(keystorePath.get(), keystorePath.get(), keystorePassword);
                // for PEM encoded keys, the password is used to decrypt the specific key (and does not
                // protect the keystore itself)
                keyManagerPassword = new char[0];
            } catch (IOException | GeneralSecurityException ignored) {
                keyManagerPassword = keystorePassword.map(String::toCharArray).orElse(null);
                keystore = KeyStore.getInstance(KeyStore.getDefaultType());
                try (InputStream in = new FileInputStream(keystorePath.get())) {
                    keystore.load(in, keyManagerPassword);
                }
            }
            validateCertificates(keystore);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keystore, keyManagerPassword);
            keyManagers = keyManagerFactory.getKeyManagers();
        }
        // load TrustStore if configured, otherwise use KeyStore
        KeyStore truststore = keystore;
        if (truststorePath.isPresent()) {
            truststore = loadTrustStore(truststorePath.get(), truststorePassword);
        }
        // create TrustManagerFactory
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(truststore);
        // get X509TrustManager
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if ((trustManagers.length != 1) || !(trustManagers[0] instanceof X509TrustManager)) {
            throw new RuntimeException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
        }
        X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
        // create SSLContext
        SSLContext result = SSLContext.getInstance("SSL");
        result.init(keyManagers, new TrustManager[] { trustManager }, null);
        return Optional.of(result);
    } catch (GeneralSecurityException | IOException e) {
        throw new PrestoException(CASSANDRA_SSL_INITIALIZATION_FAILURE, e);
    }
}
Also used : FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) GeneralSecurityException(java.security.GeneralSecurityException) PrestoException(com.facebook.presto.spi.PrestoException) IOException(java.io.IOException) SSLContext(javax.net.ssl.SSLContext) PemReader.loadKeyStore(com.facebook.airlift.security.pem.PemReader.loadKeyStore) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyManager(javax.net.ssl.KeyManager)

Example 63 with KeyManager

use of javax.net.ssl.KeyManager in project ninja by ninjaframework.

the class StandaloneHelper method createSSLContext.

public static SSLContext createSSLContext(URI keystoreUri, char[] keystorePassword, URI truststoreUri, char[] truststorePassword) throws Exception {
    // load keystore
    KeyStore keystore = loadKeyStore(keystoreUri, keystorePassword);
    KeyManager[] keyManagers;
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keystore, keystorePassword);
    keyManagers = keyManagerFactory.getKeyManagers();
    // load truststore
    KeyStore truststore = loadKeyStore(truststoreUri, truststorePassword);
    TrustManager[] trustManagers;
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(truststore);
    trustManagers = trustManagerFactory.getTrustManagers();
    SSLContext sslContext;
    sslContext = SSLContext.getInstance("TLS");
    sslContext.init(keyManagers, trustManagers, null);
    return sslContext;
}
Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) KeyManager(javax.net.ssl.KeyManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager)

Example 64 with KeyManager

use of javax.net.ssl.KeyManager in project pinpoint by naver.

the class CertService method newSSLContext.

private SSLContext newSSLContext(KeyManagerFactory kmf, TrustManagerFactory tmf) throws NoSuchAlgorithmException, KeyManagementException {
    SSLContext sslContext = SSLContext.getInstance("SSL");
    KeyManager[] keyManagers = kmf.getKeyManagers();
    TrustManager[] trustManagers = tmf.getTrustManagers();
    sslContext.init(keyManagers, trustManagers, new SecureRandom());
    return sslContext;
}
Also used : SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) KeyManager(javax.net.ssl.KeyManager) TrustManager(javax.net.ssl.TrustManager)

Example 65 with KeyManager

use of javax.net.ssl.KeyManager in project druid by druid-io.

the class TLSUtils method createSSLContext.

public static SSLContext createSSLContext(@Nullable String protocol, @Nullable String trustStoreType, String trustStorePath, @Nullable String trustStoreAlgorithm, @Nullable PasswordProvider trustStorePasswordProvider, @Nullable String keyStoreType, @Nullable String keyStorePath, @Nullable String keyStoreAlgorithm, @Nullable String certAlias, @Nullable PasswordProvider keyStorePasswordProvider, @Nullable PasswordProvider keyManagerFactoryPasswordProvider, @Nullable Boolean validateHostnames, TLSCertificateChecker tlsCertificateChecker) {
    SSLContext sslContext;
    try {
        sslContext = SSLContext.getInstance(protocol == null ? "TLSv1.2" : protocol);
        KeyStore trustStore = KeyStore.getInstance(trustStoreType == null ? KeyStore.getDefaultType() : trustStoreType);
        try (final InputStream trustStoreFileStream = Files.newInputStream(Paths.get(trustStorePath))) {
            trustStore.load(trustStoreFileStream, trustStorePasswordProvider == null ? null : trustStorePasswordProvider.getPassword().toCharArray());
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustStoreAlgorithm == null ? TrustManagerFactory.getDefaultAlgorithm() : trustStoreAlgorithm);
        trustManagerFactory.init(trustStore);
        KeyManager[] keyManagers;
        if (keyStorePath != null) {
            KeyStore keyStore = KeyStore.getInstance(keyStoreType == null ? KeyStore.getDefaultType() : keyStoreType);
            try (final InputStream keyStoreFileStream = Files.newInputStream(Paths.get(keyStorePath))) {
                keyStore.load(keyStoreFileStream, keyStorePasswordProvider == null ? null : keyStorePasswordProvider.getPassword().toCharArray());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyStoreAlgorithm == null ? KeyManagerFactory.getDefaultAlgorithm() : keyStoreAlgorithm);
                keyManagerFactory.init(keyStore, keyManagerFactoryPasswordProvider == null ? null : keyManagerFactoryPasswordProvider.getPassword().toCharArray());
                keyManagers = createAliasedKeyManagers(keyManagerFactory.getKeyManagers(), certAlias);
            }
        } else {
            keyManagers = null;
        }
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        TrustManager[] newTrustManagers = new TrustManager[trustManagers.length];
        for (int i = 0; i < trustManagers.length; i++) {
            if (trustManagers[i] instanceof X509ExtendedTrustManager) {
                newTrustManagers[i] = new CustomCheckX509TrustManager((X509ExtendedTrustManager) trustManagers[i], tlsCertificateChecker, validateHostnames == null ? true : validateHostnames);
            } else {
                newTrustManagers[i] = trustManagers[i];
                log.info("Encountered non-X509ExtendedTrustManager: " + trustManagers[i].getClass());
            }
        }
        sslContext.init(keyManagers, newTrustManagers, null);
    } catch (CertificateException | KeyManagementException | IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
        throw new RuntimeException(e);
    }
    return sslContext;
}
Also used : X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) InputStream(java.io.InputStream) CertificateException(java.security.cert.CertificateException) SSLContext(javax.net.ssl.SSLContext) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStore(java.security.KeyStore) KeyManagementException(java.security.KeyManagementException) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) UnrecoverableKeyException(java.security.UnrecoverableKeyException) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyManager(javax.net.ssl.KeyManager) AliasedX509ExtendedKeyManager(org.eclipse.jetty.util.ssl.AliasedX509ExtendedKeyManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager)

Aggregations

KeyManager (javax.net.ssl.KeyManager)210 SSLContext (javax.net.ssl.SSLContext)127 TrustManager (javax.net.ssl.TrustManager)127 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)103 KeyStore (java.security.KeyStore)95 IOException (java.io.IOException)59 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)59 SecureRandom (java.security.SecureRandom)54 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)54 KeyManagementException (java.security.KeyManagementException)46 X509TrustManager (javax.net.ssl.X509TrustManager)45 KeyStoreException (java.security.KeyStoreException)42 X509KeyManager (javax.net.ssl.X509KeyManager)40 InputStream (java.io.InputStream)33 UnrecoverableKeyException (java.security.UnrecoverableKeyException)32 FileInputStream (java.io.FileInputStream)31 CertificateException (java.security.cert.CertificateException)30 GeneralSecurityException (java.security.GeneralSecurityException)24 X509Certificate (java.security.cert.X509Certificate)23 File (java.io.File)15
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial