Examples with KeyManager javax.net.ssl.KeyManager used on opensource projects

Example 76 with KeyManager

use of javax.net.ssl.KeyManager in project okhttp-OkGo by jeasonlzy.

the class HttpsUtils method getSslSocketFactoryBase.

private static SSLParams getSslSocketFactoryBase(X509TrustManager trustManager, InputStream bksFile, String password, InputStream... certificates) {
    SSLParams sslParams = new SSLParams();
    try {
        KeyManager[] keyManagers = prepareKeyManager(bksFile, password);
        TrustManager[] trustManagers = prepareTrustManager(certificates);
        X509TrustManager manager;
        if (trustManager != null) {
            // 优先使用用户自定义的TrustManager
            manager = trustManager;
        } else if (trustManagers != null) {
            // 然后使用默认的TrustManager
            manager = chooseTrustManager(trustManagers);
        } else {
            // 否则使用不安全的TrustManager
            manager = UnSafeTrustManager;
        }
        // 创建TLS类型的SSLContext对象， that uses our TrustManager
        SSLContext sslContext = SSLContext.getInstance("TLS");
        // 用上面得到的trustManagers初始化SSLContext，这样sslContext就会信任keyStore中的证书
        // 第一个参数是授权的密钥管理器，用来授权验证，比如授权自签名的证书验证。第二个是被授权的证书管理器，用来验证服务器端的证书
        sslContext.init(keyManagers, new TrustManager[] { manager }, null);
        // 通过sslContext获取SSLSocketFactory对象
        sslParams.sSLSocketFactory = sslContext.getSocketFactory();
        sslParams.trustManager = manager;
        return sslParams;
    } catch (NoSuchAlgorithmException e) {
        throw new AssertionError(e);
    } catch (KeyManagementException e) {
        throw new AssertionError(e);
    }
}

Example 77 with KeyManager

use of javax.net.ssl.KeyManager in project platformlayer by platformlayer.

the class MetricClientImpl method buildHttpClient.

private HttpClient buildHttpClient(CertificateAndKey certificateAndKey, List<String> trustKeys) {
    int port = metricBaseUrl.getPort();
    if (port == -1) {
        String scheme = metricBaseUrl.getScheme();
        if (scheme.equals("https")) {
            port = 443;
        } else if (scheme.equals("http")) {
            port = 80;
        } else {
            throw new IllegalArgumentException("Unknown scheme: " + scheme);
        }
    }
    SchemeSocketFactory schemeSocketFactory;
    try {
        KeyManager keyManager = new SimpleClientCertificateKeyManager(certificateAndKey);
        TrustManager trustManager;
        X509HostnameVerifier hostnameVerifier;
        if (trustKeys != null) {
            trustManager = new PublicKeyTrustManager(trustKeys);
            hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
        } else {
            trustManager = null;
            hostnameVerifier = SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
        }
        javax.net.ssl.SSLSocketFactory sslSocketFactory = SslHelpers.buildSslSocketFactory(keyManager, trustManager);
        schemeSocketFactory = new SSLSocketFactory(sslSocketFactory, hostnameVerifier);
    } catch (GeneralSecurityException e) {
        throw new IllegalArgumentException("Error building SSL client", e);
    }
    SchemeRegistry schemeRegistry = new SchemeRegistry();
    schemeRegistry.register(new Scheme("https", port, schemeSocketFactory));
    PoolingClientConnectionManager connectionManager = new PoolingClientConnectionManager(schemeRegistry);
    HttpClient httpClient = new DefaultHttpClient(connectionManager);
    httpClient = new DecompressingHttpClient(httpClient);
    return httpClient;
}

Example 78 with KeyManager

use of javax.net.ssl.KeyManager in project ignite by apache.

the class SslContextFactory method createSslContext.

/**
 * Creates SSL context based on factory settings.
 *
 * @return Initialized SSL context.
 * @throws SSLException If SSL context could not be created.
 */
private SSLContext createSslContext() throws SSLException {
    checkParameters();
    final KeyManager[] keyMgrs;
    try {
        KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(keyAlgorithm);
        KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath, keyStorePwd);
        keyMgrFactory.init(keyStore, keyStorePwd);
        keyMgrs = keyMgrFactory.getKeyManagers();
    } catch (NoSuchAlgorithmException e) {
        throw new SSLException("Unsupported keystore algorithm: " + keyAlgorithm, e);
    } catch (GeneralSecurityException e) {
        throw new SSLException("Failed to initialize key store (security exception occurred) [type=" + keyStoreType + ", keyStorePath=" + keyStoreFilePath + ']', e);
    }
    TrustManager[] trustMgrs = this.trustMgrs;
    if (trustMgrs == null) {
        try {
            TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(keyAlgorithm);
            KeyStore trustStore = loadKeyStore(trustStoreType, trustStoreFilePath, trustStorePwd);
            trustMgrFactory.init(trustStore);
            trustMgrs = trustMgrFactory.getTrustManagers();
        } catch (NoSuchAlgorithmException e) {
            throw new SSLException("Unsupported keystore algorithm: " + keyAlgorithm, e);
        } catch (GeneralSecurityException e) {
            throw new SSLException("Failed to initialize key store (security exception occurred) [type=" + keyStoreType + ", keyStorePath=" + keyStoreFilePath + ']', e);
        }
    }
    try {
        SSLContext ctx = SSLContext.getInstance(proto);
        if (cipherSuites != null || protocols != null) {
            SSLParameters sslParameters = new SSLParameters();
            if (cipherSuites != null)
                sslParameters.setCipherSuites(cipherSuites);
            if (protocols != null)
                sslParameters.setProtocols(protocols);
            ctx = new SSLContextWrapper(ctx, sslParameters);
        }
        ctx.init(keyMgrs, trustMgrs, null);
        return ctx;
    } catch (NoSuchAlgorithmException e) {
        throw new SSLException("Unsupported SSL protocol: " + proto, e);
    } catch (KeyManagementException e) {
        throw new SSLException("Failed to initialized SSL context.", e);
    }
}

Example 79 with KeyManager

use of javax.net.ssl.KeyManager in project oxCore by GluuFederation.

the class SslDefaultHttpClient method newSslSocketFactory.

private SSLSocketFactory newSslSocketFactory() {
    try {
        TrustManager[] trustManagers = this.trustManagers;
        if (useTrustManager) {
            trustManagers = getTrustManagers();
        }
        KeyManager[] keyManagers = null;
        if (useKeyManager) {
            keyManagers = getKeyManagers();
        }
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(keyManagers, trustManagers, new SecureRandom());
        // Pass the keystore to the SSLSocketFactory
        SSLSocketFactory sf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        return sf;
    } catch (Exception ex) {
        throw new IllegalArgumentException("Failed to load keystore", ex);
    }
}

Example 80 with KeyManager

use of javax.net.ssl.KeyManager in project syncany by syncany.

the class CipherUtil method createSSLContext.

/**
 * Creates an SSL context, given a key store and a trust store.
 */
public static SSLContext createSSLContext(KeyStore keyStore, KeyStore trustStore) throws Exception {
    try {
        // Server key and certificate
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, new char[0]);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        // Trusted certificates
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        // Create SSL context
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(keyManagers, trustManagers, null);
        return sslContext;
    } catch (Exception e) {
        throw new Exception("Unable to initialize SSL context", e);
    }
}