Examples with KeyManager javax.net.ssl.KeyManager used on opensource projects

Search in sources :

Example 81 with KeyManager

use of javax.net.ssl.KeyManager in project ddf by codice.

the class SecureCxfClientFactoryImpl method configureConduit.

@SuppressWarnings("squid:S3776")
private void configureConduit(ClientConfiguration clientConfig) {
    HTTPConduit httpConduit = clientConfig.getHttpConduit();
    if (httpConduit == null) {
        LOGGER.info("HTTPConduit was null for {}. Unable to configure security.", this);
        return;
    }
    if (allowRedirects) {
        HTTPClientPolicy clientPolicy = httpConduit.getClient();
        if (clientPolicy != null) {
            clientPolicy.setAutoRedirect(true);
            Bus bus = clientConfig.getBus();
            if (bus != null) {
                bus.getProperties().put(AUTO_REDIRECT_ALLOW_REL_URI, true);
                bus.getProperties().put(AUTO_REDIRECT_MAX_SAME_URI_COUNT, getSameUriRedirectMax());
            }
        }
    }
    TLSClientParameters tlsParams = httpConduit.getTlsClientParameters();
    if (tlsParams == null) {
        tlsParams = new TLSClientParameters();
    }
    tlsParams.setDisableCNCheck(disableCnCheck);
    tlsParams.setUseHttpsURLConnectionDefaultHostnameVerifier(!disableCnCheck);
    String cipherSuites = System.getProperty("https.cipherSuites");
    if (cipherSuites != null) {
        tlsParams.setCipherSuites(Arrays.asList(cipherSuites.split(",")));
    }
    KeyStore keyStore = null;
    KeyStore trustStore = null;
    try {
        keyStore = SecurityConstants.newKeystore();
        trustStore = SecurityConstants.newTruststore();
    } catch (KeyStoreException e) {
        LOGGER.debug("Unable to create keystore instance of type {}", System.getProperty(SecurityConstants.KEYSTORE_TYPE), e);
    }
    Path keyStoreFile;
    if (keyInfo != null && keyInfo.getKeystorePath() != null) {
        keyStoreFile = keyInfo.getKeystorePath();
    } else {
        keyStoreFile = Paths.get(SecurityConstants.getKeystorePath());
    }
    Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath());
    String ddfHome = System.getProperty("ddf.home");
    if (ddfHome != null) {
        Path ddfHomePath = Paths.get(ddfHome);
        if (!keyStoreFile.isAbsolute()) {
            keyStoreFile = Paths.get(ddfHomePath.toString(), keyStoreFile.toString());
        }
        if (!trustStoreFile.isAbsolute()) {
            trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString());
        }
    }
    String keyStorePassword = SecurityConstants.getKeystorePassword();
    String trustStorePassword = SecurityConstants.getTruststorePassword();
    if (!Files.isReadable(keyStoreFile) || !Files.isReadable(trustStoreFile)) {
        LOGGER.debug("Unable to read system key/trust store files: [ {} ] [ {} ]", keyStoreFile, trustStoreFile);
        return;
    }
    try (InputStream kfis = Files.newInputStream(keyStoreFile)) {
        if (keyStore != null) {
            keyStore.load(kfis, keyStorePassword.toCharArray());
        }
    } catch (NoSuchAlgorithmException | CertificateException | IOException e) {
        LOGGER.debug("Unable to load system key file.", e);
    }
    try (InputStream tfis = Files.newInputStream(trustStoreFile)) {
        if (trustStore != null) {
            trustStore.load(tfis, trustStorePassword.toCharArray());
        }
    } catch (NoSuchAlgorithmException | CertificateException | IOException e) {
        LOGGER.debug("Unable to load system trust file.", e);
    }
    KeyManager[] keyManagers = null;
    try {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
        keyManagers = keyManagerFactory.getKeyManagers();
        tlsParams.setKeyManagers(keyManagers);
    } catch (NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e) {
        LOGGER.debug("Unable to initialize KeyManagerFactory.", e);
    }
    TrustManager[] trustManagers = null;
    try {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);
        trustManagers = trustManagerFactory.getTrustManagers();
        tlsParams.setTrustManagers(trustManagers);
    } catch (NoSuchAlgorithmException | KeyStoreException e) {
        LOGGER.debug("Unable to initialize TrustManagerFactory.", e);
    }
    if (keyInfo != null) {
        LOGGER.trace("Using keystore file: {}, alias: {}", keyStoreFile, keyInfo.getAlias());
        tlsParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false);
        tlsParams.setCertAlias(keyInfo.getAlias());
        try {
            if (keyManagers == null) {
                throw new KeyManagementException("keyManagers was null");
            }
            boolean validProtocolFound = false;
            String validProtocolsStr = System.getProperty("jdk.tls.client.protocols");
            if (StringUtils.isNotBlank(validProtocolsStr)) {
                String[] validProtocols = validProtocolsStr.split(",");
                for (String validProtocol : validProtocols) {
                    if (validProtocol.equals(sslProtocol)) {
                        validProtocolFound = true;
                        break;
                    }
                }
                if (!validProtocolFound) {
                    LOGGER.error("{} is not in list of valid SSL protocols {}", sslProtocol, validProtocolsStr);
                }
            } else {
                validProtocolFound = true;
            }
            if (validProtocolFound) {
                tlsParams.setSSLSocketFactory(getSSLSocketFactory(sslProtocol, keyInfo.getAlias(), keyManagers, trustManagers));
            }
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            LOGGER.debug("Unable to override default SSL Socket Factory", e);
        }
    } else {
        tlsParams.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
        tlsParams.setCertAlias(SystemBaseUrl.INTERNAL.getHost());
    }
    httpConduit.setTlsClientParameters(tlsParams);
}
Also used : TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyManagementException(java.security.KeyManagementException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager) Path(java.nio.file.Path) Bus(org.apache.cxf.Bus) InputStream(java.io.InputStream) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) KeyStore(java.security.KeyStore) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) HTTPConduit(org.apache.cxf.transport.http.HTTPConduit) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) HTTPClientPolicy(org.apache.cxf.transports.http.configuration.HTTPClientPolicy)

Example 82 with KeyManager

use of javax.net.ssl.KeyManager in project Payara by payara.

the class JSSE14SocketFactory method getKeyManagers.

/**
 * Gets the initialized key managers.
 */
protected KeyManager[] getKeyManagers(String algorithm, String keyAlias) throws Exception {
    KeyManager[] kms = null;
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
    String keystorePass = getKeystorePassword();
    ArrayList<KeyStore> ks = getKeystore(keystorePass);
    if (keyAlias != null) {
        boolean keyEntryMatch = false;
        for (KeyStore keystore : ks) {
            if (keystore.isKeyEntry(keyAlias)) {
                kmf.init(keystore, keystorePass.toCharArray());
                kms = kmf.getKeyManagers();
                kms[0] = new JSSEKeyManager((X509KeyManager) kms[0], keyAlias);
                keyEntryMatch = true;
                break;
            }
        }
        if (!keyEntryMatch) {
            throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias));
        }
    } else {
        kmf.init(ks.get(0), keystorePass.toCharArray());
        kms = kmf.getKeyManagers();
    }
    return kms;
}
Also used : X509KeyManager(javax.net.ssl.X509KeyManager) IOException(java.io.IOException) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager) KeyStore(java.security.KeyStore) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 83 with KeyManager

use of javax.net.ssl.KeyManager in project Payara by payara.

the class SSLUtils method getAdminSSLContext.

/*
     * @param alias the admin key alias
     *
     * @param protocol the protocol or null, uses "TLS" if this argument is null.
     *
     * @return the initialized SSLContext
     */
public SSLContext getAdminSSLContext(String alias, String protocol) {
    try {
        if (protocol == null) {
            protocol = "TLS";
        }
        SSLContext adminSSLContextxt = SSLContext.getInstance(protocol);
        KeyManager[] keyManagers = getKeyManagers();
        if (alias != null && alias.length() > 0 && keyManagers != null) {
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagers[i] = new J2EEKeyManager((X509KeyManager) keyManagers[i], alias);
            }
        }
        adminSSLContextxt.init(keyManagers, getTrustManagers(), null);
        return adminSSLContextxt;
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : X509KeyManager(javax.net.ssl.X509KeyManager) SSLContext(javax.net.ssl.SSLContext) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager) KeyStoreException(java.security.KeyStoreException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AccessControlException(java.security.AccessControlException)

Example 84 with KeyManager

use of javax.net.ssl.KeyManager in project chuidiang-ejemplos by chuidiang.

the class Main method coinfigureJettyTLs.

public static void coinfigureJettyTLs() throws Exception {
    /*
         * create a JettyHTTPServerEngineFactory to handle the configuration of
         * network port numbers for use with "HTTPS"
         */
    JettyHTTPServerEngineFactory jettyHTTPServerEngineFactory = new JettyHTTPServerEngineFactory();
    // load the key store containing the server certificate
    File keyStoreFile = new File(KEY_STORE_PATH_NAME);
    KeyStore keyStore = KeyStore.getInstance("PKCS12");
    keyStore.load(new FileInputStream(keyStoreFile), KEY_STORE_PASSWORD.toCharArray());
    // create a key manager to handle the server private/public key pair
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keyStore, PRIVATE_KEY_PASSWORD.toCharArray());
    KeyManager[] keyManager = keyManagerFactory.getKeyManagers();
    // set the TLSServerParameters on theJettyHTTPServerEngineFactory
    TLSServerParameters tLSServerParameters = new TLSServerParameters();
    tLSServerParameters.setKeyManagers(keyManager);
    jettyHTTPServerEngineFactory.setTLSServerParametersForPort(9443, tLSServerParameters);
}
Also used : JettyHTTPServerEngineFactory(org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory) File(java.io.File) KeyStore(java.security.KeyStore) KeyManager(javax.net.ssl.KeyManager) FileInputStream(java.io.FileInputStream) TLSServerParameters(org.apache.cxf.configuration.jsse.TLSServerParameters) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 85 with KeyManager

use of javax.net.ssl.KeyManager in project qpid-broker-j by apache.

the class SSLUtil method createSslContext.

public static SSLContext createSslContext(final org.apache.qpid.server.model.KeyStore keyStore, final Collection<TrustStore> trustStores, final String portName) {
    SSLContext sslContext;
    try {
        sslContext = tryGetSSLContext();
        KeyManager[] keyManagers = keyStore.getKeyManagers();
        TrustManager[] trustManagers;
        if (trustStores == null || trustStores.isEmpty()) {
            trustManagers = null;
        } else if (trustStores.size() == 1) {
            trustManagers = trustStores.iterator().next().getTrustManagers();
        } else {
            Collection<TrustManager> trustManagerList = new ArrayList<>();
            final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
            for (TrustStore ts : trustStores) {
                TrustManager[] managers = ts.getTrustManagers();
                if (managers != null) {
                    for (TrustManager manager : managers) {
                        if (manager instanceof X509TrustManager) {
                            mulTrustManager.addTrustManager((X509TrustManager) manager);
                        } else {
                            trustManagerList.add(manager);
                        }
                    }
                }
            }
            if (!mulTrustManager.isEmpty()) {
                trustManagerList.add(mulTrustManager);
            }
            trustManagers = trustManagerList.toArray(new TrustManager[trustManagerList.size()]);
        }
        sslContext.init(keyManagers, trustManagers, null);
    } catch (GeneralSecurityException e) {
        throw new IllegalArgumentException(String.format("Cannot configure TLS on port '%s'", portName), e);
    }
    return sslContext;
}
Also used : X509TrustManager(javax.net.ssl.X509TrustManager) GeneralSecurityException(java.security.GeneralSecurityException) Collection(java.util.Collection) SSLContext(javax.net.ssl.SSLContext) TrustStore(org.apache.qpid.server.model.TrustStore) KeyManager(javax.net.ssl.KeyManager) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Aggregations

KeyManager (javax.net.ssl.KeyManager)210 SSLContext (javax.net.ssl.SSLContext)127 TrustManager (javax.net.ssl.TrustManager)127 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)103 KeyStore (java.security.KeyStore)95 IOException (java.io.IOException)59 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)59 SecureRandom (java.security.SecureRandom)54 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)54 KeyManagementException (java.security.KeyManagementException)46 X509TrustManager (javax.net.ssl.X509TrustManager)45 KeyStoreException (java.security.KeyStoreException)42 X509KeyManager (javax.net.ssl.X509KeyManager)40 InputStream (java.io.InputStream)33 UnrecoverableKeyException (java.security.UnrecoverableKeyException)32 FileInputStream (java.io.FileInputStream)31 CertificateException (java.security.cert.CertificateException)30 GeneralSecurityException (java.security.GeneralSecurityException)24 X509Certificate (java.security.cert.X509Certificate)23 File (java.io.File)15
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial