Examples with KeyManager - javax.net.ssl.KeyManager

Example 86 with KeyManager

use of javax.net.ssl.KeyManager in project ambry by linkedin.

the class JdkSslFactory method createSSLContext.

/**
 * Create {@link SSLContext} by loading keystore and trustsotre
 * One factory only has one SSLContext
 * @param sslConfig the config for setting up the {@link SSLContext}
 * @return SSLContext
 * @throws GeneralSecurityException
 * @throws IOException
 */
private SSLContext createSSLContext(SSLConfig sslConfig) throws GeneralSecurityException, IOException {
    SSLContext sslContext;
    if (!sslConfig.sslContextProvider.isEmpty()) {
        sslContext = SSLContext.getInstance(sslConfig.sslContextProtocol, sslConfig.sslContextProvider);
    } else {
        sslContext = SSLContext.getInstance(sslConfig.sslContextProtocol);
    }
    SecurityStore keystore = new SecurityStore(sslConfig.sslKeystoreType, sslConfig.sslKeystorePath, sslConfig.sslKeystorePassword);
    String kmfAlgorithm = sslConfig.sslKeymanagerAlgorithm.isEmpty() ? KeyManagerFactory.getDefaultAlgorithm() : sslConfig.sslKeymanagerAlgorithm;
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmfAlgorithm);
    KeyStore ks = keystore.load();
    String keyPassword = sslConfig.sslKeyPassword.isEmpty() ? keystore.password : sslConfig.sslKeyPassword;
    kmf.init(ks, keyPassword.toCharArray());
    KeyManager[] keyManagers = kmf.getKeyManagers();
    String tmfAlgorithm = sslConfig.sslTrustmanagerAlgorithm.isEmpty() ? TrustManagerFactory.getDefaultAlgorithm() : sslConfig.sslTrustmanagerAlgorithm;
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
    KeyStore ts = new SecurityStore(sslConfig.sslTruststoreType, sslConfig.sslTruststorePath, sslConfig.sslTruststorePassword).load();
    tmf.init(ts);
    sslContext.init(keyManagers, tmf.getTrustManagers(), sslConfig.sslSecureRandomAlgorithm.isEmpty() ? new SecureRandom() : SecureRandom.getInstance(sslConfig.sslSecureRandomAlgorithm));
    return sslContext;
}

Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) KeyManager(javax.net.ssl.KeyManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 87 with KeyManager

use of javax.net.ssl.KeyManager in project cxf by apache.

the class HttpConduitConfigurationTest method verifyConduit.

private void verifyConduit(HTTPConduit conduit) {
    AuthorizationPolicy authp = conduit.getAuthorization();
    assertNotNull(authp);
    assertEquals("Betty", authp.getUserName());
    assertEquals("password", authp.getPassword());
    TLSClientParameters tlscps = conduit.getTlsClientParameters();
    assertNotNull(tlscps);
    assertTrue(tlscps.isDisableCNCheck());
    assertEquals(3600000, tlscps.getSslCacheTimeout());
    KeyManager[] kms = tlscps.getKeyManagers();
    assertTrue(kms != null && kms.length == 1);
    assertTrue(kms[0] instanceof X509KeyManager);
    TrustManager[] tms = tlscps.getTrustManagers();
    assertTrue(tms != null && tms.length == 1);
    assertTrue(tms[0] instanceof X509TrustManager);
    FiltersType csfs = tlscps.getCipherSuitesFilter();
    assertNotNull(csfs);
    assertEquals(1, csfs.getInclude().size());
    assertEquals(1, csfs.getExclude().size());
    HTTPClientPolicy clientPolicy = conduit.getClient();
    assertEquals(10240, clientPolicy.getChunkLength());
}

Also used : AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy) TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) X509TrustManager(javax.net.ssl.X509TrustManager) X509KeyManager(javax.net.ssl.X509KeyManager) HTTPClientPolicy(org.apache.cxf.transports.http.configuration.HTTPClientPolicy) FiltersType(org.apache.cxf.configuration.security.FiltersType) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 88 with KeyManager

use of javax.net.ssl.KeyManager in project cxf by apache.

the class JettyHTTPServerEngine method createSSLContext.

protected SSLContext createSSLContext(SslContextFactory scf) throws Exception {
    String proto = tlsServerParameters.getSecureSocketProtocol() == null ? "TLS" : tlsServerParameters.getSecureSocketProtocol();
    // Jetty 9 excludes SSLv3 by default. So if we want it then we need to
    // remove it from the default excluded protocols
    boolean allowSSLv3 = "SSLv3".equals(proto);
    if (allowSSLv3 || !tlsServerParameters.getIncludeProtocols().isEmpty()) {
        List<String> excludedProtocols = new ArrayList<>();
        for (String excludedProtocol : scf.getExcludeProtocols()) {
            if (!(tlsServerParameters.getIncludeProtocols().contains(excludedProtocol) || (allowSSLv3 && ("SSLv3".equals(excludedProtocol) || "SSLv2Hello".equals(excludedProtocol))))) {
                excludedProtocols.add(excludedProtocol);
            }
        }
        String[] revisedProtocols = new String[excludedProtocols.size()];
        excludedProtocols.toArray(revisedProtocols);
        scf.setExcludeProtocols(revisedProtocols);
    }
    for (String p : tlsServerParameters.getExcludeProtocols()) {
        scf.addExcludeProtocols(p);
    }
    SSLContext context = tlsServerParameters.getJsseProvider() == null ? SSLContext.getInstance(detectProto(proto, allowSSLv3)) : SSLContext.getInstance(detectProto(proto, allowSSLv3), tlsServerParameters.getJsseProvider());
    KeyManager[] keyManagers = tlsServerParameters.getKeyManagers();
    KeyManager[] configuredKeyManagers = org.apache.cxf.transport.https.SSLUtils.configureKeyManagersWithCertAlias(tlsServerParameters, keyManagers);
    context.init(configuredKeyManagers, tlsServerParameters.getTrustManagers(), tlsServerParameters.getSecureRandom());
    // Set the CipherSuites
    final String[] supportedCipherSuites = SSLUtils.getServerSupportedCipherSuites(context);
    if (tlsServerParameters.getCipherSuitesFilter() != null && tlsServerParameters.getCipherSuitesFilter().isSetExclude()) {
        String[] excludedCipherSuites = SSLUtils.getFilteredCiphersuites(tlsServerParameters.getCipherSuitesFilter(), supportedCipherSuites, LOG, true);
        scf.setExcludeCipherSuites(excludedCipherSuites);
    }
    String[] includedCipherSuites = SSLUtils.getCiphersuitesToInclude(tlsServerParameters.getCipherSuites(), tlsServerParameters.getCipherSuitesFilter(), context.getServerSocketFactory().getDefaultCipherSuites(), supportedCipherSuites, LOG);
    scf.setIncludeCipherSuites(includedCipherSuites);
    return context;
}

Also used : CopyOnWriteArrayList(java.util.concurrent.CopyOnWriteArrayList) ArrayList(java.util.ArrayList) SSLContext(javax.net.ssl.SSLContext) KeyManager(javax.net.ssl.KeyManager)

Example 89 with KeyManager

use of javax.net.ssl.KeyManager in project cxf by apache.

the class UndertowHTTPServerEngine method createSSLContext.

protected SSLContext createSSLContext() throws Exception {
    String proto = tlsServerParameters.getSecureSocketProtocol() == null ? "TLS" : tlsServerParameters.getSecureSocketProtocol();
    SSLContext context = tlsServerParameters.getJsseProvider() == null ? SSLContext.getInstance(proto) : SSLContext.getInstance(proto, tlsServerParameters.getJsseProvider());
    KeyManager[] keyManagers = tlsServerParameters.getKeyManagers();
    if (tlsServerParameters.getCertAlias() != null) {
        keyManagers = getKeyManagersWithCertAlias(keyManagers);
    }
    context.init(keyManagers, tlsServerParameters.getTrustManagers(), tlsServerParameters.getSecureRandom());
    return context;
}

Also used : SSLContext(javax.net.ssl.SSLContext) AliasedX509ExtendedKeyManager(org.apache.cxf.transport.https.AliasedX509ExtendedKeyManager) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager)

Example 90 with KeyManager

use of javax.net.ssl.KeyManager in project baseio by generallycloud.

the class SslContextBuilder method newSSLContext.

private SSLContext newSSLContext() throws SSLException {
    if (isServer && keyManagerFactory == null) {
        throw new SSLException("null keyManagerFactory");
    }
    try {
        SSLContext ctx = SslContext.newSSLContext();
        TrustManager[] tms = null;
        KeyManager[] kms = null;
        if (isServer) {
            kms = keyManagerFactory.getKeyManagers();
        } else {
            switch(trustType) {
                case ALL:
                    tms = new X509TrustManager[] { new TrustAllX509TrustManager() };
                    break;
                case TrustManagerFactory:
                    tms = trustManagerFactory.getTrustManagers();
                    break;
                case X509TrustManager:
                    tms = new X509TrustManager[] { x509TrustManager };
                    break;
                case X509Certificate:
                    if (rawX509Certificates.size() == 1) {
                        tms = new X509TrustManager[] { new TrustOneX509TrustManager(rawX509Certificates.get(0)) };
                    } else {
                        X509Certificate[] cs = rawX509Certificates.toArray(new X509Certificate[0]);
                        tms = new X509TrustManager[] { new TrustX509TrustManager(cs) };
                    }
                    break;
                default:
                    if (!isServer) {
                        throw new SSLException("did not trust anything");
                    }
                    break;
            }
        }
        ctx.init(kms, tms, new SecureRandom());
        SSLSessionContext sessCtx;
        if (isServer) {
            sessCtx = ctx.getServerSessionContext();
        } else {
            sessCtx = ctx.getClientSessionContext();
        }
        if (sessionCacheSize > 0) {
            sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
        }
        if (sessionTimeout > 0) {
            sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
        }
        return ctx;
    } catch (Exception e) {
        if (e instanceof SSLException) {
            throw (SSLException) e;
        }
        throw new SSLException("failed to initialize the SSL context", e);
    }
}

Also used : SSLSessionContext(javax.net.ssl.SSLSessionContext) SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) SSLException(javax.net.ssl.SSLException) X509Certificate(java.security.cert.X509Certificate) KeyException(java.security.KeyException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) KeyManager(javax.net.ssl.KeyManager)

Aggregations

KeyManager (javax.net.ssl.KeyManager)210 SSLContext (javax.net.ssl.SSLContext)127 TrustManager (javax.net.ssl.TrustManager)127 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)103 KeyStore (java.security.KeyStore)95 IOException (java.io.IOException)59 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)59 SecureRandom (java.security.SecureRandom)54 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)54 KeyManagementException (java.security.KeyManagementException)46 X509TrustManager (javax.net.ssl.X509TrustManager)45 KeyStoreException (java.security.KeyStoreException)42 X509KeyManager (javax.net.ssl.X509KeyManager)40 InputStream (java.io.InputStream)33 UnrecoverableKeyException (java.security.UnrecoverableKeyException)32 FileInputStream (java.io.FileInputStream)31 CertificateException (java.security.cert.CertificateException)30 GeneralSecurityException (java.security.GeneralSecurityException)24 X509Certificate (java.security.cert.X509Certificate)23 File (java.io.File)15