Example 91 with KeyManager
use of javax.net.ssl.KeyManager in project Payara by payara.
the class IIOPSSLSocketFactory method init.
/**
* serveralias/clientalias cannot be set at the same time.
* this method encapsulates the common code for both the client side and
* server side to create a SSLContext
* it is called once for each serveralias and once for each clientalias
*/
private SSLInfo init(String alias, boolean ssl2Enabled, String ssl2Ciphers, boolean ssl3Enabled, String ssl3TlsCiphers, boolean tlsEnabled, boolean tlsEnabled11, boolean tlsEnabled12, boolean tlsEnabled13) throws Exception {
String protocol;
if (tlsEnabled13) {
protocol = TLS13;
} else if (tlsEnabled12) {
protocol = TLS12;
} else if (tlsEnabled11) {
protocol = TLS11;
} else if (tlsEnabled) {
protocol = TLS;
} else if (ssl3Enabled) {
protocol = SSL3;
} else if (ssl2Enabled) {
protocol = SSL2;
} else {
// default
protocol = SSL;
}
String[] ssl3TlsCipherArr = null;
if (tlsEnabled11 || tlsEnabled12 || tlsEnabled13 || tlsEnabled || ssl3Enabled) {
ssl3TlsCipherArr = getEnabledCipherSuites(ssl3TlsCiphers, false, ssl3Enabled, tlsEnabled, tlsEnabled11, tlsEnabled12, tlsEnabled13);
}
String[] ssl2CipherArr = null;
if (ssl2Enabled) {
ssl2CipherArr = getEnabledCipherSuites(ssl2Ciphers, true, false, false, false, false, false);
}
SSLContext ctx = SSLContext.getInstance(protocol);
if (Globals.getDefaultHabitat() != null) {
IIOPSSLUtil sslUtil = Globals.getDefaultHabitat().getService(IIOPSSLUtil.class);
KeyManager[] mgrs = sslUtil.getKeyManagers(alias);
ctx.init(mgrs, sslUtil.getTrustManagers(), sslUtil.getInitializedSecureRandom());
} else {
// do nothing
// ctx.init(mgrs, sslUtil.getTrustManagers(), sslUtil.getInitializedSecureRandom());
}
SSLInfo newInfo = new SSLInfo(ctx, ssl3TlsCipherArr, ssl2CipherArr);
if (ssl3Enabled) {
newInfo.addProtocol(SSL3);
}
if (tlsEnabled) {
newInfo.addProtocol(TLS);
}
if (tlsEnabled11) {
newInfo.addProtocol(TLS11);
}
if (tlsEnabled12) {
newInfo.addProtocol(TLS12);
}
if (tlsEnabled13) {
newInfo.addProtocol(TLS13);
}
return newInfo;
}
Also used :
SSLContext(javax.net.ssl.SSLContext)
KeyManager(javax.net.ssl.KeyManager)
IIOPSSLUtil(org.glassfish.enterprise.iiop.api.IIOPSSLUtil)
Example 92 with KeyManager
use of javax.net.ssl.KeyManager in project Payara by payara.
the class RestClientSslContextAliasListener method buildSSlContext.
/**
* This method evaluate the alias on the global keystore and return the corresponding SSLContext based on the alias
* if not available the SSLContext should be the default that Jersey implementation set
*
* @param alias name of the certificate
* @return the SSLContext with the corresponding certificate and alias name
*/
protected SSLContext buildSSlContext(String alias) {
logger.log(Level.FINE, "Building the SSLContext for the alias");
try {
KeyManager[] managers = getKeyManagers();
Optional<X509KeyManager> optionalKeyManager = null;
optionalKeyManager = Arrays.stream(managers).filter(m -> (m instanceof X509KeyManager)).map(m -> ((X509KeyManager) m)).findFirst();
KeyStore[] keyStores = getKeyStores();
for (KeyStore ks : keyStores) {
if (ks.containsAlias(alias) && optionalKeyManager.isPresent()) {
X509KeyManager customKeyManager = new SingleCertificateKeyManager(alias, optionalKeyManager.get());
SSLContext customSSLContext = SSLContext.getInstance("TLS");
customSSLContext.init(new KeyManager[] { customKeyManager }, null, null);
return customSSLContext;
}
}
} catch (IOException e) {
logger.severe("An IOException was thrown with the following message" + e.getMessage());
} catch (KeyStoreException e) {
logger.severe("A KeyStoreException was thrown with the following message" + e.getMessage());
} catch (Exception e) {
logger.severe("An Exception was thrown with the following message" + e.getMessage());
}
return null;
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
X509KeyManager(javax.net.ssl.X509KeyManager)
SSLContext(javax.net.ssl.SSLContext)
Socket(java.net.Socket)
Arrays(java.util.Arrays)
Globals(org.glassfish.internal.api.Globals)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
Config(org.eclipse.microprofile.config.Config)
KeyStoreException(java.security.KeyStoreException)
Logger(java.util.logging.Logger)
KeyManager(javax.net.ssl.KeyManager)
Level(java.util.logging.Level)
SSLUtils(com.sun.enterprise.security.ssl.SSLUtils)
Principal(java.security.Principal)
ConfigProvider(org.eclipse.microprofile.config.ConfigProvider)
PrivateKey(java.security.PrivateKey)
REST_CLIENT_CERTIFICATE_ALIAS(fish.payara.security.client.PayaraConstants.REST_CLIENT_CERTIFICATE_ALIAS)
Optional(java.util.Optional)
RestClientListener(org.eclipse.microprofile.rest.client.spi.RestClientListener)
RestClientBuilder(org.eclipse.microprofile.rest.client.RestClientBuilder)
NoSuchElementException(java.util.NoSuchElementException)
MP_CONFIG_CLIENT_CERTIFICATE_ALIAS(fish.payara.security.client.PayaraConstants.MP_CONFIG_CLIENT_CERTIFICATE_ALIAS)
X509KeyManager(javax.net.ssl.X509KeyManager)
SSLContext(javax.net.ssl.SSLContext)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
KeyStore(java.security.KeyStore)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
NoSuchElementException(java.util.NoSuchElementException)
Example 93 with KeyManager
use of javax.net.ssl.KeyManager in project ranger by apache.
the class RemoteUnixLoginModule method getLoginReplyFromAuthService.
private String getLoginReplyFromAuthService(String aUserName, char[] modifiedPasschar) throws LoginException {
String ret = null;
Socket sslsocket = null;
char[] prefix = new String("LOGIN:" + aUserName + " ").toCharArray();
char[] tail = new String("\n").toCharArray();
char[] loginData = new char[prefix.length + modifiedPasschar.length + tail.length];
System.arraycopy(prefix, 0, loginData, 0, prefix.length);
System.arraycopy(modifiedPasschar, 0, loginData, prefix.length, modifiedPasschar.length);
System.arraycopy(tail, 0, loginData, prefix.length + modifiedPasschar.length, tail.length);
try {
try {
if (SSLEnabled) {
SSLContext context = SSLContext.getInstance(SSL_ALGORITHM);
KeyManager[] km = null;
if (keyStorePath != null) {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream in = null;
in = getFileInputStream(keyStorePath);
try {
ks.load(in, keyStorePathPassword.toCharArray());
} finally {
if (in != null) {
in.close();
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyStorePathPassword.toCharArray());
km = kmf.getKeyManagers();
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
TrustManager[] tm = null;
if (serverCertValidation) {
KeyStore trustStoreKeyStore = null;
if (trustStorePath != null) {
trustStoreKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream in = null;
in = getFileInputStream(trustStorePath);
try {
trustStoreKeyStore.load(in, trustStorePathPassword.toCharArray());
trustManagerFactory.init(trustStoreKeyStore);
tm = trustManagerFactory.getTrustManagers();
} finally {
if (in != null) {
in.close();
}
}
}
} else {
TrustManager ignoreValidationTM = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// Ignore Server Certificate Validation
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// Ignore Server Certificate Validation
}
};
tm = new TrustManager[] { ignoreValidationTM };
}
SecureRandom random = new SecureRandom();
context.init(km, tm, random);
SSLSocketFactory sf = context.getSocketFactory();
sslsocket = sf.createSocket(remoteHostName, remoteHostAuthServicePort);
} else {
sslsocket = new Socket(remoteHostName, remoteHostAuthServicePort);
}
OutputStreamWriter writer = new OutputStreamWriter(sslsocket.getOutputStream());
writer.write(loginData);
writer.flush();
BufferedReader reader = new BufferedReader(new InputStreamReader(sslsocket.getInputStream()));
ret = reader.readLine();
reader.close();
writer.close();
} finally {
if (sslsocket != null) {
sslsocket.close();
}
}
} catch (Throwable t) {
throw new LoginException("FAILED: unable to authenticate to AuthenticationService: " + remoteHostName + ":" + remoteHostAuthServicePort + ", Exception: [" + t + "]");
} finally {
log("Login of user String: {" + aUserName + "}, return from AuthServer: {" + ret + "}");
Arrays.fill(loginData, ' ');
Arrays.fill(modifiedPasschar, ' ');
}
return ret;
}
Also used :
InputStreamReader(java.io.InputStreamReader)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
BufferedReader(java.io.BufferedReader)
LoginException(javax.security.auth.login.LoginException)
OutputStreamWriter(java.io.OutputStreamWriter)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
KeyManager(javax.net.ssl.KeyManager)
Socket(java.net.Socket)
Example 94 with KeyManager
use of javax.net.ssl.KeyManager in project ranger by apache.
the class SolrAuditDestination method getKeyManagers.
private KeyManager[] getKeyManagers() {
KeyManager[] kmList = null;
String credentialProviderPath = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL);
String keyStoreAlias = RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS;
String keyStoreFile = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_CLIENT_KEY_FILE);
String keyStoreFilepwd = MiscUtil.getCredentialString(credentialProviderPath, keyStoreAlias);
if (StringUtils.isNotEmpty(keyStoreFile) && StringUtils.isNotEmpty(keyStoreFilepwd)) {
InputStream in = null;
try {
in = getFileInputStream(keyStoreFile);
if (in != null) {
String keyStoreType = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE);
keyStoreType = StringUtils.isNotEmpty(keyStoreType) ? keyStoreType : RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT;
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(in, keyStoreFilepwd.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
kmList = keyManagerFactory.getKeyManagers();
} else {
LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]");
}
} catch (KeyStoreException e) {
LOG.error("Unable to obtain from KeyStore :" + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
LOG.error("SSL algorithm is NOT available in the environment", e);
} catch (CertificateException e) {
LOG.error("Unable to obtain the requested certification ", e);
} catch (FileNotFoundException e) {
LOG.error("Unable to find the necessary SSL Keystore Files", e);
} catch (IOException e) {
LOG.error("Unable to read the necessary SSL Keystore Files", e);
} catch (UnrecoverableKeyException e) {
LOG.error("Unable to recover the key from keystore", e);
} finally {
close(in, keyStoreFile);
}
}
return kmList;
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyManager(javax.net.ssl.KeyManager)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 95 with KeyManager
use of javax.net.ssl.KeyManager in project ranger by apache.
the class EmbeddedServer method getKeyManagers.
private KeyManager[] getKeyManagers() {
KeyManager[] kmList = null;
String keyStoreFile = EmbeddedServerUtil.getConfig("ranger.keystore.file");
String keyStoreAlias = EmbeddedServerUtil.getConfig("ranger.keystore.alias", "keyStoreCredentialAlias");
if (StringUtils.isBlank(keyStoreFile)) {
keyStoreFile = getKeystoreFile();
keyStoreAlias = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.keystore.credential.alias", "keyStoreCredentialAlias");
}
String keyStoreFileType = EmbeddedServerUtil.getConfig("ranger.keystore.file.type", RANGER_KEYSTORE_FILE_TYPE_DEFAULT);
String credentialProviderPath = EmbeddedServerUtil.getConfig("ranger.credential.provider.path");
String keyStoreFilepwd = CredentialReader.getDecryptedString(credentialProviderPath, keyStoreAlias, keyStoreFileType);
if (StringUtils.isNotEmpty(keyStoreFile) && StringUtils.isNotEmpty(keyStoreFilepwd)) {
InputStream in = null;
try {
in = getFileInputStream(keyStoreFile);
if (in != null) {
KeyStore keyStore = KeyStore.getInstance(keyStoreFileType);
keyStore.load(in, keyStoreFilepwd.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
kmList = keyManagerFactory.getKeyManagers();
} else {
LOG.severe("Unable to obtain keystore from file [" + keyStoreFile + "]");
}
} catch (KeyStoreException e) {
LOG.log(Level.SEVERE, "Unable to obtain from KeyStore :" + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
LOG.log(Level.SEVERE, "SSL algorithm is NOT available in the environment", e);
} catch (CertificateException e) {
LOG.log(Level.SEVERE, "Unable to obtain the requested certification ", e);
} catch (FileNotFoundException e) {
LOG.log(Level.SEVERE, "Unable to find the necessary SSL Keystore Files", e);
} catch (IOException e) {
LOG.log(Level.SEVERE, "Unable to read the necessary SSL Keystore Files", e);
} catch (UnrecoverableKeyException e) {
LOG.log(Level.SEVERE, "Unable to recover the key from keystore", e);
} finally {
close(in, keyStoreFile);
}
} else {
if (StringUtils.isBlank(keyStoreFile)) {
LOG.warning("Config 'ranger.keystore.file' or 'ranger.service.https.attrib.keystore.file' is not found or contains blank value");
} else if (StringUtils.isBlank(keyStoreAlias)) {
LOG.warning("Config 'ranger.keystore.alias' or 'ranger.service.https.attrib.keystore.credential.alias' is not found or contains blank value");
} else if (StringUtils.isBlank(credentialProviderPath)) {
LOG.warning("Config 'ranger.credential.provider.path' is not found or contains blank value");
} else if (StringUtils.isBlank(keyStoreFilepwd)) {
LOG.warning("Unable to read credential from credential store file [" + credentialProviderPath + "] for given alias:" + keyStoreAlias);
}
}
return kmList;
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyManager(javax.net.ssl.KeyManager)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Aggregations
KeyManager (javax.net.ssl.KeyManager)210
SSLContext (javax.net.ssl.SSLContext)127
TrustManager (javax.net.ssl.TrustManager)127
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)103
KeyStore (java.security.KeyStore)95
IOException (java.io.IOException)59
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)59
SecureRandom (java.security.SecureRandom)54
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)54
KeyManagementException (java.security.KeyManagementException)46
X509TrustManager (javax.net.ssl.X509TrustManager)45
KeyStoreException (java.security.KeyStoreException)42
X509KeyManager (javax.net.ssl.X509KeyManager)40
InputStream (java.io.InputStream)33
UnrecoverableKeyException (java.security.UnrecoverableKeyException)32
FileInputStream (java.io.FileInputStream)31
CertificateException (java.security.cert.CertificateException)30
GeneralSecurityException (java.security.GeneralSecurityException)24
X509Certificate (java.security.cert.X509Certificate)23
File (java.io.File)15
