Example 96 with KeyManager
use of javax.net.ssl.KeyManager in project cas by apereo.
the class FileTrustStoreSslSocketFactory method getTrustedSslContext.
/**
* Gets the trusted ssl context.
*
* @param trustStoreFile the trust store file
* @param trustStorePassword the trust store password
* @param trustStoreType the trust store type
* @return the trusted ssl context
*/
private static SSLContext getTrustedSslContext(final Resource trustStoreFile, final String trustStorePassword, final String trustStoreType) {
try {
final KeyStore casTrustStore = KeyStore.getInstance(trustStoreType);
final char[] trustStorePasswordCharArray = trustStorePassword.toCharArray();
try (InputStream casStream = trustStoreFile.getInputStream()) {
casTrustStore.load(casStream, trustStorePasswordCharArray);
}
final String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
final X509KeyManager customKeyManager = getKeyManager(ALG_NAME_PKIX, casTrustStore, trustStorePasswordCharArray);
final X509KeyManager jvmKeyManager = getKeyManager(defaultAlgorithm, null, null);
final X509TrustManager customTrustManager = getTrustManager(ALG_NAME_PKIX, casTrustStore);
final X509TrustManager jvmTrustManager = getTrustManager(defaultAlgorithm, null);
final KeyManager[] keyManagers = { new CompositeX509KeyManager(Arrays.asList(jvmKeyManager, customKeyManager)) };
final TrustManager[] trustManagers = { new CompositeX509TrustManager(Arrays.asList(jvmTrustManager, customTrustManager)) };
final SSLContext context = SSLContexts.custom().useProtocol("SSL").build();
context.init(keyManagers, trustManagers, null);
return context;
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
throw Throwables.propagate(e);
}
}
Also used :
InputStream(java.io.InputStream)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
CertificateException(java.security.cert.CertificateException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
Example 97 with KeyManager
use of javax.net.ssl.KeyManager in project vert.x by eclipse.
the class KeyStoreTest method testKeyStore.
private void testKeyStore(KeyCertOptions options) throws Exception {
KeyStoreHelper helper = KeyStoreHelper.create((VertxInternal) vertx, options);
KeyStore keyStore = helper.loadStore((VertxInternal) vertx);
Enumeration<String> aliases = keyStore.aliases();
assertTrue(aliases.hasMoreElements());
KeyManager[] keyManagers = helper.getKeyMgrs((VertxInternal) vertx);
assertTrue(keyManagers.length > 0);
}
Also used :
KeyStoreHelper(io.vertx.core.net.impl.KeyStoreHelper)
KeyStore(java.security.KeyStore)
KeyManager(javax.net.ssl.KeyManager)
Example 98 with KeyManager
use of javax.net.ssl.KeyManager in project jetty.project by eclipse.
the class SslContextFactory method load.
private void load() throws Exception {
SSLContext context = _setContext;
KeyStore keyStore = _setKeyStore;
KeyStore trustStore = _setTrustStore;
if (context == null) {
// Is this an empty factory?
if (keyStore == null && _keyStoreResource == null && trustStore == null && _trustStoreResource == null) {
TrustManager[] trust_managers = null;
if (isTrustAll()) {
if (LOG.isDebugEnabled())
LOG.debug("No keystore or trust store configured. ACCEPTING UNTRUSTED CERTIFICATES!!!!!");
// Create a trust manager that does not validate certificate chains
trust_managers = TRUST_ALL_CERTS;
}
String algorithm = getSecureRandomAlgorithm();
SecureRandom secureRandom = algorithm == null ? null : SecureRandom.getInstance(algorithm);
context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol, _sslProvider);
context.init(null, trust_managers, secureRandom);
} else {
if (keyStore == null)
keyStore = loadKeyStore(_keyStoreResource);
if (trustStore == null)
trustStore = loadTrustStore(_trustStoreResource);
Collection<? extends CRL> crls = loadCRL(getCrlPath());
// Look for X.509 certificates to create alias map
if (keyStore != null) {
for (String alias : Collections.list(keyStore.aliases())) {
Certificate certificate = keyStore.getCertificate(alias);
if (certificate != null && "X.509".equals(certificate.getType())) {
X509Certificate x509C = (X509Certificate) certificate;
// Exclude certificates with special uses
if (X509.isCertSign(x509C)) {
if (LOG.isDebugEnabled())
LOG.debug("Skipping " + x509C);
continue;
}
X509 x509 = new X509(alias, x509C);
_aliasX509.put(alias, x509);
if (isValidateCerts()) {
CertificateValidator validator = new CertificateValidator(trustStore, crls);
validator.setMaxCertPathLength(getMaxCertPathLength());
validator.setEnableCRLDP(isEnableCRLDP());
validator.setEnableOCSP(isEnableOCSP());
validator.setOcspResponderURL(getOcspResponderURL());
// TODO what about truststore?
validator.validate(keyStore, x509C);
}
LOG.info("x509={} for {}", x509, this);
for (String h : x509.getHosts()) _certHosts.put(h, x509);
for (String w : x509.getWilds()) _certWilds.put(w, x509);
}
}
}
// Instantiate key and trust managers
KeyManager[] keyManagers = getKeyManagers(keyStore);
TrustManager[] trustManagers = getTrustManagers(trustStore, crls);
// Initialize context
SecureRandom secureRandom = (_secureRandomAlgorithm == null) ? null : SecureRandom.getInstance(_secureRandomAlgorithm);
context = _sslProvider == null ? SSLContext.getInstance(_sslProtocol) : SSLContext.getInstance(_sslProtocol, _sslProvider);
context.init(keyManagers, trustManagers, secureRandom);
}
}
// Initialize cache
SSLSessionContext serverContext = context.getServerSessionContext();
if (serverContext != null) {
if (getSslSessionCacheSize() > -1)
serverContext.setSessionCacheSize(getSslSessionCacheSize());
if (getSslSessionTimeout() > -1)
serverContext.setSessionTimeout(getSslSessionTimeout());
}
// select the protocols and ciphers
SSLParameters enabled = context.getDefaultSSLParameters();
SSLParameters supported = context.getSupportedSSLParameters();
selectCipherSuites(enabled.getCipherSuites(), supported.getCipherSuites());
selectProtocols(enabled.getProtocols(), supported.getProtocols());
_factory = new Factory(keyStore, trustStore, context);
if (LOG.isDebugEnabled()) {
LOG.debug("Selected Protocols {} of {}", Arrays.asList(_selectedProtocols), Arrays.asList(supported.getProtocols()));
LOG.debug("Selected Ciphers {} of {}", Arrays.asList(_selectedCipherSuites), Arrays.asList(supported.getCipherSuites()));
}
}
Also used :
SSLSessionContext(javax.net.ssl.SSLSessionContext)
CertificateValidator(org.eclipse.jetty.util.security.CertificateValidator)
SecureRandom(java.security.SecureRandom)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SSLServerSocketFactory(javax.net.ssl.SSLServerSocketFactory)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
SSLParameters(javax.net.ssl.SSLParameters)
KeyManager(javax.net.ssl.KeyManager)
X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 99 with KeyManager
use of javax.net.ssl.KeyManager in project jetty.project by eclipse.
the class SslContextFactory method getKeyManagers.
protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception {
KeyManager[] managers = null;
if (keyStore != null) {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(getKeyManagerFactoryAlgorithm());
keyManagerFactory.init(keyStore, _keyManagerPassword == null ? (_keyStorePassword == null ? null : _keyStorePassword.toString().toCharArray()) : _keyManagerPassword.toString().toCharArray());
managers = keyManagerFactory.getKeyManagers();
if (managers != null) {
String alias = getCertAlias();
if (alias != null) {
for (int idx = 0; idx < managers.length; idx++) {
if (managers[idx] instanceof X509ExtendedKeyManager)
managers[idx] = new AliasedX509ExtendedKeyManager((X509ExtendedKeyManager) managers[idx], alias);
}
}
if (!_certHosts.isEmpty() || !_certWilds.isEmpty()) {
for (int idx = 0; idx < managers.length; idx++) {
if (managers[idx] instanceof X509ExtendedKeyManager)
managers[idx] = new SniX509ExtendedKeyManager((X509ExtendedKeyManager) managers[idx]);
}
}
}
}
if (LOG.isDebugEnabled())
LOG.debug("managers={} for {}", managers, this);
return managers;
}
Also used :
X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager)
KeyManager(javax.net.ssl.KeyManager)
X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 100 with KeyManager
use of javax.net.ssl.KeyManager in project che by eclipse.
the class DockerCertificates method loadFromDirectory.
public static DockerCertificates loadFromDirectory(Path dockerCertDirPath) {
try {
final Path caCertPath = dockerCertDirPath.resolve(DEFAULT_CA_CERT_NAME);
final Path clientKeyPath = dockerCertDirPath.resolve(DEFAULT_CLIENT_KEY_NAME);
final Path clientCertPath = dockerCertDirPath.resolve(DEFAULT_CLIENT_CERT_NAME);
final CertificateFactory cf = CertificateFactory.getInstance("X.509");
final Certificate caCert = getCertificate(caCertPath, cf);
final Certificate clientCert = getCertificate(clientCertPath, cf);
final PrivateKey clientKey = getPrivateKey(clientKeyPath);
final KeyStore keyStore = createKeyStore(clientCert, clientKey);
final KeyStore trustStore = createTrustStore(caCert);
final KeyManager[] keyManagers = loadKeyManagers(keyStore, KEY_STORE_PASSWORD);
final TrustManager[] trustManagers = loadTrustManagers(trustStore);
return new DockerCertificates(createSSLContext(keyManagers, trustManagers));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
Path(java.nio.file.Path)
PrivateKey(java.security.PrivateKey)
CertificateFactory(java.security.cert.CertificateFactory)
KeyStore(java.security.KeyStore)
KeyManager(javax.net.ssl.KeyManager)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Certificate(java.security.cert.Certificate)
TrustManager(javax.net.ssl.TrustManager)
Aggregations
KeyManager (javax.net.ssl.KeyManager)210
SSLContext (javax.net.ssl.SSLContext)127
TrustManager (javax.net.ssl.TrustManager)127
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)103
KeyStore (java.security.KeyStore)95
IOException (java.io.IOException)59
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)59
SecureRandom (java.security.SecureRandom)54
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)54
KeyManagementException (java.security.KeyManagementException)46
X509TrustManager (javax.net.ssl.X509TrustManager)45
KeyStoreException (java.security.KeyStoreException)42
X509KeyManager (javax.net.ssl.X509KeyManager)40
InputStream (java.io.InputStream)33
UnrecoverableKeyException (java.security.UnrecoverableKeyException)32
FileInputStream (java.io.FileInputStream)31
CertificateException (java.security.cert.CertificateException)30
GeneralSecurityException (java.security.GeneralSecurityException)24
X509Certificate (java.security.cert.X509Certificate)23
File (java.io.File)15
