Example 21 with KeyManager
use of javax.net.ssl.KeyManager in project ranger by apache.
the class LdapPolicyMgrUserGroupBuilder method getClient.
private synchronized Client getClient() {
Client ret = null;
if (policyMgrBaseUrl.startsWith("https://")) {
ClientConfig config = new DefaultClientConfig();
if (sslContext == null) {
try {
KeyManager[] kmList = null;
TrustManager[] tmList = null;
if (keyStoreFile != null && keyStoreFilepwd != null) {
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
InputStream in = null;
try {
in = getFileInputStream(keyStoreFile);
if (in == null) {
LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]");
return ret;
}
keyStore.load(in, keyStoreFilepwd.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
kmList = keyManagerFactory.getKeyManagers();
} finally {
if (in != null) {
in.close();
}
}
}
if (trustStoreFile != null && trustStoreFilepwd != null) {
KeyStore trustStore = KeyStore.getInstance(trustStoreType);
InputStream in = null;
try {
in = getFileInputStream(trustStoreFile);
if (in == null) {
LOG.error("Unable to obtain keystore from file [" + trustStoreFile + "]");
return ret;
}
trustStore.load(in, trustStoreFilepwd.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
tmList = trustManagerFactory.getTrustManagers();
} finally {
if (in != null) {
in.close();
}
}
}
sslContext = SSLContext.getInstance("SSL");
sslContext.init(kmList, tmList, new SecureRandom());
hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return session.getPeerHost().equals(urlHostName);
}
};
} catch (Throwable t) {
throw new RuntimeException("Unable to create SSLConext for communication to policy manager", t);
}
}
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
ret = Client.create(config);
} else {
ClientConfig cc = new DefaultClientConfig();
cc.getProperties().put(ClientConfig.PROPERTY_FOLLOW_REDIRECTS, true);
ret = Client.create(cc);
}
if (!(authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab))) {
if (ret != null) {
String username = config.getPolicyMgrUserName();
String password = config.getPolicyMgrPassword();
if (username == null || password == null || username.trim().isEmpty() || password.trim().isEmpty()) {
username = config.getDefaultPolicyMgrUserName();
password = config.getDefaultPolicyMgrPassword();
}
if (username != null && password != null) {
ret.addFilter(new HTTPBasicAuthFilter(username, password));
}
}
}
return ret;
}
Also used :
DefaultClientConfig(com.sun.jersey.api.client.config.DefaultClientConfig)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
SSLSession(javax.net.ssl.SSLSession)
SecureRandom(java.security.SecureRandom)
KeyStore(java.security.KeyStore)
HTTPBasicAuthFilter(com.sun.jersey.api.client.filter.HTTPBasicAuthFilter)
TrustManager(javax.net.ssl.TrustManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
Client(com.sun.jersey.api.client.Client)
ClientConfig(com.sun.jersey.api.client.config.ClientConfig)
DefaultClientConfig(com.sun.jersey.api.client.config.DefaultClientConfig)
KeyManager(javax.net.ssl.KeyManager)
HTTPSProperties(com.sun.jersey.client.urlconnection.HTTPSProperties)
Example 22 with KeyManager
use of javax.net.ssl.KeyManager in project ranger by apache.
the class PolicyMgrUserGroupBuilder method getClient.
private synchronized Client getClient() {
Client ret = null;
if (policyMgrBaseUrl.startsWith("https://")) {
ClientConfig config = new DefaultClientConfig();
if (sslContext == null) {
try {
KeyManager[] kmList = null;
TrustManager[] tmList = null;
if (keyStoreFile != null && keyStoreFilepwd != null) {
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
InputStream in = null;
try {
in = getFileInputStream(keyStoreFile);
if (in == null) {
LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]");
return ret;
}
keyStore.load(in, keyStoreFilepwd.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
kmList = keyManagerFactory.getKeyManagers();
} finally {
if (in != null) {
in.close();
}
}
}
if (trustStoreFile != null && trustStoreFilepwd != null) {
KeyStore trustStore = KeyStore.getInstance(trustStoreType);
InputStream in = null;
try {
in = getFileInputStream(trustStoreFile);
if (in == null) {
LOG.error("Unable to obtain keystore from file [" + trustStoreFile + "]");
return ret;
}
trustStore.load(in, trustStoreFilepwd.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
tmList = trustManagerFactory.getTrustManagers();
} finally {
if (in != null) {
in.close();
}
}
}
sslContext = SSLContext.getInstance("SSL");
sslContext.init(kmList, tmList, new SecureRandom());
hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return session.getPeerHost().equals(urlHostName);
}
};
} catch (Throwable t) {
throw new RuntimeException("Unable to create SSLConext for communication to policy manager", t);
}
}
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
ret = Client.create(config);
} else {
ClientConfig cc = new DefaultClientConfig();
cc.getProperties().put(ClientConfig.PROPERTY_FOLLOW_REDIRECTS, true);
ret = Client.create(cc);
}
if (!(authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab))) {
if (ret != null) {
String username = config.getPolicyMgrUserName();
String password = config.getPolicyMgrPassword();
if (username == null || password == null || username.trim().isEmpty() || password.trim().isEmpty()) {
username = config.getDefaultPolicyMgrUserName();
password = config.getDefaultPolicyMgrPassword();
}
if (username != null && password != null) {
ret.addFilter(new HTTPBasicAuthFilter(username, password));
}
}
}
return ret;
}
Also used :
DefaultClientConfig(com.sun.jersey.api.client.config.DefaultClientConfig)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
SSLSession(javax.net.ssl.SSLSession)
SecureRandom(java.security.SecureRandom)
KeyStore(java.security.KeyStore)
HTTPBasicAuthFilter(com.sun.jersey.api.client.filter.HTTPBasicAuthFilter)
TrustManager(javax.net.ssl.TrustManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
Client(com.sun.jersey.api.client.Client)
ClientConfig(com.sun.jersey.api.client.config.ClientConfig)
DefaultClientConfig(com.sun.jersey.api.client.config.DefaultClientConfig)
KeyManager(javax.net.ssl.KeyManager)
HTTPSProperties(com.sun.jersey.client.urlconnection.HTTPSProperties)
Example 23 with KeyManager
use of javax.net.ssl.KeyManager in project ranger by apache.
the class RangerRESTClient method getKeyManagers.
private KeyManager[] getKeyManagers() {
KeyManager[] kmList = null;
String keyStoreFilepwd = getCredential(mKeyStoreURL, mKeyStoreAlias);
if (!StringUtil.isEmpty(mKeyStoreFile) && !StringUtil.isEmpty(keyStoreFilepwd)) {
InputStream in = null;
try {
in = getFileInputStream(mKeyStoreFile);
if (in != null) {
KeyStore keyStore = KeyStore.getInstance(mKeyStoreType);
keyStore.load(in, keyStoreFilepwd.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
kmList = keyManagerFactory.getKeyManagers();
} else {
LOG.error("Unable to obtain keystore from file [" + mKeyStoreFile + "]");
throw new IllegalStateException("Unable to find keystore file :" + mKeyStoreFile);
}
} catch (KeyStoreException e) {
LOG.error("Unable to obtain from KeyStore :" + e.getMessage(), e);
throw new IllegalStateException("Unable to init keystore:" + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
LOG.error("SSL algorithm is NOT available in the environment", e);
throw new IllegalStateException("SSL algorithm is NOT available in the environment :" + e.getMessage(), e);
} catch (CertificateException e) {
LOG.error("Unable to obtain the requested certification ", e);
throw new IllegalStateException("Unable to obtain the requested certification :" + e.getMessage(), e);
} catch (FileNotFoundException e) {
LOG.error("Unable to find the necessary SSL Keystore Files", e);
throw new IllegalStateException("Unable to find keystore file :" + mKeyStoreFile + ", error :" + e.getMessage(), e);
} catch (IOException e) {
LOG.error("Unable to read the necessary SSL Keystore Files", e);
throw new IllegalStateException("Unable to read keystore file :" + mKeyStoreFile + ", error :" + e.getMessage(), e);
} catch (UnrecoverableKeyException e) {
LOG.error("Unable to recover the key from keystore", e);
throw new IllegalStateException("Unable to recover the key from keystore :" + mKeyStoreFile + ", error :" + e.getMessage(), e);
} finally {
close(in, mKeyStoreFile);
}
}
return kmList;
}
Also used :
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
KeyManager(javax.net.ssl.KeyManager)
Example 24 with KeyManager
use of javax.net.ssl.KeyManager in project webofneeds by researchstudio-sat.
the class BrokerComponentFactory method getBrokerComponent.
public synchronized Component getBrokerComponent(URI brokerURI, MessagingType type, MessagingContext messagingContext) {
// TODO: make this configurable for different broker implementations.
logger.info("establishing activemq connection for brokerUri {}", brokerURI);
KeyManager keyManager = null;
TrustManager trustManager = null;
try {
keyManager = messagingContext.getClientKeyManager();
trustManager = messagingContext.getClientTrustManager();
} catch (Exception e) {
logger.error("Key- or Trust- manager initialization problem");
}
if (keyManager == null || trustManager == null) {
return getBrokerComponent(brokerURI, type);
} else {
return getBrokerComponent(brokerURI, type, keyManager, trustManager);
}
}
Also used :
KeyManager(javax.net.ssl.KeyManager)
TrustManager(javax.net.ssl.TrustManager)
Example 25 with KeyManager
use of javax.net.ssl.KeyManager in project quickutil by quickutil.
the class HttpUtil method initHttpsClientMananger.
/**
* 生成https连接管理器
*
* @param clientCer-客户端证书
* @param clientPW-客户端证书密钥
* @param serverCer-服务端证书
* @param serverPW-服务端证书密钥
* @return
*/
public static HttpClientConnectionManager initHttpsClientMananger(InputStream clientCer, String clientPW, InputStream serverCer, String serverPW) {
try {
KeyManager[] keysManagers = null;
TrustManager[] trustManagers = null;
// 验证客户端证书
if (clientCer != null) {
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(clientCer, clientPW.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(ks, clientPW.toCharArray());
keysManagers = keyManagerFactory.getKeyManagers();
}
// 验证服务端证书
if (serverCer != null) {
KeyStore ks2 = KeyStore.getInstance("pkcs12");
ks2.load(serverCer, serverPW.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(ks2);
trustManagers = trustManagerFactory.getTrustManagers();
} else {
trustManagers = new TrustManager[] { tm };
}
// 生成ssl参数
SSLContext context = SSLContext.getInstance("TLS");
context.init(keysManagers, trustManagers, null);
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(context);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.INSTANCE).register("https", socketFactory).build();
return new PoolingHttpClientConnectionManager(socketFactoryRegistry);
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
Also used :
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
CertificateException(java.security.cert.CertificateException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)
PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
KeyManager(javax.net.ssl.KeyManager)
Aggregations
KeyManager (javax.net.ssl.KeyManager)210
SSLContext (javax.net.ssl.SSLContext)127
TrustManager (javax.net.ssl.TrustManager)127
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)103
KeyStore (java.security.KeyStore)95
IOException (java.io.IOException)59
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)59
SecureRandom (java.security.SecureRandom)54
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)54
KeyManagementException (java.security.KeyManagementException)46
X509TrustManager (javax.net.ssl.X509TrustManager)45
KeyStoreException (java.security.KeyStoreException)42
X509KeyManager (javax.net.ssl.X509KeyManager)40
InputStream (java.io.InputStream)33
UnrecoverableKeyException (java.security.UnrecoverableKeyException)32
FileInputStream (java.io.FileInputStream)31
CertificateException (java.security.cert.CertificateException)30
GeneralSecurityException (java.security.GeneralSecurityException)24
X509Certificate (java.security.cert.X509Certificate)23
File (java.io.File)15
