Search in sources :

Example 31 with KeyManager

use of javax.net.ssl.KeyManager in project cxf by apache.

the class STSTokenOutInterceptorTest method prepareTLSParams.

private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
    TLSClientParameters tlsParams = new TLSClientParameters();
    tlsParams.setDisableCNCheck(true);
    KeyStore trustStore = loadClientKeystore();
    TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustFactory.init(trustStore);
    TrustManager[] tm = trustFactory.getTrustManagers();
    tlsParams.setTrustManagers(tm);
    KeyStore keyStore = loadClientKeystore();
    KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyFactory.init(keyStore, KEY_PASS.toCharArray());
    KeyManager[] km = keyFactory.getKeyManagers();
    tlsParams.setKeyManagers(km);
    return tlsParams;
}
Also used : TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyStore(java.security.KeyStore) KeyManager(javax.net.ssl.KeyManager) TrustManager(javax.net.ssl.TrustManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 32 with KeyManager

use of javax.net.ssl.KeyManager in project cxf by apache.

the class STSTokenRetrieverTest method prepareTLSParams.

private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
    TLSClientParameters tlsParams = new TLSClientParameters();
    tlsParams.setDisableCNCheck(true);
    KeyStore trustStore = loadClientKeystore();
    TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustFactory.init(trustStore);
    TrustManager[] tm = trustFactory.getTrustManagers();
    tlsParams.setTrustManagers(tm);
    KeyStore keyStore = loadClientKeystore();
    KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyFactory.init(keyStore, KEY_PASS.toCharArray());
    KeyManager[] km = keyFactory.getKeyManagers();
    tlsParams.setKeyManagers(km);
    return tlsParams;
}
Also used : TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyStore(java.security.KeyStore) KeyManager(javax.net.ssl.KeyManager) TrustManager(javax.net.ssl.TrustManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 33 with KeyManager

use of javax.net.ssl.KeyManager in project baseio by generallycloud.

the class SslContextBuilder method newSSLContext.

private SSLContext newSSLContext(TrustManagerFactory trustManagerFactory, KeyManagerFactory keyManagerFactory, X509TrustManager x509TrustManager, boolean isServer, boolean trustAll, long sessionCacheSize, long sessionTimeout) throws SSLException {
    if (isServer && keyManagerFactory == null) {
        throw new SSLException("null keyManagerFactory on server");
    }
    try {
        SSLContext ctx = SslContext.getSSLContext();
        TrustManager[] tms = null;
        KeyManager[] kms = null;
        if (keyManagerFactory == null) {
            // client
            if (trustManagerFactory == null) {
                if (x509TrustManager != null) {
                    tms = new X509TrustManager[] { x509TrustManager };
                } else {
                    if (trustAll) {
                        X509TrustManager x509m = new X509TrustManager() {

                            @Override
                            public void checkClientTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws java.security.cert.CertificateException {
                            }

                            @Override
                            public void checkServerTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws java.security.cert.CertificateException {
                            }

                            @Override
                            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                                return null;
                            }
                        };
                        tms = new X509TrustManager[] { x509m };
                    }
                }
            } else {
                tms = trustManagerFactory.getTrustManagers();
            }
        } else {
            kms = keyManagerFactory.getKeyManagers();
            if (trustManagerFactory != null) {
                tms = trustManagerFactory.getTrustManagers();
            }
        }
        ctx.init(kms, tms, new SecureRandom());
        SSLSessionContext sessCtx = ctx.getClientSessionContext();
        if (sessionCacheSize > 0) {
            sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
        }
        if (sessionTimeout > 0) {
            sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
        }
        return ctx;
    } catch (Exception e) {
        if (e instanceof SSLException) {
            throw (SSLException) e;
        }
        throw new SSLException("failed to initialize the SSL context", e);
    }
}
Also used : SSLSessionContext(javax.net.ssl.SSLSessionContext) SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) SSLException(javax.net.ssl.SSLException) X509Certificate(java.security.cert.X509Certificate) KeyException(java.security.KeyException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) KeyManager(javax.net.ssl.KeyManager)

Example 34 with KeyManager

use of javax.net.ssl.KeyManager in project athenz by yahoo.

the class KeyManagerProxyTest method testKeyManagerProxySetKeyManger.

@Test
public void testKeyManagerProxySetKeyManger() {
    KeyManager[] keyManagers = new KeyManager[] { generateNewKeyManger() };
    KeyManagerProxy keyManagerProxy = new KeyManagerProxy(keyManagers);
    X509ExtendedKeyManager keyManagerFirst = Deencapsulation.getField(keyManagerProxy, "keyManager");
    assertNotNull(keyManagerFirst);
    keyManagerProxy.setKeyManager(new KeyManager[] { generateNewKeyManger() });
    X509ExtendedKeyManager keyManagerSecond = Deencapsulation.getField(keyManagerProxy, "keyManager");
    assertNotNull(keyManagerSecond);
    assertNotSame(keyManagerFirst, keyManagerSecond);
}
Also used : X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) KeyManager(javax.net.ssl.KeyManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) Test(org.junit.Test)

Example 35 with KeyManager

use of javax.net.ssl.KeyManager in project wso2-synapse by wso2.

the class SynapseConfigUtils method getHttpsURLConnection.

/**
 * Helper method to create a HttpSURLConnection with provided KeyStores
 *
 * @param url Https URL
 * @param synapseProperties properties for extracting info
 * @param proxy if there is a proxy
 * @return gives out the connection created
 */
private static HttpsURLConnection getHttpsURLConnection(URL url, Properties synapseProperties, Proxy proxy) {
    if (log.isDebugEnabled()) {
        log.debug("Creating a HttpsURL Connection from given URL : " + url);
    }
    KeyManager[] keyManagers = null;
    TrustManager[] trustManagers = null;
    IdentityKeyStoreInformation identityInformation = KeyStoreInformationFactory.createIdentityKeyStoreInformation(synapseProperties);
    if (identityInformation != null) {
        KeyManagerFactory keyManagerFactory = identityInformation.getIdentityKeyManagerFactoryInstance();
        if (keyManagerFactory != null) {
            keyManagers = keyManagerFactory.getKeyManagers();
        }
    } else {
        if (log.isDebugEnabled()) {
            log.debug("There is no private key entry store configuration." + " Will use JDK's default one");
        }
    }
    TrustKeyStoreInformation trustInformation = KeyStoreInformationFactory.createTrustKeyStoreInformation(synapseProperties);
    if (trustInformation != null) {
        TrustManagerFactory trustManagerFactory = trustInformation.getTrustManagerFactoryInstance();
        if (trustManagerFactory != null) {
            trustManagers = trustManagerFactory.getTrustManagers();
        }
    } else {
        if (log.isDebugEnabled()) {
            log.debug("There is no trusted certificate store configuration." + " Will use JDK's default one");
        }
    }
    try {
        HttpsURLConnection connection;
        if (proxy != null) {
            connection = (HttpsURLConnection) url.openConnection(proxy);
        } else {
            connection = (HttpsURLConnection) url.openConnection();
        }
        // Create a SSLContext
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(keyManagers, trustManagers, null);
        connection.setSSLSocketFactory(sslContext.getSocketFactory());
        if (trustInformation != null) {
            // Determine is it need to overwrite default Host Name verifier
            boolean enableHostnameVerifier = true;
            String value = trustInformation.getParameter(KeyStoreInformation.ENABLE_HOST_NAME_VERIFIER);
            if (value != null) {
                enableHostnameVerifier = Boolean.parseBoolean(value);
            }
            if (!enableHostnameVerifier) {
                if (log.isDebugEnabled()) {
                    log.debug("Overriding default HostName Verifier." + "HostName verification disabled");
                }
                connection.setHostnameVerifier(new javax.net.ssl.HostnameVerifier() {

                    public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
                        if (log.isTraceEnabled()) {
                            log.trace("HostName verification disabled");
                            log.trace("Host:   " + hostname);
                            log.trace("Peer Host:  " + session.getPeerHost());
                        }
                        return true;
                    }
                });
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Using default HostName verifier...");
                }
            }
        }
        return connection;
    } catch (NoSuchAlgorithmException e) {
        handleException("Error loading SSLContext ", e);
    } catch (KeyManagementException e) {
        handleException("Error initiation SSLContext with KeyManagers", e);
    } catch (IOException e) {
        handleException("Error opening a https connection from URL : " + url, e);
    }
    return null;
}
Also used : TrustKeyStoreInformation(org.wso2.securevault.definition.TrustKeyStoreInformation) SSLContext(javax.net.ssl.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) TrustManager(javax.net.ssl.TrustManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) SSLSession(javax.net.ssl.SSLSession) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) IdentityKeyStoreInformation(org.wso2.securevault.definition.IdentityKeyStoreInformation) HostnameVerifier(javax.net.ssl.HostnameVerifier) KeyManager(javax.net.ssl.KeyManager) HttpsURLConnection(javax.net.ssl.HttpsURLConnection)

Aggregations

KeyManager (javax.net.ssl.KeyManager)210 SSLContext (javax.net.ssl.SSLContext)127 TrustManager (javax.net.ssl.TrustManager)127 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)103 KeyStore (java.security.KeyStore)95 IOException (java.io.IOException)59 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)59 SecureRandom (java.security.SecureRandom)54 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)54 KeyManagementException (java.security.KeyManagementException)46 X509TrustManager (javax.net.ssl.X509TrustManager)45 KeyStoreException (java.security.KeyStoreException)42 X509KeyManager (javax.net.ssl.X509KeyManager)40 InputStream (java.io.InputStream)33 UnrecoverableKeyException (java.security.UnrecoverableKeyException)32 FileInputStream (java.io.FileInputStream)31 CertificateException (java.security.cert.CertificateException)30 GeneralSecurityException (java.security.GeneralSecurityException)24 X509Certificate (java.security.cert.X509Certificate)23 File (java.io.File)15