Example 36 with KeyManager
use of javax.net.ssl.KeyManager in project wso2-synapse by wso2.
the class ClientConnFactoryBuilder method createSSLContext.
private SSLContext createSSLContext(OMElement keyStoreElt, OMElement trustStoreElt, boolean novalidatecert) throws AxisFault {
KeyManager[] keymanagers = null;
TrustManager[] trustManagers = null;
if (keyStoreElt != null) {
String location = keyStoreElt.getFirstChildWithName(new QName("Location")).getText();
String type = keyStoreElt.getFirstChildWithName(new QName("Type")).getText();
String storePassword = keyStoreElt.getFirstChildWithName(new QName("Password")).getText();
String keyPassword = keyStoreElt.getFirstChildWithName(new QName("KeyPassword")).getText();
FileInputStream fis = null;
try {
KeyStore keyStore = KeyStore.getInstance(type);
fis = new FileInputStream(location);
if (log.isInfoEnabled()) {
log.info(name + " Loading Identity Keystore from : " + location);
}
keyStore.load(fis, storePassword.toCharArray());
KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keyStore, keyPassword.toCharArray());
keymanagers = kmfactory.getKeyManagers();
} catch (GeneralSecurityException gse) {
log.error(name + " Error loading Keystore : " + location, gse);
throw new AxisFault("Error loading Keystore : " + location, gse);
} catch (IOException ioe) {
log.error(name + " Error opening Keystore : " + location, ioe);
throw new AxisFault("Error opening Keystore : " + location, ioe);
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException ignore) {
}
}
}
}
if (trustStoreElt != null) {
if (novalidatecert && log.isWarnEnabled()) {
log.warn(name + " Ignoring novalidatecert parameter since a truststore has been specified");
}
String location = trustStoreElt.getFirstChildWithName(new QName("Location")).getText();
String type = trustStoreElt.getFirstChildWithName(new QName("Type")).getText();
String storePassword = trustStoreElt.getFirstChildWithName(new QName("Password")).getText();
FileInputStream fis = null;
try {
KeyStore trustStore = KeyStore.getInstance(type);
fis = new FileInputStream(location);
if (log.isInfoEnabled()) {
log.info(name + " Loading Trust Keystore from : " + location);
}
trustStore.load(fis, storePassword.toCharArray());
TrustManagerFactory trustManagerfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerfactory.init(trustStore);
trustManagers = trustManagerfactory.getTrustManagers();
} catch (GeneralSecurityException gse) {
log.error(name + " Error loading Key store : " + location, gse);
throw new AxisFault("Error loading Key store : " + location, gse);
} catch (IOException ioe) {
log.error(name + " Error opening Key store : " + location, ioe);
throw new AxisFault("Error opening Key store : " + location, ioe);
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException ignore) {
}
}
}
} else if (novalidatecert) {
if (log.isWarnEnabled()) {
log.warn(name + " Server certificate validation (trust) has been disabled. " + "DO NOT USE IN PRODUCTION!");
}
trustManagers = new TrustManager[] { new NoValidateCertTrustManager() };
}
try {
final Parameter sslpParameter = transportOut.getParameter("SSLProtocol");
final String sslProtocol = sslpParameter != null ? sslpParameter.getValue().toString() : "TLS";
SSLContext sslcontext = SSLContext.getInstance(sslProtocol);
sslcontext.init(keymanagers, trustManagers, null);
return sslcontext;
} catch (GeneralSecurityException gse) {
log.error(name + " Unable to create SSL context with the given configuration", gse);
throw new AxisFault("Unable to create SSL context with the given configuration", gse);
}
}
Also used :
AxisFault(org.apache.axis2.AxisFault)
QName(javax.xml.namespace.QName)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
TrustManager(javax.net.ssl.TrustManager)
NoValidateCertTrustManager(org.apache.synapse.transport.nhttp.NoValidateCertTrustManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
NoValidateCertTrustManager(org.apache.synapse.transport.nhttp.NoValidateCertTrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
Parameter(org.apache.axis2.description.Parameter)
KeyManager(javax.net.ssl.KeyManager)
Example 37 with KeyManager
use of javax.net.ssl.KeyManager in project BaseProject by feer921.
the class HttpsUtils method getSslSocketFactory.
public static SSLParams getSslSocketFactory(X509TrustManager trustManager, InputStream bksFile, String password, InputStream[] certificates) {
SSLParams sslParams = new SSLParams();
try {
KeyManager[] keyManagers = prepareKeyManager(bksFile, password);
TrustManager[] trustManagers = prepareTrustManager(certificates);
X509TrustManager manager;
if (trustManager != null) {
// 优先使用用户自定义的TrustManager
manager = trustManager;
} else if (trustManagers != null) {
// 然后使用默认的TrustManager
manager = chooseTrustManager(trustManagers);
} else {
// 否则使用不安全的TrustManager
manager = UnSafeTrustManager;
}
// 创建TLS类型的SSLContext对象, that uses our TrustManager
SSLContext sslContext = SSLContext.getInstance("TLS");
// 用上面得到的trustManagers初始化SSLContext,这样sslContext就会信任keyStore中的证书
// 第一个参数是授权的密钥管理器,用来授权验证,比如授权自签名的证书验证。第二个是被授权的证书管理器,用来验证服务器端的证书
sslContext.init(keyManagers, new TrustManager[] { manager }, null);
// 通过sslContext获取SSLSocketFactory对象
sslParams.sSLSocketFactory = sslContext.getSocketFactory();
sslParams.trustManager = manager;
return sslParams;
} catch (NoSuchAlgorithmException e) {
throw new AssertionError(e);
} catch (KeyManagementException e) {
throw new AssertionError(e);
}
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyManager(javax.net.ssl.KeyManager)
KeyManagementException(java.security.KeyManagementException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Example 38 with KeyManager
use of javax.net.ssl.KeyManager in project fdroidclient by f-droid.
the class LocalRepoKeyStore method addToStore.
private void addToStore(String alias, KeyPair kp, Certificate cert) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
Certificate[] chain = { cert };
keyStore.setKeyEntry(alias, kp.getPrivate(), "".toCharArray(), chain);
keyStore.store(new FileOutputStream(keyStoreFile), "".toCharArray());
/*
* After adding an entry to the keystore we need to create a fresh
* KeyManager by reinitializing the KeyManagerFactory with the new key
* store content and then rewrapping the default KeyManager with our own
*/
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "".toCharArray());
KeyManager defaultKeyManager = keyManagerFactory.getKeyManagers()[0];
KeyManager wrappedKeyManager = new KerplappKeyManager((X509KeyManager) defaultKeyManager);
keyManagers = new KeyManager[] { wrappedKeyManager };
}
Also used :
FileOutputStream(java.io.FileOutputStream)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 39 with KeyManager
use of javax.net.ssl.KeyManager in project BaseProject by fly803.
the class HttpsUtils method getSslSocketFactory.
public static SSLParams getSslSocketFactory(InputStream[] certificates, InputStream bksFile, String password) {
SSLParams sslParams = new SSLParams();
try {
TrustManager[] trustManagers = prepareTrustManager(certificates);
KeyManager[] keyManagers = prepareKeyManager(bksFile, password);
SSLContext sslContext = SSLContext.getInstance("TLS");
X509TrustManager trustManager = null;
if (trustManagers != null) {
trustManager = new MyTrustManager(chooseTrustManager(trustManagers));
} else {
trustManager = new UnSafeTrustManager();
}
sslContext.init(keyManagers, new TrustManager[] { trustManager }, null);
sslParams.sSLSocketFactory = sslContext.getSocketFactory();
sslParams.trustManager = trustManager;
return sslParams;
} catch (NoSuchAlgorithmException e) {
throw new AssertionError(e);
} catch (KeyManagementException e) {
throw new AssertionError(e);
} catch (KeyStoreException e) {
throw new AssertionError(e);
}
}
Also used :
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
KeyManagementException(java.security.KeyManagementException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
KeyManager(javax.net.ssl.KeyManager)
Example 40 with KeyManager
use of javax.net.ssl.KeyManager in project ariADDna by StnetixDevTeam.
the class ApiClient method applySslSettings.
/**
* Apply SSL related settings to httpClient according to the current values of
* verifyingSsl and sslCaCert.
*/
private void applySslSettings() {
try {
KeyManager[] keyManagers = null;
TrustManager[] trustManagers = null;
HostnameVerifier hostnameVerifier = null;
if (!verifyingSsl) {
TrustManager trustAll = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
SSLContext sslContext = SSLContext.getInstance("TLS");
trustManagers = new TrustManager[] { trustAll };
hostnameVerifier = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
} else if (sslCaCert != null) {
// Any password will work.
char[] password = null;
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(sslCaCert);
if (certificates.isEmpty()) {
throw new IllegalArgumentException("expected non-empty set of trusted certificates");
}
KeyStore caKeyStore = newEmptyKeyStore(password);
int index = 0;
for (Certificate certificate : certificates) {
String certificateAlias = "ca" + Integer.toString(index++);
caKeyStore.setCertificateEntry(certificateAlias, certificate);
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(caKeyStore);
trustManagers = trustManagerFactory.getTrustManagers();
}
if (keyManagers != null || trustManagers != null) {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, new SecureRandom());
httpClient.setSslSocketFactory(sslContext.getSocketFactory());
} else {
httpClient.setSslSocketFactory(null);
}
httpClient.setHostnameVerifier(hostnameVerifier);
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
SSLSession(javax.net.ssl.SSLSession)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
CertificateFactory(java.security.cert.CertificateFactory)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
Collection(java.util.Collection)
KeyManager(javax.net.ssl.KeyManager)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
KeyManager (javax.net.ssl.KeyManager)210
SSLContext (javax.net.ssl.SSLContext)127
TrustManager (javax.net.ssl.TrustManager)127
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)103
KeyStore (java.security.KeyStore)95
IOException (java.io.IOException)59
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)59
SecureRandom (java.security.SecureRandom)54
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)54
KeyManagementException (java.security.KeyManagementException)46
X509TrustManager (javax.net.ssl.X509TrustManager)45
KeyStoreException (java.security.KeyStoreException)42
X509KeyManager (javax.net.ssl.X509KeyManager)40
InputStream (java.io.InputStream)33
UnrecoverableKeyException (java.security.UnrecoverableKeyException)32
FileInputStream (java.io.FileInputStream)31
CertificateException (java.security.cert.CertificateException)30
GeneralSecurityException (java.security.GeneralSecurityException)24
X509Certificate (java.security.cert.X509Certificate)23
File (java.io.File)15
