Example 66 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project ranger by apache.
the class NiFiConnectionMgr method createSslContext.
private static SSLContext createSslContext(final String keystore, final char[] keystorePasswd, final String keystoreType, final String truststore, final char[] truststorePasswd, final String truststoreType, final String protocol) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException {
// prepare the keystore
final KeyStore keyStore = KeyStore.getInstance(keystoreType);
try (final InputStream keyStoreStream = new FileInputStream(keystore)) {
keyStore.load(keyStoreStream, keystorePasswd);
}
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keystorePasswd);
// prepare the truststore
final KeyStore trustStore = KeyStore.getInstance(truststoreType);
try (final InputStream trustStoreStream = new FileInputStream(truststore)) {
trustStore.load(trustStoreStream, truststorePasswd);
}
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
// initialize the ssl context
final SSLContext sslContext = SSLContext.getInstance(protocol);
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
return sslContext;
}
Also used :
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 67 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project ranger by apache.
the class RemoteUnixLoginModule method getLoginReplyFromAuthService.
private String getLoginReplyFromAuthService(String aUserName, char[] modifiedPasschar) throws LoginException {
String ret = null;
Socket sslsocket = null;
char[] prefix = new String("LOGIN:" + aUserName + " ").toCharArray();
char[] tail = new String("\n").toCharArray();
char[] loginData = new char[prefix.length + modifiedPasschar.length + tail.length];
System.arraycopy(prefix, 0, loginData, 0, prefix.length);
System.arraycopy(modifiedPasschar, 0, loginData, prefix.length, modifiedPasschar.length);
System.arraycopy(tail, 0, loginData, prefix.length + modifiedPasschar.length, tail.length);
try {
try {
if (SSLEnabled) {
SSLContext context = SSLContext.getInstance(SSL_ALGORITHM);
KeyManager[] km = null;
if (keyStorePath != null) {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream in = null;
in = getFileInputStream(keyStorePath);
try {
ks.load(in, keyStorePathPassword.toCharArray());
} finally {
if (in != null) {
in.close();
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyStorePathPassword.toCharArray());
km = kmf.getKeyManagers();
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
TrustManager[] tm = null;
if (serverCertValidation) {
KeyStore trustStoreKeyStore = null;
if (trustStorePath != null) {
trustStoreKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream in = null;
in = getFileInputStream(trustStorePath);
try {
trustStoreKeyStore.load(in, trustStorePathPassword.toCharArray());
trustManagerFactory.init(trustStoreKeyStore);
tm = trustManagerFactory.getTrustManagers();
} finally {
if (in != null) {
in.close();
}
}
}
} else {
TrustManager ignoreValidationTM = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// Ignore Server Certificate Validation
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// Ignore Server Certificate Validation
}
};
tm = new TrustManager[] { ignoreValidationTM };
}
SecureRandom random = new SecureRandom();
context.init(km, tm, random);
SSLSocketFactory sf = context.getSocketFactory();
sslsocket = sf.createSocket(remoteHostName, remoteHostAuthServicePort);
} else {
sslsocket = new Socket(remoteHostName, remoteHostAuthServicePort);
}
OutputStreamWriter writer = new OutputStreamWriter(sslsocket.getOutputStream());
writer.write(loginData);
writer.flush();
BufferedReader reader = new BufferedReader(new InputStreamReader(sslsocket.getInputStream()));
ret = reader.readLine();
reader.close();
writer.close();
} finally {
if (sslsocket != null) {
sslsocket.close();
}
}
} catch (Throwable t) {
throw new LoginException("FAILED: unable to authenticate to AuthenticationService: " + remoteHostName + ":" + remoteHostAuthServicePort + ", Exception: [" + t + "]");
} finally {
log("Login of user String: {" + aUserName + "}, return from AuthServer: {" + ret + "}");
Arrays.fill(loginData, ' ');
Arrays.fill(modifiedPasschar, ' ');
}
return ret;
}
Also used :
InputStreamReader(java.io.InputStreamReader)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
BufferedReader(java.io.BufferedReader)
LoginException(javax.security.auth.login.LoginException)
OutputStreamWriter(java.io.OutputStreamWriter)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
KeyManager(javax.net.ssl.KeyManager)
Socket(java.net.Socket)
Example 68 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project pentaho-kettle by pentaho.
the class WebsphereMQProvider method getSslContext.
private SSLContext getSslContext(JmsDelegate meta) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException {
SSLContext sslContext;
KeyStore trustStore = KeyStore.getInstance(meta.sslTruststoreType);
try (FileInputStream stream = new FileInputStream(meta.sslTruststorePath)) {
trustStore.load(stream, Strings.isNullOrEmpty(meta.sslTruststorePassword) ? null : meta.sslTruststorePassword.toCharArray());
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
KeyManagerFactory keyManagerFactory = null;
// the keystore is optional; use if client authentication is desired
if (!Strings.isNullOrEmpty(meta.sslKeystorePath)) {
KeyStore keyStore = KeyStore.getInstance(meta.sslKeystoreType);
try (FileInputStream stream = new FileInputStream(meta.sslKeystorePath)) {
keyStore.load(stream, meta.sslKeystorePassword.toCharArray());
}
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, meta.sslKeystorePassword.toCharArray());
}
sslContext = SSLContext.getInstance(meta.sslContextAlgorithm);
sslContext.init((null == keyManagerFactory ? null : keyManagerFactory.getKeyManagers()), trustManagerFactory.getTrustManagers(), new SecureRandom());
return sslContext;
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 69 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project ranger by apache.
the class SolrAuditDestination method getKeyManagers.
private KeyManager[] getKeyManagers() {
KeyManager[] kmList = null;
String credentialProviderPath = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL);
String keyStoreAlias = RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS;
String keyStoreFile = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_CLIENT_KEY_FILE);
String keyStoreFilepwd = MiscUtil.getCredentialString(credentialProviderPath, keyStoreAlias);
if (StringUtils.isNotEmpty(keyStoreFile) && StringUtils.isNotEmpty(keyStoreFilepwd)) {
InputStream in = null;
try {
in = getFileInputStream(keyStoreFile);
if (in != null) {
String keyStoreType = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE);
keyStoreType = StringUtils.isNotEmpty(keyStoreType) ? keyStoreType : RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT;
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(in, keyStoreFilepwd.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
kmList = keyManagerFactory.getKeyManagers();
} else {
LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]");
}
} catch (KeyStoreException e) {
LOG.error("Unable to obtain from KeyStore :" + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
LOG.error("SSL algorithm is NOT available in the environment", e);
} catch (CertificateException e) {
LOG.error("Unable to obtain the requested certification ", e);
} catch (FileNotFoundException e) {
LOG.error("Unable to find the necessary SSL Keystore Files", e);
} catch (IOException e) {
LOG.error("Unable to read the necessary SSL Keystore Files", e);
} catch (UnrecoverableKeyException e) {
LOG.error("Unable to recover the key from keystore", e);
} finally {
close(in, keyStoreFile);
}
}
return kmList;
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyManager(javax.net.ssl.KeyManager)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 70 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project ranger by apache.
the class EmbeddedServer method getKeyManagers.
private KeyManager[] getKeyManagers() {
KeyManager[] kmList = null;
String keyStoreFile = EmbeddedServerUtil.getConfig("ranger.keystore.file");
String keyStoreAlias = EmbeddedServerUtil.getConfig("ranger.keystore.alias", "keyStoreCredentialAlias");
if (StringUtils.isBlank(keyStoreFile)) {
keyStoreFile = getKeystoreFile();
keyStoreAlias = EmbeddedServerUtil.getConfig("ranger.service.https.attrib.keystore.credential.alias", "keyStoreCredentialAlias");
}
String keyStoreFileType = EmbeddedServerUtil.getConfig("ranger.keystore.file.type", RANGER_KEYSTORE_FILE_TYPE_DEFAULT);
String credentialProviderPath = EmbeddedServerUtil.getConfig("ranger.credential.provider.path");
String keyStoreFilepwd = CredentialReader.getDecryptedString(credentialProviderPath, keyStoreAlias, keyStoreFileType);
if (StringUtils.isNotEmpty(keyStoreFile) && StringUtils.isNotEmpty(keyStoreFilepwd)) {
InputStream in = null;
try {
in = getFileInputStream(keyStoreFile);
if (in != null) {
KeyStore keyStore = KeyStore.getInstance(keyStoreFileType);
keyStore.load(in, keyStoreFilepwd.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
kmList = keyManagerFactory.getKeyManagers();
} else {
LOG.severe("Unable to obtain keystore from file [" + keyStoreFile + "]");
}
} catch (KeyStoreException e) {
LOG.log(Level.SEVERE, "Unable to obtain from KeyStore :" + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
LOG.log(Level.SEVERE, "SSL algorithm is NOT available in the environment", e);
} catch (CertificateException e) {
LOG.log(Level.SEVERE, "Unable to obtain the requested certification ", e);
} catch (FileNotFoundException e) {
LOG.log(Level.SEVERE, "Unable to find the necessary SSL Keystore Files", e);
} catch (IOException e) {
LOG.log(Level.SEVERE, "Unable to read the necessary SSL Keystore Files", e);
} catch (UnrecoverableKeyException e) {
LOG.log(Level.SEVERE, "Unable to recover the key from keystore", e);
} finally {
close(in, keyStoreFile);
}
} else {
if (StringUtils.isBlank(keyStoreFile)) {
LOG.warning("Config 'ranger.keystore.file' or 'ranger.service.https.attrib.keystore.file' is not found or contains blank value");
} else if (StringUtils.isBlank(keyStoreAlias)) {
LOG.warning("Config 'ranger.keystore.alias' or 'ranger.service.https.attrib.keystore.credential.alias' is not found or contains blank value");
} else if (StringUtils.isBlank(credentialProviderPath)) {
LOG.warning("Config 'ranger.credential.provider.path' is not found or contains blank value");
} else if (StringUtils.isBlank(keyStoreFilepwd)) {
LOG.warning("Unable to read credential from credential store file [" + credentialProviderPath + "] for given alias:" + keyStoreAlias);
}
}
return kmList;
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyManager(javax.net.ssl.KeyManager)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Aggregations
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)439
KeyStore (java.security.KeyStore)322
SSLContext (javax.net.ssl.SSLContext)218
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)203
FileInputStream (java.io.FileInputStream)135
IOException (java.io.IOException)122
InputStream (java.io.InputStream)106
KeyManager (javax.net.ssl.KeyManager)104
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)79
TrustManager (javax.net.ssl.TrustManager)76
KeyStoreException (java.security.KeyStoreException)62
SecureRandom (java.security.SecureRandom)58
CertificateException (java.security.cert.CertificateException)57
UnrecoverableKeyException (java.security.UnrecoverableKeyException)54
KeyManagementException (java.security.KeyManagementException)51
File (java.io.File)37
X509Certificate (java.security.cert.X509Certificate)33
GeneralSecurityException (java.security.GeneralSecurityException)31
X509TrustManager (javax.net.ssl.X509TrustManager)29
Certificate (java.security.cert.Certificate)28
