Example 71 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project iaf by ibissource.
the class PkiUtil method createKeyManagers.
public static KeyManager[] createKeyManagers(final KeyStore keystore, final String password, String algorithm) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
if (keystore == null) {
throw new IllegalArgumentException("Keystore may not be null");
}
log.debug("Initializing key manager");
if (StringUtils.isEmpty(algorithm)) {
algorithm = KeyManagerFactory.getDefaultAlgorithm();
log.debug("using default KeyManager algorithm [" + algorithm + "]");
} else {
log.debug("using configured KeyManager algorithm [" + algorithm + "]");
}
KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(algorithm);
kmfactory.init(keystore, password != null ? password.toCharArray() : null);
return kmfactory.getKeyManagers();
}
Also used :
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 72 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project keycloak by keycloak.
the class KeycloakServer method getKeyManagers.
private KeyManager[] getKeyManagers() throws Exception {
String keyStorePath = System.getProperty("keycloak.tls.keystore.path");
if (keyStorePath == null) {
return null;
}
log.infof("Loading keystore from file: %s", keyStorePath);
InputStream stream = Files.newInputStream(Paths.get(keyStorePath));
if (stream == null) {
throw new RuntimeException("Could not load keystore");
}
try (InputStream is = stream) {
KeyStore keyStore = KeyStore.getInstance("JKS");
char[] keyStorePassword = System.getProperty("keycloak.tls.keystore.password", "password").toCharArray();
keyStore.load(is, keyStorePassword);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStorePassword);
return keyManagerFactory.getKeyManagers();
}
}
Also used :
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 73 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project samourai-wallet-android by Samourai-Wallet.
the class StrongSSLSocketFactory method createKeyManagers.
private KeyManager[] createKeyManagers(final KeyStore keystore, final String password) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
if (keystore == null) {
throw new IllegalArgumentException("Keystore may not be null");
}
KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keystore, password != null ? password.toCharArray() : null);
return kmfactory.getKeyManagers();
}
Also used :
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 74 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project coprhd-controller by CoprHD.
the class RenderProxy method createClientConnectionManager.
private static ClientConnectionManager createClientConnectionManager() {
SchemeRegistry schemeRegistry = SchemeRegistryFactory.createDefault();
SSLSocketFactory sf;
if (StorageOsPlugin.isEnabled()) {
try {
// initialize an SSLContext with the vipr keystore and trustmanager.
// This is basically a dup of most of the ViPRSSLSocketFactory constructor,
// and could be extracted
X509TrustManager[] trustManagers = { BourneUtil.getTrustManager() };
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(BourneUtil.getKeyStore(), "".toCharArray());
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(), trustManagers, new SecureRandom());
sf = new SSLSocketFactory(context, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
} catch (Exception e) {
throw new RuntimeException("Unable to initialize the ViPRX509TrustManager for RenderProxy", e);
}
} else {
sf = new SSLSocketFactory(SSLUtil.getTrustAllContext(), SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
}
Scheme httpsScheme = new Scheme("https", 443, sf);
schemeRegistry.register(httpsScheme);
ClientConnectionManager connectionManager = new PoolingClientConnectionManager(schemeRegistry);
return connectionManager;
}
Also used :
PoolingClientConnectionManager(org.apache.http.impl.conn.PoolingClientConnectionManager)
Scheme(org.apache.http.conn.scheme.Scheme)
X509TrustManager(javax.net.ssl.X509TrustManager)
SchemeRegistry(org.apache.http.conn.scheme.SchemeRegistry)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
SSLSocketFactory(org.apache.http.conn.ssl.SSLSocketFactory)
PoolingClientConnectionManager(org.apache.http.impl.conn.PoolingClientConnectionManager)
ClientConnectionManager(org.apache.http.conn.ClientConnectionManager)
IOException(java.io.IOException)
UnexpectedException(play.exceptions.UnexpectedException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 75 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project apache-kafka-on-k8s by banzaicloud.
the class SslFactory method createSSLContext.
// package access for testing
SSLContext createSSLContext(SecurityStore keystore) throws GeneralSecurityException, IOException {
SSLContext sslContext;
if (provider != null)
sslContext = SSLContext.getInstance(protocol, provider);
else
sslContext = SSLContext.getInstance(protocol);
KeyManager[] keyManagers = null;
if (keystore != null) {
String kmfAlgorithm = this.kmfAlgorithm != null ? this.kmfAlgorithm : KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmfAlgorithm);
KeyStore ks = keystore.load();
Password keyPassword = keystore.keyPassword != null ? keystore.keyPassword : keystore.password;
kmf.init(ks, keyPassword.value().toCharArray());
keyManagers = kmf.getKeyManagers();
}
String tmfAlgorithm = this.tmfAlgorithm != null ? this.tmfAlgorithm : TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
KeyStore ts = truststore == null ? null : truststore.load();
tmf.init(ts);
sslContext.init(keyManagers, tmf.getTrustManagers(), this.secureRandomImplementation);
if (keystore != null && keystore != this.keystore) {
if (this.keystore == null)
throw new ConfigException("Cannot add SSL keystore to an existing listener for which no keystore was configured.");
if (keystoreVerifiableUsingTruststore)
SSLConfigValidatorEngine.validate(this, sslContext);
if (!CertificateEntries.create(this.keystore.load()).equals(CertificateEntries.create(keystore.load()))) {
throw new ConfigException("Keystore DistinguishedName or SubjectAltNames do not match");
}
}
return sslContext;
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
ConfigException(org.apache.kafka.common.config.ConfigException)
SSLContext(javax.net.ssl.SSLContext)
KeyManager(javax.net.ssl.KeyManager)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Password(org.apache.kafka.common.config.types.Password)
Aggregations
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)439
KeyStore (java.security.KeyStore)322
SSLContext (javax.net.ssl.SSLContext)218
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)203
FileInputStream (java.io.FileInputStream)135
IOException (java.io.IOException)122
InputStream (java.io.InputStream)106
KeyManager (javax.net.ssl.KeyManager)104
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)79
TrustManager (javax.net.ssl.TrustManager)76
KeyStoreException (java.security.KeyStoreException)62
SecureRandom (java.security.SecureRandom)58
CertificateException (java.security.cert.CertificateException)57
UnrecoverableKeyException (java.security.UnrecoverableKeyException)54
KeyManagementException (java.security.KeyManagementException)51
File (java.io.File)37
X509Certificate (java.security.cert.X509Certificate)33
GeneralSecurityException (java.security.GeneralSecurityException)31
X509TrustManager (javax.net.ssl.X509TrustManager)29
Certificate (java.security.cert.Certificate)28
