Example 76 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project Much-Assembly-Required by simon987.
the class SocketServer method getContext.
/**
* See https://github.com/TooTallNate/Java-WebSocket/blob/master/src/main/example/SSLServerLetsEncryptExample.java
*/
/*
* * Copyright (c) 2010-2017 Nathan Rajlich
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use,
* copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following
* conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*/
private static SSLContext getContext(String pathTo) {
SSLContext context;
String password = "MAR";
try {
context = SSLContext.getInstance("TLS");
byte[] certBytes = parseDERFromPEM(getBytes(new File(pathTo + File.separator + "cert.pem")), "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
byte[] keyBytes = parseDERFromPEM(getBytes(new File(pathTo + File.separator + "privkey.pem")), "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----");
X509Certificate cert = generateCertificateFromDER(certBytes);
RSAPrivateKey key = generatePrivateKeyFromDER(keyBytes);
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(null);
keystore.setCertificateEntry("cert-alias", cert);
keystore.setKeyEntry("key-alias", key, password.toCharArray(), new Certificate[] { cert });
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, password.toCharArray());
KeyManager[] km = kmf.getKeyManagers();
context.init(km, null, null);
} catch (Exception e) {
context = null;
}
return context;
}
Also used :
SSLContext(javax.net.ssl.SSLContext)
File(java.io.File)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
KeyStore(java.security.KeyStore)
KeyManager(javax.net.ssl.KeyManager)
X509Certificate(java.security.cert.X509Certificate)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
BindException(java.net.BindException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 77 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project protools by SeanDragon.
the class ToolHTTPS method getSSLSocketFactory.
/**
* 获得SSLSocektFactory
*
* @param password
* 密码
* @param keyStorePath
* 密钥库路径
* @param trustStorePath
* 信任库路径
*
* @return SSLSocketFactory
*
* @throws Exception
*/
static SSLSocketFactory getSSLSocketFactory(String password, String keyStorePath, String trustStorePath) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException, UnrecoverableKeyException, KeyManagementException {
// 实例化密钥库
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
// 获得密钥库
KeyStore keyStore = getKeyStore(keyStorePath, password);
// 初始化密钥工厂
keyManagerFactory.init(keyStore, password.toCharArray());
// 实例化信任库
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
// 获得信任库
KeyStore trustStore = getKeyStore(trustStorePath, password);
// 初始化信任库
trustManagerFactory.init(trustStore);
// 实例化SSL上下文
SSLContext ctx = SSLContext.getInstance(PROTOCOL);
// 初始化SSL上下文
ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
// 获得SSLSocketFactory
return ctx.getSocketFactory();
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 78 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project bookkeeper by apache.
the class TLSContextFactory method createClientContext.
private void createClientContext(AbstractConfiguration conf) throws SecurityException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, InvalidKeySpecException, NoSuchProviderException {
final SslContextBuilder sslContextBuilder;
final ClientConfiguration clientConf;
final SslProvider provider;
final boolean clientAuthentication;
// get key-file and trust-file locations and passwords
if (!(conf instanceof ClientConfiguration)) {
throw new SecurityException("Client configruation not provided");
}
clientConf = (ClientConfiguration) conf;
provider = getTLSProvider(clientConf.getTLSProvider());
clientAuthentication = clientConf.getTLSClientAuthentication();
switch(KeyStoreType.valueOf(clientConf.getTLSTrustStoreType())) {
case PEM:
if (Strings.isNullOrEmpty(clientConf.getTLSTrustStore())) {
throw new SecurityException("CA Certificate required");
}
sslContextBuilder = SslContextBuilder.forClient().trustManager(new File(clientConf.getTLSTrustStore())).ciphers(null).sessionCacheSize(0).sessionTimeout(0).sslProvider(provider).clientAuth(ClientAuth.REQUIRE);
break;
case JKS:
// falling thru, same as PKCS12
case PKCS12:
TrustManagerFactory tmf = initTrustManagerFactory(clientConf.getTLSTrustStoreType(), clientConf.getTLSTrustStore(), clientConf.getTLSTrustStorePasswordPath());
sslContextBuilder = SslContextBuilder.forClient().trustManager(tmf).ciphers(null).sessionCacheSize(0).sessionTimeout(0).sslProvider(provider).clientAuth(ClientAuth.REQUIRE);
break;
default:
throw new SecurityException("Invalid Truststore type: " + clientConf.getTLSTrustStoreType());
}
if (clientAuthentication) {
switch(KeyStoreType.valueOf(clientConf.getTLSKeyStoreType())) {
case PEM:
final String keyPassword;
if (Strings.isNullOrEmpty(clientConf.getTLSCertificatePath())) {
throw new SecurityException("Valid Certificate is missing");
}
if (Strings.isNullOrEmpty(clientConf.getTLSKeyStore())) {
throw new SecurityException("Valid Key is missing");
}
if (!Strings.isNullOrEmpty(clientConf.getTLSKeyStorePasswordPath())) {
keyPassword = getPasswordFromFile(clientConf.getTLSKeyStorePasswordPath());
} else {
keyPassword = null;
}
sslContextBuilder.keyManager(new File(clientConf.getTLSCertificatePath()), new File(clientConf.getTLSKeyStore()), keyPassword);
break;
case JKS:
// falling thru, same as PKCS12
case PKCS12:
KeyManagerFactory kmf = initKeyManagerFactory(clientConf.getTLSKeyStoreType(), clientConf.getTLSKeyStore(), clientConf.getTLSKeyStorePasswordPath());
sslContextBuilder.keyManager(kmf);
break;
default:
throw new SecurityException("Invalid Keyfile type" + clientConf.getTLSKeyStoreType());
}
}
sslContext = sslContextBuilder.build();
}
Also used :
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SslProvider(io.netty.handler.ssl.SslProvider)
File(java.io.File)
ClientConfiguration(org.apache.bookkeeper.conf.ClientConfiguration)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 79 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project photon-model by vmware.
the class CertificateUtil method getKeyManagers.
/**
* Get a KeyManager based on the given key store
*/
public static KeyManager[] getKeyManagers(KeyStore keyStore) {
try {
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, EMPTY);
return kmf.getKeyManagers();
} catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
throw new RuntimeException("Failed to create a KeyManager from a key store", e);
}
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 80 with KeyManagerFactory
use of javax.net.ssl.KeyManagerFactory in project cdap by caskdata.
the class SSLHandlerFactory method createSslContext.
private static SslContext createSslContext(KeyStore keyStore, String certificatePassword) {
if (keyStore == null) {
throw new IllegalArgumentException("KeyStore path is not configured");
}
if (certificatePassword == null) {
throw new IllegalArgumentException("Certificate password is not configured");
}
String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
if (algorithm == null) {
algorithm = ALGORITHM;
}
try {
// Set up key manager factory to use our key store
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
kmf.init(keyStore, certificatePassword.toCharArray());
// Initialize the SslContext to work with our key managers.
return SslContextBuilder.forServer(kmf).build();
} catch (Exception e) {
throw new IllegalArgumentException("Failed to initialize the server-side SSLContext", e);
}
}
Also used :
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Aggregations
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)439
KeyStore (java.security.KeyStore)322
SSLContext (javax.net.ssl.SSLContext)218
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)203
FileInputStream (java.io.FileInputStream)135
IOException (java.io.IOException)122
InputStream (java.io.InputStream)106
KeyManager (javax.net.ssl.KeyManager)104
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)79
TrustManager (javax.net.ssl.TrustManager)76
KeyStoreException (java.security.KeyStoreException)62
SecureRandom (java.security.SecureRandom)58
CertificateException (java.security.cert.CertificateException)57
UnrecoverableKeyException (java.security.UnrecoverableKeyException)54
KeyManagementException (java.security.KeyManagementException)51
File (java.io.File)37
X509Certificate (java.security.cert.X509Certificate)33
GeneralSecurityException (java.security.GeneralSecurityException)31
X509TrustManager (javax.net.ssl.X509TrustManager)29
Certificate (java.security.cert.Certificate)28
