Examples with KeyManagerFactory javax.net.ssl.KeyManagerFactory used on opensource projects

Example 91 with KeyManagerFactory

use of javax.net.ssl.KeyManagerFactory in project i2p.i2p by i2p.

the class SSLClientUtil method initializeFactory.

/**
 *  Sets up the SSLContext and sets the socket factory.
 *  No option prefix allowed.
 *
 * @throws IOException GeneralSecurityExceptions are wrapped in IOE for convenience
 * @return factory, throws on all errors
 */
public static SSLServerSocketFactory initializeFactory(Properties opts) throws IOException {
    String ksPass = opts.getProperty(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
    String keyPass = opts.getProperty(PROP_KEY_PASSWORD);
    if (keyPass == null) {
        throw new IOException("No key password, set " + PROP_KEY_PASSWORD + " in " + (new File(I2PAppContext.getGlobalContext().getConfigDir(), "i2ptunnel.config")).getAbsolutePath());
    }
    String ksname = opts.getProperty(PROP_KS_NAME);
    if (ksname == null) {
        throw new IOException("No keystore, set " + PROP_KS_NAME + " in " + (new File(I2PAppContext.getGlobalContext().getConfigDir(), "i2ptunnel.config")).getAbsolutePath());
    }
    File ks = new File(ksname);
    if (!ks.isAbsolute()) {
        ks = new File(I2PAppContext.getGlobalContext().getConfigDir(), KS_DIR);
        ks = new File(ks, ksname);
    }
    InputStream fis = null;
    try {
        SSLContext sslc = SSLContext.getInstance("TLS");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        fis = new FileInputStream(ks);
        keyStore.load(fis, ksPass.toCharArray());
        KeyStoreUtil.logCertExpiration(keyStore, ks.getAbsolutePath(), 180 * 24 * 60 * 60 * 1000L);
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(keyStore, keyPass.toCharArray());
        sslc.init(kmf.getKeyManagers(), null, I2PAppContext.getGlobalContext().random());
        return sslc.getServerSocketFactory();
    } catch (GeneralSecurityException gse) {
        IOException ioe = new IOException("keystore error");
        ioe.initCause(gse);
        throw ioe;
    } finally {
        if (fis != null)
            try {
                fis.close();
            } catch (IOException ioe) {
            }
    }
}

Example 92 with KeyManagerFactory

use of javax.net.ssl.KeyManagerFactory in project syndesis by syndesisio.

the class CertificateUtil method createKeyManagers.

public static KeyManager[] createKeyManagers(String clientCertificate, String alias) throws GeneralSecurityException, IOException {
    final KeyStore clientKs = createKeyStore(clientCertificate, alias);
    // create Key Manager
    KeyManagerFactory kmFactory = KeyManagerFactory.getInstance("PKIX");
    kmFactory.init(clientKs, null);
    return kmFactory.getKeyManagers();
}

Example 93 with KeyManagerFactory

use of javax.net.ssl.KeyManagerFactory in project core-ng-project by neowu.

the class SSLContextBuilder method build.

SSLContext build() {
    String cert = "-----BEGIN CERTIFICATE-----\n" + "MIICITCCAYoCCQCYd6FYSuVDODANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJV\n" + "UzEQMA4GA1UECAwHdW5rbm93bjEQMA4GA1UEBwwHdW5rbm93bjEQMA4GA1UECgwH\n" + "dW5rbm93bjEQMA4GA1UEAwwHdW5rbm93bjAeFw0xNDA0MjQxODE2MDFaFw0yNDA0\n" + "MjExODE2MDFaMFUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAd1bmtub3duMRAwDgYD\n" + "VQQHDAd1bmtub3duMRAwDgYDVQQKDAd1bmtub3duMRAwDgYDVQQDDAd1bmtub3du\n" + "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG29Nnh2yXmHOldHT15291trI3\n" + "2RIax/rMfnByZBwtYKPt6G/+f3JZ4T4n/eerwSg+GwqrMPEn56GHkQoEkVynx76I\n" + "Ds+3WSHeBpNYV3dofl/sKkkpUxLuCZ4hKKn+XGswi9zeC8FBlRiQj4T6jE13WGLi\n" + "zGEeSWmvKK49XdlxJwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFweMGjR7ARe5FCT\n" + "YLxZlclDuT4N3yvYf8TUExNYYjG7eL1mGDvfkbZJ//daUsAeoHRTfFIi0sPAOAMJ\n" + "Y0L4ejwKFziPxGXVJE5MKVQBrNu4Zm5I+1SwSMI0A1PBMXSLWaqn6j9D5vchsVgs\n" + "2H9+2fvrTrHGAI8L7qHzi+ODImYf\n" + "-----END CERTIFICATE-----";
    String privateKey1 = "-----BEGIN PRIVATE KEY-----\n" + "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMbb02eHbJeYc6V0\n" + "dPXnb3W2sjfZEhrH+sx+cHJkHC1go+3ob/5/clnhPif956vBKD4bCqsw8SfnoYeR\n" + "CgSRXKfHvogOz7dZId4Gk1hXd2h+X+wqSSlTEu4JniEoqf5cazCL3N4LwUGVGJCP\n" + "hPqMTXdYYuLMYR5Jaa8orj1d2XEnAgMBAAECgYEAjAYQJw8pvNkhXXjSPrDXQBkE\n" + "BuU3pVn5VHMXtMSfPqiU5ZnM+nQ9TeKXxMs5jSw2rPyXl5GfzYyBphbP6gV9Kn1j\n" + "5cLtWI9xc+M0OOHP9NbSUCGLS6MkjR7zRe5Mg6ApdYx6Lx8FLosFQO4FX/7Mk8/x\n" + "Pa/m2Kb0hKQDYnn9QdkCQQDlqt7cF1H0VmjI0AeTd8qkIR8PQqLXtRp0pGER25b3\n" + "Oz9+GoMGZYuGFINGCBDWw34AMCc4EAmezLQ5/RunE5pVAkEA3aiqaJBKYlkmbhNP\n" + "T95FyCScnDaLGyfFMcueOsYSbRj3LEhwyy+C3YRG38BIE5aCCCLyVnyred88cf7M\n" + "pCERiwJAI0kmZmA62jRwcvHrSA/ulVr1X63YQRX1E5ixxUGcpy12KtS97rypPBdo\n" + "t9jDZYuxjyvWyrlEER7YTdSCbCAJ5QJABTOqHB4WwMwazMaDO/qZZKMHUdst1ItQ\n" + "Y2TF59cyI4FMe6uPihUpWw15pFKc3mjP0GURjtoKJCgLARnbr5ZfFQJAaU5QJpr3\n" + "PQ29X73wEdm3t93e3lXCK6ez1gMik1fXXR2hCoEvzXyMVAfEaCg494pIApfwTtNL\n" + "nX1T2cCQuFQrYA==\n" + "-----END PRIVATE KEY-----\n";
    try {
        PrivateKey privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(PEM.fromPEM(privateKey1)));
        Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(PEM.fromPEM(cert)));
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setKeyEntry("default", privateKey, new char[0], new Certificate[] { certificate });
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, new char[0]);
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(keyManagerFactory.getKeyManagers(), null, null);
        return context;
    } catch (KeyStoreException | IOException | CertificateException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyManagementException | InvalidKeySpecException e) {
        throw new Error(e);
    }
}

Example 94 with KeyManagerFactory

use of javax.net.ssl.KeyManagerFactory in project goodies by sonatype.

the class JettyServerProvider method addCertificate.

/**
 * Adds the given certificate to the keystore for use with AUTH-CERT.
 *
 * @param alias      The alias to use for the key in the keystore.
 * @param certHolder The key and certificate to use.
 */
public void addCertificate(String alias, CertificateHolder certHolder) throws Exception {
    checkArgument(sslContextFactory != null, "Cannot add user CERT w/o SSL configured!");
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    InputStream in = null;
    try {
        try {
            in = new FileInputStream(resourceFile(sslKeystore));
        } catch (Exception e) {
            in = new FileInputStream(sslKeystore);
        }
        KeyStore keystore = KeyStore.getInstance("JKS");
        keystore.load(in, sslKeystorePassword == null ? null : sslKeystorePassword.toString().toCharArray());
        keystore.setCertificateEntry(alias, certHolder.getCertificate());
        Certificate[] chain = certHolder.getChain();
        for (int i = 1; i < chain.length; i++) {
            keystore.setCertificateEntry(alias + "chain" + i, chain[i]);
        }
        // PrivateKey key = certHolder.getKey();
        // Certificate[] chain = new Certificate[] { certHolder.getCertificate() };
        // keystore.setEntry( alias, new PrivateKeyEntry( key, chain ),
        // new PasswordProtection( sslKeystorePassword.toCharArray() ) );
        keyManagerFactory.init(keystore, sslKeystorePassword == null ? null : sslKeystorePassword.toString().toCharArray());
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(keyManagers, new TrustManager[] { new CustomTrustManager() }, null);
        sslContextFactory.setSslContext(context);
        sslContextFactory.setNeedClientAuth(true);
        if (certHolder.getCertificate() instanceof X509Certificate) {
            X509Certificate x509cert = (X509Certificate) certHolder.getCertificate();
            Principal principal = x509cert.getSubjectDN();
            if (principal == null) {
                principal = x509cert.getIssuerDN();
            }
            final String username = principal == null ? "clientcert" : principal.getName();
            final char[] credential = B64Code.encode(x509cert.getSignature());
            addUser(username, String.valueOf(credential));
        } else {
            throw new IllegalArgumentException("Unsupported Certificate Type (need X509Certificate): " + certHolder.getCertificate().getClass());
        }
    } finally {
        if (in != null) {
            in.close();
        }
    }
}

Example 95 with KeyManagerFactory

use of javax.net.ssl.KeyManagerFactory in project pxgrid-rest-ws by cisco-pxgrid.

the class SampleConfiguration method getKeyManagers.

private KeyManager[] getKeyManagers() throws IOException, GeneralSecurityException {
    if (keystoreFilename == null) {
        return null;
    }
    KeyStore ks = KeyStore.getInstance("JKS");
    FileInputStream in = new FileInputStream(keystoreFilename);
    ks.load(in, keystorePassword.toCharArray());
    in.close();
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(ks, keystorePassword.toCharArray());
    return kmf.getKeyManagers();
}