Examples with ManagerFactoryParameters - javax.net.ssl.ManagerFactoryParameters

Example 6 with ManagerFactoryParameters

use of javax.net.ssl.ManagerFactoryParameters in project tomcat by apache.

the class JSSEUtil method getTrustManagers.

@Override
public TrustManager[] getTrustManagers() throws Exception {
    String className = sslHostConfig.getTrustManagerClassName();
    if (className != null && className.length() > 0) {
        ClassLoader classLoader = getClass().getClassLoader();
        Class<?> clazz = classLoader.loadClass(className);
        if (!(TrustManager.class.isAssignableFrom(clazz))) {
            throw new InstantiationException(sm.getString("jsse.invalidTrustManagerClassName", className));
        }
        Object trustManagerObject = clazz.newInstance();
        TrustManager trustManager = (TrustManager) trustManagerObject;
        return new TrustManager[] { trustManager };
    }
    TrustManager[] tms = null;
    KeyStore trustStore = sslHostConfig.getTruststore();
    if (trustStore != null) {
        checkTrustStoreEntries(trustStore);
        String algorithm = sslHostConfig.getTruststoreAlgorithm();
        String crlf = sslHostConfig.getCertificateRevocationListFile();
        boolean revocationEnabled = sslHostConfig.getRevocationEnabled();
        if ("PKIX".equalsIgnoreCase(algorithm)) {
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
            CertPathParameters params = getParameters(crlf, trustStore, revocationEnabled);
            ManagerFactoryParameters mfp = new CertPathTrustManagerParameters(params);
            tmf.init(mfp);
            tms = tmf.getTrustManagers();
        } else {
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
            tmf.init(trustStore);
            tms = tmf.getTrustManagers();
            if (crlf != null && crlf.length() > 0) {
                throw new CRLException(sm.getString("jsseUtil.noCrlSupport", algorithm));
            }
            log.warn(sm.getString("jsseUtil.noVerificationDepth", algorithm));
        }
    }
    return tms;
}

Also used : CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) CertPathParameters(java.security.cert.CertPathParameters) KeyStore(java.security.KeyStore) TrustManager(javax.net.ssl.TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CRLException(java.security.cert.CRLException) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters)

Example 7 with ManagerFactoryParameters

use of javax.net.ssl.ManagerFactoryParameters in project netty by netty.

the class SslErrorTest method testCorrectAlert.

@Test(timeout = 30000)
public void testCorrectAlert() throws Exception {
    // As this only works correctly at the moment when OpenSslEngine is used on the server-side there is
    // no need to run it if there is no openssl is available at all.
    Assume.assumeTrue(OpenSsl.isAvailable());
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    final SslContext sslServerCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(serverProvider).trustManager(new SimpleTrustManagerFactory() {

        @Override
        protected void engineInit(KeyStore keyStore) {
        }

        @Override
        protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
        }

        @Override
        protected TrustManager[] engineGetTrustManagers() {
            return new TrustManager[] { new X509TrustManager() {

                @Override
                public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                    throw exception;
                }

                @Override
                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                // NOOP
                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return EmptyArrays.EMPTY_X509_CERTIFICATES;
                }
            } };
        }
    }).clientAuth(ClientAuth.REQUIRE).build();
    final SslContext sslClientCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).keyManager(new File(getClass().getResource("test.crt").getFile()), new File(getClass().getResource("test_unencrypted.pem").getFile())).sslProvider(clientProvider).build();
    Channel serverChannel = null;
    Channel clientChannel = null;
    EventLoopGroup group = new NioEventLoopGroup();
    try {
        serverChannel = new ServerBootstrap().group(group).channel(NioServerSocketChannel.class).handler(new LoggingHandler(LogLevel.INFO)).childHandler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) throws Exception {
                ch.pipeline().addLast(sslServerCtx.newHandler(ch.alloc()));
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    @Override
                    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
                        ctx.close();
                    }
                });
            }
        }).bind(0).sync().channel();
        final Promise<Void> promise = group.next().newPromise();
        clientChannel = new Bootstrap().group(group).channel(NioSocketChannel.class).handler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) throws Exception {
                ch.pipeline().addLast(sslClientCtx.newHandler(ch.alloc()));
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    @Override
                    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
                        // Unwrap as its wrapped by a DecoderException
                        Throwable unwrappedCause = cause.getCause();
                        if (unwrappedCause instanceof SSLException) {
                            if (exception instanceof TestCertificateException) {
                                CertPathValidatorException.Reason reason = ((CertPathValidatorException) exception.getCause()).getReason();
                                if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
                                    verifyException(unwrappedCause, "expired", promise);
                                } else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
                                    verifyException(unwrappedCause, "bad", promise);
                                } else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
                                    verifyException(unwrappedCause, "revoked", promise);
                                }
                            } else if (exception instanceof CertificateExpiredException) {
                                verifyException(unwrappedCause, "expired", promise);
                            } else if (exception instanceof CertificateNotYetValidException) {
                                verifyException(unwrappedCause, "bad", promise);
                            } else if (exception instanceof CertificateRevokedException) {
                                verifyException(unwrappedCause, "revoked", promise);
                            }
                        }
                    }
                });
            }
        }).connect(serverChannel.localAddress()).syncUninterruptibly().channel();
        // Block until we received the correct exception
        promise.syncUninterruptibly();
    } finally {
        if (clientChannel != null) {
            clientChannel.close().syncUninterruptibly();
        }
        if (serverChannel != null) {
            serverChannel.close().syncUninterruptibly();
        }
        group.shutdownGracefully();
        ReferenceCountUtil.release(sslServerCtx);
        ReferenceCountUtil.release(sslClientCtx);
    }
}

Also used : LoggingHandler(io.netty.handler.logging.LoggingHandler) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) CertificateExpiredException(java.security.cert.CertificateExpiredException) CertificateException(java.security.cert.CertificateException) ChannelHandlerContext(io.netty.channel.ChannelHandlerContext) SSLException(javax.net.ssl.SSLException) Bootstrap(io.netty.bootstrap.Bootstrap) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) CertificateRevokedException(java.security.cert.CertificateRevokedException) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel) Channel(io.netty.channel.Channel) SimpleTrustManagerFactory(io.netty.handler.ssl.util.SimpleTrustManagerFactory) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) ServerBootstrap(io.netty.bootstrap.ServerBootstrap) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateExpiredException(java.security.cert.CertificateExpiredException) CertPathValidatorException(java.security.cert.CertPathValidatorException) CertificateRevokedException(java.security.cert.CertificateRevokedException) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException) NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel) CertPathValidatorException(java.security.cert.CertPathValidatorException) EventLoopGroup(io.netty.channel.EventLoopGroup) NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup) X509TrustManager(javax.net.ssl.X509TrustManager) File(java.io.File) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters) ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter) Test(org.junit.Test)

Example 8 with ManagerFactoryParameters

use of javax.net.ssl.ManagerFactoryParameters in project robovm by robovm.

the class myTrustManagerFactory method test_initLjavax_net_ssl_ManagerFactoryParameters.

/**
     * Test for <code>init(ManagerFactoryParameters params)</code>
     * Assertion:
     * throws InvalidAlgorithmParameterException when params is null
     */
@KnownFailure("ManagerFactoryParameters object is not supported " + "and InvalidAlgorithmParameterException was thrown.")
public void test_initLjavax_net_ssl_ManagerFactoryParameters() throws Exception {
    ManagerFactoryParameters par = null;
    TrustManagerFactory[] trustMF = createTMFac();
    assertNotNull("TrustManagerFactory objects were not created", trustMF);
    for (int i = 0; i < trustMF.length; i++) {
        try {
            trustMF[i].init(par);
            fail("InvalidAlgorithmParameterException must be thrown");
        } catch (InvalidAlgorithmParameterException e) {
        }
    }
    String keyAlg = "DSA";
    String validCaNameRfc2253 = ("CN=Test CA," + "OU=Testing Division," + "O=Test It All," + "L=Test Town," + "ST=Testifornia," + "C=Testland");
    try {
        KeyStore kStore = KeyStore.getInstance(KeyStore.getDefaultType());
        kStore.load(null, null);
        PublicKey pk = new TestKeyPair(keyAlg).getPublic();
        TrustAnchor ta = new TrustAnchor(validCaNameRfc2253, pk, getFullEncoding());
        Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
        trustAnchors.add(ta);
        X509CertSelector xcs = new X509CertSelector();
        PKIXBuilderParameters pkixBP = new PKIXBuilderParameters(trustAnchors, xcs);
        CertPathTrustManagerParameters cptmp = new CertPathTrustManagerParameters(pkixBP);
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(getDefaultAlgorithm());
        try {
            tmf.init(cptmp);
        } catch (Exception ex) {
            fail(ex + " was thrown for init(ManagerFactoryParameters spec)");
        }
    } catch (Exception e) {
        fail("Unexpected exception for configuration: " + e);
    }
}

Also used : TestKeyPair(org.apache.harmony.security.tests.support.TestKeyPair) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) PublicKey(java.security.PublicKey) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) TrustAnchor(java.security.cert.TrustAnchor) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters) HashSet(java.util.HashSet) KnownFailure(dalvik.annotation.KnownFailure)

Example 9 with ManagerFactoryParameters

use of javax.net.ssl.ManagerFactoryParameters in project robovm by robovm.

the class ProtectionParameterImpl method test_initLjavax_net_ssl_ManagerFactoryParameters.

/**
     * Test for <code>init(ManagerFactoryParameters params)</code>
     * Assertion:
     * throws InvalidAlgorithmParameterException when params is null
     */
public void test_initLjavax_net_ssl_ManagerFactoryParameters() throws NoSuchAlgorithmException {
    if (!DEFSupported) {
        fail(NotSupportedMsg);
        return;
    }
    ManagerFactoryParameters par = null;
    KeyManagerFactory[] keyMF = createKMFac();
    assertNotNull("KeyManagerFactory object were not created", keyMF);
    for (int i = 0; i < keyMF.length; i++) {
        try {
            keyMF[i].init(par);
            fail("InvalidAlgorithmParameterException must be thrown");
        } catch (InvalidAlgorithmParameterException e) {
        }
    }
    KeyStore.ProtectionParameter pp = new ProtectionParameterImpl();
    KeyStore.Builder bld = KeyStore.Builder.newInstance("testType", null, pp);
    assertNotNull("Null object KeyStore.Builder", bld);
    try {
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(defaultAlgorithm);
        KeyStoreBuilderParameters ksp = new KeyStoreBuilderParameters(bld);
        assertNotNull(ksp.getParameters());
        kmf.init(ksp);
        fail("InvalidAlgorithmParameterException must be thrown");
    } catch (InvalidAlgorithmParameterException e) {
    }
}

Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) KeyStoreBuilderParameters(javax.net.ssl.KeyStoreBuilderParameters) KeyStore(java.security.KeyStore) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Aggregations

ManagerFactoryParameters (javax.net.ssl.ManagerFactoryParameters)9 KeyStore (java.security.KeyStore)8 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)6 KeyStoreException (java.security.KeyStoreException)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CertificateException (java.security.cert.CertificateException)3 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)3 Bootstrap (io.netty.bootstrap.Bootstrap)2 ServerBootstrap (io.netty.bootstrap.ServerBootstrap)2 Channel (io.netty.channel.Channel)2 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)2 ChannelInboundHandlerAdapter (io.netty.channel.ChannelInboundHandlerAdapter)2 NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)2 NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)2 NioSocketChannel (io.netty.channel.socket.nio.NioSocketChannel)2 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)2 SimpleTrustManagerFactory (io.netty.handler.ssl.util.SimpleTrustManagerFactory)2 File (java.io.File)2 UnrecoverableKeyException (java.security.UnrecoverableKeyException)2 X509Certificate (java.security.cert.X509Certificate)2