Example 81 with SSLContext
use of javax.net.ssl.SSLContext in project cas by apereo.
the class SimpleHttpClientTests method getFriendlyToAllSSLSocketFactory.
private static SSLConnectionSocketFactory getFriendlyToAllSSLSocketFactory() throws Exception {
final TrustManager trm = new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(final X509Certificate[] certs, final String authType) {
}
@Override
public void checkServerTrusted(final X509Certificate[] certs, final String authType) {
}
};
final SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[] { trm }, null);
return new SSLConnectionSocketFactory(sc, new NoopHostnameVerifier());
}
Also used :
NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier)
X509TrustManager(javax.net.ssl.X509TrustManager)
SSLContext(javax.net.ssl.SSLContext)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
X509Certificate(java.security.cert.X509Certificate)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManager(javax.net.ssl.TrustManager)
Example 82 with SSLContext
use of javax.net.ssl.SSLContext in project netty-socketio by mrniko.
the class SocketIOChannelInitializer method createSSLContext.
private SSLContext createSSLContext(Configuration configuration) throws Exception {
TrustManager[] managers = null;
if (configuration.getTrustStore() != null) {
KeyStore ts = KeyStore.getInstance(configuration.getTrustStoreFormat());
ts.load(configuration.getTrustStore(), configuration.getTrustStorePassword().toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ts);
managers = tmf.getTrustManagers();
}
KeyStore ks = KeyStore.getInstance(configuration.getKeyStoreFormat());
ks.load(configuration.getKeyStore(), configuration.getKeyStorePassword().toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(configuration.getKeyManagerFactoryAlgorithm());
kmf.init(ks, configuration.getKeyStorePassword().toCharArray());
SSLContext serverContext = SSLContext.getInstance(configuration.getSSLProtocol());
serverContext.init(kmf.getKeyManagers(), managers, null);
return serverContext;
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
TrustManager(javax.net.ssl.TrustManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 83 with SSLContext
use of javax.net.ssl.SSLContext in project OpenAttestation by OpenAttestation.
the class ApacheHttpClient method initSchemeRegistryWithPolicy.
/*
public final void setBaseURL(URL baseURL) {
this.baseURL = baseURL;
}
public final void setKeystore(SimpleKeystore keystore) {
this.keystore = keystore;
}
public final void setRequireTrustedCertificate(boolean value) {
requireTrustedCertificate = value;
}
public final void setVerifyHostname(boolean value) {
verifyHostname = value;
}
*
*/
/**
* Used in Mt Wilson 1.0-RC2
*
* Base URL and other configuration must already be set before calling this
* method.
*
* @param protocol either "http" or "https"
* @param port such as 80 for http, 443 for https
* @throws KeyManagementException
* @throws NoSuchAlgorithmException
*/
/*
private SchemeRegistry initSchemeRegistry(String protocol, int port) throws KeyManagementException, NoSuchAlgorithmException {
SchemeRegistry sr = new SchemeRegistry();
if( "http".equals(protocol) ) {
Scheme http = new Scheme("http", port, PlainSocketFactory.getSocketFactory());
sr.register(http);
}
if( "https".equals(protocol) ) {
X509HostnameVerifier hostnameVerifier; // secure by default (default verifyHostname = true)
X509TrustManager trustManager; // secure by default, using Java's implementation which verifies the peer and using java's trusted keystore as default if user does not provide a specific keystore
if( verifyHostname ) {
hostnameVerifier = SSLSocketFactory.STRICT_HOSTNAME_VERIFIER;
}
else { // if( !config.getBoolean("mtwilson.api.ssl.verifyHostname", true) ) {
hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
}
if( requireTrustedCertificate && keystore != null ) {
trustManager = SslUtil.createX509TrustManagerWithKeystore(keystore);
}
else if( requireTrustedCertificate ) { // config.getBoolean("mtwilson.api.ssl.requireTrustedCertificate", true) ) {
//String truststore = config.getString("mtwilson.api.keystore", System.getProperty("javax.net.ssl.trustStorePath")); // if null use default java trust store...
//String truststorePassword = config.getString("mtwilson.api.keystore.password", System.getProperty("javax.net.ssl.trustStorePassword"));
// String truststore = System.getProperty("javax.net.ssl.trustStorePath");
String truststore = System.getProperty("javax.net.ssl.trustStore");
String truststorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
// create a trust manager using only our trusted ssl certificates
if( truststore == null || truststorePassword == null ) {
throw new IllegalArgumentException("Require trusted certificates is enabled but truststore is not configured");
}
keystore = new SimpleKeystore(new File(truststore), truststorePassword);
trustManager = SslUtil.createX509TrustManagerWithKeystore(keystore);
}
else {
// user does not want to ensure certificates are trusted, so use a no-op trust manager
trustManager = new NopX509TrustManager();
}
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(null, new X509TrustManager[] { trustManager }, null); // key manager, trust manager, securerandom
SSLSocketFactory sf = new SSLSocketFactory(
sslcontext,
hostnameVerifier
);
Scheme https = new Scheme("https", port, sf); // URl defaults to 443 for https but if user specified a different port we use that instead
sr.register(https);
}
return sr;
}
*/
/**
* Used in Mt Wilson 1.1
*
* @param protocol
* @param port
* @param policy
* @return
* @throws KeyManagementException
* @throws NoSuchAlgorithmException
*/
private SchemeRegistry initSchemeRegistryWithPolicy(String protocol, int port, ApacheTlsPolicy policy) throws KeyManagementException, NoSuchAlgorithmException {
SchemeRegistry sr = new SchemeRegistry();
if ("http".equals(protocol)) {
Scheme http = new Scheme("http", port, PlainSocketFactory.getSocketFactory());
sr.register(http);
}
if ("https".equals(protocol)) {
SSLContext sslcontext = SSLContext.getInstance("TLS");
// key manager, trust manager, securerandom
sslcontext.init(null, new X509TrustManager[] { policy.getTrustManager() }, null);
SSLSocketFactory sf = new SSLSocketFactory(sslcontext, policy.getApacheHostnameVerifier());
// URl defaults to 443 for https but if user specified a different port we use that instead
Scheme https = new Scheme("https", port, sf);
sr.register(https);
}
return sr;
}
Also used :
Scheme(org.apache.http.conn.scheme.Scheme)
SchemeRegistry(org.apache.http.conn.scheme.SchemeRegistry)
SSLContext(javax.net.ssl.SSLContext)
SSLSocketFactory(org.apache.http.conn.ssl.SSLSocketFactory)
Example 84 with SSLContext
use of javax.net.ssl.SSLContext in project OpenAttestation by OpenAttestation.
the class TrustAgentSecureClient method getSSLContext.
// XXX TODO bug #497 currently this is not using the hostname verifier in the tls policy... it should be.
private SSLContext getSSLContext() throws NoSuchAlgorithmException, KeyManagementException {
/*
javax.net.ssl.TrustManager x509 = new javax.net.ssl.X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws java.security.cert.CertificateException {
log.info("checkClientTrusted. String argument: "+arg1);
for(java.security.cert.X509Certificate cert : arg0) {
log.info("Certificate:");
log.info(" Subject: "+cert.getSubjectX500Principal().getName());
log.info(" Issued by: "+cert.getIssuerX500Principal().getName());
cert.checkValidity();
}
return;
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws java.security.cert.CertificateException {
log.info("checkServerTrusted. String argument: "+arg1);
for(java.security.cert.X509Certificate cert : arg0) {
log.info("Certificate:");
log.info(" Subject: "+cert.getSubjectX500Principal().getName());
log.info(" Issued by: "+cert.getIssuerX500Principal().getName());
cert.checkValidity();
}
return;
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
log.info("getAcceptedIssuers");
return null;
}
};
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, new javax.net.ssl.TrustManager[]{x509}, null);
*/
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, new javax.net.ssl.TrustManager[] { tlsPolicy.getTrustManager() }, null);
return ctx;
}
Also used :
SSLContext(javax.net.ssl.SSLContext)
Example 85 with SSLContext
use of javax.net.ssl.SSLContext in project OpenGrok by OpenGrok.
the class Query method createHttpsUrlConnection.
private HttpsURLConnection createHttpsUrlConnection(URL url) {
try {
System.setProperty("jsse.enableSNIExtension", "false");
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
} };
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
});
return (HttpsURLConnection) url.openConnection();
} catch (Exception ex) {
handleException(ex);
}
return null;
}
Also used :
SSLSession(javax.net.ssl.SSLSession)
SSLContext(javax.net.ssl.SSLContext)
ParseException(org.json.simple.parser.ParseException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
X509TrustManager(javax.net.ssl.X509TrustManager)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
Aggregations
SSLContext (javax.net.ssl.SSLContext)745
IOException (java.io.IOException)171
TrustManager (javax.net.ssl.TrustManager)139
KeyStore (java.security.KeyStore)130
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)112
SecureRandom (java.security.SecureRandom)110
X509TrustManager (javax.net.ssl.X509TrustManager)107
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)106
KeyManagementException (java.security.KeyManagementException)92
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)92
CertificateException (java.security.cert.CertificateException)84
X509Certificate (java.security.cert.X509Certificate)84
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)69
Test (org.junit.Test)65
SSLSocket (javax.net.ssl.SSLSocket)64
InputStream (java.io.InputStream)59
FileInputStream (java.io.FileInputStream)56
SSLEngine (javax.net.ssl.SSLEngine)54
KeyManager (javax.net.ssl.KeyManager)52
KeyStoreException (java.security.KeyStoreException)45
