Example 86 with TrustManager
use of javax.net.ssl.TrustManager in project ignite by apache.
the class UriDeploymentHttpScanner method getTrustManagers.
/**
* Construct array with one trust manager which don't reject input certificates.
*
* @param scanCtx context.
* @return Array with one X509TrustManager implementation of trust manager.
*/
private static TrustManager[] getTrustManagers(final UriDeploymentScannerContext scanCtx) {
return new TrustManager[] { new X509TrustManager() {
/**
* {@inheritDoc}
*/
@Nullable
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
/**
* {@inheritDoc}
*/
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
StringBuilder buf = new StringBuilder();
buf.append("Trust manager handle client certificates [authType=");
buf.append(authType);
buf.append(", certificates=");
for (X509Certificate cert : certs) {
buf.append("{type=");
buf.append(cert.getType());
buf.append(", principalName=");
buf.append(cert.getSubjectX500Principal().getName());
buf.append('}');
}
buf.append(']');
if (scanCtx.getLogger().isDebugEnabled())
scanCtx.getLogger().debug(buf.toString());
}
/**
* {@inheritDoc}
*/
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
StringBuilder buf = new StringBuilder();
buf.append("Trust manager handle server certificates [authType=");
buf.append(authType);
buf.append(", certificates=");
for (X509Certificate cert : certs) {
buf.append("{type=");
buf.append(cert.getType());
buf.append(", principalName=");
buf.append(cert.getSubjectX500Principal().getName());
buf.append('}');
}
buf.append(']');
if (scanCtx.getLogger().isDebugEnabled())
scanCtx.getLogger().debug(buf.toString());
}
} };
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
X509Certificate(java.security.cert.X509Certificate)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Example 87 with TrustManager
use of javax.net.ssl.TrustManager in project knime-core by knime.
the class JreTests method checkForCACertificate.
/**
* Checks that the JRE's default keystore contains the KNIME.com CA certificate.
*
* @throws Exception if an error occurs
*/
@Test
public void checkForCACertificate() throws Exception {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
if (trustManager instanceof X509TrustManager) {
X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
for (X509Certificate cert : x509TrustManager.getAcceptedIssuers()) {
if (cert.getSubjectDN().getName().equals("CN=KNIME.com CA, O=KNIME.com, L=Zurich, C=CH")) {
return;
}
}
}
}
fail("No CA certificate for KNIME.com found in default keystore");
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
X509Certificate(java.security.cert.X509Certificate)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManager(javax.net.ssl.TrustManager)
Test(org.junit.Test)
Example 88 with TrustManager
use of javax.net.ssl.TrustManager in project cxf by apache.
the class HttpConduitConfigurationTest method verifyConduit.
private void verifyConduit(HTTPConduit conduit) {
AuthorizationPolicy authp = conduit.getAuthorization();
assertNotNull(authp);
assertEquals("Betty", authp.getUserName());
assertEquals("password", authp.getPassword());
TLSClientParameters tlscps = conduit.getTlsClientParameters();
assertNotNull(tlscps);
assertTrue(tlscps.isDisableCNCheck());
assertEquals(3600000, tlscps.getSslCacheTimeout());
KeyManager[] kms = tlscps.getKeyManagers();
assertTrue(kms != null && kms.length == 1);
assertTrue(kms[0] instanceof X509KeyManager);
TrustManager[] tms = tlscps.getTrustManagers();
assertTrue(tms != null && tms.length == 1);
assertTrue(tms[0] instanceof X509TrustManager);
FiltersType csfs = tlscps.getCipherSuitesFilter();
assertNotNull(csfs);
assertEquals(5, csfs.getInclude().size());
assertEquals(1, csfs.getExclude().size());
HTTPClientPolicy clientPolicy = conduit.getClient();
assertEquals(10240, clientPolicy.getChunkLength());
}
Also used :
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
HTTPClientPolicy(org.apache.cxf.transports.http.configuration.HTTPClientPolicy)
FiltersType(org.apache.cxf.configuration.security.FiltersType)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Example 89 with TrustManager
use of javax.net.ssl.TrustManager in project cxf by apache.
the class STSTokenOutInterceptorTest method prepareTLSParams.
private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);
KeyStore trustStore = loadClientKeystore();
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
TrustManager[] tm = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(tm);
KeyStore keyStore = loadClientKeystore();
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, KEY_PASS.toCharArray());
KeyManager[] km = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(km);
return tlsParams;
}
Also used :
TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
KeyStore(java.security.KeyStore)
KeyManager(javax.net.ssl.KeyManager)
TrustManager(javax.net.ssl.TrustManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 90 with TrustManager
use of javax.net.ssl.TrustManager in project cxf by apache.
the class STSTokenOutInterceptorTest method configureDefaultHttpsConnection.
private void configureDefaultHttpsConnection() throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, KeyManagementException {
// For localhost testing only
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() {
public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
return "localhost".equals(hostname);
}
});
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = loadClientKeystore();
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustManagers, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Needed to prevent test failure using IBM JDK
if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
System.setProperty("https.protocols", "TLSv1");
}
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
TrustManager(javax.net.ssl.TrustManager)
Aggregations
TrustManager (javax.net.ssl.TrustManager)229
SSLContext (javax.net.ssl.SSLContext)139
X509TrustManager (javax.net.ssl.X509TrustManager)139
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)90
X509Certificate (java.security.cert.X509Certificate)70
IOException (java.io.IOException)60
KeyStore (java.security.KeyStore)60
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)60
SecureRandom (java.security.SecureRandom)58
KeyManagementException (java.security.KeyManagementException)54
KeyManager (javax.net.ssl.KeyManager)52
CertificateException (java.security.cert.CertificateException)43
KeyStoreException (java.security.KeyStoreException)37
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)34
HostnameVerifier (javax.net.ssl.HostnameVerifier)23
URL (java.net.URL)22
GeneralSecurityException (java.security.GeneralSecurityException)22
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)20
InputStream (java.io.InputStream)18
FileInputStream (java.io.FileInputStream)16
