Examples with TrustManager javax.net.ssl.TrustManager used on opensource projects

Search in sources :

Example 91 with TrustManager

use of javax.net.ssl.TrustManager in project cxf by apache.

the class STSTokenRetrieverTest method prepareTLSParams.

private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
    TLSClientParameters tlsParams = new TLSClientParameters();
    tlsParams.setDisableCNCheck(true);
    KeyStore trustStore = loadClientKeystore();
    TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustFactory.init(trustStore);
    TrustManager[] tm = trustFactory.getTrustManagers();
    tlsParams.setTrustManagers(tm);
    KeyStore keyStore = loadClientKeystore();
    KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyFactory.init(keyStore, KEY_PASS.toCharArray());
    KeyManager[] km = keyFactory.getKeyManagers();
    tlsParams.setKeyManagers(km);
    return tlsParams;
}
Also used : TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyStore(java.security.KeyStore) KeyManager(javax.net.ssl.KeyManager) TrustManager(javax.net.ssl.TrustManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 92 with TrustManager

use of javax.net.ssl.TrustManager in project cxf by apache.

the class ClientNonSpring method setupTLS.

private static void setupTLS(Greeter port) throws FileNotFoundException, IOException, GeneralSecurityException {
    String keyStoreLoc = "src/main/config/clientKeystore.jks";
    HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit();
    TLSClientParameters tlsCP = new TLSClientParameters();
    String keyPassword = "ckpass";
    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(new FileInputStream(keyStoreLoc), "cspass".toCharArray());
    KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
    tlsCP.setKeyManagers(myKeyManagers);
    KeyStore trustStore = KeyStore.getInstance("JKS");
    trustStore.load(new FileInputStream(keyStoreLoc), "cspass".toCharArray());
    TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
    tlsCP.setTrustManagers(myTrustStoreKeyManagers);
    httpConduit.setTlsClientParameters(tlsCP);
}
Also used : HTTPConduit(org.apache.cxf.transport.http.HTTPConduit) TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) KeyStore(java.security.KeyStore) KeyManager(javax.net.ssl.KeyManager) FileInputStream(java.io.FileInputStream) TrustManager(javax.net.ssl.TrustManager)

Example 93 with TrustManager

use of javax.net.ssl.TrustManager in project ignite by apache.

the class JdbcThinSSLUtil method getSSLSocketFactory.

/**
 * @param connProps Connection properties.
 * @return SSL socket factory.
 * @throws SQLException On error.
 */
private static SSLSocketFactory getSSLSocketFactory(ConnectionProperties connProps) throws SQLException {
    String sslFactory = connProps.getSslFactory();
    String cliCertKeyStoreUrl = connProps.getSslClientCertificateKeyStoreUrl();
    String cliCertKeyStorePwd = connProps.getSslClientCertificateKeyStorePassword();
    String cliCertKeyStoreType = connProps.getSslClientCertificateKeyStoreType();
    String trustCertKeyStoreUrl = connProps.getSslTrustCertificateKeyStoreUrl();
    String trustCertKeyStorePwd = connProps.getSslTrustCertificateKeyStorePassword();
    String trustCertKeyStoreType = connProps.getSslTrustCertificateKeyStoreType();
    String sslProtocol = connProps.getSslProtocol();
    String keyAlgorithm = connProps.getSslKeyAlgorithm();
    if (!F.isEmpty(sslFactory)) {
        try {
            Class<Factory<SSLSocketFactory>> cls = (Class<Factory<SSLSocketFactory>>) JdbcThinSSLUtil.class.getClassLoader().loadClass(sslFactory);
            Factory<SSLSocketFactory> f = cls.newInstance();
            return f.create();
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            throw new SQLException("Could not fount SSL factory class: " + sslFactory, SqlStateCode.CLIENT_CONNECTION_FAILED, e);
        }
    }
    if (cliCertKeyStoreUrl == null && cliCertKeyStorePwd == null && cliCertKeyStoreType == null && trustCertKeyStoreUrl == null && trustCertKeyStorePwd == null && trustCertKeyStoreType == null && sslProtocol == null) {
        try {
            return SSLContext.getDefault().getSocketFactory();
        } catch (NoSuchAlgorithmException e) {
            throw new SQLException("Could not create default SSL context", SqlStateCode.CLIENT_CONNECTION_FAILED, e);
        }
    }
    if (cliCertKeyStoreUrl == null)
        cliCertKeyStoreUrl = System.getProperty("javax.net.ssl.keyStore");
    if (cliCertKeyStorePwd == null)
        cliCertKeyStorePwd = System.getProperty("javax.net.ssl.keyStorePassword");
    if (cliCertKeyStoreType == null)
        cliCertKeyStoreType = System.getProperty("javax.net.ssl.keyStoreType", "JKS");
    if (trustCertKeyStoreUrl == null)
        trustCertKeyStoreUrl = System.getProperty("javax.net.ssl.trustStore");
    if (trustCertKeyStorePwd == null)
        trustCertKeyStorePwd = System.getProperty("javax.net.ssl.trustStorePassword");
    if (trustCertKeyStoreType == null)
        trustCertKeyStoreType = System.getProperty("javax.net.ssl.trustStoreType", "JKS");
    if (sslProtocol == null)
        sslProtocol = "TLS";
    if (!F.isEmpty(cliCertKeyStoreUrl))
        cliCertKeyStoreUrl = checkAndConvertUrl(cliCertKeyStoreUrl);
    if (!F.isEmpty(trustCertKeyStoreUrl))
        trustCertKeyStoreUrl = checkAndConvertUrl(trustCertKeyStoreUrl);
    TrustManagerFactory tmf;
    KeyManagerFactory kmf;
    KeyManager[] kms = null;
    try {
        tmf = TrustManagerFactory.getInstance(keyAlgorithm);
        kmf = KeyManagerFactory.getInstance(keyAlgorithm);
    } catch (NoSuchAlgorithmException e) {
        throw new SQLException("Default algorithm definitions for TrustManager and/or KeyManager are invalid." + " Check java security properties file.", SqlStateCode.CLIENT_CONNECTION_FAILED, e);
    }
    InputStream ksInputStream = null;
    try {
        if (!F.isEmpty(cliCertKeyStoreUrl) && !F.isEmpty(cliCertKeyStoreType)) {
            KeyStore clientKeyStore = KeyStore.getInstance(cliCertKeyStoreType);
            URL ksURL = new URL(cliCertKeyStoreUrl);
            char[] password = (cliCertKeyStorePwd == null) ? new char[0] : cliCertKeyStorePwd.toCharArray();
            ksInputStream = ksURL.openStream();
            clientKeyStore.load(ksInputStream, password);
            kmf.init(clientKeyStore, password);
            kms = kmf.getKeyManagers();
        }
    } catch (UnrecoverableKeyException e) {
        throw new SQLException("Could not recover keys from client keystore.", SqlStateCode.CLIENT_CONNECTION_FAILED, e);
    } catch (NoSuchAlgorithmException e) {
        throw new SQLException("Unsupported keystore algorithm.", SqlStateCode.CLIENT_CONNECTION_FAILED, e);
    } catch (KeyStoreException e) {
        throw new SQLException("Could not create client KeyStore instance.", SqlStateCode.CLIENT_CONNECTION_FAILED, e);
    } catch (CertificateException e) {
        throw new SQLException("Could not load client key store. [storeType=" + cliCertKeyStoreType + ", cliStoreUrl=" + cliCertKeyStoreUrl + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e);
    } catch (MalformedURLException e) {
        throw new SQLException("Invalid client key store URL. [url=" + cliCertKeyStoreUrl + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e);
    } catch (IOException e) {
        throw new SQLException("Could not open client key store.[url=" + cliCertKeyStoreUrl + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e);
    } finally {
        if (ksInputStream != null) {
            try {
                ksInputStream.close();
            } catch (IOException e) {
            // can't close input stream, but keystore can be properly initialized
            // so we shouldn't throw this exception
            }
        }
    }
    InputStream tsInputStream = null;
    List<TrustManager> tms;
    if (connProps.isSslTrustAll())
        tms = Collections.<TrustManager>singletonList(TRUST_ALL_MANAGER);
    else {
        tms = new ArrayList<>();
        try {
            KeyStore trustKeyStore = null;
            if (!F.isEmpty(trustCertKeyStoreUrl) && !F.isEmpty(trustCertKeyStoreType)) {
                char[] trustStorePassword = (trustCertKeyStorePwd == null) ? new char[0] : trustCertKeyStorePwd.toCharArray();
                tsInputStream = new URL(trustCertKeyStoreUrl).openStream();
                trustKeyStore = KeyStore.getInstance(trustCertKeyStoreType);
                trustKeyStore.load(tsInputStream, trustStorePassword);
            }
            tmf.init(trustKeyStore);
            TrustManager[] origTms = tmf.getTrustManagers();
            Collections.addAll(tms, origTms);
        } catch (NoSuchAlgorithmException e) {
            throw new SQLException("Unsupported keystore algorithm.", SqlStateCode.CLIENT_CONNECTION_FAILED, e);
        } catch (KeyStoreException e) {
            throw new SQLException("Could not create trust KeyStore instance.", SqlStateCode.CLIENT_CONNECTION_FAILED, e);
        } catch (CertificateException e) {
            throw new SQLException("Could not load trusted key store. [storeType=" + trustCertKeyStoreType + ", cliStoreUrl=" + trustCertKeyStoreUrl + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e);
        } catch (MalformedURLException e) {
            throw new SQLException("Invalid trusted key store URL. [url=" + trustCertKeyStoreUrl + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e);
        } catch (IOException e) {
            throw new SQLException("Could not open trusted key store. [url=" + cliCertKeyStoreUrl + ']', SqlStateCode.CLIENT_CONNECTION_FAILED, e);
        } finally {
            if (tsInputStream != null) {
                try {
                    tsInputStream.close();
                } catch (IOException e) {
                // can't close input stream, but keystore can be properly initialized
                // so we shouldn't throw this exception
                }
            }
        }
    }
    assert tms.size() != 0;
    try {
        SSLContext sslContext = SSLContext.getInstance(sslProtocol);
        sslContext.init(kms, tms.toArray(new TrustManager[tms.size()]), null);
        return sslContext.getSocketFactory();
    } catch (NoSuchAlgorithmException e) {
        throw new SQLException(sslProtocol + " is not a valid SSL protocol.", SqlStateCode.CLIENT_CONNECTION_FAILED, e);
    } catch (KeyManagementException e) {
        throw new SQLException("Cannot init SSL context.", SqlStateCode.CLIENT_CONNECTION_FAILED, e);
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) SQLException(java.sql.SQLException) Factory(javax.cache.configuration.Factory) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) URL(java.net.URL) KeyManagementException(java.security.KeyManagementException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) KeyManager(javax.net.ssl.KeyManager) InputStream(java.io.InputStream) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory)

Example 94 with TrustManager

use of javax.net.ssl.TrustManager in project ignite by apache.

the class SslContextFactory method createSslContext.

/**
 * Creates SSL context based on factory settings.
 *
 * @return Initialized SSL context.
 * @throws SSLException If SSL context could not be created.
 */
private SSLContext createSslContext() throws SSLException {
    checkParameters();
    try {
        KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(keyAlgorithm);
        KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath, keyStorePwd);
        keyMgrFactory.init(keyStore, keyStorePwd);
        TrustManager[] mgrs = trustMgrs;
        if (mgrs == null) {
            TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(keyAlgorithm);
            KeyStore trustStore = loadKeyStore(trustStoreType, trustStoreFilePath, trustStorePwd);
            trustMgrFactory.init(trustStore);
            mgrs = trustMgrFactory.getTrustManagers();
        }
        SSLContext ctx = SSLContext.getInstance(proto);
        ctx.init(keyMgrFactory.getKeyManagers(), mgrs, null);
        return ctx;
    } catch (GeneralSecurityException e) {
        throw new SSLException("Failed to initialize SSL context " + parameters(), e);
    }
}
Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory) GeneralSecurityException(java.security.GeneralSecurityException) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) SSLException(javax.net.ssl.SSLException) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 95 with TrustManager

use of javax.net.ssl.TrustManager in project ignite by apache.

the class GridSslBasicContextFactory method createSslContext.

/**
 * {@inheritDoc}
 */
@Override
public SSLContext createSslContext() throws SSLException {
    checkParameters();
    try {
        KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(keyAlgorithm);
        KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath, keyStorePwd);
        keyMgrFactory.init(keyStore, keyStorePwd);
        TrustManager[] mgrs = trustMgrs;
        if (mgrs == null) {
            TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(keyAlgorithm);
            KeyStore trustStore = loadKeyStore(trustStoreType, trustStoreFilePath, trustStorePwd);
            trustMgrFactory.init(trustStore);
            mgrs = trustMgrFactory.getTrustManagers();
        }
        SSLContext ctx = SSLContext.getInstance(proto);
        ctx.init(keyMgrFactory.getKeyManagers(), mgrs, null);
        return ctx;
    } catch (GeneralSecurityException e) {
        throw new SSLException("Failed to initialize SSL context " + parameters(), e);
    }
}
Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory) GeneralSecurityException(java.security.GeneralSecurityException) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) SSLException(javax.net.ssl.SSLException) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Aggregations

TrustManager (javax.net.ssl.TrustManager)229 SSLContext (javax.net.ssl.SSLContext)139 X509TrustManager (javax.net.ssl.X509TrustManager)139 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)90 X509Certificate (java.security.cert.X509Certificate)70 IOException (java.io.IOException)60 KeyStore (java.security.KeyStore)60 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)60 SecureRandom (java.security.SecureRandom)58 KeyManagementException (java.security.KeyManagementException)54 KeyManager (javax.net.ssl.KeyManager)52 CertificateException (java.security.cert.CertificateException)43 KeyStoreException (java.security.KeyStoreException)37 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)34 HostnameVerifier (javax.net.ssl.HostnameVerifier)23 URL (java.net.URL)22 GeneralSecurityException (java.security.GeneralSecurityException)22 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)20 InputStream (java.io.InputStream)18 FileInputStream (java.io.FileInputStream)16
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial