Example 66 with TrustManagerFactory
use of javax.net.ssl.TrustManagerFactory in project robovm by robovm.
the class TrustManagerImplTest method trustManager.
private X509TrustManager trustManager(X509Certificate ca) throws Exception {
KeyStore keyStore = TestKeyStore.createKeyStore();
keyStore.setCertificateEntry("alias", ca);
String algorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(keyStore);
return (X509TrustManager) tmf.getTrustManagers()[0];
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
TestKeyStore(libcore.java.security.TestKeyStore)
KeyStore(java.security.KeyStore)
Example 67 with TrustManagerFactory
use of javax.net.ssl.TrustManagerFactory in project ranger by apache.
the class LdapPolicyMgrUserGroupBuilder method getClient.
private synchronized Client getClient() {
Client ret = null;
if (policyMgrBaseUrl.startsWith("https://")) {
ClientConfig config = new DefaultClientConfig();
if (sslContext == null) {
try {
KeyManager[] kmList = null;
TrustManager[] tmList = null;
if (keyStoreFile != null && keyStoreFilepwd != null) {
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
InputStream in = null;
try {
in = getFileInputStream(keyStoreFile);
if (in == null) {
LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]");
return ret;
}
keyStore.load(in, keyStoreFilepwd.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
kmList = keyManagerFactory.getKeyManagers();
} finally {
if (in != null) {
in.close();
}
}
}
if (trustStoreFile != null && trustStoreFilepwd != null) {
KeyStore trustStore = KeyStore.getInstance(trustStoreType);
InputStream in = null;
try {
in = getFileInputStream(trustStoreFile);
if (in == null) {
LOG.error("Unable to obtain keystore from file [" + trustStoreFile + "]");
return ret;
}
trustStore.load(in, trustStoreFilepwd.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
tmList = trustManagerFactory.getTrustManagers();
} finally {
if (in != null) {
in.close();
}
}
}
sslContext = SSLContext.getInstance("SSL");
sslContext.init(kmList, tmList, new SecureRandom());
hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return session.getPeerHost().equals(urlHostName);
}
};
} catch (Throwable t) {
throw new RuntimeException("Unable to create SSLConext for communication to policy manager", t);
}
}
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
ret = Client.create(config);
} else {
ClientConfig cc = new DefaultClientConfig();
cc.getProperties().put(ClientConfig.PROPERTY_FOLLOW_REDIRECTS, true);
ret = Client.create(cc);
}
if (!(authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab))) {
if (ret != null) {
String username = config.getPolicyMgrUserName();
String password = config.getPolicyMgrPassword();
if (username == null || password == null || username.trim().isEmpty() || password.trim().isEmpty()) {
username = config.getDefaultPolicyMgrUserName();
password = config.getDefaultPolicyMgrPassword();
}
if (username != null && password != null) {
ret.addFilter(new HTTPBasicAuthFilter(username, password));
}
}
}
return ret;
}
Also used :
DefaultClientConfig(com.sun.jersey.api.client.config.DefaultClientConfig)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
SSLSession(javax.net.ssl.SSLSession)
SecureRandom(java.security.SecureRandom)
KeyStore(java.security.KeyStore)
HTTPBasicAuthFilter(com.sun.jersey.api.client.filter.HTTPBasicAuthFilter)
TrustManager(javax.net.ssl.TrustManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
Client(com.sun.jersey.api.client.Client)
ClientConfig(com.sun.jersey.api.client.config.ClientConfig)
DefaultClientConfig(com.sun.jersey.api.client.config.DefaultClientConfig)
KeyManager(javax.net.ssl.KeyManager)
HTTPSProperties(com.sun.jersey.client.urlconnection.HTTPSProperties)
Example 68 with TrustManagerFactory
use of javax.net.ssl.TrustManagerFactory in project ranger by apache.
the class PolicyMgrUserGroupBuilder method getClient.
private synchronized Client getClient() {
Client ret = null;
if (policyMgrBaseUrl.startsWith("https://")) {
ClientConfig config = new DefaultClientConfig();
if (sslContext == null) {
try {
KeyManager[] kmList = null;
TrustManager[] tmList = null;
if (keyStoreFile != null && keyStoreFilepwd != null) {
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
InputStream in = null;
try {
in = getFileInputStream(keyStoreFile);
if (in == null) {
LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]");
return ret;
}
keyStore.load(in, keyStoreFilepwd.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
kmList = keyManagerFactory.getKeyManagers();
} finally {
if (in != null) {
in.close();
}
}
}
if (trustStoreFile != null && trustStoreFilepwd != null) {
KeyStore trustStore = KeyStore.getInstance(trustStoreType);
InputStream in = null;
try {
in = getFileInputStream(trustStoreFile);
if (in == null) {
LOG.error("Unable to obtain keystore from file [" + trustStoreFile + "]");
return ret;
}
trustStore.load(in, trustStoreFilepwd.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
tmList = trustManagerFactory.getTrustManagers();
} finally {
if (in != null) {
in.close();
}
}
}
sslContext = SSLContext.getInstance("SSL");
sslContext.init(kmList, tmList, new SecureRandom());
hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return session.getPeerHost().equals(urlHostName);
}
};
} catch (Throwable t) {
throw new RuntimeException("Unable to create SSLConext for communication to policy manager", t);
}
}
config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
ret = Client.create(config);
} else {
ClientConfig cc = new DefaultClientConfig();
cc.getProperties().put(ClientConfig.PROPERTY_FOLLOW_REDIRECTS, true);
ret = Client.create(cc);
}
if (!(authenticationType != null && AUTH_KERBEROS.equalsIgnoreCase(authenticationType) && SecureClientLogin.isKerberosCredentialExists(principal, keytab))) {
if (ret != null) {
String username = config.getPolicyMgrUserName();
String password = config.getPolicyMgrPassword();
if (username == null || password == null || username.trim().isEmpty() || password.trim().isEmpty()) {
username = config.getDefaultPolicyMgrUserName();
password = config.getDefaultPolicyMgrPassword();
}
if (username != null && password != null) {
ret.addFilter(new HTTPBasicAuthFilter(username, password));
}
}
}
return ret;
}
Also used :
DefaultClientConfig(com.sun.jersey.api.client.config.DefaultClientConfig)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
SSLSession(javax.net.ssl.SSLSession)
SecureRandom(java.security.SecureRandom)
KeyStore(java.security.KeyStore)
HTTPBasicAuthFilter(com.sun.jersey.api.client.filter.HTTPBasicAuthFilter)
TrustManager(javax.net.ssl.TrustManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
Client(com.sun.jersey.api.client.Client)
ClientConfig(com.sun.jersey.api.client.config.ClientConfig)
DefaultClientConfig(com.sun.jersey.api.client.config.DefaultClientConfig)
KeyManager(javax.net.ssl.KeyManager)
HTTPSProperties(com.sun.jersey.client.urlconnection.HTTPSProperties)
Example 69 with TrustManagerFactory
use of javax.net.ssl.TrustManagerFactory in project ranger by apache.
the class RangerRESTClient method getTrustManagers.
private TrustManager[] getTrustManagers() {
TrustManager[] tmList = null;
String trustStoreFilepwd = getCredential(mTrustStoreURL, mTrustStoreAlias);
if (!StringUtil.isEmpty(mTrustStoreFile) && !StringUtil.isEmpty(trustStoreFilepwd)) {
InputStream in = null;
try {
in = getFileInputStream(mTrustStoreFile);
if (in != null) {
KeyStore trustStore = KeyStore.getInstance(mTrustStoreType);
trustStore.load(in, trustStoreFilepwd.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE);
trustManagerFactory.init(trustStore);
tmList = trustManagerFactory.getTrustManagers();
} else {
LOG.error("Unable to obtain truststore from file [" + mTrustStoreFile + "]");
throw new IllegalStateException("Unable to find truststore file :" + mTrustStoreFile);
}
} catch (KeyStoreException e) {
LOG.error("Unable to obtain from KeyStore", e);
throw new IllegalStateException("Unable to init keystore:" + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
LOG.error("SSL algorithm is NOT available in the environment :" + e.getMessage(), e);
throw new IllegalStateException("SSL algorithm is NOT available in the environment :" + e.getMessage(), e);
} catch (CertificateException e) {
LOG.error("Unable to obtain the requested certification :" + e.getMessage(), e);
throw new IllegalStateException("Unable to obtain the requested certification :" + e.getMessage(), e);
} catch (FileNotFoundException e) {
LOG.error("Unable to find the necessary SSL TrustStore File:" + mTrustStoreFile, e);
throw new IllegalStateException("Unable to find trust store file :" + mTrustStoreFile + ", error :" + e.getMessage(), e);
} catch (IOException e) {
LOG.error("Unable to read the necessary SSL TrustStore Files :" + mTrustStoreFile, e);
throw new IllegalStateException("Unable to read the trust store file :" + mTrustStoreFile + ", error :" + e.getMessage(), e);
} finally {
close(in, mTrustStoreFile);
}
}
return tmList;
}
Also used :
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
TrustManager(javax.net.ssl.TrustManager)
Example 70 with TrustManagerFactory
use of javax.net.ssl.TrustManagerFactory in project ranger by apache.
the class RangerSslHelper method getTrustManagers.
private TrustManager[] getTrustManagers() {
TrustManager[] tmList = null;
String trustStoreFilepwd = getCredential(mTrustStoreURL, mTrustStoreAlias);
if (!StringUtil.isEmpty(mTrustStoreFile) && !StringUtil.isEmpty(trustStoreFilepwd)) {
InputStream in = null;
try {
in = getFileInputStream(mTrustStoreFile);
if (in != null) {
KeyStore trustStore = KeyStore.getInstance(mTrustStoreType);
trustStore.load(in, trustStoreFilepwd.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE);
trustManagerFactory.init(trustStore);
tmList = trustManagerFactory.getTrustManagers();
} else {
LOG.error("Unable to obtain keystore from file [" + mTrustStoreFile + "]");
}
} catch (KeyStoreException e) {
LOG.error("Unable to obtain from KeyStore", e);
} catch (NoSuchAlgorithmException e) {
LOG.error("SSL algorithm is available in the environment", e);
} catch (CertificateException e) {
LOG.error("Unable to obtain the requested certification ", e);
} catch (FileNotFoundException e) {
LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
} catch (IOException e) {
LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
} finally {
close(in, mTrustStoreFile);
}
}
return tmList;
}
Also used :
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
TrustManager(javax.net.ssl.TrustManager)
Aggregations
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)504
KeyStore (java.security.KeyStore)318
SSLContext (javax.net.ssl.SSLContext)247
TrustManager (javax.net.ssl.TrustManager)186
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)180
IOException (java.io.IOException)129
FileInputStream (java.io.FileInputStream)123
X509TrustManager (javax.net.ssl.X509TrustManager)123
InputStream (java.io.InputStream)113
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)113
KeyStoreException (java.security.KeyStoreException)98
CertificateException (java.security.cert.CertificateException)87
KeyManagementException (java.security.KeyManagementException)64
X509Certificate (java.security.cert.X509Certificate)60
SecureRandom (java.security.SecureRandom)53
KeyManager (javax.net.ssl.KeyManager)48
CertificateFactory (java.security.cert.CertificateFactory)37
GeneralSecurityException (java.security.GeneralSecurityException)36
File (java.io.File)35
Certificate (java.security.cert.Certificate)34
