Examples with TrustManagerFactory javax.net.ssl.TrustManagerFactory used on opensource projects

Search in sources :

Example 71 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project cas by apereo.

the class DefaultCasSslContext method getTrustManager.

/**
 * Gets trust manager.
 *
 * @param algorithm the algorithm
 * @param keystore  the keystore
 * @return the trust manager
 * @throws Exception the exception
 */
private static Collection<X509TrustManager> getTrustManager(final String algorithm, final KeyStore keystore) throws Exception {
    final TrustManagerFactory factory = TrustManagerFactory.getInstance(algorithm);
    factory.init(keystore);
    return Arrays.stream(factory.getTrustManagers()).filter(e -> e instanceof X509TrustManager).map(X509TrustManager.class::cast).collect(Collectors.toList());
}
Also used : X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory)

Example 72 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project quickutil by quickutil.

the class HttpUtil method initHttpsClientMananger.

/**
 * 生成https连接管理器
 *
 * @param clientCer-客户端证书
 * @param clientPW-客户端证书密钥
 * @param serverCer-服务端证书
 * @param serverPW-服务端证书密钥
 * @return
 */
public static HttpClientConnectionManager initHttpsClientMananger(InputStream clientCer, String clientPW, InputStream serverCer, String serverPW) {
    try {
        KeyManager[] keysManagers = null;
        TrustManager[] trustManagers = null;
        // 验证客户端证书
        if (clientCer != null) {
            KeyStore ks = KeyStore.getInstance("pkcs12");
            ks.load(clientCer, clientPW.toCharArray());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(ks, clientPW.toCharArray());
            keysManagers = keyManagerFactory.getKeyManagers();
        }
        // 验证服务端证书
        if (serverCer != null) {
            KeyStore ks2 = KeyStore.getInstance("pkcs12");
            ks2.load(serverCer, serverPW.toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(ks2);
            trustManagers = trustManagerFactory.getTrustManagers();
        } else {
            trustManagers = new TrustManager[] { tm };
        }
        // 生成ssl参数
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(keysManagers, trustManagers, null);
        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(context);
        Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.INSTANCE).register("https", socketFactory).build();
        return new PoolingHttpClientConnectionManager(socketFactoryRegistry);
    } catch (Exception e) {
        e.printStackTrace();
        return null;
    }
}
Also used : SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) CertificateException(java.security.cert.CertificateException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyManager(javax.net.ssl.KeyManager)

Example 73 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project ranger by apache.

the class NiFiConnectionMgr method createSslContext.

private static SSLContext createSslContext(final String keystore, final char[] keystorePasswd, final String keystoreType, final String truststore, final char[] truststorePasswd, final String truststoreType, final String protocol) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException {
    // prepare the keystore
    final KeyStore keyStore = KeyStore.getInstance(keystoreType);
    try (final InputStream keyStoreStream = new FileInputStream(keystore)) {
        keyStore.load(keyStoreStream, keystorePasswd);
    }
    final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keyStore, keystorePasswd);
    // prepare the truststore
    final KeyStore trustStore = KeyStore.getInstance(truststoreType);
    try (final InputStream trustStoreStream = new FileInputStream(truststore)) {
        trustStore.load(trustStoreStream, truststorePasswd);
    }
    final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(trustStore);
    // initialize the ssl context
    final SSLContext sslContext = SSLContext.getInstance(protocol);
    sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
    return sslContext;
}
Also used : FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 74 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project cxf by apache.

the class TrustManagerTest method testOSCPOverride.

@org.junit.Test
public void testOSCPOverride() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = TrustManagerTest.class.getResource("client-trust.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL url = SOAPService.WSDL_LOCATION;
    SOAPService service = new SOAPService(url, SOAPService.SERVICE);
    assertNotNull("Service is null", service);
    final Greeter port = service.getHttpsPort();
    assertNotNull("Port is null", port);
    updateAddressPort(port, PORT2);
    // Read truststore
    KeyStore ts = KeyStore.getInstance("JKS");
    try (InputStream trustStore = ClassLoaderUtils.getResourceAsStream("keys/cxfca.jks", TrustManagerTest.class)) {
        ts.load(trustStore, "password".toCharArray());
    }
    try {
        Security.setProperty("ocsp.enable", "true");
        PKIXBuilderParameters param = new PKIXBuilderParameters(ts, new X509CertSelector());
        param.setRevocationEnabled(true);
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(new CertPathTrustManagerParameters(param));
        TLSClientParameters tlsParams = new TLSClientParameters();
        tlsParams.setTrustManagers(tmf.getTrustManagers());
        tlsParams.setDisableCNCheck(true);
        Client client = ClientProxy.getClient(port);
        HTTPConduit http = (HTTPConduit) client.getConduit();
        http.setTlsClientParameters(tlsParams);
        try {
            port.greetMe("Kitty");
            fail("Failure expected on an invalid OCSP responder URL");
        } catch (Exception ex) {
        // expected
        }
    } finally {
        Security.setProperty("ocsp.enable", "false");
    }
    ((java.io.Closeable) port).close();
    bus.shutdown(true);
}
Also used : SOAPService(org.apache.hello_world.services.SOAPService) Bus(org.apache.cxf.Bus) TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) InputStream(java.io.InputStream) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) X509CertSelector(java.security.cert.X509CertSelector) KeyStore(java.security.KeyStore) URL(java.net.URL) CertificateException(java.security.cert.CertificateException) HTTPConduit(org.apache.cxf.transport.http.HTTPConduit) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) Greeter(org.apache.hello_world.Greeter) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) Client(org.apache.cxf.endpoint.Client)

Example 75 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project qpid-broker-j by apache.

the class NonJavaTrustStoreImpl method updateTrustManagers.

@SuppressWarnings("unused")
private void updateTrustManagers() {
    try {
        if (_certificatesUrl != null) {
            X509Certificate[] certs = SSLUtil.readCertificates(getUrlFromString(_certificatesUrl));
            java.security.KeyStore inMemoryKeyStore = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
            inMemoryKeyStore.load(null, null);
            int i = 1;
            for (Certificate cert : certs) {
                inMemoryKeyStore.setCertificateEntry(String.valueOf(i++), cert);
            }
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(inMemoryKeyStore);
            _trustManagers = tmf.getTrustManagers();
            _certificates = certs;
        }
    } catch (IOException | GeneralSecurityException e) {
        throw new IllegalConfigurationException("Cannot load certificate(s) :" + e, e);
    }
}
Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory) GeneralSecurityException(java.security.GeneralSecurityException) IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

TrustManagerFactory (javax.net.ssl.TrustManagerFactory)504 KeyStore (java.security.KeyStore)318 SSLContext (javax.net.ssl.SSLContext)247 TrustManager (javax.net.ssl.TrustManager)186 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)180 IOException (java.io.IOException)129 FileInputStream (java.io.FileInputStream)123 X509TrustManager (javax.net.ssl.X509TrustManager)123 InputStream (java.io.InputStream)113 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)113 KeyStoreException (java.security.KeyStoreException)98 CertificateException (java.security.cert.CertificateException)87 KeyManagementException (java.security.KeyManagementException)64 X509Certificate (java.security.cert.X509Certificate)60 SecureRandom (java.security.SecureRandom)53 KeyManager (javax.net.ssl.KeyManager)48 CertificateFactory (java.security.cert.CertificateFactory)37 GeneralSecurityException (java.security.GeneralSecurityException)36 File (java.io.File)35 Certificate (java.security.cert.Certificate)34
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial