Examples with TrustManagerFactory javax.net.ssl.TrustManagerFactory used on opensource projects

Example 81 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project yoo_home_Android by culturer.

the class CertificateUtils method getSSLSocketFactory.

/**
 * 加载并使用内置证书
 *
 * @param certificateInputStream 证书流
 * @return
 */
public static SSLSocketFactory getSSLSocketFactory(InputStream certificateInputStream) {
    if (certificateInputStream == null) {
        throw new NullPointerException("certificateInputStream should not be Null");
    }
    try {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Certificate certificate;
        certificate = certificateFactory.generateCertificate(certificateInputStream);
        String keyStoreType = KeyStore.getDefaultType();
        Log.i("rxvolley", "keyStoreType:" + keyStoreType);
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(null, null);
        keyStore.setCertificateEntry("ca", certificate);
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, tmf.getTrustManagers(), null);
        return sslContext.getSocketFactory();
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        try {
            certificateInputStream.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    return null;
}

Example 82 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project yoo_home_Android by culturer.

the class CertificateUtils method getSSLSocketFactory.

/**
 * 加载并使用内置证书
 *
 * @param keyStoreInputStream keyStore
 * @param password            password
 * @return
 */
public static SSLSocketFactory getSSLSocketFactory(InputStream keyStoreInputStream, String password) {
    if (keyStoreInputStream == null) {
        throw new NullPointerException("keyStoreInputStream should not be Null");
    }
    try {
        String keyStoreType = KeyStore.getDefaultType();
        Log.i("rxvolley", "keyStoreType:" + keyStoreType);
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(keyStoreInputStream, TextUtils.isEmpty(password) ? null : password.toCharArray());
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, tmf.getTrustManagers(), null);
        return sslContext.getSocketFactory();
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        try {
            keyStoreInputStream.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    return null;
}

Example 83 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project nifi by apache.

the class InvokeHTTP method setSslSocketFactory.

/*
        Overall, this method is based off of examples from OkHttp3 documentation:
            https://square.github.io/okhttp/3.x/okhttp/okhttp3/OkHttpClient.Builder.html#sslSocketFactory-javax.net.ssl.SSLSocketFactory-javax.net.ssl.X509TrustManager-
            https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java#L156

        In-depth documentation on Java Secure Socket Extension (JSSE) Classes and interfaces:
            https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#JSSEClasses
     */
private void setSslSocketFactory(OkHttpClient.Builder okHttpClientBuilder, SSLContextService sslService, SSLContext sslContext, boolean setAsSocketFactory) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
    final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
    // initialize the KeyManager array to null and we will overwrite later if a keystore is loaded
    KeyManager[] keyManagers = null;
    // we will only initialize the keystore if properties have been supplied by the SSLContextService
    if (sslService.isKeyStoreConfigured()) {
        final String keystoreLocation = sslService.getKeyStoreFile();
        final String keystorePass = sslService.getKeyStorePassword();
        final String keystoreType = sslService.getKeyStoreType();
        // prepare the keystore
        final KeyStore keyStore = KeyStore.getInstance(keystoreType);
        try (FileInputStream keyStoreStream = new FileInputStream(keystoreLocation)) {
            keyStore.load(keyStoreStream, keystorePass.toCharArray());
        }
        keyManagerFactory.init(keyStore, keystorePass.toCharArray());
        keyManagers = keyManagerFactory.getKeyManagers();
    }
    // we will only initialize the truststure if properties have been supplied by the SSLContextService
    if (sslService.isTrustStoreConfigured()) {
        // load truststore
        final String truststoreLocation = sslService.getTrustStoreFile();
        final String truststorePass = sslService.getTrustStorePassword();
        final String truststoreType = sslService.getTrustStoreType();
        KeyStore truststore = KeyStore.getInstance(truststoreType);
        truststore.load(new FileInputStream(truststoreLocation), truststorePass.toCharArray());
        trustManagerFactory.init(truststore);
    }
    /*
            TrustManagerFactory.getTrustManagers returns a trust manager for each type of trust material. Since we are getting a trust manager factory that uses "X509"
            as it's trust management algorithm, we are able to grab the first (and thus the most preferred) and use it as our x509 Trust Manager

            https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/TrustManagerFactory.html#getTrustManagers--
         */
    final X509TrustManager x509TrustManager;
    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
    if (trustManagers[0] != null) {
        x509TrustManager = (X509TrustManager) trustManagers[0];
    } else {
        throw new IllegalStateException("List of trust managers is null");
    }
    // if keystore properties were not supplied, the keyManagers array will be null
    sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(), null);
    final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
    okHttpClientBuilder.sslSocketFactory(sslSocketFactory, x509TrustManager);
    if (setAsSocketFactory) {
        okHttpClientBuilder.socketFactory(sslSocketFactory);
    }
}

Example 84 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project nifi by apache.

the class SslContextFactory method createTrustSslContext.

/**
 * Creates a SSLContext instance using the given information.
 *
 * @param truststore the full path to the truststore
 * @param truststorePasswd the truststore password
 * @param truststoreType the type of truststore (e.g., PKCS12, JKS)
 * @param protocol the protocol to use for the SSL connection
 *
 * @return a SSLContext instance
 * @throws java.security.KeyStoreException if any issues accessing the keystore
 * @throws java.io.IOException for any problems loading the keystores
 * @throws java.security.NoSuchAlgorithmException if an algorithm is found to be used but is unknown
 * @throws java.security.cert.CertificateException if there is an issue with the certificate
 * @throws java.security.UnrecoverableKeyException if the key is insufficient
 * @throws java.security.KeyManagementException if unable to manage the key
 */
public static SSLContext createTrustSslContext(final String truststore, final char[] truststorePasswd, final String truststoreType, final String protocol) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException {
    // prepare the truststore
    final KeyStore trustStore = KeyStoreUtils.getTrustStore(truststoreType);
    try (final InputStream trustStoreStream = new FileInputStream(truststore)) {
        trustStore.load(trustStoreStream, truststorePasswd);
    }
    final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(trustStore);
    // initialize the ssl context
    final SSLContext ctx = SSLContext.getInstance(protocol);
    ctx.init(new KeyManager[0], trustManagerFactory.getTrustManagers(), new SecureRandom());
    return ctx;
}

Example 85 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project nifi by apache.

the class TestGRPCServer method start.

/**
 * Starts the gRPC server @localhost:port.
 */
public int start(final int port) throws Exception {
    final NettyServerBuilder nettyServerBuilder = NettyServerBuilder.forPort(port).directExecutor().addService(clazz.newInstance()).compressorRegistry(CompressorRegistry.getDefaultInstance()).decompressorRegistry(DecompressorRegistry.getDefaultInstance());
    if (this.sslProperties != null) {
        if (sslProperties.get(StandardSSLContextService.KEYSTORE.getName()) == null) {
            throw new RuntimeException("You must configure a keystore in order to use SSL with gRPC.");
        }
        final KeyManagerFactory keyManager = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        final KeyStore keyStore = KeyStore.getInstance(sslProperties.get(StandardSSLContextService.KEYSTORE_TYPE.getName()));
        final String keyStoreFile = sslProperties.get(StandardSSLContextService.KEYSTORE.getName());
        final String keyStorePassword = sslProperties.get(StandardSSLContextService.KEYSTORE_PASSWORD.getName());
        try (final InputStream is = new FileInputStream(keyStoreFile)) {
            keyStore.load(is, keyStorePassword.toCharArray());
        }
        keyManager.init(keyStore, keyStorePassword.toCharArray());
        SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(keyManager);
        if (sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName()) != null) {
            final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            final KeyStore trustStore = KeyStore.getInstance(sslProperties.get(StandardSSLContextService.TRUSTSTORE_TYPE.getName()));
            final String trustStoreFile = sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName());
            final String trustStorePassword = sslProperties.get(StandardSSLContextService.TRUSTSTORE_PASSWORD.getName());
            try (final InputStream is = new FileInputStream(trustStoreFile)) {
                trustStore.load(is, trustStorePassword.toCharArray());
            }
            trustManagerFactory.init(trustStore);
            sslContextBuilder = sslContextBuilder.trustManager(trustManagerFactory);
        }
        final String clientAuth = sslProperties.get(NEED_CLIENT_AUTH);
        if (clientAuth == null) {
            sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
        } else {
            sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.valueOf(clientAuth));
        }
        sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder);
        nettyServerBuilder.sslContext(sslContextBuilder.build());
    }
    server = nettyServerBuilder.build().start();
    final int actualPort = server.getPort();
    Runtime.getRuntime().addShutdownHook(new Thread() {

        @Override
        public void run() {
            // Use stderr here since the logger may have been reset by its JVM shutdown hook.
            System.err.println("*** shutting down gRPC server since JVM is shutting down");
            TestGRPCServer.this.stop();
            System.err.println("*** server shut down");
        }
    });
    return actualPort;
}