Examples with TrustManagerFactory - javax.net.ssl.TrustManagerFactory

Example 86 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project support-core-plugin by jenkinsci.

the class RootCAs method getRootCAList.

public static void getRootCAList(StringWriter writer) {
    try {
        // Inspired by:
        // https://github.com/jenkinsci/jenkins-scripts/pull/82/files
        // https://stackoverflow.com/questions/8884831/listing-certificates-in-jvm-trust-store
        final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        for (int i = 0; i < trustManagers.length; i++) {
            writer.append("===== Trust Manager ").append(String.valueOf(i)).append(" =====\n");
            TrustManager trustManager = trustManagers[i];
            if (trustManager instanceof X509TrustManager) {
                final X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
                writer.append("It is an X.509 Trust Manager containing ").append(String.valueOf(acceptedIssuers.length)).append(" certificates:\n");
                for (X509Certificate x509Certificate : acceptedIssuers) {
                    writer.append(x509Certificate.getSubjectX500Principal().toString()).append('\n');
                }
            } else {
                writer.append("Skipping as it is not an X.509 Trust Manager.\n");
                writer.append("Class Name: ").append(trustManager.getClass().getName()).append('\n');
            }
        }
    } catch (KeyStoreException | NoSuchAlgorithmException e) {
        writer.write(Functions.printThrowable(e));
    }
}

Also used : X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(java.security.cert.X509Certificate) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 87 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project coprhd-controller by CoprHD.

the class ViPRX509TrustManager method loadTrustManager.

/**
 * loads the trust manager using the vipr keystore.
 */
private synchronized void loadTrustManager() {
    try {
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(X509_ALGORITHM);
        tmf.init(keystore);
        for (TrustManager trustManager : tmf.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                defaultViPRTrustManager = (X509TrustManager) trustManager;
                log.debug("found a X509TrustManager instance");
                break;
            }
        }
        log.info("renew trust manager. the # of certificates in trust store is {}", defaultViPRTrustManager.getAcceptedIssuers().length);
    } catch (GeneralSecurityException e) {
        log.error(e.getMessage(), e);
    }
}

Also used : X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) GeneralSecurityException(java.security.GeneralSecurityException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 88 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project coprhd-controller by CoprHD.

the class CimListener method getClientCertificate.

/**
 * @param connectionInfo
 * @throws KeyStoreException
 * @throws NoSuchAlgorithmException
 * @throws CertificateException
 * @throws IOException
 * @throws KeyManagementException
 * @throws ConnectionManagerException
 */
public void getClientCertificate(CimConnectionInfo connectionInfo) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, KeyManagementException, ConnectionManagerException {
    char[] passphrase;
    String passphraseStr = "changeit";
    passphrase = passphraseStr.toCharArray();
    KeyStore ks = getTrustStore(_trustStoreLocation, passphrase);
    SSLContext context = SSLContext.getInstance("TLS");
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(ks);
    X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
    TrustedCertManager tm = new TrustedCertManager(defaultTrustManager);
    s_logger.debug("Created trust manager");
    context.init(null, new TrustManager[] { tm }, null);
    SSLSocketFactory factory = context.getSocketFactory();
    String smiHost = connectionInfo.getHost();
    int smiPort = defaultSMISSSLPort;
    if (connectionInfo.getUseSSL()) {
        smiPort = connectionInfo.getPort();
    }
    s_logger.debug("Opening connection to {}:{}", smiHost, smiPort);
    SSLSocket socket = (SSLSocket) factory.createSocket(smiHost, smiPort);
    socket.setSoTimeout(10000);
    try {
        s_logger.debug("Starting SSL negotiation");
        socket.startHandshake();
        socket.close();
        socket = null;
    } catch (SSLException e) {
    // We ignore this exception. What we really need is the SSL
    // handshake results.
    } finally {
        if (socket != null) {
            socket.close();
        }
    }
    X509Certificate[] chain = tm.chain;
    if (chain == null) {
        s_logger.debug("Error getting client certificate chain");
        throw new ConnectionManagerException("Error getting client certificate chain");
    }
    X509Certificate cert0 = chain[0];
    String alias0 = smiHost + "-" + "1";
    ks.setCertificateEntry(alias0, cert0);
    s_logger.debug("Added a certificate to the truststore with alias: {}", alias0);
    File trustStoreOut = new File(_trustStoreLocation);
    if (trustStoreOut.exists()) {
        // Save the original truststore
        File trustStoreOutSaved = new File(_trustStoreLocation + "~");
        if (trustStoreOutSaved.exists()) {
            trustStoreOut.delete();
        }
        trustStoreOut.renameTo(trustStoreOutSaved);
    }
    OutputStream out2 = new FileOutputStream(_trustStoreLocation);
    ks.store(out2, passphrase);
    out2.close();
    s_logger.debug("Created/updated the trust store: {}", _trustStoreLocation);
    restart();
}

Also used : SSLSocket(javax.net.ssl.SSLSocket) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) SSLContext(javax.net.ssl.SSLContext) ConnectionManagerException(com.emc.storageos.cimadapter.connections.ConnectionManagerException) KeyStore(java.security.KeyStore) SSLException(javax.net.ssl.SSLException) X509Certificate(java.security.cert.X509Certificate) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) FileOutputStream(java.io.FileOutputStream) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) File(java.io.File)

Example 89 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project oxCore by GluuFederation.

the class SslDefaultHttpClient method getTrustManagers.

private TrustManager[] getTrustManagers() throws Exception {
    KeyStore keyStore = getKeyStore(this.trustStoreType, this.trustStorePath, this.trustStorePassword);
    TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmFactory.init(keyStore);
    return tmFactory.getTrustManagers();
}

Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyStore(java.security.KeyStore)

Example 90 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project android_frameworks_base by crdroidandroid.

the class TestUtils method getSSLContext.

public static SSLContext getSSLContext(ConfigSource source) throws Exception {
    ApplicationConfig config = new ApplicationConfig(source);
    TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", new NetworkSecurityConfigProvider());
    tmf.init(new RootTrustManagerFactorySpi.ApplicationConfigParameters(config));
    SSLContext context = SSLContext.getInstance("TLS");
    context.init(null, tmf.getTrustManagers(), null);
    return context;
}

Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SSLContext(javax.net.ssl.SSLContext)

Aggregations

TrustManagerFactory (javax.net.ssl.TrustManagerFactory)504 KeyStore (java.security.KeyStore)318 SSLContext (javax.net.ssl.SSLContext)247 TrustManager (javax.net.ssl.TrustManager)186 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)180 IOException (java.io.IOException)129 FileInputStream (java.io.FileInputStream)123 X509TrustManager (javax.net.ssl.X509TrustManager)123 InputStream (java.io.InputStream)113 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)113 KeyStoreException (java.security.KeyStoreException)98 CertificateException (java.security.cert.CertificateException)87 KeyManagementException (java.security.KeyManagementException)64 X509Certificate (java.security.cert.X509Certificate)60 SecureRandom (java.security.SecureRandom)53 KeyManager (javax.net.ssl.KeyManager)48 CertificateFactory (java.security.cert.CertificateFactory)37 GeneralSecurityException (java.security.GeneralSecurityException)36 File (java.io.File)35 Certificate (java.security.cert.Certificate)34