Example 91 with TrustManagerFactory
use of javax.net.ssl.TrustManagerFactory in project android_frameworks_base by crdroidandroid.
the class XmlConfigTests method testTrustManagerKeystore.
public void testTrustManagerKeystore() throws Exception {
XmlConfigSource source = new XmlConfigSource(getContext(), R.xml.bad_pin, true);
ApplicationConfig appConfig = new ApplicationConfig(source);
Provider provider = new NetworkSecurityConfigProvider();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", provider);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null);
int i = 0;
for (X509Certificate cert : SystemCertificateSource.getInstance().getCertificates()) {
keystore.setEntry(String.valueOf(i), new KeyStore.TrustedCertificateEntry(cert), null);
i++;
}
tmf.init(keystore);
TrustManager[] tms = tmf.getTrustManagers();
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tms, null);
TestUtils.assertConnectionSucceeds(context, "android.com", 443);
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Provider(java.security.Provider)
TrustManager(javax.net.ssl.TrustManager)
Example 92 with TrustManagerFactory
use of javax.net.ssl.TrustManagerFactory in project ddf by codice.
the class AuthSSLProtocolSocketFactory method createTrustManagers.
private static TrustManager[] createTrustManagers(final KeyStore keystore) throws KeyStoreException, NoSuchAlgorithmException {
if (keystore == null) {
throw new IllegalArgumentException("Keystore may not be null");
}
LOG.debug("Initializing trust manager");
TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmfactory.init(keystore);
TrustManager[] trustmanagers = tmfactory.getTrustManagers();
for (int i = 0; i < trustmanagers.length; i++) {
if (trustmanagers[i] instanceof X509TrustManager) {
trustmanagers[i] = new AuthSSLX509TrustManager((X509TrustManager) trustmanagers[i]);
}
}
return trustmanagers;
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Example 93 with TrustManagerFactory
use of javax.net.ssl.TrustManagerFactory in project wso2-axis2-transports by wso2.
the class RabbitMQConnectionFactory method initConnectionFactory.
/**
* Initialize connection factory
*/
private void initConnectionFactory() {
connectionFactory = new ConnectionFactory();
String hostName = parameters.get(RabbitMQConstants.SERVER_HOST_NAME);
String portValue = parameters.get(RabbitMQConstants.SERVER_PORT);
String serverRetryIntervalS = parameters.get(RabbitMQConstants.SERVER_RETRY_INTERVAL);
String retryIntervalS = parameters.get(RabbitMQConstants.RETRY_INTERVAL);
String retryCountS = parameters.get(RabbitMQConstants.RETRY_COUNT);
String heartbeat = parameters.get(RabbitMQConstants.HEARTBEAT);
String connectionTimeout = parameters.get(RabbitMQConstants.CONNECTION_TIMEOUT);
String sslEnabledS = parameters.get(RabbitMQConstants.SSL_ENABLED);
String userName = parameters.get(RabbitMQConstants.SERVER_USER_NAME);
String password = parameters.get(RabbitMQConstants.SERVER_PASSWORD);
String virtualHost = parameters.get(RabbitMQConstants.SERVER_VIRTUAL_HOST);
String connectionPoolSizeS = parameters.get(RabbitMQConstants.CONNECTION_POOL_SIZE);
if (!StringUtils.isEmpty(heartbeat)) {
try {
int heartbeatValue = Integer.parseInt(heartbeat);
connectionFactory.setRequestedHeartbeat(heartbeatValue);
} catch (NumberFormatException e) {
// proceeding with rabbitmq default value
log.warn("Number format error in reading heartbeat value. Proceeding with default");
}
}
if (!StringUtils.isEmpty(connectionTimeout)) {
try {
int connectionTimeoutValue = Integer.parseInt(connectionTimeout);
connectionFactory.setConnectionTimeout(connectionTimeoutValue);
} catch (NumberFormatException e) {
// proceeding with rabbitmq default value
log.warn("Number format error in reading connection timeout value. Proceeding with default");
}
}
if (!StringUtils.isEmpty(connectionPoolSizeS)) {
try {
connectionPoolSize = Integer.parseInt(connectionPoolSizeS);
} catch (NumberFormatException e) {
// proceeding with rabbitmq default value
log.warn("Number format error in reading connection timeout value. Proceeding with default");
}
}
if (!StringUtils.isEmpty(sslEnabledS)) {
try {
boolean sslEnabled = Boolean.parseBoolean(sslEnabledS);
if (sslEnabled) {
String keyStoreLocation = parameters.get(RabbitMQConstants.SSL_KEYSTORE_LOCATION);
String keyStoreType = parameters.get(RabbitMQConstants.SSL_KEYSTORE_TYPE);
String keyStorePassword = parameters.get(RabbitMQConstants.SSL_KEYSTORE_PASSWORD);
String trustStoreLocation = parameters.get(RabbitMQConstants.SSL_TRUSTSTORE_LOCATION);
String trustStoreType = parameters.get(RabbitMQConstants.SSL_TRUSTSTORE_TYPE);
String trustStorePassword = parameters.get(RabbitMQConstants.SSL_TRUSTSTORE_PASSWORD);
String sslVersion = parameters.get(RabbitMQConstants.SSL_VERSION);
if (StringUtils.isEmpty(keyStoreLocation) || StringUtils.isEmpty(keyStoreType) || StringUtils.isEmpty(keyStorePassword) || StringUtils.isEmpty(trustStoreLocation) || StringUtils.isEmpty(trustStoreType) || StringUtils.isEmpty(trustStorePassword)) {
log.info("Trustore and keystore information is not provided");
if (StringUtils.isNotEmpty(sslVersion)) {
connectionFactory.useSslProtocol(sslVersion);
} else {
log.info("Proceeding with default SSL configuration");
connectionFactory.useSslProtocol();
}
} else {
char[] keyPassphrase = keyStorePassword.toCharArray();
KeyStore ks = KeyStore.getInstance(keyStoreType);
ks.load(new FileInputStream(keyStoreLocation), keyPassphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyPassphrase);
char[] trustPassphrase = trustStorePassword.toCharArray();
KeyStore tks = KeyStore.getInstance(trustStoreType);
tks.load(new FileInputStream(trustStoreLocation), trustPassphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
tmf.init(tks);
SSLContext c = SSLContext.getInstance(sslVersion);
c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
connectionFactory.useSslProtocol(c);
}
}
} catch (Exception e) {
log.warn("Format error in SSL enabled value. Proceeding without enabling SSL", e);
}
}
if (!StringUtils.isEmpty(retryCountS)) {
try {
retryCount = Integer.parseInt(retryCountS);
} catch (NumberFormatException e) {
log.warn("Number format error in reading retry count value. Proceeding with default value (3)", e);
}
}
// Resolving hostname(s) and port(s)
if (!StringUtils.isEmpty(hostName) && !StringUtils.isEmpty(portValue)) {
String[] hostNames = hostName.split(",");
String[] portValues = portValue.split(",");
if (hostNames.length == portValues.length) {
addresses = new Address[hostNames.length];
for (int i = 0; i < hostNames.length; i++) {
if (!hostNames[i].isEmpty() && !portValues[i].isEmpty()) {
try {
addresses[i] = new Address(hostNames[i].trim(), Integer.parseInt(portValues[i].trim()));
} catch (NumberFormatException e) {
handleException("Number format error in port number", e);
}
}
}
}
} else {
handleException("Host name(s) and port(s) are not correctly defined");
}
if (!StringUtils.isEmpty(userName)) {
connectionFactory.setUsername(userName);
}
if (!StringUtils.isEmpty(password)) {
connectionFactory.setPassword(password);
}
if (!StringUtils.isEmpty(virtualHost)) {
connectionFactory.setVirtualHost(virtualHost);
}
if (!StringUtils.isEmpty(retryIntervalS)) {
try {
retryInterval = Integer.parseInt(retryIntervalS);
} catch (NumberFormatException e) {
log.warn("Number format error in reading retry interval value. Proceeding with default value (30000ms)", e);
}
}
if (!StringUtils.isEmpty(serverRetryIntervalS)) {
try {
int serverRetryInterval = Integer.parseInt(serverRetryIntervalS);
connectionFactory.setNetworkRecoveryInterval(serverRetryInterval);
} catch (NumberFormatException e) {
log.warn("Number format error in reading server retry interval value. Proceeding with default value", e);
}
}
connectionFactory.setAutomaticRecoveryEnabled(true);
connectionFactory.setTopologyRecoveryEnabled(false);
}
Also used :
Address(com.rabbitmq.client.Address)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
AxisRabbitMQException(org.apache.axis2.transport.rabbitmq.utils.AxisRabbitMQException)
SecureVaultException(org.wso2.securevault.SecureVaultException)
IOException(java.io.IOException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
ConnectionFactory(com.rabbitmq.client.ConnectionFactory)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
Example 94 with TrustManagerFactory
use of javax.net.ssl.TrustManagerFactory in project knime-core by knime.
the class JreTests method checkForCACertificate.
/**
* Checks that the JRE's default keystore contains the KNIME.com CA certificate.
*
* @throws Exception if an error occurs
*/
@Test
public void checkForCACertificate() throws Exception {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
if (trustManager instanceof X509TrustManager) {
X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
for (X509Certificate cert : x509TrustManager.getAcceptedIssuers()) {
if (cert.getSubjectDN().getName().equals("CN=KNIME.com CA, O=KNIME.com, L=Zurich, C=CH")) {
return;
}
}
}
}
fail("No CA certificate for KNIME.com found in default keystore");
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
X509Certificate(java.security.cert.X509Certificate)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManager(javax.net.ssl.TrustManager)
Test(org.junit.Test)
Example 95 with TrustManagerFactory
use of javax.net.ssl.TrustManagerFactory in project cxf by apache.
the class SSLNettyServerTest method getTrustManagers.
private static TrustManager[] getTrustManagers(KeyStore trustStore) throws NoSuchAlgorithmException, KeyStoreException {
String alg = KeyManagerFactory.getDefaultAlgorithm();
TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
fac.init(trustStore);
return fac.getTrustManagers();
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
Aggregations
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)504
KeyStore (java.security.KeyStore)318
SSLContext (javax.net.ssl.SSLContext)247
TrustManager (javax.net.ssl.TrustManager)186
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)180
IOException (java.io.IOException)129
FileInputStream (java.io.FileInputStream)123
X509TrustManager (javax.net.ssl.X509TrustManager)123
InputStream (java.io.InputStream)113
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)113
KeyStoreException (java.security.KeyStoreException)98
CertificateException (java.security.cert.CertificateException)87
KeyManagementException (java.security.KeyManagementException)64
X509Certificate (java.security.cert.X509Certificate)60
SecureRandom (java.security.SecureRandom)53
KeyManager (javax.net.ssl.KeyManager)48
CertificateFactory (java.security.cert.CertificateFactory)37
GeneralSecurityException (java.security.GeneralSecurityException)36
File (java.io.File)35
Certificate (java.security.cert.Certificate)34
