Search in sources :

Example 96 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project cxf by apache.

the class STSTokenOutInterceptorTest method prepareTLSParams.

private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
    TLSClientParameters tlsParams = new TLSClientParameters();
    tlsParams.setDisableCNCheck(true);
    KeyStore trustStore = loadClientKeystore();
    TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustFactory.init(trustStore);
    TrustManager[] tm = trustFactory.getTrustManagers();
    tlsParams.setTrustManagers(tm);
    KeyStore keyStore = loadClientKeystore();
    KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyFactory.init(keyStore, KEY_PASS.toCharArray());
    KeyManager[] km = keyFactory.getKeyManagers();
    tlsParams.setKeyManagers(km);
    return tlsParams;
}
Also used : TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyStore(java.security.KeyStore) KeyManager(javax.net.ssl.KeyManager) TrustManager(javax.net.ssl.TrustManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 97 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project cxf by apache.

the class STSTokenOutInterceptorTest method configureDefaultHttpsConnection.

private void configureDefaultHttpsConnection() throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, KeyManagementException {
    // For localhost testing only
    javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() {

        public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
            return "localhost".equals(hostname);
        }
    });
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    KeyStore keyStore = loadClientKeystore();
    trustManagerFactory.init(keyStore);
    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustManagers, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    // Needed to prevent test failure using IBM JDK
    if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
        System.setProperty("https.protocols", "TLSv1");
    }
}
Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) TrustManager(javax.net.ssl.TrustManager)

Example 98 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project cxf by apache.

the class STSTokenRetrieverTest method prepareTLSParams.

private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
    TLSClientParameters tlsParams = new TLSClientParameters();
    tlsParams.setDisableCNCheck(true);
    KeyStore trustStore = loadClientKeystore();
    TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustFactory.init(trustStore);
    TrustManager[] tm = trustFactory.getTrustManagers();
    tlsParams.setTrustManagers(tm);
    KeyStore keyStore = loadClientKeystore();
    KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyFactory.init(keyStore, KEY_PASS.toCharArray());
    KeyManager[] km = keyFactory.getKeyManagers();
    tlsParams.setKeyManagers(km);
    return tlsParams;
}
Also used : TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) KeyStore(java.security.KeyStore) KeyManager(javax.net.ssl.KeyManager) TrustManager(javax.net.ssl.TrustManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 99 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project cxf by apache.

the class ClientNonSpring method getTrustManagers.

private static TrustManager[] getTrustManagers(KeyStore trustStore) throws NoSuchAlgorithmException, KeyStoreException {
    String alg = KeyManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
    fac.init(trustStore);
    return fac.getTrustManagers();
}
Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory)

Example 100 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project cxf by apache.

the class SSLv3Test method testSSLv3ServerNotAllowedByDefault.

@org.junit.Test
public void testSSLv3ServerNotAllowedByDefault() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = SSLv3Test.class.getResource("sslv3-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    System.setProperty("https.protocols", "SSLv3");
    URL service = new URL("https://localhost:" + PORT);
    HttpsURLConnection connection = (HttpsURLConnection) service.openConnection();
    connection.setHostnameVerifier(new DisableCNCheckVerifier());
    SSLContext sslContext = SSLContext.getInstance("SSL");
    KeyStore trustedCertStore = KeyStore.getInstance("jks");
    try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", SSLv3Test.class)) {
        trustedCertStore.load(keystore, null);
    }
    TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
    tmf.init(trustedCertStore);
    TrustManager[] trustManagers = tmf.getTrustManagers();
    sslContext.init(null, trustManagers, new java.security.SecureRandom());
    connection.setSSLSocketFactory(sslContext.getSocketFactory());
    try {
        connection.connect();
        fail("Failure expected on an SSLv3 connection attempt");
    } catch (IOException ex) {
    // expected
    }
    System.clearProperty("https.protocols");
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) InputStream(java.io.InputStream) SSLContext(javax.net.ssl.SSLContext) IOException(java.io.IOException) KeyStore(java.security.KeyStore) URL(java.net.URL) TrustManager(javax.net.ssl.TrustManager) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) HttpsURLConnection(javax.net.ssl.HttpsURLConnection)

Aggregations

TrustManagerFactory (javax.net.ssl.TrustManagerFactory)504 KeyStore (java.security.KeyStore)318 SSLContext (javax.net.ssl.SSLContext)247 TrustManager (javax.net.ssl.TrustManager)186 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)180 IOException (java.io.IOException)129 FileInputStream (java.io.FileInputStream)123 X509TrustManager (javax.net.ssl.X509TrustManager)123 InputStream (java.io.InputStream)113 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)113 KeyStoreException (java.security.KeyStoreException)98 CertificateException (java.security.cert.CertificateException)87 KeyManagementException (java.security.KeyManagementException)64 X509Certificate (java.security.cert.X509Certificate)60 SecureRandom (java.security.SecureRandom)53 KeyManager (javax.net.ssl.KeyManager)48 CertificateFactory (java.security.cert.CertificateFactory)37 GeneralSecurityException (java.security.GeneralSecurityException)36 File (java.io.File)35 Certificate (java.security.cert.Certificate)34