use of javax.net.ssl.TrustManagerFactory in project cxf by apache.
the class STSTokenOutInterceptorTest method prepareTLSParams.
private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);
KeyStore trustStore = loadClientKeystore();
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
TrustManager[] tm = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(tm);
KeyStore keyStore = loadClientKeystore();
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, KEY_PASS.toCharArray());
KeyManager[] km = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(km);
return tlsParams;
}
use of javax.net.ssl.TrustManagerFactory in project cxf by apache.
the class STSTokenOutInterceptorTest method configureDefaultHttpsConnection.
private void configureDefaultHttpsConnection() throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, KeyManagementException {
// For localhost testing only
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() {
public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
return "localhost".equals(hostname);
}
});
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = loadClientKeystore();
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustManagers, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Needed to prevent test failure using IBM JDK
if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
System.setProperty("https.protocols", "TLSv1");
}
}
use of javax.net.ssl.TrustManagerFactory in project cxf by apache.
the class STSTokenRetrieverTest method prepareTLSParams.
private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);
KeyStore trustStore = loadClientKeystore();
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
TrustManager[] tm = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(tm);
KeyStore keyStore = loadClientKeystore();
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, KEY_PASS.toCharArray());
KeyManager[] km = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(km);
return tlsParams;
}
use of javax.net.ssl.TrustManagerFactory in project cxf by apache.
the class ClientNonSpring method getTrustManagers.
private static TrustManager[] getTrustManagers(KeyStore trustStore) throws NoSuchAlgorithmException, KeyStoreException {
String alg = KeyManagerFactory.getDefaultAlgorithm();
TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
fac.init(trustStore);
return fac.getTrustManagers();
}
use of javax.net.ssl.TrustManagerFactory in project cxf by apache.
the class SSLv3Test method testSSLv3ServerNotAllowedByDefault.
@org.junit.Test
public void testSSLv3ServerNotAllowedByDefault() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = SSLv3Test.class.getResource("sslv3-client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
System.setProperty("https.protocols", "SSLv3");
URL service = new URL("https://localhost:" + PORT);
HttpsURLConnection connection = (HttpsURLConnection) service.openConnection();
connection.setHostnameVerifier(new DisableCNCheckVerifier());
SSLContext sslContext = SSLContext.getInstance("SSL");
KeyStore trustedCertStore = KeyStore.getInstance("jks");
try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", SSLv3Test.class)) {
trustedCertStore.load(keystore, null);
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(trustedCertStore);
TrustManager[] trustManagers = tmf.getTrustManagers();
sslContext.init(null, trustManagers, new java.security.SecureRandom());
connection.setSSLSocketFactory(sslContext.getSocketFactory());
try {
connection.connect();
fail("Failure expected on an SSLv3 connection attempt");
} catch (IOException ex) {
// expected
}
System.clearProperty("https.protocols");
bus.shutdown(true);
}
Aggregations