Search in sources :

Example 26 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project jetty.project by eclipse.

the class SslContextFactory method getTrustManagers.

protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception {
    TrustManager[] managers = null;
    if (trustStore != null) {
        // Revocation checking is only supported for PKIX algorithm
        if (isValidatePeerCerts() && "PKIX".equalsIgnoreCase(getTrustManagerFactoryAlgorithm())) {
            PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
            // Set maximum certification path length
            pbParams.setMaxPathLength(_maxCertPathLength);
            // Make sure revocation checking is enabled
            pbParams.setRevocationEnabled(true);
            if (crls != null && !crls.isEmpty()) {
                pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
            }
            if (_enableCRLDP) {
                // Enable Certificate Revocation List Distribution Points (CRLDP) support
                System.setProperty("com.sun.security.enableCRLDP", "true");
            }
            if (_enableOCSP) {
                // Enable On-Line Certificate Status Protocol (OCSP) support
                Security.setProperty("ocsp.enable", "true");
                if (_ocspResponderURL != null) {
                    // Override location of OCSP Responder
                    Security.setProperty("ocsp.responderURL", _ocspResponderURL);
                }
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
            trustManagerFactory.init(new CertPathTrustManagerParameters(pbParams));
            managers = trustManagerFactory.getTrustManagers();
        } else {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
            trustManagerFactory.init(trustStore);
            managers = trustManagerFactory.getTrustManagers();
        }
    }
    return managers;
}
Also used : CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) X509CertSelector(java.security.cert.X509CertSelector) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 27 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project okhttputils by hongyangAndroid.

the class HttpsUtils method prepareTrustManager.

private static TrustManager[] prepareTrustManager(InputStream... certificates) {
    if (certificates == null || certificates.length <= 0)
        return null;
    try {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        int index = 0;
        for (InputStream certificate : certificates) {
            String certificateAlias = Integer.toString(index++);
            keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
            try {
                if (certificate != null)
                    certificate.close();
            } catch (IOException e) {
            }
        }
        TrustManagerFactory trustManagerFactory = null;
        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        return trustManagers;
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (CertificateException e) {
        e.printStackTrace();
    } catch (KeyStoreException e) {
        e.printStackTrace();
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}
Also used : InputStream(java.io.InputStream) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) CertificateFactory(java.security.cert.CertificateFactory) KeyStore(java.security.KeyStore) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) KeyStoreException(java.security.KeyStoreException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory)

Example 28 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project netty-socketio by mrniko.

the class SocketIOChannelInitializer method createSSLContext.

private SSLContext createSSLContext(Configuration configuration) throws Exception {
    TrustManager[] managers = null;
    if (configuration.getTrustStore() != null) {
        KeyStore ts = KeyStore.getInstance(configuration.getTrustStoreFormat());
        ts.load(configuration.getTrustStore(), configuration.getTrustStorePassword().toCharArray());
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ts);
        managers = tmf.getTrustManagers();
    }
    KeyStore ks = KeyStore.getInstance(configuration.getKeyStoreFormat());
    ks.load(configuration.getKeyStore(), configuration.getKeyStorePassword().toCharArray());
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(configuration.getKeyManagerFactoryAlgorithm());
    kmf.init(ks, configuration.getKeyStorePassword().toCharArray());
    SSLContext serverContext = SSLContext.getInstance(configuration.getSSLProtocol());
    serverContext.init(kmf.getKeyManagers(), managers, null);
    return serverContext;
}
Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) TrustManager(javax.net.ssl.TrustManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 29 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project OpenAttestation by OpenAttestation.

the class X509Util method createX509TrustManagerWithKeystore.

/**
     * @deprecated use TlsPolicy instead
     * @param keystore
     * @return
     * @throws KeyManagementException 
     */
public static X509TrustManager createX509TrustManagerWithKeystore(SimpleKeystore keystore) throws KeyManagementException {
    try {
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(KeyStoreUtil.createTrustedSslKeystore(keystore));
        TrustManager[] tms = tmf.getTrustManagers();
        for (TrustManager tm : tms) {
            if (tm instanceof X509TrustManager) {
                return (X509TrustManager) tm;
            }
        }
    } catch (NoSuchAlgorithmException | IOException | CertificateException | UnrecoverableEntryException | KeyStoreException e) {
        throw new KeyManagementException("Cannot create X509TrustManager", e);
    }
    throw new IllegalArgumentException("TrustManagerFactory did not return an X509TrustManager instance");
}
Also used : X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) UnrecoverableEntryException(java.security.UnrecoverableEntryException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) KeyManagementException(java.security.KeyManagementException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 30 with TrustManagerFactory

use of javax.net.ssl.TrustManagerFactory in project OpenAttestation by OpenAttestation.

the class X509Util method createX509TrustManagerWithCertificates.

/**
     * 
     * @deprecated use TlsPolicy instead
     * @param certificates
     * @return
     * @throws KeyManagementException 
     */
public static X509TrustManager createX509TrustManagerWithCertificates(X509Certificate[] certificates) throws KeyManagementException {
    try {
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(KeyStoreUtil.createTrustedSslKeystore(certificates));
        TrustManager[] tms = tmf.getTrustManagers();
        for (TrustManager tm : tms) {
            if (tm instanceof X509TrustManager) {
                return (X509TrustManager) tm;
            }
        }
    } catch (NoSuchAlgorithmException | IOException | CertificateException | UnrecoverableEntryException | KeyStoreException e) {
        throw new KeyManagementException("Cannot create X509TrustManager", e);
    }
    throw new IllegalArgumentException("TrustManagerFactory did not return an X509TrustManager instance");
}
Also used : X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) UnrecoverableEntryException(java.security.UnrecoverableEntryException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) KeyManagementException(java.security.KeyManagementException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Aggregations

TrustManagerFactory (javax.net.ssl.TrustManagerFactory)233 KeyStore (java.security.KeyStore)145 SSLContext (javax.net.ssl.SSLContext)111 TrustManager (javax.net.ssl.TrustManager)89 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)82 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)55 X509TrustManager (javax.net.ssl.X509TrustManager)55 FileInputStream (java.io.FileInputStream)53 IOException (java.io.IOException)48 KeyStoreException (java.security.KeyStoreException)47 InputStream (java.io.InputStream)45 CertificateException (java.security.cert.CertificateException)35 KeyManagementException (java.security.KeyManagementException)30 X509Certificate (java.security.cert.X509Certificate)25 SecureRandom (java.security.SecureRandom)22 KeyManager (javax.net.ssl.KeyManager)17 UnrecoverableKeyException (java.security.UnrecoverableKeyException)16 CertificateFactory (java.security.cert.CertificateFactory)15 GeneralSecurityException (java.security.GeneralSecurityException)13 File (java.io.File)11