Search in sources :

Example 6 with X509ExtendedKeyManager

use of javax.net.ssl.X509ExtendedKeyManager in project netty by netty.

the class OpenSslKeyMaterialManagerTest method testChooseClientAliasReturnsNull.

@Test
public void testChooseClientAliasReturnsNull() throws SSLException {
    OpenSsl.ensureAvailability();
    X509ExtendedKeyManager keyManager = new X509ExtendedKeyManager() {

        @Override
        public String[] getClientAliases(String s, Principal[] principals) {
            return EmptyArrays.EMPTY_STRINGS;
        }

        @Override
        public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
            return null;
        }

        @Override
        public String[] getServerAliases(String s, Principal[] principals) {
            return EmptyArrays.EMPTY_STRINGS;
        }

        @Override
        public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
            return null;
        }

        @Override
        public X509Certificate[] getCertificateChain(String s) {
            return EmptyArrays.EMPTY_X509_CERTIFICATES;
        }

        @Override
        public PrivateKey getPrivateKey(String s) {
            return null;
        }
    };
    OpenSslKeyMaterialManager manager = new OpenSslKeyMaterialManager(new OpenSslKeyMaterialProvider(keyManager, null) {

        @Override
        OpenSslKeyMaterial chooseKeyMaterial(ByteBufAllocator allocator, String alias) throws Exception {
            fail("Should not be called when alias is null");
            return null;
        }
    });
    SslContext context = SslContextBuilder.forClient().sslProvider(SslProvider.OPENSSL).build();
    OpenSslEngine engine = (OpenSslEngine) context.newEngine(UnpooledByteBufAllocator.DEFAULT);
    manager.setKeyMaterialClientSide(engine, EmptyArrays.EMPTY_STRINGS, null);
}
Also used : UnpooledByteBufAllocator(io.netty.buffer.UnpooledByteBufAllocator) ByteBufAllocator(io.netty.buffer.ByteBufAllocator) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) Socket(java.net.Socket) X509Certificate(java.security.cert.X509Certificate) SSLException(javax.net.ssl.SSLException) Test(org.junit.jupiter.api.Test)

Example 7 with X509ExtendedKeyManager

use of javax.net.ssl.X509ExtendedKeyManager in project netty by netty.

the class OpenSslEngineTest method testNoKeyFound.

@MethodSource("newTestParams")
@ParameterizedTest
public void testNoKeyFound(final SSLEngineTestParam param) throws Exception {
    checkShouldUseKeyManagerFactory();
    clientSslCtx = wrapContext(param, SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).protocols(param.protocols()).ciphers(param.ciphers()).build());
    final SSLEngine client = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
    serverSslCtx = wrapContext(param, SslContextBuilder.forServer(new X509ExtendedKeyManager() {

        @Override
        public String[] getClientAliases(String keyType, Principal[] issuers) {
            return new String[0];
        }

        @Override
        public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
            return null;
        }

        @Override
        public String[] getServerAliases(String keyType, Principal[] issuers) {
            return new String[0];
        }

        @Override
        public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
            return null;
        }

        @Override
        public X509Certificate[] getCertificateChain(String alias) {
            return new X509Certificate[0];
        }

        @Override
        public PrivateKey getPrivateKey(String alias) {
            return null;
        }
    }).sslProvider(sslServerProvider()).protocols(param.protocols()).ciphers(param.ciphers()).build());
    final SSLEngine server = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
    try {
        assertThrows(SSLException.class, new Executable() {

            @Override
            public void execute() throws Throwable {
                handshake(param.type(), param.delegate(), client, server);
            }
        });
    } finally {
        cleanupClientSslEngine(client);
        cleanupServerSslEngine(server);
    }
}
Also used : PrivateKey(java.security.PrivateKey) SSLEngine(javax.net.ssl.SSLEngine) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) Executable(org.junit.jupiter.api.function.Executable) Principal(java.security.Principal) Socket(java.net.Socket) MethodSource(org.junit.jupiter.params.provider.MethodSource) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 8 with X509ExtendedKeyManager

use of javax.net.ssl.X509ExtendedKeyManager in project jetty.project by eclipse.

the class SslContextFactory method getKeyManagers.

protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception {
    KeyManager[] managers = null;
    if (keyStore != null) {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(getKeyManagerFactoryAlgorithm());
        keyManagerFactory.init(keyStore, _keyManagerPassword == null ? (_keyStorePassword == null ? null : _keyStorePassword.toString().toCharArray()) : _keyManagerPassword.toString().toCharArray());
        managers = keyManagerFactory.getKeyManagers();
        if (managers != null) {
            String alias = getCertAlias();
            if (alias != null) {
                for (int idx = 0; idx < managers.length; idx++) {
                    if (managers[idx] instanceof X509ExtendedKeyManager)
                        managers[idx] = new AliasedX509ExtendedKeyManager((X509ExtendedKeyManager) managers[idx], alias);
                }
            }
            if (!_certHosts.isEmpty() || !_certWilds.isEmpty()) {
                for (int idx = 0; idx < managers.length; idx++) {
                    if (managers[idx] instanceof X509ExtendedKeyManager)
                        managers[idx] = new SniX509ExtendedKeyManager((X509ExtendedKeyManager) managers[idx]);
                }
            }
        }
    }
    if (LOG.isDebugEnabled())
        LOG.debug("managers={} for {}", managers, this);
    return managers;
}
Also used : X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) KeyManager(javax.net.ssl.KeyManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 9 with X509ExtendedKeyManager

use of javax.net.ssl.X509ExtendedKeyManager in project activemq-artemis by apache.

the class NettyTransportSupport method wrapKeyManagers.

private static KeyManager[] wrapKeyManagers(String alias, KeyManager[] origKeyManagers) {
    KeyManager[] keyManagers = new KeyManager[origKeyManagers.length];
    for (int i = 0; i < origKeyManagers.length; i++) {
        KeyManager km = origKeyManagers[i];
        if (km instanceof X509ExtendedKeyManager) {
            km = new X509AliasKeyManager(alias, (X509ExtendedKeyManager) km);
        }
        keyManagers[i] = km;
    }
    return keyManagers;
}
Also used : X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) KeyManager(javax.net.ssl.KeyManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager)

Example 10 with X509ExtendedKeyManager

use of javax.net.ssl.X509ExtendedKeyManager in project tomcat by apache.

the class TesterSupport method getUser1KeyManagers.

protected static KeyManager[] getUser1KeyManagers() throws Exception {
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(getKeyStore(CLIENT_JKS), JKS_PASS.toCharArray());
    KeyManager[] managers = kmf.getKeyManagers();
    KeyManager manager;
    for (int i = 0; i < managers.length; i++) {
        manager = managers[i];
        if (manager instanceof X509ExtendedKeyManager) {
            managers[i] = new TrackingExtendedKeyManager((X509ExtendedKeyManager) manager);
        } else if (manager instanceof X509KeyManager) {
            managers[i] = new TrackingKeyManager((X509KeyManager) manager);
        }
    }
    return managers;
}
Also used : X509KeyManager(javax.net.ssl.X509KeyManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Aggregations

X509ExtendedKeyManager (javax.net.ssl.X509ExtendedKeyManager)12 X509Certificate (java.security.cert.X509Certificate)6 KeyManager (javax.net.ssl.KeyManager)6 X509KeyManager (javax.net.ssl.X509KeyManager)5 IOException (java.io.IOException)4 Socket (java.net.Socket)4 KeyFactory (java.security.KeyFactory)4 KeyPair (java.security.KeyPair)4 KeyPairGenerator (java.security.KeyPairGenerator)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 PrivateKey (java.security.PrivateKey)4 PublicKey (java.security.PublicKey)4 CertificateException (java.security.cert.CertificateException)4 DHPublicKey (javax.crypto.interfaces.DHPublicKey)4 DHParameterSpec (javax.crypto.spec.DHParameterSpec)4 DHPublicKeySpec (javax.crypto.spec.DHPublicKeySpec)4 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)3 SSLEngine (javax.net.ssl.SSLEngine)3 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)2 BigInteger (java.math.BigInteger)2