Examples with X509ExtendedTrustManager javax.net.ssl.X509ExtendedTrustManager used on opensource projects

Example 6 with X509ExtendedTrustManager

use of javax.net.ssl.X509ExtendedTrustManager in project grpc-java by grpc.

the class AdvancedTlsX509TrustManager method checkTrusted.

private void checkTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine, Socket socket, boolean checkingServer) throws CertificateException {
    if (chain == null || chain.length == 0) {
        throw new IllegalArgumentException("Want certificate verification but got null or empty certificates");
    }
    if (sslEngine == null && socket == null) {
        throw new CertificateException("Not enough information to validate peer. SSLEngine or Socket required.");
    }
    if (this.verification != Verification.INSECURELY_SKIP_ALL_VERIFICATION) {
        X509ExtendedTrustManager currentDelegateManager = this.delegateManager;
        if (currentDelegateManager == null) {
            throw new CertificateException("No trust roots configured");
        }
        if (checkingServer) {
            String algorithm = this.verification == Verification.CERTIFICATE_AND_HOST_NAME_VERIFICATION ? "HTTPS" : "";
            if (sslEngine != null) {
                SSLParameters sslParams = sslEngine.getSSLParameters();
                sslParams.setEndpointIdentificationAlgorithm(algorithm);
                sslEngine.setSSLParameters(sslParams);
                currentDelegateManager.checkServerTrusted(chain, authType, sslEngine);
            } else {
                if (!(socket instanceof SSLSocket)) {
                    throw new CertificateException("socket is not a type of SSLSocket");
                }
                SSLSocket sslSocket = (SSLSocket) socket;
                SSLParameters sslParams = sslSocket.getSSLParameters();
                sslParams.setEndpointIdentificationAlgorithm(algorithm);
                sslSocket.setSSLParameters(sslParams);
                currentDelegateManager.checkServerTrusted(chain, authType, sslSocket);
            }
        } else {
            currentDelegateManager.checkClientTrusted(chain, authType, sslEngine);
        }
    }
    // Perform the additional peer cert check.
    if (socketAndEnginePeerVerifier != null) {
        if (sslEngine != null) {
            socketAndEnginePeerVerifier.verifyPeerCertificate(chain, authType, sslEngine);
        } else {
            socketAndEnginePeerVerifier.verifyPeerCertificate(chain, authType, socket);
        }
    }
}

Example 7 with X509ExtendedTrustManager

use of javax.net.ssl.X509ExtendedTrustManager in project grpc-java by grpc.

the class AdvancedTlsX509TrustManager method createDelegateTrustManager.

private static X509ExtendedTrustManager createDelegateTrustManager(KeyStore keyStore) throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(keyStore);
    X509ExtendedTrustManager delegateManager = null;
    TrustManager[] tms = tmf.getTrustManagers();
    // If found, use that as the delegate trust manager.
    for (int j = 0; j < tms.length; j++) {
        if (tms[j] instanceof X509ExtendedTrustManager) {
            delegateManager = (X509ExtendedTrustManager) tms[j];
            break;
        }
    }
    if (delegateManager == null) {
        throw new CertificateException("Failed to find X509ExtendedTrustManager with default TrustManager algorithm " + TrustManagerFactory.getDefaultAlgorithm());
    }
    return delegateManager;
}

Example 8 with X509ExtendedTrustManager

use of javax.net.ssl.X509ExtendedTrustManager in project grpc-java by grpc.

the class SdsTrustManagerFactory method createSdsX509TrustManager.

@VisibleForTesting
static SdsX509TrustManager createSdsX509TrustManager(X509Certificate[] certs, CertificateValidationContext certContext) throws CertStoreException {
    TrustManagerFactory tmf = null;
    try {
        tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore ks = KeyStore.getInstance("PKCS12");
        // perform a load to initialize KeyStore
        ks.load(/* stream= */
        null, /* password= */
        null);
        int i = 1;
        for (X509Certificate cert : certs) {
            // note: alias lookup uses toLowerCase(Locale.ENGLISH)
            // so our alias needs to be all lower-case and unique
            ks.setCertificateEntry("alias" + i, cert);
            i++;
        }
        tmf.init(ks);
    } catch (NoSuchAlgorithmException | KeyStoreException | IOException | CertificateException e) {
        logger.log(Level.SEVERE, "createSdsX509TrustManager", e);
        throw new CertStoreException(e);
    }
    TrustManager[] tms = tmf.getTrustManagers();
    X509ExtendedTrustManager myDelegate = null;
    if (tms != null) {
        for (TrustManager tm : tms) {
            if (tm instanceof X509ExtendedTrustManager) {
                myDelegate = (X509ExtendedTrustManager) tm;
                break;
            }
        }
    }
    if (myDelegate == null) {
        throw new CertStoreException("Native X509 TrustManager not found.");
    }
    return new SdsX509TrustManager(certContext, myDelegate);
}

Example 9 with X509ExtendedTrustManager

use of javax.net.ssl.X509ExtendedTrustManager in project cloudstack by apache.

the class WebSocketReverseProxy method acceptAllCerts.

private void acceptAllCerts() {
    TrustManager[] trustAllCerts = new TrustManager[] { new X509ExtendedTrustManager() {

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) {
        }

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {
        }

        @Override
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override
        public void checkClientTrusted(X509Certificate[] certs, String authType) {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] certs, String authType) {
        }
    } };
    SSLContext sc;
    try {
        sc = SSLContext.getInstance("TLS");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        SSLSocketFactory factory = sc.getSocketFactory();
        this.setSocketFactory(factory);
    } catch (Exception e) {
        e.printStackTrace();
    }
}

Example 10 with X509ExtendedTrustManager

use of javax.net.ssl.X509ExtendedTrustManager in project java-chassis by ServiceComb.

the class TrustManagerExtTest method testConstructor.

@SuppressWarnings("unused")
@Test
public void testConstructor() {
    String keyStoreName = custom.getFullPath(option.getKeyStore());
    char[] keyStoreValue = custom.decode(option.getKeyStoreValue().toCharArray());
    String trustStoreName = custom.getFullPath(option.getTrustStore());
    char[] trustStoreValue = custom.decode(option.getTrustStoreValue().toCharArray());
    KeyStore trustStore = KeyStoreUtil.createKeyStore(trustStoreName, option.getTrustStoreType(), trustStoreValue);
    TrustManager[] trustManager = KeyStoreUtil.createTrustManagers(trustStore);
    TrustManagerExt trustManagerExt = new TrustManagerExt((X509ExtendedTrustManager) trustManager[0], option, custom);
    Assert.assertEquals(3, trustManagerExt.getAcceptedIssuers()[0].getVersion());
    Assert.assertNotNull(trustManagerExt);
}