use of javax.net.ssl.X509ExtendedTrustManager in project grpc-java by grpc.
the class AdvancedTlsX509TrustManager method checkTrusted.
private void checkTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine, Socket socket, boolean checkingServer) throws CertificateException {
if (chain == null || chain.length == 0) {
throw new IllegalArgumentException("Want certificate verification but got null or empty certificates");
}
if (sslEngine == null && socket == null) {
throw new CertificateException("Not enough information to validate peer. SSLEngine or Socket required.");
}
if (this.verification != Verification.INSECURELY_SKIP_ALL_VERIFICATION) {
X509ExtendedTrustManager currentDelegateManager = this.delegateManager;
if (currentDelegateManager == null) {
throw new CertificateException("No trust roots configured");
}
if (checkingServer) {
String algorithm = this.verification == Verification.CERTIFICATE_AND_HOST_NAME_VERIFICATION ? "HTTPS" : "";
if (sslEngine != null) {
SSLParameters sslParams = sslEngine.getSSLParameters();
sslParams.setEndpointIdentificationAlgorithm(algorithm);
sslEngine.setSSLParameters(sslParams);
currentDelegateManager.checkServerTrusted(chain, authType, sslEngine);
} else {
if (!(socket instanceof SSLSocket)) {
throw new CertificateException("socket is not a type of SSLSocket");
}
SSLSocket sslSocket = (SSLSocket) socket;
SSLParameters sslParams = sslSocket.getSSLParameters();
sslParams.setEndpointIdentificationAlgorithm(algorithm);
sslSocket.setSSLParameters(sslParams);
currentDelegateManager.checkServerTrusted(chain, authType, sslSocket);
}
} else {
currentDelegateManager.checkClientTrusted(chain, authType, sslEngine);
}
}
// Perform the additional peer cert check.
if (socketAndEnginePeerVerifier != null) {
if (sslEngine != null) {
socketAndEnginePeerVerifier.verifyPeerCertificate(chain, authType, sslEngine);
} else {
socketAndEnginePeerVerifier.verifyPeerCertificate(chain, authType, socket);
}
}
}
use of javax.net.ssl.X509ExtendedTrustManager in project grpc-java by grpc.
the class AdvancedTlsX509TrustManager method createDelegateTrustManager.
private static X509ExtendedTrustManager createDelegateTrustManager(KeyStore keyStore) throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
X509ExtendedTrustManager delegateManager = null;
TrustManager[] tms = tmf.getTrustManagers();
// If found, use that as the delegate trust manager.
for (int j = 0; j < tms.length; j++) {
if (tms[j] instanceof X509ExtendedTrustManager) {
delegateManager = (X509ExtendedTrustManager) tms[j];
break;
}
}
if (delegateManager == null) {
throw new CertificateException("Failed to find X509ExtendedTrustManager with default TrustManager algorithm " + TrustManagerFactory.getDefaultAlgorithm());
}
return delegateManager;
}
use of javax.net.ssl.X509ExtendedTrustManager in project grpc-java by grpc.
the class SdsTrustManagerFactory method createSdsX509TrustManager.
@VisibleForTesting
static SdsX509TrustManager createSdsX509TrustManager(X509Certificate[] certs, CertificateValidationContext certContext) throws CertStoreException {
TrustManagerFactory tmf = null;
try {
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("PKCS12");
// perform a load to initialize KeyStore
ks.load(/* stream= */
null, /* password= */
null);
int i = 1;
for (X509Certificate cert : certs) {
// note: alias lookup uses toLowerCase(Locale.ENGLISH)
// so our alias needs to be all lower-case and unique
ks.setCertificateEntry("alias" + i, cert);
i++;
}
tmf.init(ks);
} catch (NoSuchAlgorithmException | KeyStoreException | IOException | CertificateException e) {
logger.log(Level.SEVERE, "createSdsX509TrustManager", e);
throw new CertStoreException(e);
}
TrustManager[] tms = tmf.getTrustManagers();
X509ExtendedTrustManager myDelegate = null;
if (tms != null) {
for (TrustManager tm : tms) {
if (tm instanceof X509ExtendedTrustManager) {
myDelegate = (X509ExtendedTrustManager) tm;
break;
}
}
}
if (myDelegate == null) {
throw new CertStoreException("Native X509 TrustManager not found.");
}
return new SdsX509TrustManager(certContext, myDelegate);
}
use of javax.net.ssl.X509ExtendedTrustManager in project cloudstack by apache.
the class WebSocketReverseProxy method acceptAllCerts.
private void acceptAllCerts() {
TrustManager[] trustAllCerts = new TrustManager[] { new X509ExtendedTrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) {
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} };
SSLContext sc;
try {
sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
SSLSocketFactory factory = sc.getSocketFactory();
this.setSocketFactory(factory);
} catch (Exception e) {
e.printStackTrace();
}
}
use of javax.net.ssl.X509ExtendedTrustManager in project java-chassis by ServiceComb.
the class TrustManagerExtTest method testConstructor.
@SuppressWarnings("unused")
@Test
public void testConstructor() {
String keyStoreName = custom.getFullPath(option.getKeyStore());
char[] keyStoreValue = custom.decode(option.getKeyStoreValue().toCharArray());
String trustStoreName = custom.getFullPath(option.getTrustStore());
char[] trustStoreValue = custom.decode(option.getTrustStoreValue().toCharArray());
KeyStore trustStore = KeyStoreUtil.createKeyStore(trustStoreName, option.getTrustStoreType(), trustStoreValue);
TrustManager[] trustManager = KeyStoreUtil.createTrustManagers(trustStore);
TrustManagerExt trustManagerExt = new TrustManagerExt((X509ExtendedTrustManager) trustManager[0], option, custom);
Assert.assertEquals(3, trustManagerExt.getAcceptedIssuers()[0].getVersion());
Assert.assertNotNull(trustManagerExt);
}
Aggregations