use of javax.net.ssl.X509ExtendedTrustManager in project java-chassis by ServiceComb.
the class TrustManagerExtTest method testConstructor.
@SuppressWarnings("unused")
@Test
public void testConstructor() {
String keyStoreName = custom.getFullPath(option.getKeyStore());
char[] keyStoreValue = custom.decode(option.getKeyStoreValue().toCharArray());
String trustStoreName = custom.getFullPath(option.getTrustStore());
char[] trustStoreValue = custom.decode(option.getTrustStoreValue().toCharArray());
KeyStore trustStore = KeyStoreUtil.createKeyStore(trustStoreName, option.getTrustStoreType(), trustStoreValue);
TrustManager[] trustManager = KeyStoreUtil.createTrustManagers(trustStore);
TrustManagerExt trustManagerExt = new TrustManagerExt((X509ExtendedTrustManager) trustManager[0], option, custom);
Assert.assertEquals(3, trustManagerExt.getAcceptedIssuers()[0].getVersion());
Assert.assertNotNull(trustManagerExt);
}
use of javax.net.ssl.X509ExtendedTrustManager in project athenz by yahoo.
the class TrustManagerProxyTest method testTrustManagerProxySetTrustManger.
@Test
public void testTrustManagerProxySetTrustManger() {
TrustManager[] trustManagers = new TrustManager[] { new X509ExtendedTrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
}
} };
TrustManagerProxy trustManagerProxy = new TrustManagerProxy(trustManagers);
X509ExtendedTrustManager trustManagerFirst = Deencapsulation.getField(trustManagerProxy, "trustManager");
assertNotNull(trustManagerFirst);
trustManagerProxy.setTrustManager(new TrustManager[] { new X509ExtendedTrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
}
} });
X509ExtendedTrustManager trustManagerSecond = Deencapsulation.getField(trustManagerProxy, "trustManager");
assertNotNull(trustManagerSecond);
assertNotSame(trustManagerFirst, trustManagerSecond);
}
use of javax.net.ssl.X509ExtendedTrustManager in project incubator-servicecomb-java-chassis by apache.
the class SSLManager method createSSLContext.
public static SSLContext createSSLContext(SSLOption option, SSLCustom custom) {
try {
String keyStoreName = custom.getFullPath(option.getKeyStore());
KeyManager[] keymanager;
if (keyStoreName != null && new File(keyStoreName).exists()) {
char[] keyStoreValue = custom.decode(option.getKeyStoreValue().toCharArray());
KeyStore keyStore = KeyStoreUtil.createKeyStore(keyStoreName, option.getKeyStoreType(), keyStoreValue);
keymanager = KeyStoreUtil.createKeyManagers(keyStore, keyStoreValue);
} else {
keymanager = null;
}
String trustStoreName = custom.getFullPath(option.getTrustStore());
TrustManager[] trustManager;
if (trustStoreName != null && new File(trustStoreName).exists()) {
char[] trustStoreValue = custom.decode(option.getTrustStoreValue().toCharArray());
KeyStore trustStore = KeyStoreUtil.createKeyStore(trustStoreName, option.getTrustStoreType(), trustStoreValue);
trustManager = KeyStoreUtil.createTrustManagers(trustStore);
} else {
trustManager = new TrustManager[] { new TrustAllManager() };
}
TrustManager[] wrapped = new TrustManager[trustManager.length];
for (int i = 0; i < trustManager.length; i++) {
wrapped[i] = new TrustManagerExt((X509ExtendedTrustManager) trustManager[i], option, custom);
}
// ?: ssl context version
SSLContext context = SSLContext.getInstance("TLS");
context.init(keymanager, wrapped, new SecureRandom());
return context;
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException("NoSuchAlgorithmException." + e.getMessage());
} catch (KeyManagementException e) {
throw new IllegalArgumentException("KeyManagementException." + e.getMessage());
}
}
use of javax.net.ssl.X509ExtendedTrustManager in project zookeeper by apache.
the class X509Util method createTrustManager.
/**
* Creates a trust manager by loading the trust store from the given file
* of the given type, optionally decrypting it using the given password.
* @param trustStoreLocation the location of the trust store file.
* @param trustStorePassword optional password to decrypt the trust store
* (only applies to JKS trust stores). If empty,
* assumes the trust store is not encrypted.
* @param trustStoreTypeProp must be JKS, PEM, PKCS12, BCFKS or null. If
* null, attempts to autodetect the trust store
* type from the file extension (e.g. .jks / .pem).
* @param crlEnabled enable CRL (certificate revocation list) checks.
* @param ocspEnabled enable OCSP (online certificate status protocol)
* checks.
* @param serverHostnameVerificationEnabled if true, verify hostnames of
* remote servers that client
* sockets created by this
* X509Util connect to.
* @param clientHostnameVerificationEnabled if true, verify hostnames of
* remote clients that server
* sockets created by this
* X509Util accept connections
* from.
* @return the trust manager.
* @throws TrustManagerException if something goes wrong.
*/
public static X509TrustManager createTrustManager(String trustStoreLocation, String trustStorePassword, String trustStoreTypeProp, boolean crlEnabled, boolean ocspEnabled, final boolean serverHostnameVerificationEnabled, final boolean clientHostnameVerificationEnabled) throws TrustManagerException {
if (trustStorePassword == null) {
trustStorePassword = "";
}
try {
KeyStore ts = loadTrustStore(trustStoreLocation, trustStorePassword, trustStoreTypeProp);
PKIXBuilderParameters pbParams = new PKIXBuilderParameters(ts, new X509CertSelector());
if (crlEnabled || ocspEnabled) {
pbParams.setRevocationEnabled(true);
System.setProperty("com.sun.net.ssl.checkRevocation", "true");
System.setProperty("com.sun.security.enableCRLDP", "true");
if (ocspEnabled) {
Security.setProperty("ocsp.enable", "true");
}
} else {
pbParams.setRevocationEnabled(false);
}
// Revocation checking is only supported with the PKIX algorithm
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(new CertPathTrustManagerParameters(pbParams));
for (final TrustManager tm : tmf.getTrustManagers()) {
if (tm instanceof X509ExtendedTrustManager) {
return new ZKTrustManager((X509ExtendedTrustManager) tm, serverHostnameVerificationEnabled, clientHostnameVerificationEnabled);
}
}
throw new TrustManagerException("Couldn't find X509TrustManager");
} catch (IOException | GeneralSecurityException | IllegalArgumentException e) {
throw new TrustManagerException(e);
}
}
use of javax.net.ssl.X509ExtendedTrustManager in project java-chassis by ServiceComb.
the class SSLManager method createSSLContext.
public static SSLContext createSSLContext(SSLOption option, SSLCustom custom) {
try {
String keyStoreName = custom.getFullPath(option.getKeyStore());
char[] keyStoreValue = option.getKeyStoreValue() == null ? new char[0] : custom.decode(option.getKeyStoreValue().toCharArray());
KeyStore keyStore = KeyStoreUtil.createKeyStore(keyStoreName, option.getKeyStoreType(), keyStoreValue);
KeyManager[] keyManager = null;
if (keyStore != null) {
keyManager = KeyStoreUtil.createKeyManagers(keyStore, keyStoreValue);
}
String trustStoreName = custom.getFullPath(option.getTrustStore());
char[] trustStoreValue = option.getTrustStoreValue() == null ? new char[0] : custom.decode(option.getTrustStoreValue().toCharArray());
KeyStore trustStore = KeyStoreUtil.createKeyStore(trustStoreName, option.getTrustStoreType(), trustStoreValue);
TrustManager[] trustManager;
if (trustStore != null) {
trustManager = KeyStoreUtil.createTrustManagers(trustStore);
} else {
trustManager = new TrustManager[] { new TrustAllManager() };
}
TrustManager[] wrapped = new TrustManager[trustManager.length];
for (int i = 0; i < trustManager.length; i++) {
wrapped[i] = new TrustManagerExt((X509ExtendedTrustManager) trustManager[i], option, custom);
}
// ?: ssl context version
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManager, wrapped, new SecureRandom());
return context;
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException("NoSuchAlgorithmException." + e.getMessage());
} catch (KeyManagementException e) {
throw new IllegalArgumentException("KeyManagementException." + e.getMessage());
}
}
Aggregations