Search in sources :

Example 16 with X509ExtendedTrustManager

use of javax.net.ssl.X509ExtendedTrustManager in project java-chassis by ServiceComb.

the class TrustManagerExtTest method testConstructor.

@SuppressWarnings("unused")
@Test
public void testConstructor() {
    String keyStoreName = custom.getFullPath(option.getKeyStore());
    char[] keyStoreValue = custom.decode(option.getKeyStoreValue().toCharArray());
    String trustStoreName = custom.getFullPath(option.getTrustStore());
    char[] trustStoreValue = custom.decode(option.getTrustStoreValue().toCharArray());
    KeyStore trustStore = KeyStoreUtil.createKeyStore(trustStoreName, option.getTrustStoreType(), trustStoreValue);
    TrustManager[] trustManager = KeyStoreUtil.createTrustManagers(trustStore);
    TrustManagerExt trustManagerExt = new TrustManagerExt((X509ExtendedTrustManager) trustManager[0], option, custom);
    Assert.assertEquals(3, trustManagerExt.getAcceptedIssuers()[0].getVersion());
    Assert.assertNotNull(trustManagerExt);
}
Also used : KeyStore(java.security.KeyStore) TrustManager(javax.net.ssl.TrustManager) X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) Test(org.junit.Test)

Example 17 with X509ExtendedTrustManager

use of javax.net.ssl.X509ExtendedTrustManager in project athenz by yahoo.

the class TrustManagerProxyTest method testTrustManagerProxySetTrustManger.

@Test
public void testTrustManagerProxySetTrustManger() {
    TrustManager[] trustManagers = new TrustManager[] { new X509ExtendedTrustManager() {

        @Override
        public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
        }

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
        }
    } };
    TrustManagerProxy trustManagerProxy = new TrustManagerProxy(trustManagers);
    X509ExtendedTrustManager trustManagerFirst = Deencapsulation.getField(trustManagerProxy, "trustManager");
    assertNotNull(trustManagerFirst);
    trustManagerProxy.setTrustManager(new TrustManager[] { new X509ExtendedTrustManager() {

        @Override
        public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
        }

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
        }
    } });
    X509ExtendedTrustManager trustManagerSecond = Deencapsulation.getField(trustManagerProxy, "trustManager");
    assertNotNull(trustManagerSecond);
    assertNotSame(trustManagerFirst, trustManagerSecond);
}
Also used : X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) SSLEngine(javax.net.ssl.SSLEngine) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) Socket(java.net.Socket) X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) TrustManager(javax.net.ssl.TrustManager) Test(org.junit.Test)

Example 18 with X509ExtendedTrustManager

use of javax.net.ssl.X509ExtendedTrustManager in project incubator-servicecomb-java-chassis by apache.

the class SSLManager method createSSLContext.

public static SSLContext createSSLContext(SSLOption option, SSLCustom custom) {
    try {
        String keyStoreName = custom.getFullPath(option.getKeyStore());
        KeyManager[] keymanager;
        if (keyStoreName != null && new File(keyStoreName).exists()) {
            char[] keyStoreValue = custom.decode(option.getKeyStoreValue().toCharArray());
            KeyStore keyStore = KeyStoreUtil.createKeyStore(keyStoreName, option.getKeyStoreType(), keyStoreValue);
            keymanager = KeyStoreUtil.createKeyManagers(keyStore, keyStoreValue);
        } else {
            keymanager = null;
        }
        String trustStoreName = custom.getFullPath(option.getTrustStore());
        TrustManager[] trustManager;
        if (trustStoreName != null && new File(trustStoreName).exists()) {
            char[] trustStoreValue = custom.decode(option.getTrustStoreValue().toCharArray());
            KeyStore trustStore = KeyStoreUtil.createKeyStore(trustStoreName, option.getTrustStoreType(), trustStoreValue);
            trustManager = KeyStoreUtil.createTrustManagers(trustStore);
        } else {
            trustManager = new TrustManager[] { new TrustAllManager() };
        }
        TrustManager[] wrapped = new TrustManager[trustManager.length];
        for (int i = 0; i < trustManager.length; i++) {
            wrapped[i] = new TrustManagerExt((X509ExtendedTrustManager) trustManager[i], option, custom);
        }
        // ?: ssl context version
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(keymanager, wrapped, new SecureRandom());
        return context;
    } catch (NoSuchAlgorithmException e) {
        throw new IllegalArgumentException("NoSuchAlgorithmException." + e.getMessage());
    } catch (KeyManagementException e) {
        throw new IllegalArgumentException("KeyManagementException." + e.getMessage());
    }
}
Also used : X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStore(java.security.KeyStore) KeyManagementException(java.security.KeyManagementException) TrustManager(javax.net.ssl.TrustManager) X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) KeyManager(javax.net.ssl.KeyManager) File(java.io.File)

Example 19 with X509ExtendedTrustManager

use of javax.net.ssl.X509ExtendedTrustManager in project zookeeper by apache.

the class X509Util method createTrustManager.

/**
 * Creates a trust manager by loading the trust store from the given file
 * of the given type, optionally decrypting it using the given password.
 * @param trustStoreLocation the location of the trust store file.
 * @param trustStorePassword optional password to decrypt the trust store
 *                           (only applies to JKS trust stores). If empty,
 *                           assumes the trust store is not encrypted.
 * @param trustStoreTypeProp must be JKS, PEM, PKCS12, BCFKS or null. If
 *                           null, attempts to autodetect the trust store
 *                           type from the file extension (e.g. .jks / .pem).
 * @param crlEnabled enable CRL (certificate revocation list) checks.
 * @param ocspEnabled enable OCSP (online certificate status protocol)
 *                    checks.
 * @param serverHostnameVerificationEnabled if true, verify hostnames of
 *                                          remote servers that client
 *                                          sockets created by this
 *                                          X509Util connect to.
 * @param clientHostnameVerificationEnabled if true, verify hostnames of
 *                                          remote clients that server
 *                                          sockets created by this
 *                                          X509Util accept connections
 *                                          from.
 * @return the trust manager.
 * @throws TrustManagerException if something goes wrong.
 */
public static X509TrustManager createTrustManager(String trustStoreLocation, String trustStorePassword, String trustStoreTypeProp, boolean crlEnabled, boolean ocspEnabled, final boolean serverHostnameVerificationEnabled, final boolean clientHostnameVerificationEnabled) throws TrustManagerException {
    if (trustStorePassword == null) {
        trustStorePassword = "";
    }
    try {
        KeyStore ts = loadTrustStore(trustStoreLocation, trustStorePassword, trustStoreTypeProp);
        PKIXBuilderParameters pbParams = new PKIXBuilderParameters(ts, new X509CertSelector());
        if (crlEnabled || ocspEnabled) {
            pbParams.setRevocationEnabled(true);
            System.setProperty("com.sun.net.ssl.checkRevocation", "true");
            System.setProperty("com.sun.security.enableCRLDP", "true");
            if (ocspEnabled) {
                Security.setProperty("ocsp.enable", "true");
            }
        } else {
            pbParams.setRevocationEnabled(false);
        }
        // Revocation checking is only supported with the PKIX algorithm
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
        tmf.init(new CertPathTrustManagerParameters(pbParams));
        for (final TrustManager tm : tmf.getTrustManagers()) {
            if (tm instanceof X509ExtendedTrustManager) {
                return new ZKTrustManager((X509ExtendedTrustManager) tm, serverHostnameVerificationEnabled, clientHostnameVerificationEnabled);
            }
        }
        throw new TrustManagerException("Couldn't find X509TrustManager");
    } catch (IOException | GeneralSecurityException | IllegalArgumentException e) {
        throw new TrustManagerException(e);
    }
}
Also used : X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) PKIXBuilderParameters(java.security.cert.PKIXBuilderParameters) CertPathTrustManagerParameters(javax.net.ssl.CertPathTrustManagerParameters) GeneralSecurityException(java.security.GeneralSecurityException) X509CertSelector(java.security.cert.X509CertSelector) IOException(java.io.IOException) KeyStore(java.security.KeyStore) TrustManager(javax.net.ssl.TrustManager) X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) TrustManagerException(org.apache.zookeeper.common.X509Exception.TrustManagerException)

Example 20 with X509ExtendedTrustManager

use of javax.net.ssl.X509ExtendedTrustManager in project java-chassis by ServiceComb.

the class SSLManager method createSSLContext.

public static SSLContext createSSLContext(SSLOption option, SSLCustom custom) {
    try {
        String keyStoreName = custom.getFullPath(option.getKeyStore());
        char[] keyStoreValue = option.getKeyStoreValue() == null ? new char[0] : custom.decode(option.getKeyStoreValue().toCharArray());
        KeyStore keyStore = KeyStoreUtil.createKeyStore(keyStoreName, option.getKeyStoreType(), keyStoreValue);
        KeyManager[] keyManager = null;
        if (keyStore != null) {
            keyManager = KeyStoreUtil.createKeyManagers(keyStore, keyStoreValue);
        }
        String trustStoreName = custom.getFullPath(option.getTrustStore());
        char[] trustStoreValue = option.getTrustStoreValue() == null ? new char[0] : custom.decode(option.getTrustStoreValue().toCharArray());
        KeyStore trustStore = KeyStoreUtil.createKeyStore(trustStoreName, option.getTrustStoreType(), trustStoreValue);
        TrustManager[] trustManager;
        if (trustStore != null) {
            trustManager = KeyStoreUtil.createTrustManagers(trustStore);
        } else {
            trustManager = new TrustManager[] { new TrustAllManager() };
        }
        TrustManager[] wrapped = new TrustManager[trustManager.length];
        for (int i = 0; i < trustManager.length; i++) {
            wrapped[i] = new TrustManagerExt((X509ExtendedTrustManager) trustManager[i], option, custom);
        }
        // ?: ssl context version
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(keyManager, wrapped, new SecureRandom());
        return context;
    } catch (NoSuchAlgorithmException e) {
        throw new IllegalArgumentException("NoSuchAlgorithmException." + e.getMessage());
    } catch (KeyManagementException e) {
        throw new IllegalArgumentException("KeyManagementException." + e.getMessage());
    }
}
Also used : X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStore(java.security.KeyStore) KeyManagementException(java.security.KeyManagementException) TrustManager(javax.net.ssl.TrustManager) X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) KeyManager(javax.net.ssl.KeyManager)

Aggregations

X509ExtendedTrustManager (javax.net.ssl.X509ExtendedTrustManager)25 TrustManager (javax.net.ssl.TrustManager)14 KeyStore (java.security.KeyStore)10 X509Certificate (java.security.cert.X509Certificate)8 CertificateException (java.security.cert.CertificateException)7 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6 SSLEngine (javax.net.ssl.SSLEngine)6 Socket (java.net.Socket)5 KeyManager (javax.net.ssl.KeyManager)5 SSLContext (javax.net.ssl.SSLContext)5 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)5 Test (org.junit.Test)5 IOException (java.io.IOException)4 KeyManagementException (java.security.KeyManagementException)4 KeyStoreException (java.security.KeyStoreException)3 SecureRandom (java.security.SecureRandom)3 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)2 File (java.io.File)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 Bootstrap (io.netty.bootstrap.Bootstrap)1