use of javax.net.ssl.X509ExtendedTrustManager in project netty by netty.
the class SslContextBuilderTest method testContextFromManagers.
private static void testContextFromManagers(SslProvider provider) throws Exception {
final SelfSignedCertificate cert = new SelfSignedCertificate();
KeyManager customKeyManager = new X509ExtendedKeyManager() {
@Override
public String[] getClientAliases(String s, Principal[] principals) {
return new String[0];
}
@Override
public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
return "cert_sent_to_server";
}
@Override
public String[] getServerAliases(String s, Principal[] principals) {
return new String[0];
}
@Override
public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
return null;
}
@Override
public X509Certificate[] getCertificateChain(String s) {
X509Certificate[] certificates = new X509Certificate[1];
certificates[0] = cert.cert();
return new X509Certificate[0];
}
@Override
public PrivateKey getPrivateKey(String s) {
return cert.key();
}
};
TrustManager customTrustManager = new X509ExtendedTrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};
SslContextBuilder client_builder = SslContextBuilder.forClient().sslProvider(provider).keyManager(customKeyManager).trustManager(customTrustManager).clientAuth(ClientAuth.OPTIONAL);
SslContext client_context = client_builder.build();
SSLEngine client_engine = client_context.newEngine(UnpooledByteBufAllocator.DEFAULT);
assertFalse(client_engine.getWantClientAuth());
assertFalse(client_engine.getNeedClientAuth());
client_engine.closeInbound();
client_engine.closeOutbound();
SslContextBuilder server_builder = SslContextBuilder.forServer(customKeyManager).sslProvider(provider).trustManager(customTrustManager).clientAuth(ClientAuth.REQUIRE);
SslContext server_context = server_builder.build();
SSLEngine server_engine = server_context.newEngine(UnpooledByteBufAllocator.DEFAULT);
assertFalse(server_engine.getWantClientAuth());
assertTrue(server_engine.getNeedClientAuth());
server_engine.closeInbound();
server_engine.closeOutbound();
}
use of javax.net.ssl.X509ExtendedTrustManager in project druid by druid-io.
the class JettyTest method testCustomCheckX509TrustManagerSetEndpointIdentificationAlgorithmToNullWithValidateServerHostnamesSetToFalse.
@Test
public void testCustomCheckX509TrustManagerSetEndpointIdentificationAlgorithmToNullWithValidateServerHostnamesSetToFalse() throws Exception {
SslContextFactory.Server server = injector.getInstance(SslContextFactory.Server.class);
server.setEndpointIdentificationAlgorithm("HTTPS");
server.start();
SSLEngine sslEngine = server.newSSLEngine();
X509ExtendedTrustManager mockX509ExtendedTrustManager = Mockito.mock(X509ExtendedTrustManager.class);
TLSCertificateChecker mockTLSCertificateChecker = Mockito.mock(TLSCertificateChecker.class);
X509Certificate mockX509Certificate = Mockito.mock(X509Certificate.class);
String authType = "testAuthType";
X509Certificate[] chain = new X509Certificate[] { mockX509Certificate };
// The EndpointIdentificationAlgorithm should not be null as we set it to HTTPS earlier
Assert.assertNotNull(sslEngine.getSSLParameters().getEndpointIdentificationAlgorithm());
CustomCheckX509TrustManager customCheckX509TrustManager = new CustomCheckX509TrustManager(mockX509ExtendedTrustManager, mockTLSCertificateChecker, false);
customCheckX509TrustManager.checkServerTrusted(chain, authType, sslEngine);
ArgumentCaptor<SSLEngine> captor = ArgumentCaptor.forClass(SSLEngine.class);
Mockito.verify(mockTLSCertificateChecker).checkServer(ArgumentMatchers.eq(chain), ArgumentMatchers.eq(authType), captor.capture(), ArgumentMatchers.eq(mockX509ExtendedTrustManager));
SSLEngine transformedSSLEngine = captor.getValue();
// The EndpointIdentificationAlgorithm should be null or empty Stringas the CustomCheckX509TrustManager
// has validateServerHostnames set to false
String endpointIdentificationAlgorithm = transformedSSLEngine.getSSLParameters().getEndpointIdentificationAlgorithm();
Assert.assertTrue(endpointIdentificationAlgorithm == null || endpointIdentificationAlgorithm.isEmpty());
}
use of javax.net.ssl.X509ExtendedTrustManager in project smarthome by eclipse.
the class ExtensibleTrustManagerImpl method addTlsCertificateProvider.
@Override
@Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
public void addTlsCertificateProvider(TlsCertificateProvider tlsCertificateProvider) {
X509ExtendedTrustManager trustManager = new TlsCertificateTrustManagerAdapter(tlsCertificateProvider).getTrustManager();
mappingFromTlsCertificateProvider.put(tlsCertificateProvider, trustManager);
addLinkedTrustManager(tlsCertificateProvider.getHostName(), trustManager);
}
use of javax.net.ssl.X509ExtendedTrustManager in project smarthome by eclipse.
the class TrustManagerUtil method keyStoreToTrustManager.
static X509ExtendedTrustManager keyStoreToTrustManager(@Nullable KeyStore keyStore) {
try {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
// Get hold of the X509ExtendedTrustManager
for (TrustManager tm : tmf.getTrustManagers()) {
if (tm instanceof X509ExtendedTrustManager) {
return (X509ExtendedTrustManager) tm;
}
}
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("Default algorithm missing...", e);
} catch (KeyStoreException e) {
throw new IllegalStateException("Problem while processing keystore", e);
}
throw new IllegalStateException("Could not find X509ExtendedTrustManager");
}
use of javax.net.ssl.X509ExtendedTrustManager in project smarthome by eclipse.
the class ExtensibleTrustManagerImpl method getLinkedTrustMananger.
private X509ExtendedTrustManager getLinkedTrustMananger(X509Certificate[] chain, SSLEngine sslEngine) {
if (sslEngine != null) {
X509ExtendedTrustManager trustManager = null;
String peer = null;
if (sslEngine.getPeerHost() != null) {
peer = sslEngine.getPeerHost() + ":" + sslEngine.getPeerPort();
trustManager = linkedTrustManager.getOrDefault(peer, EMPTY_QUEUE).peek();
}
if (trustManager != null) {
logger.trace("Found trustManager by sslEngine peer/host: {}", peer);
return trustManager;
} else {
logger.trace("Did NOT find trustManager by sslEngine peer/host: {}", peer);
}
}
return getLinkedTrustMananger(chain);
}
Aggregations