Example 56 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project jmeter by apache.
the class JsseSSLManager method createContext.
/*
*
* Creates new SSL context
*
* @return SSL context
*
* @throws GeneralSecurityException when the algorithm for the context can
* not be found or the keys have problems
*/
private SSLContext createContext() throws GeneralSecurityException {
SSLContext context;
if (pro != null) {
// $NON-NLS-1$
context = SSLContext.getInstance(DEFAULT_SSL_PROTOCOL, pro);
} else {
// $NON-NLS-1$
context = SSLContext.getInstance(DEFAULT_SSL_PROTOCOL);
}
KeyManagerFactory managerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
JmeterKeyStore keys = this.getKeyStore();
managerFactory.init(null, defaultpw == null ? new char[] {} : defaultpw.toCharArray());
KeyManager[] managers = managerFactory.getKeyManagers();
KeyManager[] newManagers = new KeyManager[managers.length];
if (log.isDebugEnabled()) {
log.debug("JmeterKeyStore type: {}", keys.getClass());
}
// Now wrap the default managers with our key manager
for (int i = 0; i < managers.length; i++) {
if (managers[i] instanceof X509KeyManager) {
X509KeyManager manager = (X509KeyManager) managers[i];
newManagers[i] = new WrappedX509KeyManager(manager, keys);
} else {
newManagers[i] = managers[i];
}
}
// Get the default trust managers
TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmfactory.init(this.getTrustStore());
// Wrap the defaults in our custom trust manager
TrustManager[] trustmanagers = tmfactory.getTrustManagers();
for (int i = 0; i < trustmanagers.length; i++) {
if (trustmanagers[i] instanceof X509TrustManager) {
trustmanagers[i] = new CustomX509TrustManager((X509TrustManager) trustmanagers[i]);
}
}
context.init(newManagers, trustmanagers, this.rand);
if (log.isDebugEnabled()) {
String[] dCiphers = context.getSocketFactory().getDefaultCipherSuites();
String[] sCiphers = context.getSocketFactory().getSupportedCipherSuites();
int len = (dCiphers.length > sCiphers.length) ? dCiphers.length : sCiphers.length;
for (int i = 0; i < len; i++) {
if (i < dCiphers.length) {
log.debug("Default Cipher: {}", dCiphers[i]);
}
if (i < sCiphers.length) {
log.debug("Supported Cipher: {}", sCiphers[i]);
}
}
}
return context;
}
Also used :
JmeterKeyStore(org.apache.jmeter.util.keystore.JmeterKeyStore)
SSLContext(javax.net.ssl.SSLContext)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
X509KeyManager(javax.net.ssl.X509KeyManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager)
Example 57 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project j2objc by google.
the class SSLSocketTest method test_SSLSocket_clientAuth_bogusAlias.
/* J2ObjC: not implemented
public void test_SSLSocket_untrustedServer() throws Exception {
TestSSLContext c = TestSSLContext.create(TestKeyStore.getClientCA2(),
TestKeyStore.getServer());
SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket(c.host,
c.port);
final SSLSocket server = (SSLSocket) c.serverSocket.accept();
ExecutorService executor = Executors.newSingleThreadExecutor();
Future<Void> future = executor.submit(new Callable<Void>() {
@Override public Void call() throws Exception {
try {
server.startHandshake();
fail();
} catch (SSLHandshakeException expected) {
}
return null;
}
});
executor.shutdown();
try {
client.startHandshake();
fail();
} catch (SSLHandshakeException expected) {
assertTrue(expected.getCause() instanceof CertificateException);
}
future.get();
client.close();
server.close();
c.close();
}
public void test_SSLSocket_clientAuth() throws Exception {
TestSSLContext c = TestSSLContext.create(TestKeyStore.getClientCertificate(),
TestKeyStore.getServer());
SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket(c.host,
c.port);
final SSLSocket server = (SSLSocket) c.serverSocket.accept();
ExecutorService executor = Executors.newSingleThreadExecutor();
Future<Void> future = executor.submit(new Callable<Void>() {
@Override public Void call() throws Exception {
assertFalse(server.getWantClientAuth());
assertFalse(server.getNeedClientAuth());
// confirm turning one on by itself
server.setWantClientAuth(true);
assertTrue(server.getWantClientAuth());
assertFalse(server.getNeedClientAuth());
// confirm turning setting on toggles the other
server.setNeedClientAuth(true);
assertFalse(server.getWantClientAuth());
assertTrue(server.getNeedClientAuth());
// confirm toggling back
server.setWantClientAuth(true);
assertTrue(server.getWantClientAuth());
assertFalse(server.getNeedClientAuth());
server.startHandshake();
return null;
}
});
executor.shutdown();
client.startHandshake();
assertNotNull(client.getSession().getLocalCertificates());
TestKeyStore.assertChainLength(client.getSession().getLocalCertificates());
TestSSLContext.assertClientCertificateChain(c.clientTrustManager,
client.getSession().getLocalCertificates());
future.get();
client.close();
server.close();
c.close();
}
*/
public void test_SSLSocket_clientAuth_bogusAlias() throws Exception {
TestSSLContext c = TestSSLContext.create();
SSLContext clientContext = SSLContext.getInstance("TLS");
X509KeyManager keyManager = new X509KeyManager() {
@Override
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
return "bogus";
}
@Override
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
throw new AssertionError();
}
@Override
public X509Certificate[] getCertificateChain(String alias) {
// return null for "bogus" alias
return null;
}
@Override
public String[] getClientAliases(String keyType, Principal[] issuers) {
throw new AssertionError();
}
@Override
public String[] getServerAliases(String keyType, Principal[] issuers) {
throw new AssertionError();
}
@Override
public PrivateKey getPrivateKey(String alias) {
// return null for "bogus" alias
return null;
}
};
clientContext.init(new KeyManager[] { keyManager }, new TrustManager[] { c.clientTrustManager }, null);
SSLSocket client = (SSLSocket) clientContext.getSocketFactory().createSocket(c.host, c.port);
final SSLSocket server = (SSLSocket) c.serverSocket.accept();
ExecutorService executor = Executors.newSingleThreadExecutor();
Future<Void> future = executor.submit(new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
server.setNeedClientAuth(true);
server.startHandshake();
fail();
} catch (SSLHandshakeException expected) {
}
return null;
}
});
executor.shutdown();
try {
client.startHandshake();
fail();
} catch (SSLHandshakeException expected) {
// before we would get a NullPointerException from passing
// due to the null PrivateKey return by the X509KeyManager.
}
future.get();
client.close();
server.close();
c.close();
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLContext(javax.net.ssl.SSLContext)
X509Certificate(java.security.cert.X509Certificate)
SSLProtocolException(javax.net.ssl.SSLProtocolException)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
KeyManagementException(java.security.KeyManagementException)
EOFException(java.io.EOFException)
SSLException(javax.net.ssl.SSLException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SocketException(java.net.SocketException)
SocketTimeoutException(java.net.SocketTimeoutException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
X509KeyManager(javax.net.ssl.X509KeyManager)
ExecutorService(java.util.concurrent.ExecutorService)
SSLSocket(javax.net.ssl.SSLSocket)
ServerSocket(java.net.ServerSocket)
SSLServerSocket(javax.net.ssl.SSLServerSocket)
Socket(java.net.Socket)
Example 58 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project Payara by payara.
the class GlassfishServerSocketFactory method getKeyManagers.
@Override
protected KeyManager[] getKeyManagers(String algorithm, String keyAlias) throws Exception {
if (sslUtils == null) {
initSSLUtils();
}
String keystoreFile = (String) attributes.get("keystore");
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Keystore file= {0}", keystoreFile);
}
String keystoreType = (String) attributes.get("keystoreType");
if (logger.isLoggable(Level.FINE)) {
logger.log(Level.FINE, "Keystore type= {0}", keystoreType);
}
// validate that the alias is in one of the keystores otherwise emit warning
boolean aliasFound = false;
for (KeyStore keyStore : sslUtils.getKeyStores()) {
if (keyStore.isKeyEntry(keyAlias)) {
aliasFound = true;
break;
}
}
if (!aliasFound) {
logger.log(Level.WARNING, "Unable to find key pair alias {0} in any of the configured key stores, therefore the server may not be able to present a valid SSL Certificate", keyAlias);
}
KeyManager[] kMgrs = sslUtils.getKeyManagers(algorithm);
if (keyAlias != null && keyAlias.length() > 0 && kMgrs != null) {
for (int i = 0; i < kMgrs.length; i++) {
kMgrs[i] = new J2EEKeyManager((X509KeyManager) kMgrs[i], keyAlias);
}
}
return kMgrs;
}
Also used :
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyStore(java.security.KeyStore)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
Example 59 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project Payara by payara.
the class SecuritySupportImpl method getKeyManagers.
@Override
public KeyManager[] getKeyManagers(String algorithm) throws IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
KeyStore[] keyStores = getKeyStores();
ArrayList<KeyManager> keyManagers = new ArrayList<KeyManager>();
for (int i = 0; i < keyStores.length; i++) {
checkCertificateDates(keyStores[i]);
KeyManager[] keyManagersPerStore = getKeyManagerFactory(keyStores[i], keyStorePasswords.get(DEFAULT_MAP_KEY).get(0), algorithm).getKeyManagers();
if (keyManagersPerStore != null) {
keyManagers.addAll(asList(keyManagersPerStore));
}
}
KeyManager keyManager = new UnifiedX509KeyManager(keyManagers.toArray(new X509KeyManager[keyManagers.size()]), getTokenNames());
return new KeyManager[] { keyManager };
}
Also used :
UnifiedX509KeyManager(com.sun.enterprise.security.ssl.manager.UnifiedX509KeyManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
UnifiedX509KeyManager(com.sun.enterprise.security.ssl.manager.UnifiedX509KeyManager)
KeyStore(java.security.KeyStore)
X509KeyManager(javax.net.ssl.X509KeyManager)
UnifiedX509KeyManager(com.sun.enterprise.security.ssl.manager.UnifiedX509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
Example 60 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project Payara by payara.
the class SSLSocketFactory method initStoresAtStartup.
// V3: Copied from SSLUtils to break dependency of SSLUtils on this class
public static synchronized void initStoresAtStartup() throws Exception {
if (initialized) {
return;
}
ServiceLocator habitat = Globals.getDefaultHabitat();
SSLUtils sslUtils = habitat.getService(SSLUtils.class);
keyManagers = sslUtils.getKeyManagers();
trustManagers = sslUtils.getTrustManagers();
// Creating a default SSLContext and HttpsURLConnection for clients
// that use Https
SSLContext ctx = SSLContext.getInstance("TLS");
String keyAlias = System.getProperty(SSLUtils.HTTPS_OUTBOUND_KEY_ALIAS);
KeyManager[] kMgrs = sslUtils.getKeyManagers();
if (keyAlias != null && keyAlias.length() > 0 && kMgrs != null) {
for (int i = 0; i < kMgrs.length; i++) {
kMgrs[i] = new J2EEKeyManager((X509KeyManager) kMgrs[i], keyAlias);
}
}
ctx.init(kMgrs, sslUtils.getTrustManagers(), null);
HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
initialized = true;
}
Also used :
ServiceLocator(org.glassfish.hk2.api.ServiceLocator)
X509KeyManager(javax.net.ssl.X509KeyManager)
SSLContext(javax.net.ssl.SSLContext)
J2EEKeyManager(com.sun.enterprise.security.ssl.J2EEKeyManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
J2EEKeyManager(com.sun.enterprise.security.ssl.J2EEKeyManager)
SSLUtils(com.sun.enterprise.security.ssl.SSLUtils)
Aggregations
X509KeyManager (javax.net.ssl.X509KeyManager)66
KeyManager (javax.net.ssl.KeyManager)32
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)22
IOException (java.io.IOException)18
X509Certificate (java.security.cert.X509Certificate)17
KeyStore (java.security.KeyStore)16
SSLContext (javax.net.ssl.SSLContext)15
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)12
MethodSource (org.junit.jupiter.params.provider.MethodSource)12
GeneralSecurityException (java.security.GeneralSecurityException)8
CertificateException (java.security.cert.CertificateException)8
X509TrustManager (javax.net.ssl.X509TrustManager)8
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
PrivateKey (java.security.PrivateKey)7
TrustManager (javax.net.ssl.TrustManager)7
X509ExtendedKeyManager (javax.net.ssl.X509ExtendedKeyManager)7
UnifiedX509KeyManager (com.sun.enterprise.security.ssl.manager.UnifiedX509KeyManager)4
KeyFactory (java.security.KeyFactory)4
KeyPair (java.security.KeyPair)4
KeyPairGenerator (java.security.KeyPairGenerator)4
