Examples with X509KeyManager - javax.net.ssl.X509KeyManager

Example 16 with X509KeyManager

use of javax.net.ssl.X509KeyManager in project Payara by payara.

the class J2EEKeyManager method getManagerFromToken.

/**
 * Find the corresponding X509KeyManager associated to token in alias.
 * It returns null if there is n
 * @param tokenAlias of the form &lt;tokenName&gt;:&lt;aliasName&gt;
 */
private X509KeyManager getManagerFromToken(String tokenAlias) {
    X509KeyManager keyMgr = null;
    int ind = -1;
    if (supportTokenAlias && tokenAlias != null && (ind = tokenAlias.indexOf(':')) != -1) {
        String tokenName = alias.substring(0, ind);
        keyMgr = tokenName2MgrMap.get(tokenName);
    }
    return keyMgr;
}

Also used : X509KeyManager(javax.net.ssl.X509KeyManager) UnifiedX509KeyManager(com.sun.enterprise.security.ssl.manager.UnifiedX509KeyManager)

Example 17 with X509KeyManager

use of javax.net.ssl.X509KeyManager in project Payara by payara.

the class SSLUtils method getAdminSSLContext.

/*
    * @param alias  the admin key alias
    * @param protocol the protocol or null, uses "TLS" if this argument is null.
    * @return the initialized SSLContext
    */
public SSLContext getAdminSSLContext(String alias, String protocol) {
    try {
        if (protocol == null) {
            protocol = "TLS";
        }
        SSLContext cntxt = SSLContext.getInstance(protocol);
        KeyManager[] kMgrs = getKeyManagers();
        if (alias != null && alias.length() > 0 && kMgrs != null) {
            for (int i = 0; i < kMgrs.length; i++) {
                kMgrs[i] = new J2EEKeyManager((X509KeyManager) kMgrs[i], alias);
            }
        }
        cntxt.init(kMgrs, getTrustManagers(), null);
        return cntxt;
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

Also used : X509KeyManager(javax.net.ssl.X509KeyManager) SSLContext(javax.net.ssl.SSLContext) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager) KeyStoreException(java.security.KeyStoreException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AccessControlException(java.security.AccessControlException)

Example 18 with X509KeyManager

use of javax.net.ssl.X509KeyManager in project Payara by payara.

the class JSSE14SocketFactory method getKeyManagers.

/**
 * Gets the initialized key managers.
 */
protected KeyManager[] getKeyManagers(String algorithm, String keyAlias) throws Exception {
    KeyManager[] kms;
    String keystorePass = getKeystorePassword();
    KeyStore ks = getKeystore(keystorePass);
    if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
        throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias));
    }
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
    kmf.init(ks, keystorePass.toCharArray());
    kms = kmf.getKeyManagers();
    if (keyAlias != null) {
        for (int i = 0; i < kms.length; i++) {
            kms[i] = new JSSEKeyManager((X509KeyManager) kms[i], keyAlias);
        }
    }
    return kms;
}

Also used : X509KeyManager(javax.net.ssl.X509KeyManager) IOException(java.io.IOException) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager) KeyStore(java.security.KeyStore) KeyManagerFactory(javax.net.ssl.KeyManagerFactory)

Example 19 with X509KeyManager

use of javax.net.ssl.X509KeyManager in project cas by apereo.

the class FileTrustStoreSslSocketFactory method getTrustedSslContext.

/**
     * Gets the trusted ssl context.
     *
     * @param trustStoreFile     the trust store file
     * @param trustStorePassword the trust store password
     * @param trustStoreType     the trust store type
     * @return the trusted ssl context
     */
private static SSLContext getTrustedSslContext(final Resource trustStoreFile, final String trustStorePassword, final String trustStoreType) {
    try {
        final KeyStore casTrustStore = KeyStore.getInstance(trustStoreType);
        final char[] trustStorePasswordCharArray = trustStorePassword.toCharArray();
        try (InputStream casStream = trustStoreFile.getInputStream()) {
            casTrustStore.load(casStream, trustStorePasswordCharArray);
        }
        final String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
        final X509KeyManager customKeyManager = getKeyManager(ALG_NAME_PKIX, casTrustStore, trustStorePasswordCharArray);
        final X509KeyManager jvmKeyManager = getKeyManager(defaultAlgorithm, null, null);
        final X509TrustManager customTrustManager = getTrustManager(ALG_NAME_PKIX, casTrustStore);
        final X509TrustManager jvmTrustManager = getTrustManager(defaultAlgorithm, null);
        final KeyManager[] keyManagers = { new CompositeX509KeyManager(Arrays.asList(jvmKeyManager, customKeyManager)) };
        final TrustManager[] trustManagers = { new CompositeX509TrustManager(Arrays.asList(jvmTrustManager, customTrustManager)) };
        final SSLContext context = SSLContexts.custom().useProtocol("SSL").build();
        context.init(keyManagers, trustManagers, null);
        return context;
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        throw Throwables.propagate(e);
    }
}

Also used : InputStream(java.io.InputStream) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) CertificateException(java.security.cert.CertificateException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) X509KeyManager(javax.net.ssl.X509KeyManager) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager)

Example 20 with X509KeyManager

use of javax.net.ssl.X509KeyManager in project tomcat by apache.

the class JSSEUtil method getKeyManagers.

@Override
public KeyManager[] getKeyManagers() throws Exception {
    String keystoreType = certificate.getCertificateKeystoreType();
    String keyAlias = certificate.getCertificateKeyAlias();
    String algorithm = sslHostConfig.getKeyManagerAlgorithm();
    String keyPass = certificate.getCertificateKeyPassword();
    // defaults vary between JSSE and OpenSSL.
    if (keyPass == null) {
        keyPass = certificate.getCertificateKeystorePassword();
    }
    KeyManager[] kms = null;
    KeyStore ks = certificate.getCertificateKeystore();
    if (ks == null) {
        // create an in-memory keystore and import the private key
        // and the certificate chain from the PEM files
        ks = KeyStore.getInstance("JKS");
        ks.load(null, null);
        PEMFile privateKeyFile = new PEMFile(SSLHostConfig.adjustRelativePath(certificate.getCertificateKeyFile() != null ? certificate.getCertificateKeyFile() : certificate.getCertificateFile()), keyPass);
        PEMFile certificateFile = new PEMFile(SSLHostConfig.adjustRelativePath(certificate.getCertificateFile()));
        Collection<Certificate> chain = new ArrayList<>();
        chain.addAll(certificateFile.getCertificates());
        if (certificate.getCertificateChainFile() != null) {
            PEMFile certificateChainFile = new PEMFile(SSLHostConfig.adjustRelativePath(certificate.getCertificateChainFile()));
            chain.addAll(certificateChainFile.getCertificates());
        }
        if (keyAlias == null) {
            keyAlias = "tomcat";
        }
        ks.setKeyEntry(keyAlias, privateKeyFile.getPrivateKey(), keyPass.toCharArray(), chain.toArray(new Certificate[chain.size()]));
    }
    if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
        throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias));
    }
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
    kmf.init(ks, keyPass.toCharArray());
    kms = kmf.getKeyManagers();
    if (kms == null) {
        return kms;
    }
    if (keyAlias != null) {
        String alias = keyAlias;
        // JKS keystores always convert the alias name to lower case
        if ("JKS".equals(keystoreType)) {
            alias = alias.toLowerCase(Locale.ENGLISH);
        }
        for (int i = 0; i < kms.length; i++) {
            kms[i] = new JSSEKeyManager((X509KeyManager) kms[i], alias);
        }
    }
    return kms;
}

Also used : ArrayList(java.util.ArrayList) IOException(java.io.IOException) KeyStore(java.security.KeyStore) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) X509KeyManager(javax.net.ssl.X509KeyManager) X509KeyManager(javax.net.ssl.X509KeyManager) KeyManager(javax.net.ssl.KeyManager) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) SSLHostConfigCertificate(org.apache.tomcat.util.net.SSLHostConfigCertificate)

Aggregations

X509KeyManager (javax.net.ssl.X509KeyManager)29 KeyManager (javax.net.ssl.KeyManager)16 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)11 IOException (java.io.IOException)10 KeyStore (java.security.KeyStore)9 CertificateException (java.security.cert.CertificateException)8 X509Certificate (java.security.cert.X509Certificate)8 X509TrustManager (javax.net.ssl.X509TrustManager)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7 X509ExtendedKeyManager (javax.net.ssl.X509ExtendedKeyManager)7 SSLContext (javax.net.ssl.SSLContext)6 KeyFactory (java.security.KeyFactory)4 KeyPair (java.security.KeyPair)4 KeyPairGenerator (java.security.KeyPairGenerator)4 PublicKey (java.security.PublicKey)4 DHPublicKey (javax.crypto.interfaces.DHPublicKey)4 DHParameterSpec (javax.crypto.spec.DHParameterSpec)4 DHPublicKeySpec (javax.crypto.spec.DHPublicKeySpec)4 SSLException (javax.net.ssl.SSLException)4 TrustManager (javax.net.ssl.TrustManager)4