Example 21 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project netty by netty.
the class ReferenceCountedOpenSslClientContext method newSessionContext.
static OpenSslSessionContext newSessionContext(ReferenceCountedOpenSslContext thiz, long ctx, OpenSslEngineMap engineMap, X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory) throws SSLException {
if (key == null && keyCertChain != null || key != null && keyCertChain == null) {
throw new IllegalArgumentException("Either both keyCertChain and key needs to be null or none of them");
}
synchronized (ReferenceCountedOpenSslContext.class) {
try {
if (!OpenSsl.useKeyManagerFactory()) {
if (keyManagerFactory != null) {
throw new IllegalArgumentException("KeyManagerFactory not supported");
}
if (keyCertChain != null) /* && key != null*/
{
setKeyMaterial(ctx, keyCertChain, key, keyPassword);
}
} else {
// javadocs state that keyManagerFactory has precedent over keyCertChain
if (keyManagerFactory == null && keyCertChain != null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
}
if (keyManagerFactory != null) {
X509KeyManager keyManager = chooseX509KeyManager(keyManagerFactory.getKeyManagers());
OpenSslKeyMaterialManager materialManager = useExtendedKeyManager(keyManager) ? new OpenSslExtendedKeyMaterialManager((X509ExtendedKeyManager) keyManager, keyPassword) : new OpenSslKeyMaterialManager(keyManager, keyPassword);
SSLContext.setCertRequestedCallback(ctx, new OpenSslCertificateRequestedCallback(engineMap, materialManager));
}
}
} catch (Exception e) {
throw new SSLException("failed to set certificate and key", e);
}
SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
try {
if (trustCertCollection != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
} else if (trustManagerFactory == null) {
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
}
final X509TrustManager manager = chooseTrustManager(trustManagerFactory.getTrustManagers());
// Use this to prevent an error when running on java < 7
if (useExtendedTrustManager(manager)) {
SSLContext.setCertVerifyCallback(ctx, new ExtendedTrustManagerVerifyCallback(engineMap, (X509ExtendedTrustManager) manager));
} else {
SSLContext.setCertVerifyCallback(ctx, new TrustManagerVerifyCallback(engineMap, manager));
}
} catch (Exception e) {
throw new SSLException("unable to setup trustmanager", e);
}
}
return new OpenSslClientSessionContext(thiz);
}
Also used :
X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager)
X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager)
SSLException(javax.net.ssl.SSLException)
KeyStore(java.security.KeyStore)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
SSLException(javax.net.ssl.SSLException)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
Example 22 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project netty by netty.
the class ReferenceCountedOpenSslServerContext method newSessionContext.
static ServerContext newSessionContext(ReferenceCountedOpenSslContext thiz, long ctx, OpenSslEngineMap engineMap, X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory) throws SSLException {
ServerContext result = new ServerContext();
synchronized (ReferenceCountedOpenSslContext.class) {
try {
SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
if (!OpenSsl.useKeyManagerFactory()) {
if (keyManagerFactory != null) {
throw new IllegalArgumentException("KeyManagerFactory not supported");
}
checkNotNull(keyCertChain, "keyCertChain");
setKeyMaterial(ctx, keyCertChain, key, keyPassword);
} else {
// keyManagerFactory for the server so build one if it is not specified.
if (keyManagerFactory == null) {
keyManagerFactory = buildKeyManagerFactory(keyCertChain, key, keyPassword, keyManagerFactory);
}
X509KeyManager keyManager = chooseX509KeyManager(keyManagerFactory.getKeyManagers());
result.keyMaterialManager = useExtendedKeyManager(keyManager) ? new OpenSslExtendedKeyMaterialManager((X509ExtendedKeyManager) keyManager, keyPassword) : new OpenSslKeyMaterialManager(keyManager, keyPassword);
}
} catch (Exception e) {
throw new SSLException("failed to set certificate and key", e);
}
try {
if (trustCertCollection != null) {
trustManagerFactory = buildTrustManagerFactory(trustCertCollection, trustManagerFactory);
} else if (trustManagerFactory == null) {
// Mimic the way SSLContext.getInstance(KeyManager[], null, null) works
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
}
final X509TrustManager manager = chooseTrustManager(trustManagerFactory.getTrustManagers());
// Use this to prevent an error when running on java < 7
if (useExtendedTrustManager(manager)) {
SSLContext.setCertVerifyCallback(ctx, new ExtendedTrustManagerVerifyCallback(engineMap, (X509ExtendedTrustManager) manager));
} else {
SSLContext.setCertVerifyCallback(ctx, new TrustManagerVerifyCallback(engineMap, manager));
}
X509Certificate[] issuers = manager.getAcceptedIssuers();
if (issuers != null && issuers.length > 0) {
long bio = 0;
try {
bio = toBIO(issuers);
if (!SSLContext.setCACertificateBio(ctx, bio)) {
throw new SSLException("unable to setup accepted issuers for trustmanager " + manager);
}
} finally {
freeBio(bio);
}
}
} catch (SSLException e) {
throw e;
} catch (Exception e) {
throw new SSLException("unable to setup trustmanager", e);
}
}
result.sessionContext = new OpenSslServerSessionContext(thiz);
result.sessionContext.setSessionIdContext(ID);
return result;
}
Also used :
X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager)
SSLException(javax.net.ssl.SSLException)
KeyStore(java.security.KeyStore)
SSLException(javax.net.ssl.SSLException)
X509Certificate(java.security.cert.X509Certificate)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
Example 23 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project camel by apache.
the class KeyManagersParametersTest method validateKeyManagers.
protected void validateKeyManagers(KeyManager[] kms) {
assertEquals(1, kms.length);
assertTrue(kms[0] instanceof X509KeyManager);
X509KeyManager km = (X509KeyManager) kms[0];
assertNotNull(km.getPrivateKey("server"));
}
Also used :
X509KeyManager(javax.net.ssl.X509KeyManager)
Example 24 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project robovm by robovm.
the class SSLSocketTest method test_SSLSocket_clientAuth_bogusAlias.
public void test_SSLSocket_clientAuth_bogusAlias() throws Exception {
TestSSLContext c = TestSSLContext.create();
SSLContext clientContext = SSLContext.getInstance("TLS");
X509KeyManager keyManager = new X509KeyManager() {
@Override
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
return "bogus";
}
@Override
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
throw new AssertionError();
}
@Override
public X509Certificate[] getCertificateChain(String alias) {
// return null for "bogus" alias
return null;
}
@Override
public String[] getClientAliases(String keyType, Principal[] issuers) {
throw new AssertionError();
}
@Override
public String[] getServerAliases(String keyType, Principal[] issuers) {
throw new AssertionError();
}
@Override
public PrivateKey getPrivateKey(String alias) {
// return null for "bogus" alias
return null;
}
};
clientContext.init(new KeyManager[] { keyManager }, new TrustManager[] { c.clientTrustManager }, null);
SSLSocket client = (SSLSocket) clientContext.getSocketFactory().createSocket(c.host, c.port);
final SSLSocket server = (SSLSocket) c.serverSocket.accept();
ExecutorService executor = Executors.newSingleThreadExecutor();
Future<Void> future = executor.submit(new Callable<Void>() {
@Override
public Void call() throws Exception {
try {
server.setNeedClientAuth(true);
server.startHandshake();
fail();
} catch (SSLHandshakeException expected) {
}
return null;
}
});
executor.shutdown();
try {
client.startHandshake();
fail();
} catch (SSLHandshakeException expected) {
// before we would get a NullPointerException from passing
// due to the null PrivateKey return by the X509KeyManager.
}
future.get();
client.close();
server.close();
c.close();
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLContext(javax.net.ssl.SSLContext)
X509Certificate(java.security.cert.X509Certificate)
SocketException(java.net.SocketException)
SocketTimeoutException(java.net.SocketTimeoutException)
SSLProtocolException(javax.net.ssl.SSLProtocolException)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
SSLException(javax.net.ssl.SSLException)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
X509KeyManager(javax.net.ssl.X509KeyManager)
ExecutorService(java.util.concurrent.ExecutorService)
Socket(java.net.Socket)
SSLSocket(javax.net.ssl.SSLSocket)
ServerSocket(java.net.ServerSocket)
SSLServerSocket(javax.net.ssl.SSLServerSocket)
Example 25 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project jmeter by apache.
the class JsseSSLManager method createContext.
/*
*
* Creates new SSL context
*
* @return SSL context
*
* @throws GeneralSecurityException when the algorithm for the context can
* not be found or the keys have problems
*/
private SSLContext createContext() throws GeneralSecurityException {
SSLContext context;
if (pro != null) {
// $NON-NLS-1$
context = SSLContext.getInstance(DEFAULT_SSL_PROTOCOL, pro);
} else {
// $NON-NLS-1$
context = SSLContext.getInstance(DEFAULT_SSL_PROTOCOL);
}
KeyManagerFactory managerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
JmeterKeyStore keys = this.getKeyStore();
managerFactory.init(null, defaultpw == null ? new char[] {} : defaultpw.toCharArray());
KeyManager[] managers = managerFactory.getKeyManagers();
KeyManager[] newManagers = new KeyManager[managers.length];
if (log.isDebugEnabled()) {
log.debug("JmeterKeyStore type: {}", keys.getClass());
}
// Now wrap the default managers with our key manager
for (int i = 0; i < managers.length; i++) {
if (managers[i] instanceof X509KeyManager) {
X509KeyManager manager = (X509KeyManager) managers[i];
newManagers[i] = new WrappedX509KeyManager(manager, keys);
} else {
newManagers[i] = managers[i];
}
}
// Get the default trust managers
TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmfactory.init(this.getTrustStore());
// Wrap the defaults in our custom trust manager
TrustManager[] trustmanagers = tmfactory.getTrustManagers();
for (int i = 0; i < trustmanagers.length; i++) {
if (trustmanagers[i] instanceof X509TrustManager) {
trustmanagers[i] = new CustomX509TrustManager((X509TrustManager) trustmanagers[i]);
}
}
context.init(newManagers, trustmanagers, this.rand);
if (log.isDebugEnabled()) {
String[] dCiphers = context.getSocketFactory().getDefaultCipherSuites();
String[] sCiphers = context.getSocketFactory().getSupportedCipherSuites();
int len = (dCiphers.length > sCiphers.length) ? dCiphers.length : sCiphers.length;
for (int i = 0; i < len; i++) {
if (i < dCiphers.length) {
log.debug("Default Cipher: {}", dCiphers[i]);
}
if (i < sCiphers.length) {
log.debug("Supported Cipher: {}", sCiphers[i]);
}
}
}
return context;
}
Also used :
JmeterKeyStore(org.apache.jmeter.util.keystore.JmeterKeyStore)
SSLContext(javax.net.ssl.SSLContext)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
X509KeyManager(javax.net.ssl.X509KeyManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager)
Aggregations
X509KeyManager (javax.net.ssl.X509KeyManager)29
KeyManager (javax.net.ssl.KeyManager)16
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)11
IOException (java.io.IOException)10
KeyStore (java.security.KeyStore)9
CertificateException (java.security.cert.CertificateException)8
X509Certificate (java.security.cert.X509Certificate)8
X509TrustManager (javax.net.ssl.X509TrustManager)8
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
X509ExtendedKeyManager (javax.net.ssl.X509ExtendedKeyManager)7
SSLContext (javax.net.ssl.SSLContext)6
KeyFactory (java.security.KeyFactory)4
KeyPair (java.security.KeyPair)4
KeyPairGenerator (java.security.KeyPairGenerator)4
PublicKey (java.security.PublicKey)4
DHPublicKey (javax.crypto.interfaces.DHPublicKey)4
DHParameterSpec (javax.crypto.spec.DHParameterSpec)4
DHPublicKeySpec (javax.crypto.spec.DHPublicKeySpec)4
SSLException (javax.net.ssl.SSLException)4
TrustManager (javax.net.ssl.TrustManager)4
