Example 41 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project wso2-synapse by wso2.
the class ServerConnFactoryBuilder method createSSLContext.
protected SSLContextDetails createSSLContext(final OMElement keyStoreEl, final OMElement trustStoreEl, final OMElement cientAuthEl, final OMElement httpsProtocolsEl, final OMElement preferredCiphersEl, final RevocationVerificationManager verificationManager, final String sslProtocol) throws AxisFault {
KeyManager[] keymanagers = null;
TrustManager[] trustManagers = null;
if (keyStoreEl != null) {
String location = getValueOfElementWithLocalName(keyStoreEl, "Location");
String type = getValueOfElementWithLocalName(keyStoreEl, "Type");
String storePassword = getValueOfElementWithLocalName(keyStoreEl, "Password");
String keyPassword = getValueOfElementWithLocalName(keyStoreEl, "KeyPassword");
FileInputStream fis = null;
try {
KeyStore keyStore = KeyStore.getInstance(type);
fis = new FileInputStream(location);
if (log.isInfoEnabled()) {
log.debug(name + " Loading Identity Keystore from : " + location);
}
keyStore.load(fis, storePassword.toCharArray());
KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keyStore, keyPassword.toCharArray());
keymanagers = kmfactory.getKeyManagers();
if (log.isInfoEnabled() && keymanagers != null) {
for (KeyManager keymanager : keymanagers) {
if (keymanager instanceof X509KeyManager) {
X509KeyManager x509keymanager = (X509KeyManager) keymanager;
Enumeration<String> en = keyStore.aliases();
while (en.hasMoreElements()) {
String s = en.nextElement();
X509Certificate[] certs = x509keymanager.getCertificateChain(s);
if (certs == null)
continue;
for (X509Certificate cert : certs) {
log.debug(name + " Subject DN: " + cert.getSubjectDN());
log.debug(name + " Issuer DN: " + cert.getIssuerDN());
}
}
}
}
}
} catch (GeneralSecurityException gse) {
log.error(name + " Error loading Key store : " + location, gse);
throw new AxisFault("Error loading Key store : " + location, gse);
} catch (IOException ioe) {
log.error(name + " Error opening Key store : " + location, ioe);
throw new AxisFault("Error opening Key store : " + location, ioe);
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException ignore) {
}
}
}
}
if (trustStoreEl != null) {
String location = getValueOfElementWithLocalName(trustStoreEl, "Location");
String type = getValueOfElementWithLocalName(trustStoreEl, "Type");
String storePassword = getValueOfElementWithLocalName(trustStoreEl, "Password");
FileInputStream fis = null;
try {
KeyStore trustStore = KeyStore.getInstance(type);
fis = new FileInputStream(location);
if (log.isInfoEnabled()) {
log.debug(name + " Loading Trust Keystore from : " + location);
}
trustStore.load(fis, storePassword.toCharArray());
TrustManagerFactory trustManagerfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerfactory.init(trustStore);
trustManagers = trustManagerfactory.getTrustManagers();
} catch (GeneralSecurityException gse) {
log.error(name + " Error loading Key store : " + location, gse);
throw new AxisFault("Error loading Key store : " + location, gse);
} catch (IOException ioe) {
log.error(name + " Error opening Key store : " + location, ioe);
throw new AxisFault("Error opening Key store : " + location, ioe);
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException ignore) {
}
}
}
}
final String s = cientAuthEl != null ? cientAuthEl.getText() : null;
final SSLClientAuth clientAuth;
if ("optional".equalsIgnoreCase(s)) {
clientAuth = SSLClientAuth.OPTIONAL;
} else if ("require".equalsIgnoreCase(s)) {
clientAuth = SSLClientAuth.REQUIRED;
} else {
clientAuth = null;
}
String[] httpsProtocols = null;
final String configuredHttpsProtocols = httpsProtocolsEl != null ? httpsProtocolsEl.getText() : null;
if (configuredHttpsProtocols != null && configuredHttpsProtocols.trim().length() != 0) {
String[] configuredValues = configuredHttpsProtocols.trim().split(",");
List<String> protocolList = new ArrayList<String>(configuredValues.length);
for (String protocol : configuredValues) {
if (!protocol.trim().isEmpty()) {
protocolList.add(protocol.trim());
}
}
httpsProtocols = protocolList.toArray(new String[protocolList.size()]);
}
String[] preferredCiphers = null;
final String configuredWeakCiphers = preferredCiphersEl != null ? preferredCiphersEl.getText() : null;
if (configuredWeakCiphers != null && configuredWeakCiphers.trim().length() != 0) {
String[] configuredValues = configuredWeakCiphers.trim().split(",");
List<String> ciphersList = new ArrayList<String>(configuredValues.length);
for (String cipher : configuredValues) {
cipher = cipher.trim();
if (!cipher.isEmpty()) {
ciphersList.add(cipher);
}
}
preferredCiphers = ciphersList.toArray(new String[ciphersList.size()]);
}
try {
final String sslProtocolValue = sslProtocol != null ? sslProtocol : "TLS";
SSLContext sslContext = SSLContext.getInstance(sslProtocolValue);
sslContext.init(keymanagers, trustManagers, null);
ServerSSLSetupHandler sslSetupHandler = (clientAuth != null || httpsProtocols != null || preferredCiphers != null) ? new ServerSSLSetupHandler(clientAuth, httpsProtocols, verificationManager, preferredCiphers) : null;
return new SSLContextDetails(sslContext, sslSetupHandler);
} catch (GeneralSecurityException gse) {
log.error(name + " Unable to create SSL context with the given configuration", gse);
throw new AxisFault("Unable to create SSL context with the given configuration", gse);
}
}
Also used :
AxisFault(org.apache.axis2.AxisFault)
SSLContextDetails(org.apache.synapse.transport.http.conn.SSLContextDetails)
GeneralSecurityException(java.security.GeneralSecurityException)
SSLClientAuth(org.apache.synapse.transport.http.conn.SSLClientAuth)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
TrustManager(javax.net.ssl.TrustManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
ServerSSLSetupHandler(org.apache.synapse.transport.http.conn.ServerSSLSetupHandler)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
X509KeyManager(javax.net.ssl.X509KeyManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
Example 42 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project tomcat70 by apache.
the class NioEndpoint method wrap.
public KeyManager[] wrap(KeyManager[] managers) {
if (managers == null)
return null;
KeyManager[] result = new KeyManager[managers.length];
for (int i = 0; i < result.length; i++) {
if (managers[i] instanceof X509KeyManager && getKeyAlias() != null) {
String keyAlias = getKeyAlias();
// JKS keystores always convert the alias name to lower case
if ("jks".equalsIgnoreCase(getKeystoreType())) {
keyAlias = keyAlias.toLowerCase(Locale.ENGLISH);
}
result[i] = new NioX509KeyManager((X509KeyManager) managers[i], keyAlias);
} else {
result[i] = managers[i];
}
}
return result;
}
Also used :
X509KeyManager(javax.net.ssl.X509KeyManager)
NioX509KeyManager(org.apache.tomcat.util.net.jsse.NioX509KeyManager)
NioX509KeyManager(org.apache.tomcat.util.net.jsse.NioX509KeyManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
NioX509KeyManager(org.apache.tomcat.util.net.jsse.NioX509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
Example 43 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project ofbiz-framework by apache.
the class SSLUtil method getKeyManagers.
public static KeyManager[] getKeyManagers(KeyStore ks, String password, String alias) throws GeneralSecurityException {
KeyManagerFactory factory = KeyManagerFactory.getInstance("SunX509");
factory.init(ks, password.toCharArray());
KeyManager[] keyManagers = factory.getKeyManagers();
if (alias != null) {
for (int i = 0; i < keyManagers.length; i++) {
if (keyManagers[i] instanceof X509KeyManager) {
keyManagers[i] = new AliasKeyManager((X509KeyManager) keyManagers[i], alias);
}
}
}
return keyManagers;
}
Also used :
X509KeyManager(javax.net.ssl.X509KeyManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 44 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project keystore-explorer by kaikramer.
the class SslUtils method readSSLConnectionInfos.
/**
* Load certificates from an SSL connection.
*
* @param host
* Connection host
* @param port
* Connection port
* @param keyStore
* KeyStore with a key pair for SSL client authentication
* @param password
* The password for the KeyStore
* @return SSL infos
* @throws CryptoException
* Problem encountered while loading the certificate(s)
* @throws IOException
* An I/O error occurred
*/
public static SslConnectionInfos readSSLConnectionInfos(String host, int port, KeyStore keyStore, char[] password) throws CryptoException, IOException {
URL url = new URL(MessageFormat.format("https://{0}:{1}/", host, "" + port));
HttpsURLConnection connection = null;
System.setProperty("javax.net.debug", "ssl");
try {
connection = (HttpsURLConnection) url.openConnection();
// create a key manager for client authentication
X509KeyManager km = null;
if (keyStore != null) {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
keyManagerFactory.init(keyStore, password);
for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
if (keyManager instanceof X509KeyManager) {
km = (X509KeyManager) keyManager;
break;
}
}
}
// We are only interested in getting the SSL certificates even if they are invalid
// either in and of themselves or for the host name they are associated with
// 1) set connection's SSL Socket factory to have a very trusting trust manager
SSLContext context = SSLContext.getInstance("TLS");
X509TrustingManager tm = new X509TrustingManager();
context.init(new KeyManager[] { km }, new TrustManager[] { tm }, null);
// 2) set a host name verifier that always verifies the host name
connection.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession sslSession) {
return true;
}
});
// register our handshake completed listener in order to retrieve SSL connection infos later
SSLSocketFactory factory = context.getSocketFactory();
RetrieveSslInfosHandshakeListener handshakeListener = new RetrieveSslInfosHandshakeListener();
boolean sniEnabled = true;
connection.setSSLSocketFactory(new CustomSslSocketFactory(factory, handshakeListener, sniEnabled));
try {
connection.connect();
} catch (SSLProtocolException e) {
// handle server misconfiguration (works only in Java 8 or higher)
if (e.getMessage().contains("unrecognized_name")) {
sniEnabled = false;
connection.setSSLSocketFactory(new CustomSslSocketFactory(factory, handshakeListener, sniEnabled));
connection.connect();
} else {
throw e;
}
}
// this is necessary in order to cause a handshake exception when the client cert is not accepted
if (keyStore != null) {
connection.getResponseMessage();
}
SslConnectionInfos sslConnectionInfos = handshakeListener.getSslConnectionInfos();
sslConnectionInfos.setSniEnabled(sniEnabled);
return sslConnectionInfos;
} catch (GeneralSecurityException ex) {
throw new CryptoException(res.getString("NoLoadCertificate.exception.message"), ex);
} finally {
if (connection != null) {
connection.disconnect();
}
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
SSLSession(javax.net.ssl.SSLSession)
SSLContext(javax.net.ssl.SSLContext)
URL(java.net.URL)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
SSLProtocolException(javax.net.ssl.SSLProtocolException)
X509KeyManager(javax.net.ssl.X509KeyManager)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
CryptoException(org.kse.crypto.CryptoException)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
Example 45 with X509KeyManager
use of javax.net.ssl.X509KeyManager in project Payara by payara.
the class IIOPSSLUtilImpl method getKeyManagers.
@Override
public KeyManager[] getKeyManagers(String alias) {
KeyManager[] mgrs = null;
try {
if (alias != null && !sslUtils.isTokenKeyAlias(alias)) {
throw new IllegalStateException(getFormatMessage("iiop.cannot_find_keyalias", new Object[] { alias }));
}
mgrs = sslUtils.getKeyManagers();
if (alias != null && mgrs != null && mgrs.length > 0) {
KeyManager[] newMgrs = new KeyManager[mgrs.length];
for (int i = 0; i < mgrs.length; i++) {
if (_logger.isLoggable(Level.FINE)) {
StringBuilder msg = new StringBuilder("Setting J2EEKeyManager for ");
msg.append(" alias : " + alias);
_logger.log(Level.FINE, msg.toString());
}
newMgrs[i] = new J2EEKeyManager((X509KeyManager) mgrs[i], alias);
}
mgrs = newMgrs;
}
} catch (Exception e) {
// TODO: log here
throw new RuntimeException(e);
}
return mgrs;
}
Also used :
X509KeyManager(javax.net.ssl.X509KeyManager)
J2EEKeyManager(com.sun.enterprise.security.ssl.J2EEKeyManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
J2EEKeyManager(com.sun.enterprise.security.ssl.J2EEKeyManager)
Aggregations
X509KeyManager (javax.net.ssl.X509KeyManager)66
KeyManager (javax.net.ssl.KeyManager)32
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)22
IOException (java.io.IOException)18
X509Certificate (java.security.cert.X509Certificate)17
KeyStore (java.security.KeyStore)16
SSLContext (javax.net.ssl.SSLContext)15
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)12
MethodSource (org.junit.jupiter.params.provider.MethodSource)12
GeneralSecurityException (java.security.GeneralSecurityException)8
CertificateException (java.security.cert.CertificateException)8
X509TrustManager (javax.net.ssl.X509TrustManager)8
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
PrivateKey (java.security.PrivateKey)7
TrustManager (javax.net.ssl.TrustManager)7
X509ExtendedKeyManager (javax.net.ssl.X509ExtendedKeyManager)7
UnifiedX509KeyManager (com.sun.enterprise.security.ssl.manager.UnifiedX509KeyManager)4
KeyFactory (java.security.KeyFactory)4
KeyPair (java.security.KeyPair)4
KeyPairGenerator (java.security.KeyPairGenerator)4
