Examples with X509TrustManager javax.net.ssl.X509TrustManager used on opensource projects

Example 76 with X509TrustManager

use of javax.net.ssl.X509TrustManager in project ignite by apache.

the class UriDeploymentHttpScanner method getTrustManagers.

/**
 * Construct array with one trust manager which don't reject input certificates.
 *
 * @param scanCtx context.
 * @return Array with one X509TrustManager implementation of trust manager.
 */
private static TrustManager[] getTrustManagers(final UriDeploymentScannerContext scanCtx) {
    return new TrustManager[] { new X509TrustManager() {

        /**
         * {@inheritDoc}
         */
        @Nullable
        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        /**
         * {@inheritDoc}
         */
        @Override
        public void checkClientTrusted(X509Certificate[] certs, String authType) {
            StringBuilder buf = new StringBuilder();
            buf.append("Trust manager handle client certificates [authType=");
            buf.append(authType);
            buf.append(", certificates=");
            for (X509Certificate cert : certs) {
                buf.append("{type=");
                buf.append(cert.getType());
                buf.append(", principalName=");
                buf.append(cert.getSubjectX500Principal().getName());
                buf.append('}');
            }
            buf.append(']');
            if (scanCtx.getLogger().isDebugEnabled())
                scanCtx.getLogger().debug(buf.toString());
        }

        /**
         * {@inheritDoc}
         */
        @Override
        public void checkServerTrusted(X509Certificate[] certs, String authType) {
            StringBuilder buf = new StringBuilder();
            buf.append("Trust manager handle server certificates [authType=");
            buf.append(authType);
            buf.append(", certificates=");
            for (X509Certificate cert : certs) {
                buf.append("{type=");
                buf.append(cert.getType());
                buf.append(", principalName=");
                buf.append(cert.getSubjectX500Principal().getName());
                buf.append('}');
            }
            buf.append(']');
            if (scanCtx.getLogger().isDebugEnabled())
                scanCtx.getLogger().debug(buf.toString());
        }
    } };
}

Example 77 with X509TrustManager

use of javax.net.ssl.X509TrustManager in project knime-core by knime.

the class JreTests method checkForCACertificate.

/**
 * Checks that the JRE's default keystore contains the KNIME.com CA certificate.
 *
 * @throws Exception if an error occurs
 */
@Test
public void checkForCACertificate() throws Exception {
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init((KeyStore) null);
    for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
        if (trustManager instanceof X509TrustManager) {
            X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
            for (X509Certificate cert : x509TrustManager.getAcceptedIssuers()) {
                if (cert.getSubjectDN().getName().equals("CN=KNIME.com CA, O=KNIME.com, L=Zurich, C=CH")) {
                    return;
                }
            }
        }
    }
    fail("No CA certificate for KNIME.com found in default keystore");
}

Example 78 with X509TrustManager

use of javax.net.ssl.X509TrustManager in project cxf by apache.

the class HttpConduitConfigurationTest method verifyConduit.

private void verifyConduit(HTTPConduit conduit) {
    AuthorizationPolicy authp = conduit.getAuthorization();
    assertNotNull(authp);
    assertEquals("Betty", authp.getUserName());
    assertEquals("password", authp.getPassword());
    TLSClientParameters tlscps = conduit.getTlsClientParameters();
    assertNotNull(tlscps);
    assertTrue(tlscps.isDisableCNCheck());
    assertEquals(3600000, tlscps.getSslCacheTimeout());
    KeyManager[] kms = tlscps.getKeyManagers();
    assertTrue(kms != null && kms.length == 1);
    assertTrue(kms[0] instanceof X509KeyManager);
    TrustManager[] tms = tlscps.getTrustManagers();
    assertTrue(tms != null && tms.length == 1);
    assertTrue(tms[0] instanceof X509TrustManager);
    FiltersType csfs = tlscps.getCipherSuitesFilter();
    assertNotNull(csfs);
    assertEquals(5, csfs.getInclude().size());
    assertEquals(1, csfs.getExclude().size());
    HTTPClientPolicy clientPolicy = conduit.getClient();
    assertEquals(10240, clientPolicy.getChunkLength());
}

Example 79 with X509TrustManager

use of javax.net.ssl.X509TrustManager in project cas by apereo.

the class DefaultCasSslContext method getTrustManager.

/**
 * Gets trust manager.
 *
 * @param algorithm the algorithm
 * @param keystore  the keystore
 * @return the trust manager
 * @throws Exception the exception
 */
private static Collection<X509TrustManager> getTrustManager(final String algorithm, final KeyStore keystore) throws Exception {
    final TrustManagerFactory factory = TrustManagerFactory.getInstance(algorithm);
    factory.init(keystore);
    return Arrays.stream(factory.getTrustManagers()).filter(e -> e instanceof X509TrustManager).map(X509TrustManager.class::cast).collect(Collectors.toList());
}

Example 80 with X509TrustManager

use of javax.net.ssl.X509TrustManager in project cxf by apache.

the class CipherSuitesTest method testAESIncludedTLSv10.

// Both client + server include AES, client is TLSv1.0
@org.junit.Test
public void testAESIncludedTLSv10() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client-noconfig.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL url = SOAPService.WSDL_LOCATION;
    SOAPService service = new SOAPService(url, SOAPService.SERVICE);
    assertNotNull("Service is null", service);
    final Greeter port = service.getHttpsPort();
    assertNotNull("Port is null", port);
    updateAddressPort(port, PORT);
    Client client = ClientProxy.getClient(port);
    HTTPConduit conduit = (HTTPConduit) client.getConduit();
    TLSClientParameters tlsParams = new TLSClientParameters();
    X509TrustManager trustManager = new NoOpX509TrustManager();
    TrustManager[] trustManagers = new TrustManager[1];
    trustManagers[0] = trustManager;
    tlsParams.setTrustManagers(trustManagers);
    tlsParams.setDisableCNCheck(true);
    tlsParams.setSecureSocketProtocol("TLSv1");
    conduit.setTlsClientParameters(tlsParams);
    assertEquals(port.greetMe("Kitty"), "Hello Kitty");
    ((java.io.Closeable) port).close();
    bus.shutdown(true);
}