Examples with X509TrustManager javax.net.ssl.X509TrustManager used on opensource projects

Search in sources :

Example 91 with X509TrustManager

use of javax.net.ssl.X509TrustManager in project yamcs-studio by yamcs.

the class ResourceUtil method openRawURLStream.

/**
 * Open URL Stream from remote.
 *
 * @param url
 * @return
 * @throws IOException
 */
private static InputStream openRawURLStream(final URL url) throws IOException {
    if (url.getProtocol().equals("https")) {
        // $NON-NLS-1$
        // The code to support https protocol is provided by Eric Berryman (eric.berryman@gmail.com) from Frib
        // Create a trust manager that does not validate certificate chains
        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override
            public void checkClientTrusted(X509Certificate[] certs, String authType) {
            }

            @Override
            public void checkServerTrusted(X509Certificate[] certs, String authType) {
            }
        } };
        // Install the all-trusting trust manager
        SSLContext sc = null;
        try {
            sc = SSLContext.getInstance("SSL");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return null;
        }
        try {
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        // Create all-trusting host name verifier
        HostnameVerifier allHostsValid = new HostnameVerifier() {

            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        };
        // Install the all-trusting host verifier
        HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
    }
    URLConnection connection = url.openConnection();
    connection.setReadTimeout(PreferencesHelper.getURLFileLoadingTimeout());
    return connection.getInputStream();
}
Also used : SSLSession(javax.net.ssl.SSLSession) SSLContext(javax.net.ssl.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(java.security.cert.X509Certificate) KeyManagementException(java.security.KeyManagementException) URLConnection(java.net.URLConnection) HttpsURLConnection(javax.net.ssl.HttpsURLConnection) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) HostnameVerifier(javax.net.ssl.HostnameVerifier) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 92 with X509TrustManager

use of javax.net.ssl.X509TrustManager in project Payara by payara.

the class BaseTestGrizzlyConfig method getSSLSocketFactory.

public SSLSocketFactory getSSLSocketFactory() throws IOException {
    try {
        // ---------------------------------
        // Create a trust manager that does not validate certificate chains
        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override
            public void checkClientTrusted(X509Certificate[] certs, String authType) {
            }

            @Override
            public void checkServerTrusted(X509Certificate[] certs, String authType) {
            }
        } };
        // Install the all-trusting trust manager
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new SecureRandom());
        // ---------------------------------
        return sc.getSocketFactory();
    } catch (Exception e) {
        e.printStackTrace();
        throw new IOException(e.getMessage());
    }
}
Also used : X509TrustManager(javax.net.ssl.X509TrustManager) SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Example 93 with X509TrustManager

use of javax.net.ssl.X509TrustManager in project baseio by generallycloud.

the class SslContextBuilder method newSSLContext.

private SSLContext newSSLContext(TrustManagerFactory trustManagerFactory, KeyManagerFactory keyManagerFactory, X509TrustManager x509TrustManager, boolean isServer, boolean trustAll, long sessionCacheSize, long sessionTimeout) throws SSLException {
    if (isServer && keyManagerFactory == null) {
        throw new SSLException("null keyManagerFactory on server");
    }
    try {
        SSLContext ctx = SslContext.getSSLContext();
        TrustManager[] tms = null;
        KeyManager[] kms = null;
        if (keyManagerFactory == null) {
            // client
            if (trustManagerFactory == null) {
                if (x509TrustManager != null) {
                    tms = new X509TrustManager[] { x509TrustManager };
                } else {
                    if (trustAll) {
                        X509TrustManager x509m = new X509TrustManager() {

                            @Override
                            public void checkClientTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws java.security.cert.CertificateException {
                            }

                            @Override
                            public void checkServerTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws java.security.cert.CertificateException {
                            }

                            @Override
                            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                                return null;
                            }
                        };
                        tms = new X509TrustManager[] { x509m };
                    }
                }
            } else {
                tms = trustManagerFactory.getTrustManagers();
            }
        } else {
            kms = keyManagerFactory.getKeyManagers();
            if (trustManagerFactory != null) {
                tms = trustManagerFactory.getTrustManagers();
            }
        }
        ctx.init(kms, tms, new SecureRandom());
        SSLSessionContext sessCtx = ctx.getClientSessionContext();
        if (sessionCacheSize > 0) {
            sessCtx.setSessionCacheSize((int) Math.min(sessionCacheSize, Integer.MAX_VALUE));
        }
        if (sessionTimeout > 0) {
            sessCtx.setSessionTimeout((int) Math.min(sessionTimeout, Integer.MAX_VALUE));
        }
        return ctx;
    } catch (Exception e) {
        if (e instanceof SSLException) {
            throw (SSLException) e;
        }
        throw new SSLException("failed to initialize the SSL context", e);
    }
}
Also used : SSLSessionContext(javax.net.ssl.SSLSessionContext) SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) SSLException(javax.net.ssl.SSLException) X509Certificate(java.security.cert.X509Certificate) KeyException(java.security.KeyException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) SSLException(javax.net.ssl.SSLException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) KeyManager(javax.net.ssl.KeyManager)

Example 94 with X509TrustManager

use of javax.net.ssl.X509TrustManager in project athenz by yahoo.

the class SocketTest method test.

@Test
public void test() throws Exception {
    TrustManager tm = new X509TrustManager() {

        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    };
    // setup socket for first call
    SSLContext sslContext = Utils.buildSSLContext(keyRefresher.getKeyManagerProxy(), keyRefresher.getTrustManagerProxy());
    SSLSocketFactory factory = (SSLSocketFactory) sslContext.getSocketFactory();
    SSLSocket s = (SSLSocket) factory.createSocket("localhost", listenPort);
    // send first call
    s.getOutputStream().write("ping\n".getBytes());
    String response = new BufferedReader(new InputStreamReader(s.getInputStream())).readLine();
    assertEquals("pong", response);
    assertEquals("athenz.production", getCN(s.getSession().getPeerCertificates()));
    // update the ssl context on the server
    keyRefresher.getKeyManagerProxy().setKeyManager(Utils.getKeyManagers(Resources.getResource("gdpr.aws.core.cert.pem").getPath(), Resources.getResource("gdpr.aws.core.key.pem").getPath()));
    // setup socket for the second call
    SSLContext sslContext2 = SSLContext.getInstance("TLSv1.2");
    sslContext2.init(null, new TrustManager[] { tm }, null);
    SSLSocketFactory factory2 = (SSLSocketFactory) sslContext2.getSocketFactory();
    SSLSocket s2 = (SSLSocket) factory2.createSocket("localhost", listenPort);
    // send second call
    s.getOutputStream().write("ping\n".getBytes());
    response = new BufferedReader(new InputStreamReader(s.getInputStream())).readLine();
    assertEquals("pong", response);
    assertEquals("athenz.production", getCN(s2.getSession().getPeerCertificates()));
    // retry the first call, it should still pass
    s.getOutputStream().write("ping\n".getBytes());
    response = new BufferedReader(new InputStreamReader(s.getInputStream())).readLine();
    assertEquals("pong", response);
    assertEquals("athenz.production", getCN(s.getSession().getPeerCertificates()));
}
Also used : InputStreamReader(java.io.InputStreamReader) X509TrustManager(javax.net.ssl.X509TrustManager) SSLSocket(javax.net.ssl.SSLSocket) BufferedReader(java.io.BufferedReader) SSLContext(javax.net.ssl.SSLContext) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) X509Certificate(java.security.cert.X509Certificate) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) Test(org.junit.Test)

Example 95 with X509TrustManager

use of javax.net.ssl.X509TrustManager in project athenz by yahoo.

the class TrustStoreTest method builtFromJKSFile.

@Test
public void builtFromJKSFile() throws Exception {
    String filePath = Resources.getResource("truststore.jks").getFile();
    JavaKeyStoreProvider provider = new JavaKeyStoreProvider(filePath, "123456");
    TrustStore trustStore = new TrustStore(filePath, provider);
    assertEquals(filePath, trustStore.getFilePath());
    TrustManager[] trustManagers = trustStore.getTrustManagers();
    assertEquals(1, trustManagers.length);
    X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
    X509Certificate[] acceptedIssuers = trustManager.getAcceptedIssuers();
    assertEquals(1, acceptedIssuers.length);
    X509Certificate certificate = acceptedIssuers[0];
    assertEquals("CN=athenz.production,OU=Testing Domain,O=Athenz,ST=CA,C=US", certificate.getIssuerX500Principal().getName());
}
Also used : X509TrustManager(javax.net.ssl.X509TrustManager) X509Certificate(java.security.cert.X509Certificate) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManager(javax.net.ssl.TrustManager) Test(org.junit.Test)

Aggregations

X509TrustManager (javax.net.ssl.X509TrustManager)183 TrustManager (javax.net.ssl.TrustManager)114 X509Certificate (java.security.cert.X509Certificate)96 SSLContext (javax.net.ssl.SSLContext)88 CertificateException (java.security.cert.CertificateException)54 IOException (java.io.IOException)50 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)45 SecureRandom (java.security.SecureRandom)44 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)32 KeyManagementException (java.security.KeyManagementException)28 Test (org.junit.Test)21 HostnameVerifier (javax.net.ssl.HostnameVerifier)19 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)19 KeyStore (java.security.KeyStore)17 GeneralSecurityException (java.security.GeneralSecurityException)15 SSLSession (javax.net.ssl.SSLSession)15 KeyStoreException (java.security.KeyStoreException)14 SSLException (javax.net.ssl.SSLException)14 URL (java.net.URL)11 OkHttpClient (okhttp3.OkHttpClient)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial