Example 16 with X509TrustManager
use of javax.net.ssl.X509TrustManager in project k-9 by k9mail.
the class TrustManagerFactoryTest method testGloballyTrustedCertificateNotMatchingHost.
@Test
public void testGloballyTrustedCertificateNotMatchingHost() throws Exception {
X509TrustManager trustManager = TrustManagerFactory.get(NOT_MATCHING_HOST, PORT1);
assertCertificateRejection(trustManager, new X509Certificate[] { mLinuxComCert, mLinuxComFirstParentCert });
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
Test(org.junit.Test)
Example 17 with X509TrustManager
use of javax.net.ssl.X509TrustManager in project custom-cert-https by nelenkov.
the class MainActivity method dumpTrustedCerts.
private void dumpTrustedCerts() {
try {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init((KeyStore) null);
X509TrustManager xtm = (X509TrustManager) tmf.getTrustManagers()[0];
StringBuffer buff = new StringBuffer();
for (X509Certificate cert : xtm.getAcceptedIssuers()) {
String certStr = "S:" + cert.getSubjectDN().getName() + "\nI:" + cert.getIssuerDN().getName();
Log.d(TAG, certStr);
buff.append(certStr + "\n\n");
}
resultText.setText(buff.toString());
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
}
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
GeneralSecurityException(java.security.GeneralSecurityException)
X509Certificate(java.security.cert.X509Certificate)
Example 18 with X509TrustManager
use of javax.net.ssl.X509TrustManager in project neo4j by neo4j.
the class InProcessBuilderTest method trustAllSSLCerts.
private void trustAllSSLCerts() throws NoSuchAlgorithmException, KeyManagementException {
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
} };
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
X509Certificate(java.security.cert.X509Certificate)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Example 19 with X509TrustManager
use of javax.net.ssl.X509TrustManager in project neo4j by neo4j.
the class HttpsAccessIT method startServer.
@Before
public void startServer() throws NoSuchAlgorithmException, KeyManagementException, IOException {
server = server().withHttpsEnabled().usingDataDir(folder.directory(name.getMethodName()).getAbsolutePath()).build();
httpsUri = server.httpsUri().get().toASCIIString();
// Because we are generating a non-CA-signed certificate, we need to turn off verification in the client.
// This is ironic, since there is no proper verification on the CA side in the first place, but I digress.
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
} };
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
SecureRandom(java.security.SecureRandom)
SSLContext(javax.net.ssl.SSLContext)
X509Certificate(java.security.cert.X509Certificate)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Before(org.junit.Before)
Example 20 with X509TrustManager
use of javax.net.ssl.X509TrustManager in project netty by netty.
the class SslHandlerTest method testAlertProducedAndSend.
private void testAlertProducedAndSend(SslProvider provider) throws Exception {
SelfSignedCertificate ssc = new SelfSignedCertificate();
final SslContext sslServerCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(provider).trustManager(new SimpleTrustManagerFactory() {
@Override
protected void engineInit(KeyStore keyStore) {
}
@Override
protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
}
@Override
protected TrustManager[] engineGetTrustManagers() {
return new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
// Fail verification which should produce an alert that is send back to the client.
throw new CertificateException();
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {
// NOOP
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return EmptyArrays.EMPTY_X509_CERTIFICATES;
}
} };
}
}).clientAuth(ClientAuth.REQUIRE).build();
final SslContext sslClientCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).keyManager(new File(getClass().getResource("test.crt").getFile()), new File(getClass().getResource("test_unencrypted.pem").getFile())).sslProvider(provider).build();
NioEventLoopGroup group = new NioEventLoopGroup();
Channel sc = null;
Channel cc = null;
try {
final Promise<Void> promise = group.next().newPromise();
sc = new ServerBootstrap().group(group).channel(NioServerSocketChannel.class).childHandler(new ChannelInitializer<Channel>() {
@Override
protected void initChannel(Channel ch) throws Exception {
ch.pipeline().addLast(sslServerCtx.newHandler(ch.alloc()));
ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {
@Override
public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
// Just trigger a close
ctx.close();
}
});
}
}).bind(new InetSocketAddress(0)).syncUninterruptibly().channel();
cc = new Bootstrap().group(group).channel(NioSocketChannel.class).handler(new ChannelInitializer<Channel>() {
@Override
protected void initChannel(Channel ch) throws Exception {
ch.pipeline().addLast(sslClientCtx.newHandler(ch.alloc()));
ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {
@Override
public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
if (cause.getCause() instanceof SSLException) {
// We received the alert and so produce an SSLException.
promise.setSuccess(null);
}
}
});
}
}).connect(sc.localAddress()).syncUninterruptibly().channel();
promise.syncUninterruptibly();
} finally {
if (cc != null) {
cc.close().syncUninterruptibly();
}
if (sc != null) {
sc.close().syncUninterruptibly();
}
group.shutdownGracefully();
ReferenceCountUtil.release(sslServerCtx);
ReferenceCountUtil.release(sslClientCtx);
}
}
Also used :
SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate)
InetSocketAddress(java.net.InetSocketAddress)
CertificateException(java.security.cert.CertificateException)
ChannelHandlerContext(io.netty.channel.ChannelHandlerContext)
SSLException(javax.net.ssl.SSLException)
Bootstrap(io.netty.bootstrap.Bootstrap)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel)
EmbeddedChannel(io.netty.channel.embedded.EmbeddedChannel)
Channel(io.netty.channel.Channel)
SimpleTrustManagerFactory(io.netty.handler.ssl.util.SimpleTrustManagerFactory)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
IllegalReferenceCountException(io.netty.util.IllegalReferenceCountException)
CodecException(io.netty.handler.codec.CodecException)
SSLProtocolException(javax.net.ssl.SSLProtocolException)
DecoderException(io.netty.handler.codec.DecoderException)
SSLException(javax.net.ssl.SSLException)
ClosedChannelException(java.nio.channels.ClosedChannelException)
CertificateException(java.security.cert.CertificateException)
ExecutionException(java.util.concurrent.ExecutionException)
UnsupportedMessageTypeException(io.netty.handler.codec.UnsupportedMessageTypeException)
NioSocketChannel(io.netty.channel.socket.nio.NioSocketChannel)
X509TrustManager(javax.net.ssl.X509TrustManager)
File(java.io.File)
ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters)
ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter)
Aggregations
X509TrustManager (javax.net.ssl.X509TrustManager)150
TrustManager (javax.net.ssl.TrustManager)87
X509Certificate (java.security.cert.X509Certificate)79
SSLContext (javax.net.ssl.SSLContext)70
CertificateException (java.security.cert.CertificateException)49
IOException (java.io.IOException)40
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)40
SecureRandom (java.security.SecureRandom)35
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)25
KeyManagementException (java.security.KeyManagementException)22
KeyStore (java.security.KeyStore)16
GeneralSecurityException (java.security.GeneralSecurityException)15
Test (org.junit.Test)15
KeyStoreException (java.security.KeyStoreException)14
HostnameVerifier (javax.net.ssl.HostnameVerifier)14
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)14
SSLException (javax.net.ssl.SSLException)13
SSLSession (javax.net.ssl.SSLSession)11
OkHttpClient (okhttp3.OkHttpClient)8
X509KeyManager (javax.net.ssl.X509KeyManager)7
