Examples with SSLContextBuilder org.apache.http.conn.ssl.SSLContextBuilder used on opensource projects

Example 11 with SSLContextBuilder

use of org.apache.http.conn.ssl.SSLContextBuilder in project lucene-solr by apache.

the class SSLTestConfig method buildClientSSLContext.

/**
   * Builds a new SSLContext for HTTP <b>clients</b> to use when communicating with servers which have 
   * been configured based on the settings of this object.  
   *
   * NOTE: Uses a completely insecure {@link SecureRandom} instance to prevent tests from blocking 
   * due to lack of entropy, also explicitly allows the use of self-signed 
   * certificates (since that's what is almost always used during testing).
   */
public SSLContext buildClientSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
    assert isSSLMode();
    SSLContextBuilder builder = SSLContexts.custom();
    builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
    // NOTE: KeyStore & TrustStore are swapped because they are from configured from server perspective...
    // we are a client - our keystore contains the keys the server trusts, and vice versa
    builder.loadTrustMaterial(buildKeyStore(keyStore, getKeyStorePassword()), new TrustSelfSignedStrategy()).build();
    if (isClientAuthMode()) {
        builder.loadKeyMaterial(buildKeyStore(trustStore, getTrustStorePassword()), getTrustStorePassword().toCharArray());
    }
    return builder.build();
}

Example 12 with SSLContextBuilder

use of org.apache.http.conn.ssl.SSLContextBuilder in project lucene-solr by apache.

the class SSLTestConfig method buildServerSSLContext.

/**
   * Builds a new SSLContext for jetty servers which have been configured based on the settings of 
   * this object.
   *
   * NOTE: Uses a completely insecure {@link SecureRandom} instance to prevent tests from blocking 
   * due to lack of entropy, also explicitly allows the use of self-signed 
   * certificates (since that's what is almost always used during testing).
   * almost always used during testing). 
   */
public SSLContext buildServerSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
    assert isSSLMode();
    SSLContextBuilder builder = SSLContexts.custom();
    builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
    builder.loadKeyMaterial(buildKeyStore(keyStore, getKeyStorePassword()), getKeyStorePassword().toCharArray());
    if (isClientAuthMode()) {
        builder.loadTrustMaterial(buildKeyStore(trustStore, getTrustStorePassword()), new TrustSelfSignedStrategy()).build();
    }
    return builder.build();
}

Example 13 with SSLContextBuilder

use of org.apache.http.conn.ssl.SSLContextBuilder in project iTest by e-government-ua.

the class DeleteTask method createHttpClient_AcceptsUntrustedCerts.

public HttpClient createHttpClient_AcceptsUntrustedCerts() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
    HttpClientBuilder b = HttpClientBuilder.create();
    SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {

        public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
            return true;
        }
    }).build();
    b.setSslcontext(sslContext);
    HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
    SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, (X509HostnameVerifier) hostnameVerifier);
    Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory).build();
    PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
    b.setConnectionManager(connMgr);
    HttpClient client = b.build();
    return client;
}

Example 14 with SSLContextBuilder

use of org.apache.http.conn.ssl.SSLContextBuilder in project vespa by vespa-engine.

the class AthenzService method createHttpClientWithTlsAuth.

private static CloseableHttpClient createHttpClientWithTlsAuth(X509Certificate certificate, PrivateKey privateKey, HttpRequestRetryHandler retryHandler) {
    try {
        String dummyPassword = "athenz";
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null);
        keyStore.setKeyEntry("athenz", privateKey, dummyPassword.toCharArray(), new Certificate[] { certificate });
        SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(keyStore, dummyPassword.toCharArray()).build();
        return HttpClientBuilder.create().setRetryHandler(retryHandler).setSslcontext(sslContext).build();
    } catch (KeyStoreException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyManagementException | CertificateException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
}

Example 15 with SSLContextBuilder

use of org.apache.http.conn.ssl.SSLContextBuilder in project vespa by vespa-engine.

the class IdentityDocumentService method createHttpClient.

// TODO Use client side auth to establish trusted secure channel
// TODO Validate TLS certifcate of config server
private static CloseableHttpClient createHttpClient() {
    try {
        SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
        sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
        SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        return HttpClientBuilder.create().setSSLSocketFactory(sslSocketFactory).setUserAgent("identity-document-client").build();
    } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
        throw new RuntimeException(e);
    }
}