Example 16 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project spring-boot by spring-projects.
the class AbstractServletWebServerFactoryTests method sslNeedsClientAuthenticationSucceedsWithClientCertificate.
@Test
public void sslNeedsClientAuthenticationSucceedsWithClientCertificate() throws Exception {
AbstractServletWebServerFactory factory = getFactory();
addTestTxtFile(factory);
factory.setSsl(getSsl(ClientAuth.NEED, "password", "classpath:test.jks", "classpath:test.jks", null, null));
this.webServer = factory.getWebServer();
this.webServer.start();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(new File("src/test/resources/test.jks")), "secret".toCharArray());
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).loadKeyMaterial(keyStore, "password".toCharArray()).build());
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
assertThat(getResponse(getLocalUrl("https", "/test.txt"), requestFactory)).isEqualTo("test");
}
Also used :
HttpClient(org.apache.http.client.HttpClient)
HttpComponentsClientHttpRequestFactory(org.springframework.http.client.HttpComponentsClientHttpRequestFactory)
KeyStore(java.security.KeyStore)
File(java.io.File)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
SSLContextBuilder(org.apache.http.ssl.SSLContextBuilder)
FileInputStream(java.io.FileInputStream)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Test(org.junit.Test)
Example 17 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project cloudstack by apache.
the class HttpClientHelper method createSocketFactoryConfigration.
private static Registry<ConnectionSocketFactory> createSocketFactoryConfigration() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
Registry<ConnectionSocketFactory> socketFactoryRegistry;
final SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(new TrustSelfSignedStrategy()).build();
final SSLConnectionSocketFactory cnnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register(HTTPS, cnnectionSocketFactory).build();
return socketFactoryRegistry;
}
Also used :
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
SSLContext(javax.net.ssl.SSLContext)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Example 18 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project geode by apache.
the class RestAPIsWithSSLDUnitTest method getSSLBasedHTTPClient.
private CloseableHttpClient getSSLBasedHTTPClient(Properties properties) throws Exception {
KeyStore clientKeys = KeyStore.getInstance("JKS");
File keystoreJKSForPath = findKeyStoreJKS(properties);
clientKeys.load(new FileInputStream(keystoreJKSForPath), "password".toCharArray());
KeyStore clientTrust = KeyStore.getInstance("JKS");
File trustStoreJKSForPath = findTrustStoreJKSForPath(properties);
clientTrust.load(new FileInputStream(trustStoreJKSForPath), "password".toCharArray());
// this is needed
SSLContextBuilder custom = SSLContexts.custom();
SSLContextBuilder sslContextBuilder = custom.loadTrustMaterial(clientTrust, new TrustSelfSignedStrategy());
SSLContext sslcontext = sslContextBuilder.loadKeyMaterial(clientKeys, "password".toCharArray(), (aliases, socket) -> {
if (aliases.size() == 1) {
return aliases.keySet().stream().findFirst().get();
}
if (!StringUtils.isEmpty(properties.getProperty(INVALID_CLIENT_ALIAS))) {
return properties.getProperty(INVALID_CLIENT_ALIAS);
} else {
return properties.getProperty(SSL_WEB_ALIAS);
}
}).build();
// Host checking is disabled here , as tests might run on multiple hosts and
// host entries can not be assumed
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslcontext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
return HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build();
}
Also used :
Arrays(java.util.Arrays)
SSLContext(javax.net.ssl.SSLContext)
StringUtils(org.apache.commons.lang.StringUtils)
Date(java.util.Date)
AvailablePort(org.apache.geode.internal.AvailablePort)
AttributesFactory(org.apache.geode.cache.AttributesFactory)
RegionAttributes(org.apache.geode.cache.RegionAttributes)
Cache(org.apache.geode.cache.Cache)
JSONObject(org.json.JSONObject)
Map(java.util.Map)
SSLContexts(org.apache.http.ssl.SSLContexts)
CacheServer(org.apache.geode.cache.server.CacheServer)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
Parameterized(org.junit.runners.Parameterized)
Collection(java.util.Collection)
HttpEntity(org.apache.http.HttpEntity)
KeyStore(java.security.KeyStore)
ClientRegionShortcut(org.apache.geode.cache.client.ClientRegionShortcut)
SecurableCommunicationChannel(org.apache.geode.internal.security.SecurableCommunicationChannel)
ManagementException(org.apache.geode.management.ManagementException)
Category(org.junit.experimental.categories.Category)
GemFireCacheImpl(org.apache.geode.internal.cache.GemFireCacheImpl)
HttpGet(org.apache.http.client.methods.HttpGet)
ClientCache(org.apache.geode.cache.client.ClientCache)
DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
HttpClients(org.apache.http.impl.client.HttpClients)
InternalDistributedSystem(org.apache.geode.distributed.internal.InternalDistributedSystem)
IgnoredException(org.apache.geode.test.dunit.IgnoredException)
ConfigurationProperties(org.apache.geode.distributed.ConfigurationProperties)
InternalCache(org.apache.geode.internal.cache.InternalCache)
CacheFactory(org.apache.geode.cache.CacheFactory)
RunWith(org.junit.runner.RunWith)
HashMap(java.util.HashMap)
LocatorTestBase(org.apache.geode.cache.client.internal.LocatorTestBase)
BindException(java.net.BindException)
Host(org.apache.geode.test.dunit.Host)
VM(org.apache.geode.test.dunit.VM)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
Region(org.apache.geode.cache.Region)
RegionFactory(org.apache.geode.cache.RegionFactory)
CategoryWithParameterizedRunnerFactory(org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory)
DistributedSystem(org.apache.geode.distributed.DistributedSystem)
NetworkUtils(org.apache.geode.test.dunit.NetworkUtils)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
Properties(java.util.Properties)
AvailablePortHelper(org.apache.geode.internal.AvailablePortHelper)
RegionShortcut(org.apache.geode.cache.RegionShortcut)
IOException(java.io.IOException)
Test(org.junit.Test)
FileInputStream(java.io.FileInputStream)
InputStreamReader(java.io.InputStreamReader)
SSLContextBuilder(org.apache.http.ssl.SSLContextBuilder)
TestUtil(org.apache.geode.util.test.TestUtil)
File(java.io.File)
ClientCacheFactory(org.apache.geode.cache.client.ClientCacheFactory)
DataPolicy(org.apache.geode.cache.DataPolicy)
BufferedReader(java.io.BufferedReader)
Assert(org.junit.Assert)
InputStream(java.io.InputStream)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
File(java.io.File)
SSLContextBuilder(org.apache.http.ssl.SSLContextBuilder)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
FileInputStream(java.io.FileInputStream)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Example 19 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project lucene-solr by apache.
the class SSLTestConfig method buildClientSSLContext.
/**
* Builds a new SSLContext for HTTP <b>clients</b> to use when communicating with servers which have
* been configured based on the settings of this object.
*
* NOTE: Uses a completely insecure {@link SecureRandom} instance to prevent tests from blocking
* due to lack of entropy, also explicitly allows the use of self-signed
* certificates (since that's what is almost always used during testing).
*/
public SSLContext buildClientSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
assert isSSLMode();
SSLContextBuilder builder = SSLContexts.custom();
builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
// NOTE: KeyStore & TrustStore are swapped because they are from configured from server perspective...
// we are a client - our keystore contains the keys the server trusts, and vice versa
builder.loadTrustMaterial(buildKeyStore(keyStore, getKeyStorePassword()), new TrustSelfSignedStrategy()).build();
if (isClientAuthMode()) {
builder.loadKeyMaterial(buildKeyStore(trustStore, getTrustStorePassword()), getTrustStorePassword().toCharArray());
}
return builder.build();
}
Also used :
SSLContextBuilder(org.apache.http.conn.ssl.SSLContextBuilder)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Example 20 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project lucene-solr by apache.
the class SSLTestConfig method buildServerSSLContext.
/**
* Builds a new SSLContext for jetty servers which have been configured based on the settings of
* this object.
*
* NOTE: Uses a completely insecure {@link SecureRandom} instance to prevent tests from blocking
* due to lack of entropy, also explicitly allows the use of self-signed
* certificates (since that's what is almost always used during testing).
* almost always used during testing).
*/
public SSLContext buildServerSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
assert isSSLMode();
SSLContextBuilder builder = SSLContexts.custom();
builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
builder.loadKeyMaterial(buildKeyStore(keyStore, getKeyStorePassword()), getKeyStorePassword().toCharArray());
if (isClientAuthMode()) {
builder.loadTrustMaterial(buildKeyStore(trustStore, getTrustStorePassword()), new TrustSelfSignedStrategy()).build();
}
return builder.build();
}
Also used :
SSLContextBuilder(org.apache.http.conn.ssl.SSLContextBuilder)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Aggregations
TrustSelfSignedStrategy (org.apache.http.conn.ssl.TrustSelfSignedStrategy)20
SSLConnectionSocketFactory (org.apache.http.conn.ssl.SSLConnectionSocketFactory)16
SSLContextBuilder (org.apache.http.ssl.SSLContextBuilder)15
HttpClient (org.apache.http.client.HttpClient)13
HttpComponentsClientHttpRequestFactory (org.springframework.http.client.HttpComponentsClientHttpRequestFactory)13
Test (org.junit.Test)11
KeyStore (java.security.KeyStore)6
File (java.io.File)5
FileInputStream (java.io.FileInputStream)5
ServletRegistrationBean (org.springframework.boot.web.servlet.ServletRegistrationBean)5
SSLContext (javax.net.ssl.SSLContext)3
SSLContextBuilder (org.apache.http.conn.ssl.SSLContextBuilder)3
IOException (java.io.IOException)2
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)2
ClientHttpResponse (org.springframework.http.client.ClientHttpResponse)2
BufferedReader (java.io.BufferedReader)1
FileNotFoundException (java.io.FileNotFoundException)1
InputStream (java.io.InputStream)1
InputStreamReader (java.io.InputStreamReader)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
