Example 26 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project geode by apache.
the class RestAPIsWithSSLDUnitTest method getSSLBasedHTTPClient.
private CloseableHttpClient getSSLBasedHTTPClient(Properties properties) throws Exception {
KeyStore clientKeys = KeyStore.getInstance("JKS");
File keystoreJKSForPath = findKeyStoreJKS(properties);
clientKeys.load(new FileInputStream(keystoreJKSForPath), "password".toCharArray());
KeyStore clientTrust = KeyStore.getInstance("JKS");
File trustStoreJKSForPath = findTrustStoreJKSForPath(properties);
clientTrust.load(new FileInputStream(trustStoreJKSForPath), "password".toCharArray());
// this is needed
SSLContextBuilder custom = SSLContexts.custom();
SSLContextBuilder sslContextBuilder = custom.loadTrustMaterial(clientTrust, new TrustSelfSignedStrategy());
SSLContext sslcontext = sslContextBuilder.loadKeyMaterial(clientKeys, "password".toCharArray(), (aliases, socket) -> {
if (aliases.size() == 1) {
return aliases.keySet().stream().findFirst().get();
}
if (!StringUtils.isEmpty(properties.getProperty(INVALID_CLIENT_ALIAS))) {
return properties.getProperty(INVALID_CLIENT_ALIAS);
} else {
return properties.getProperty(SSL_WEB_ALIAS);
}
}).build();
// Host checking is disabled here , as tests might run on multiple hosts and
// host entries can not be assumed
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslcontext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
return HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build();
}
Also used :
Arrays(java.util.Arrays)
SSLContext(javax.net.ssl.SSLContext)
StringUtils(org.apache.commons.lang.StringUtils)
Date(java.util.Date)
AvailablePort(org.apache.geode.internal.AvailablePort)
AttributesFactory(org.apache.geode.cache.AttributesFactory)
RegionAttributes(org.apache.geode.cache.RegionAttributes)
Cache(org.apache.geode.cache.Cache)
JSONObject(org.json.JSONObject)
Map(java.util.Map)
SSLContexts(org.apache.http.ssl.SSLContexts)
CacheServer(org.apache.geode.cache.server.CacheServer)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
Parameterized(org.junit.runners.Parameterized)
Collection(java.util.Collection)
HttpEntity(org.apache.http.HttpEntity)
KeyStore(java.security.KeyStore)
ClientRegionShortcut(org.apache.geode.cache.client.ClientRegionShortcut)
SecurableCommunicationChannel(org.apache.geode.internal.security.SecurableCommunicationChannel)
ManagementException(org.apache.geode.management.ManagementException)
Category(org.junit.experimental.categories.Category)
GemFireCacheImpl(org.apache.geode.internal.cache.GemFireCacheImpl)
HttpGet(org.apache.http.client.methods.HttpGet)
ClientCache(org.apache.geode.cache.client.ClientCache)
DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
HttpClients(org.apache.http.impl.client.HttpClients)
InternalDistributedSystem(org.apache.geode.distributed.internal.InternalDistributedSystem)
IgnoredException(org.apache.geode.test.dunit.IgnoredException)
ConfigurationProperties(org.apache.geode.distributed.ConfigurationProperties)
InternalCache(org.apache.geode.internal.cache.InternalCache)
CacheFactory(org.apache.geode.cache.CacheFactory)
RunWith(org.junit.runner.RunWith)
HashMap(java.util.HashMap)
LocatorTestBase(org.apache.geode.cache.client.internal.LocatorTestBase)
BindException(java.net.BindException)
Host(org.apache.geode.test.dunit.Host)
VM(org.apache.geode.test.dunit.VM)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
Region(org.apache.geode.cache.Region)
RegionFactory(org.apache.geode.cache.RegionFactory)
CategoryWithParameterizedRunnerFactory(org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory)
DistributedSystem(org.apache.geode.distributed.DistributedSystem)
NetworkUtils(org.apache.geode.test.dunit.NetworkUtils)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
Properties(java.util.Properties)
AvailablePortHelper(org.apache.geode.internal.AvailablePortHelper)
RegionShortcut(org.apache.geode.cache.RegionShortcut)
IOException(java.io.IOException)
Test(org.junit.Test)
FileInputStream(java.io.FileInputStream)
InputStreamReader(java.io.InputStreamReader)
SSLContextBuilder(org.apache.http.ssl.SSLContextBuilder)
TestUtil(org.apache.geode.util.test.TestUtil)
File(java.io.File)
ClientCacheFactory(org.apache.geode.cache.client.ClientCacheFactory)
DataPolicy(org.apache.geode.cache.DataPolicy)
BufferedReader(java.io.BufferedReader)
Assert(org.junit.Assert)
InputStream(java.io.InputStream)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
File(java.io.File)
SSLContextBuilder(org.apache.http.ssl.SSLContextBuilder)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
FileInputStream(java.io.FileInputStream)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Example 27 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project lucene-solr by apache.
the class SSLTestConfig method buildClientSSLContext.
/**
* Builds a new SSLContext for HTTP <b>clients</b> to use when communicating with servers which have
* been configured based on the settings of this object.
*
* NOTE: Uses a completely insecure {@link SecureRandom} instance to prevent tests from blocking
* due to lack of entropy, also explicitly allows the use of self-signed
* certificates (since that's what is almost always used during testing).
*/
public SSLContext buildClientSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
assert isSSLMode();
SSLContextBuilder builder = SSLContexts.custom();
builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
// NOTE: KeyStore & TrustStore are swapped because they are from configured from server perspective...
// we are a client - our keystore contains the keys the server trusts, and vice versa
builder.loadTrustMaterial(buildKeyStore(keyStore, getKeyStorePassword()), new TrustSelfSignedStrategy()).build();
if (isClientAuthMode()) {
builder.loadKeyMaterial(buildKeyStore(trustStore, getTrustStorePassword()), getTrustStorePassword().toCharArray());
}
return builder.build();
}
Also used :
SSLContextBuilder(org.apache.http.conn.ssl.SSLContextBuilder)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Example 28 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project lucene-solr by apache.
the class SSLTestConfig method buildServerSSLContext.
/**
* Builds a new SSLContext for jetty servers which have been configured based on the settings of
* this object.
*
* NOTE: Uses a completely insecure {@link SecureRandom} instance to prevent tests from blocking
* due to lack of entropy, also explicitly allows the use of self-signed
* certificates (since that's what is almost always used during testing).
* almost always used during testing).
*/
public SSLContext buildServerSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
assert isSSLMode();
SSLContextBuilder builder = SSLContexts.custom();
builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
builder.loadKeyMaterial(buildKeyStore(keyStore, getKeyStorePassword()), getKeyStorePassword().toCharArray());
if (isClientAuthMode()) {
builder.loadTrustMaterial(buildKeyStore(trustStore, getTrustStorePassword()), new TrustSelfSignedStrategy()).build();
}
return builder.build();
}
Also used :
SSLContextBuilder(org.apache.http.conn.ssl.SSLContextBuilder)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Example 29 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project SEPA by arces-wot.
the class SSLSecurityManager method getSSLHttpClient.
/**
* Gets the SSL http client.
*
* @return the SSL http client
* @throws KeyManagementException the key management exception
* @throws NoSuchAlgorithmException the no such algorithm exception
* @throws KeyStoreException the key store exception
* @throws CertificateException the certificate exception
* @throws IOException Signals that an I/O exception has occurred.
*/
public CloseableHttpClient getSSLHttpClient() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
// Trust own CA and all self-signed certificates
SSLContext sslcontext = null;
sslcontext = SSLContexts.custom().loadTrustMaterial(new File(storename), password.toCharArray(), new TrustSelfSignedStrategy()).build();
// Allow TLSv1 protocol only
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, new String[] { protocol }, null, this);
return HttpClients.custom().setSSLSocketFactory(sslsf).build();
}
Also used :
SSLContext(javax.net.ssl.SSLContext)
File(java.io.File)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Example 30 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project vespa by vespa-engine.
the class IdentityDocumentService method createHttpClient.
// TODO Use client side auth to establish trusted secure channel
// TODO Validate TLS certifcate of config server
private static CloseableHttpClient createHttpClient() {
try {
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
return HttpClientBuilder.create().setSSLSocketFactory(sslSocketFactory).setUserAgent("identity-document-client").build();
} catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
throw new RuntimeException(e);
}
}
Also used :
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
SSLContextBuilder(org.apache.http.conn.ssl.SSLContextBuilder)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
KeyManagementException(java.security.KeyManagementException)
Aggregations
TrustSelfSignedStrategy (org.apache.http.conn.ssl.TrustSelfSignedStrategy)62
SSLConnectionSocketFactory (org.apache.http.conn.ssl.SSLConnectionSocketFactory)47
SSLContextBuilder (org.apache.http.ssl.SSLContextBuilder)32
SSLContext (javax.net.ssl.SSLContext)23
IOException (java.io.IOException)18
HttpClient (org.apache.http.client.HttpClient)15
KeyStore (java.security.KeyStore)14
HttpComponentsClientHttpRequestFactory (org.springframework.http.client.HttpComponentsClientHttpRequestFactory)14
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)12
KeyManagementException (java.security.KeyManagementException)11
KeyStoreException (java.security.KeyStoreException)11
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)11
Test (org.junit.jupiter.api.Test)11
File (java.io.File)10
NoopHostnameVerifier (org.apache.http.conn.ssl.NoopHostnameVerifier)10
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)10
SSLContextBuilder (org.apache.http.conn.ssl.SSLContextBuilder)9
RequestConfig (org.apache.http.client.config.RequestConfig)8
ConnectionSocketFactory (org.apache.http.conn.socket.ConnectionSocketFactory)7
PoolingHttpClientConnectionManager (org.apache.http.impl.conn.PoolingHttpClientConnectionManager)7
