Example 1 with KeyManagerException
use of org.apache.zookeeper.common.X509Exception.KeyManagerException in project zookeeper by apache.
the class X509Util method createSSLContext.
public static SSLContext createSSLContext(ZKConfig config) throws SSLContextException {
KeyManager[] keyManagers = null;
TrustManager[] trustManagers = null;
String keyStoreLocationProp = config.getProperty(ZKConfig.SSL_KEYSTORE_LOCATION);
String keyStorePasswordProp = config.getProperty(ZKConfig.SSL_KEYSTORE_PASSWD);
if (keyStoreLocationProp == null && keyStorePasswordProp == null) {
LOG.warn("keystore not specified for client connection");
} else {
if (keyStoreLocationProp == null) {
throw new SSLContextException("keystore location not specified for client connection");
}
if (keyStorePasswordProp == null) {
throw new SSLContextException("keystore password not specified for client connection");
}
try {
keyManagers = new KeyManager[] { createKeyManager(keyStoreLocationProp, keyStorePasswordProp) };
} catch (KeyManagerException e) {
throw new SSLContextException("Failed to create KeyManager", e);
}
}
String trustStoreLocationProp = config.getProperty(ZKConfig.SSL_TRUSTSTORE_LOCATION);
String trustStorePasswordProp = config.getProperty(ZKConfig.SSL_TRUSTSTORE_PASSWD);
if (trustStoreLocationProp == null && trustStorePasswordProp == null) {
LOG.warn("Truststore not specified for client connection");
} else {
if (trustStoreLocationProp == null) {
throw new SSLContextException("Truststore location not specified for client connection");
}
if (trustStorePasswordProp == null) {
throw new SSLContextException("Truststore password not specified for client connection");
}
try {
trustManagers = new TrustManager[] { createTrustManager(trustStoreLocationProp, trustStorePasswordProp) };
} catch (TrustManagerException e) {
throw new SSLContextException("Failed to create TrustManager", e);
}
}
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(keyManagers, trustManagers, null);
} catch (Exception e) {
throw new SSLContextException(e);
}
return sslContext;
}
Also used :
KeyManagerException(org.apache.zookeeper.common.X509Exception.KeyManagerException)
SSLContextException(org.apache.zookeeper.common.X509Exception.SSLContextException)
TrustManagerException(org.apache.zookeeper.common.X509Exception.TrustManagerException)
SSLContext(javax.net.ssl.SSLContext)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
TrustManagerException(org.apache.zookeeper.common.X509Exception.TrustManagerException)
IOException(java.io.IOException)
KeyManagerException(org.apache.zookeeper.common.X509Exception.KeyManagerException)
SSLContextException(org.apache.zookeeper.common.X509Exception.SSLContextException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Example 2 with KeyManagerException
use of org.apache.zookeeper.common.X509Exception.KeyManagerException in project zookeeper by apache.
the class X509Util method createKeyManager.
/**
* Creates a key manager by loading the key store from the given file of
* the given type, optionally decrypting it using the given password.
* @param keyStoreLocation the location of the key store file.
* @param keyStorePassword optional password to decrypt the key store. If
* empty, assumes the key store is not encrypted.
* @param keyStoreTypeProp must be JKS, PEM, PKCS12, BCFKS or null. If null,
* attempts to autodetect the key store type from
* the file extension (e.g. .jks / .pem).
* @return the key manager.
* @throws KeyManagerException if something goes wrong.
*/
public static X509KeyManager createKeyManager(String keyStoreLocation, String keyStorePassword, String keyStoreTypeProp) throws KeyManagerException {
if (keyStorePassword == null) {
keyStorePassword = "";
}
try {
KeyStore ks = loadKeyStore(keyStoreLocation, keyStorePassword, keyStoreTypeProp);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
kmf.init(ks, keyStorePassword.toCharArray());
for (KeyManager km : kmf.getKeyManagers()) {
if (km instanceof X509KeyManager) {
return (X509KeyManager) km;
}
}
throw new KeyManagerException("Couldn't find X509KeyManager");
} catch (IOException | GeneralSecurityException | IllegalArgumentException e) {
throw new KeyManagerException(e);
}
}
Also used :
KeyManagerException(org.apache.zookeeper.common.X509Exception.KeyManagerException)
GeneralSecurityException(java.security.GeneralSecurityException)
X509KeyManager(javax.net.ssl.X509KeyManager)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 3 with KeyManagerException
use of org.apache.zookeeper.common.X509Exception.KeyManagerException in project zookeeper by apache.
the class X509Util method createSSLContextAndOptionsFromConfig.
public SSLContextAndOptions createSSLContextAndOptionsFromConfig(ZKConfig config) throws SSLContextException {
KeyManager[] keyManagers = null;
TrustManager[] trustManagers = null;
String keyStoreLocationProp = config.getProperty(sslKeystoreLocationProperty, "");
String keyStorePasswordProp = getPasswordFromConfigPropertyOrFile(config, sslKeystorePasswdProperty, sslKeystorePasswdPathProperty);
String keyStoreTypeProp = config.getProperty(sslKeystoreTypeProperty);
if (keyStoreLocationProp.isEmpty()) {
LOG.warn("{} not specified", getSslKeystoreLocationProperty());
} else {
try {
keyManagers = new KeyManager[] { createKeyManager(keyStoreLocationProp, keyStorePasswordProp, keyStoreTypeProp) };
} catch (KeyManagerException keyManagerException) {
throw new SSLContextException("Failed to create KeyManager", keyManagerException);
} catch (IllegalArgumentException e) {
throw new SSLContextException("Bad value for " + sslKeystoreTypeProperty + ": " + keyStoreTypeProp, e);
}
}
String trustStoreLocationProp = config.getProperty(sslTruststoreLocationProperty, "");
String trustStorePasswordProp = getPasswordFromConfigPropertyOrFile(config, sslTruststorePasswdProperty, sslTruststorePasswdPathProperty);
String trustStoreTypeProp = config.getProperty(sslTruststoreTypeProperty);
boolean sslCrlEnabled = config.getBoolean(this.sslCrlEnabledProperty);
boolean sslOcspEnabled = config.getBoolean(this.sslOcspEnabledProperty);
boolean sslServerHostnameVerificationEnabled = config.getBoolean(this.getSslHostnameVerificationEnabledProperty(), true);
boolean sslClientHostnameVerificationEnabled = sslServerHostnameVerificationEnabled && shouldVerifyClientHostname();
if (trustStoreLocationProp.isEmpty()) {
LOG.warn("{} not specified", getSslTruststoreLocationProperty());
} else {
try {
trustManagers = new TrustManager[] { createTrustManager(trustStoreLocationProp, trustStorePasswordProp, trustStoreTypeProp, sslCrlEnabled, sslOcspEnabled, sslServerHostnameVerificationEnabled, sslClientHostnameVerificationEnabled) };
} catch (TrustManagerException trustManagerException) {
throw new SSLContextException("Failed to create TrustManager", trustManagerException);
} catch (IllegalArgumentException e) {
throw new SSLContextException("Bad value for " + sslTruststoreTypeProperty + ": " + trustStoreTypeProp, e);
}
}
String protocol = config.getProperty(sslProtocolProperty, DEFAULT_PROTOCOL);
try {
SSLContext sslContext = SSLContext.getInstance(protocol);
sslContext.init(keyManagers, trustManagers, null);
return new SSLContextAndOptions(this, config, sslContext);
} catch (NoSuchAlgorithmException | KeyManagementException sslContextInitException) {
throw new SSLContextException(sslContextInitException);
}
}
Also used :
KeyManagerException(org.apache.zookeeper.common.X509Exception.KeyManagerException)
SSLContextException(org.apache.zookeeper.common.X509Exception.SSLContextException)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyManagementException(java.security.KeyManagementException)
TrustManager(javax.net.ssl.TrustManager)
X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerException(org.apache.zookeeper.common.X509Exception.TrustManagerException)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
Aggregations
KeyManager (javax.net.ssl.KeyManager)3
X509KeyManager (javax.net.ssl.X509KeyManager)3
KeyManagerException (org.apache.zookeeper.common.X509Exception.KeyManagerException)3
IOException (java.io.IOException)2
SSLContext (javax.net.ssl.SSLContext)2
TrustManager (javax.net.ssl.TrustManager)2
X509TrustManager (javax.net.ssl.X509TrustManager)2
SSLContextException (org.apache.zookeeper.common.X509Exception.SSLContextException)2
TrustManagerException (org.apache.zookeeper.common.X509Exception.TrustManagerException)2
GeneralSecurityException (java.security.GeneralSecurityException)1
KeyManagementException (java.security.KeyManagementException)1
KeyStore (java.security.KeyStore)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)1
X509ExtendedTrustManager (javax.net.ssl.X509ExtendedTrustManager)1
