List of usage examples for java.security KeyStoreException printStackTrace
public void printStackTrace(PrintStream s)
From source file:org.jenkinsci.plugins.stashNotifier.StashNotifier.java
/** * Returns the HttpClient through which the REST call is made. Uses an * unsafe TrustStrategy in case the user specified a HTTPS URL and * set the ignoreUnverifiedSSLPeer flag. * /* w w w . j a va 2 s . c o m*/ * @param logger the logger to log messages to * @return the HttpClient */ private HttpClient getHttpClient(PrintStream logger) { HttpClient client = null; boolean ignoreUnverifiedSSL = ignoreUnverifiedSSLPeer; DescriptorImpl descriptor = getDescriptor(); if (!ignoreUnverifiedSSL) { ignoreUnverifiedSSL = descriptor.isIgnoreUnverifiedSsl(); } if (getStashServerBaseUrl().startsWith("https") && ignoreUnverifiedSSL) { // add unsafe trust manager to avoid thrown // SSLPeerUnverifiedException try { TrustStrategy easyStrategy = new TrustStrategy() { public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }; SSLSocketFactory sslSocketFactory = new SSLSocketFactory(easyStrategy); SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme("https", 443, sslSocketFactory)); ClientConnectionManager connectionManager = new SingleClientConnManager(schemeRegistry); client = new DefaultHttpClient(connectionManager); } catch (NoSuchAlgorithmException nsae) { logger.println("Couldn't establish SSL context:"); nsae.printStackTrace(logger); } catch (KeyManagementException kme) { logger.println("Couldn't initialize SSL context:"); kme.printStackTrace(logger); } catch (KeyStoreException kse) { logger.println("Couldn't initialize SSL context:"); kse.printStackTrace(logger); } catch (UnrecoverableKeyException uke) { logger.println("Couldn't initialize SSL context:"); uke.printStackTrace(logger); } finally { if (client == null) { logger.println("Trying with safe trust manager, instead!"); client = new DefaultHttpClient(); } } } else { client = new DefaultHttpClient(); } ProxyConfiguration proxy = Jenkins.getInstance().proxy; if (proxy != null && !proxy.name.isEmpty() && !proxy.name.startsWith("http")) { SchemeRegistry schemeRegistry = client.getConnectionManager().getSchemeRegistry(); schemeRegistry.register(new Scheme("http", proxy.port, new PlainSocketFactory())); client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, new HttpHost(proxy.name, proxy.port)); } return client; }
From source file:org.jenkinsci.plugins.bitbucketNotifier.BitbucketNotifier.java
/** * Returns the HttpClient through which the REST call is made. Uses an * unsafe TrustStrategy in case the user specified a HTTPS URL and * set the ignoreUnverifiedSSLPeer flag. * * @param logger the logger to log messages to * @param build// w w w . j av a 2 s .co m * @return the HttpClient */ private HttpClient getHttpClient(PrintStream logger, AbstractBuild<?, ?> build) throws Exception { boolean ignoreUnverifiedSSL = ignoreUnverifiedSSLPeer; String bitbucketServer = bitbucketServerBaseUrl; DescriptorImpl descriptor = getDescriptor(); // Determine if we are using the local or global settings String credentialsId = getCredentialsId(); if (StringUtils.isBlank(credentialsId)) { credentialsId = descriptor.getCredentialsId(); } Credentials credentials = CredentialsMatchers.firstOrNull(CredentialsProvider .lookupCredentials(CertificateCredentials.class, Jenkins.getInstance(), ACL.SYSTEM), CredentialsMatchers.withId(credentialsId)); if ("".equals(bitbucketServer) || bitbucketServer == null) { bitbucketServer = descriptor.getBitbucketRootUrl(); } if (!ignoreUnverifiedSSL) { ignoreUnverifiedSSL = descriptor.isIgnoreUnverifiedSsl(); } URL url = new URL(bitbucketServer); HttpClientBuilder builder = HttpClientBuilder.create(); if (url.getProtocol().equals("https") && (ignoreUnverifiedSSL || credentials instanceof CertificateCredentials)) { // add unsafe trust manager to avoid thrown // SSLPeerUnverifiedException try { SSLConnectionSocketFactory sslConnSocketFactory = new SSLConnectionSocketFactory( buildSslContext(ignoreUnverifiedSSL, credentials), ignoreUnverifiedSSL ? SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER : null); builder.setSSLSocketFactory(sslConnSocketFactory); Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create() .register("https", sslConnSocketFactory).build(); HttpClientConnectionManager ccm = new BasicHttpClientConnectionManager(registry); builder.setConnectionManager(ccm); } catch (NoSuchAlgorithmException nsae) { logger.println("Couldn't establish SSL context:"); nsae.printStackTrace(logger); } catch (KeyManagementException kme) { logger.println("Couldn't initialize SSL context:"); kme.printStackTrace(logger); } catch (KeyStoreException kse) { logger.println("Couldn't initialize SSL context:"); kse.printStackTrace(logger); } } // Configure the proxy, if needed // Using the Jenkins methods handles the noProxyHost settings ProxyConfiguration proxyConfig = Jenkins.getInstance().proxy; if (proxyConfig != null) { Proxy proxy = proxyConfig.createProxy(url.getHost()); if (proxy != null && proxy.type() == Proxy.Type.HTTP) { SocketAddress addr = proxy.address(); if (addr != null && addr instanceof InetSocketAddress) { InetSocketAddress proxyAddr = (InetSocketAddress) addr; HttpHost proxyHost = new HttpHost(proxyAddr.getAddress().getHostAddress(), proxyAddr.getPort()); builder = builder.setProxy(proxyHost); String proxyUser = proxyConfig.getUserName(); if (proxyUser != null) { String proxyPass = proxyConfig.getPassword(); BasicCredentialsProvider cred = new BasicCredentialsProvider(); cred.setCredentials(new AuthScope(proxyHost), new UsernamePasswordCredentials(proxyUser, proxyPass)); builder = builder.setDefaultCredentialsProvider(cred) .setProxyAuthenticationStrategy(new ProxyAuthenticationStrategy()); } } } } return builder.build(); }
From source file:net.jsign.PESignerCLI.java
void execute(String... args) throws SignerException { DefaultParser parser = new DefaultParser(); try {/*from w w w.ja v a 2 s .c o m*/ CommandLine cmd = parser.parse(options, args); if (cmd.hasOption("help") || args.length == 0) { printHelp(); return; } File keystore = cmd.hasOption("keystore") ? new File(cmd.getOptionValue("keystore")) : null; String storepass = cmd.getOptionValue("storepass"); String storetype = cmd.getOptionValue("storetype"); String alias = cmd.getOptionValue("alias"); String keypass = cmd.getOptionValue("keypass"); File keyfile = cmd.hasOption("keyfile") ? new File(cmd.getOptionValue("keyfile")) : null; File certfile = cmd.hasOption("certfile") ? new File(cmd.getOptionValue("certfile")) : null; String tsaurl = cmd.getOptionValue("tsaurl"); String tsmode = cmd.getOptionValue("tsmode"); String algorithm = cmd.getOptionValue("alg"); String name = cmd.getOptionValue("name"); String url = cmd.getOptionValue("url"); File file = cmd.getArgList().isEmpty() ? null : new File(cmd.getArgList().get(0)); if (keystore != null && storetype == null) { // guess the type of the keystore from the extension of the file String filename = keystore.getName().toLowerCase(); if (filename.endsWith(".p12") || filename.endsWith(".pfx")) { storetype = "PKCS12"; } else { storetype = "JKS"; } } PrivateKey privateKey; Certificate[] chain; // some exciting parameter validation... if (keystore == null && keyfile == null && certfile == null) { throw new SignerException("keystore option, or keyfile and certfile options must be set"); } if (keystore != null && (keyfile != null || certfile != null)) { throw new SignerException("keystore option can't be mixed with keyfile or certfile"); } if (keystore != null) { // JKS or PKCS12 keystore KeyStore ks; try { ks = KeyStore.getInstance(storetype); } catch (KeyStoreException e) { throw new SignerException("keystore type '" + storetype + "' is not supported", e); } if (!keystore.exists()) { throw new SignerException("The keystore " + keystore + " couldn't be found"); } FileInputStream in = null; try { in = new FileInputStream(keystore); ks.load(in, storepass != null ? storepass.toCharArray() : null); } catch (Exception e) { throw new SignerException("Unable to load the keystore " + keystore, e); } finally { try { if (in != null) { in.close(); } } catch (IOException e) { // ignore } } if (alias == null) { throw new SignerException("alias option must be set"); } try { chain = ks.getCertificateChain(alias); } catch (KeyStoreException e) { throw new SignerException(e.getMessage(), e); } if (chain == null) { throw new SignerException( "No certificate found under the alias '" + alias + "' in the keystore " + keystore); } char[] password = keypass != null ? keypass.toCharArray() : storepass.toCharArray(); try { privateKey = (PrivateKey) ks.getKey(alias, password); } catch (Exception e) { throw new SignerException("Failed to retrieve the private key from the keystore", e); } } else { // separate private key and certificate files (PVK/SPC) if (keyfile == null) { throw new SignerException("keyfile option must be set"); } if (!keyfile.exists()) { throw new SignerException("The keyfile " + keyfile + " couldn't be found"); } if (certfile == null) { throw new SignerException("certfile option must be set"); } if (!certfile.exists()) { throw new SignerException("The certfile " + certfile + " couldn't be found"); } // load the certificate chain try { chain = loadCertificateChain(certfile); } catch (Exception e) { throw new SignerException("Failed to load the certificate from " + certfile, e); } // load the private key try { privateKey = PVK.parse(keyfile, keypass); } catch (Exception e) { throw new SignerException("Failed to load the private key from " + keyfile, e); } } if (algorithm != null && DigestAlgorithm.of(algorithm) == null) { throw new SignerException("The digest algorithm " + algorithm + " is not supported"); } if (file == null) { throw new SignerException("missing file argument"); } if (!file.exists()) { throw new SignerException("The file " + file + " couldn't be found"); } PEFile peFile; try { peFile = new PEFile(file); } catch (IOException e) { throw new SignerException("Couldn't open the executable file " + file, e); } // and now the actual work! PESigner signer = new PESigner(chain, privateKey).withProgramName(name).withProgramURL(url) .withDigestAlgorithm(DigestAlgorithm.of(algorithm)) .withTimestamping(tsaurl != null || tsmode != null) .withTimestampingMode(TimestampingMode.of(tsmode)).withTimestampingAutority(tsaurl); try { System.out.println("Adding Authenticode signature to " + file); signer.sign(peFile); } catch (Exception e) { throw new SignerException("Couldn't sign " + file, e); } finally { try { peFile.close(); } catch (IOException e) { System.err.println("Couldn't close " + file); e.printStackTrace(System.err); } } } catch (ParseException e) { e.printStackTrace(); } }