List of usage examples for java.security Security setProperty
public static void setProperty(String key, String datum)
From source file:org.qi4j.library.http.AbstractJettyTest.java
@BeforeClass public static void beforeJettyTestClass() { // Be sure that no test trigger a DNS cache, needed by VirtualHosts test plumbing Security.setProperty("networkaddress.cache.ttl", "0"); }
From source file:ch.admin.suis.msghandler.signer.SignerTest.java
@Override protected void setUp() throws Exception { super.setUp(); // Fr Zeile unter siehe // https://golb.hplar.ch/p/JCE-policy-changes-in-Java-SE-8u151-and-8u152 Security.setProperty("crypto.policy", "unlimited"); Security.addProvider(new BouncyCastleProvider()); // Erstelle die fr die Tests erforderlichen Verzeichnisse createDirectory(signingOutbox1);//from ww w.j av a 2s .c om createDirectory(signingOutbox2); createDirectory(signingOutbox1Processed); }
From source file:be.apsu.extremon.probes.ocsp.OCSPProbe.java
public OCSPProbe() { CertificateFactory certificateFactory = null; try {// www .j a va 2s . c o m certificateFactory = CertificateFactory.getInstance("X.509"); } catch (CertificateException cex) { log("Don't Have Crypto Libs:" + cex.getMessage()); System.exit(1); } try { certificate = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(confStr("certificate")))); trustAnchorCert = (X509Certificate) certificateFactory .generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(confStr("trustanchor")))); } catch (CertificateException cex) { log("certificate and trustanchor required in config:" + cex.getMessage()); System.exit(2); } this.delay = confInt("delay", DEFAULT_DELAY); try { List<X509Certificate> certs = new ArrayList<X509Certificate>(); certs.add(this.certificate); this.certificatePath = (CertPath) certificateFactory.generateCertPath(certs); TrustAnchor trustAnchor = new TrustAnchor(this.trustAnchorCert, null); Set<TrustAnchor> trustedCertsSet = new HashSet<TrustAnchor>(); trustedCertsSet.add(trustAnchor); Set<X509Certificate> certSet = new HashSet<X509Certificate>(); certSet.add(this.trustAnchorCert); CertStoreParameters storeParams = new CollectionCertStoreParameters(certSet); CertStore store = CertStore.getInstance("Collection", storeParams); pkixParams = new PKIXParameters(trustedCertsSet); pkixParams.addCertStore(store); Security.setProperty("ocsp.enable", "true"); Security.setProperty("ocsp.responderURL", confStr("url")); Security.setProperty("ocsp.responderCertSubjectName", this.trustAnchorCert.getSubjectX500Principal().getName()); this.certificatePathValidator = CertPathValidator.getInstance("PKIX"); } catch (InvalidAlgorithmParameterException iaex) { log("Invalid Algorithm Parameter:" + iaex.getMessage()); System.exit(3); } catch (CertificateException cex) { log("Certificate Exception:" + cex.getMessage()); System.exit(4); } catch (NoSuchAlgorithmException nsaex) { log("No Such Algorithm:" + nsaex.getMessage()); System.exit(5); } catch (Exception ex) { log(ex.getMessage()); System.exit(6); } start(); log("Initialized"); }
From source file:com.floragunn.searchguard.ssl.SSLTest.java
@Test public void testCipherAndProtocols() throws Exception { Security.setProperty("jdk.tls.disabledAlgorithms", ""); System.out.println("Disabled algos: " + Security.getProperty("jdk.tls.disabledAlgorithms")); System.out.println("allowOpenSSL: " + allowOpenSSL); Settings settings = Settings.settingsBuilder().put("searchguard.ssl.transport.enabled", false) .put(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_KEYSTORE_ALIAS, "node-0") .put("searchguard.ssl.http.enabled", true) .put(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL) .put("searchguard.ssl.http.clientauth_mode", "REQUIRE") .put("searchguard.ssl.http.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")) .put("searchguard.ssl.http.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")) //WEAK and insecure cipher, do NOT use this, its here for unittesting only!!! .put("searchguard.ssl.http.enabled_ciphers", "SSL_RSA_EXPORT_WITH_RC4_40_MD5") //WEAK and insecure protocol, do NOT use this, its here for unittesting only!!! .put("searchguard.ssl.http.enabled_protocols", "SSLv3").put("client.type", "node") .put("path.home", ".").build(); try {// www .ja v a 2 s. c o m String[] enabledCiphers = new SearchGuardKeyStore(settings).createHTTPSSLEngine() .getEnabledCipherSuites(); String[] enabledProtocols = new SearchGuardKeyStore(settings).createHTTPSSLEngine() .getEnabledProtocols(); if (allowOpenSSL) { Assert.assertEquals(2, enabledProtocols.length); //SSLv2Hello is always enabled when using openssl Assert.assertTrue("Check SSLv3", "SSLv3".equals(enabledProtocols[0]) || "SSLv3".equals(enabledProtocols[1])); Assert.assertEquals(1, enabledCiphers.length); Assert.assertEquals("TLS_RSA_EXPORT_WITH_RC4_40_MD5", enabledCiphers[0]); } else { Assert.assertEquals(1, enabledProtocols.length); Assert.assertEquals("SSLv3", enabledProtocols[0]); Assert.assertEquals(1, enabledCiphers.length); Assert.assertEquals("SSL_RSA_EXPORT_WITH_RC4_40_MD5", enabledCiphers[0]); } settings = Settings.settingsBuilder().put("searchguard.ssl.transport.enabled", true) .put(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL) .put("searchguard.ssl.transport.keystore_filepath", getAbsoluteFilePathFromClassPath("node-0-keystore.jks")) .put("searchguard.ssl.transport.truststore_filepath", getAbsoluteFilePathFromClassPath("truststore.jks")) //WEAK and insecure cipher, do NOT use this, its here for unittesting only!!! .put("searchguard.ssl.transport.enabled_ciphers", "SSL_RSA_EXPORT_WITH_RC4_40_MD5") //WEAK and insecure protocol, do NOT use this, its here for unittesting only!!! .put("searchguard.ssl.transport.enabled_protocols", "SSLv3").put("client.type", "node") .put("path.home", ".").build(); enabledCiphers = new SearchGuardKeyStore(settings).createServerTransportSSLEngine() .getEnabledCipherSuites(); enabledProtocols = new SearchGuardKeyStore(settings).createServerTransportSSLEngine() .getEnabledProtocols(); if (allowOpenSSL) { Assert.assertEquals(2, enabledProtocols.length); //SSLv2Hello is always enabled when using openssl Assert.assertTrue("Check SSLv3", "SSLv3".equals(enabledProtocols[0]) || "SSLv3".equals(enabledProtocols[1])); Assert.assertEquals(1, enabledCiphers.length); Assert.assertEquals("TLS_RSA_EXPORT_WITH_RC4_40_MD5", enabledCiphers[0]); } else { Assert.assertEquals(1, enabledProtocols.length); Assert.assertEquals("SSLv3", enabledProtocols[0]); Assert.assertEquals(1, enabledCiphers.length); Assert.assertEquals("SSL_RSA_EXPORT_WITH_RC4_40_MD5", enabledCiphers[0]); } enabledCiphers = new SearchGuardKeyStore(settings).createClientTransportSSLEngine(null, -1) .getEnabledCipherSuites(); enabledProtocols = new SearchGuardKeyStore(settings).createClientTransportSSLEngine(null, -1) .getEnabledProtocols(); if (allowOpenSSL) { Assert.assertEquals(2, enabledProtocols.length); //SSLv2Hello is always enabled when using openssl Assert.assertTrue("Check SSLv3", "SSLv3".equals(enabledProtocols[0]) || "SSLv3".equals(enabledProtocols[1])); Assert.assertEquals(1, enabledCiphers.length); Assert.assertEquals("TLS_RSA_EXPORT_WITH_RC4_40_MD5", enabledCiphers[0]); } else { Assert.assertEquals(1, enabledProtocols.length); Assert.assertEquals("SSLv3", enabledProtocols[0]); Assert.assertEquals(1, enabledCiphers.length); Assert.assertEquals("SSL_RSA_EXPORT_WITH_RC4_40_MD5", enabledCiphers[0]); } } catch (ElasticsearchSecurityException e) { System.out.println("EXPECTED " + e.getClass().getSimpleName() + " for " + System.getProperty("java.specification.version") + ": " + e.toString()); e.printStackTrace(); Assert.assertTrue("Check if error contains 'no valid cipher suites' -> " + e.toString(), e.toString().contains("no valid cipher suites") || e.toString().contains("failed to set cipher suite") || e.toString().contains("Unable to configure permitted SSL ciphers") || e.toString().contains("OPENSSL_internal:NO_CIPHER_MATCH")); Assert.assertTrue("Check if >= Java 8 and no openssl", allowOpenSSL ? true : Constants.JRE_IS_MINIMUM_JAVA8); } }
From source file:net.java.sip.communicator.impl.certificate.CertificateServiceImpl.java
/** * Initializes a new <tt>CertificateServiceImpl</tt> instance. *///from w w w . j a va 2 s .c om public CertificateServiceImpl() { setTrustStore(); config.addPropertyChangeListener(PNAME_TRUSTSTORE_TYPE, this); System.setProperty("com.sun.security.enableCRLDP", config.getString(PNAME_REVOCATION_CHECK_ENABLED, "false")); System.setProperty("com.sun.net.ssl.checkRevocation", config.getString(PNAME_REVOCATION_CHECK_ENABLED, "false")); Security.setProperty("ocsp.enable", config.getString(PNAME_OCSP_ENABLED, "false")); }
From source file:ch.admin.suis.msghandler.config.ClientConfigurationFactory.java
/** * Initialize the factory with a XML file located at the given path. This is a relative path to a location somewhere * in the classpath.//from w ww . j av a 2s . co m * Has to be called! */ @SuppressWarnings("unchecked") public void init() throws ConfigurationException { // set the unlimited policy directly. Siehe https://golb.hplar.ch/p/JCE-policy-changes-in-Java-SE-8u151-and-8u152 Security.setProperty("crypto.policy", "unlimited"); // load the BouncyCastle provider Security.addProvider(new BouncyCastleProvider()); checkSigningOutboxDirSet.clear(); // clear set... checkSigningProcessedDirSet.clear(); clientConfiguration.setSedexAdapterConfiguration(createSedexAdapterConfig(xmlConfig)); LOG.info("Sedex adapter configuration added, " + clientConfiguration.getSedexAdapterConfiguration()); final String baseDir = createBaseDir(xmlConfig); clientConfiguration.setWorkingDir(createWorkingDir(xmlConfig)); // SEDEX-175 - cleans the working dir up. cleanUpWorkingDir(clientConfiguration.getWorkingDir()); // Sets the outbox limit long secondsControllerBeforeSendingStuff = xmlConfig.getLong("messageHandler.minimumFileAge[@waitFor]", 0); if (secondsControllerBeforeSendingStuff == 0) { LOG.warn( "No delayer has been set with the key messageHandler.minimumFileAge.waitFor, which means every file " + "will be sent ASAP instead of waiting for a bit ! This is usually a bad idea for big files as " + "they tend to be slow..."); } Outbox.secondsBeforeSending = secondsControllerBeforeSendingStuff; //Sets the inbox limit long maximumInboxFiles = xmlConfig.getLong("messageHandler.maximumIncomingMessages[@accept]", Long.MAX_VALUE); if (maximumInboxFiles == 0) { LOG.error( "MessageHandler is configured to accept a maximum of 0 documents in each inbox. This is unacceptable."); throw new ConfigurationException("Cannot put 0 as a throttle for inboxes."); } Inbox.incomingMessageLimit = maximumInboxFiles; // **************** receiver-specific settings ReceiverConfiguration receiverConfiguration = setupReceiver(); // **************** checker-specific settings StatusCheckerConfiguration statusCheckerConfiguration = setupChecker(); final String defaultSenderCronValue = xmlConfig.getString("messageHandler.defaultOutboxCheck[@cron]"); if (StringUtils.isBlank(defaultSenderCronValue)) { throw new ConfigurationException("Missing attribute: messageHandler.defaultOutboxCheck[@cron]"); } // create default sender configuration - with the default cron final SenderConfiguration defaultSenderConfiguration = new SenderConfiguration(defaultSenderCronValue); setupNativeApps(defaultSenderConfiguration, baseDir, receiverConfiguration); if (!defaultSenderConfiguration.getOutboxes().isEmpty()) { // if the default config contains at least one outbox, add it to the client config clientConfiguration.addSenderConfiguration(defaultSenderConfiguration); // MANTIS 5023 LOG.info("sender added, " + defaultSenderConfiguration); } // Setting up transparent apps... setupTransparentApps(defaultSenderCronValue, baseDir, receiverConfiguration, statusCheckerConfiguration); // Launching jetty... setupHttpServer(); }
From source file:catalina.startup.CatalinaService.java
/** * Start a new server instance./* w ww .j av a 2 s .c o m*/ */ public void load() { // Create and execute our Digester Digester digester = createStartDigester(); File file = configFile(); try { digester.push(this); digester.parse(file); } catch (Exception e) { System.out.println("Catalina.start: " + e); e.printStackTrace(System.out); System.exit(1); } // Setting additional variables if (!useNaming) { System.setProperty("catalina.useNaming", "false"); } else { System.setProperty("catalina.useNaming", "true"); String value = "org.apache.naming"; String oldValue = System.getProperty(javax.naming.Context.URL_PKG_PREFIXES); if (oldValue != null) { value = value + ":" + oldValue; } System.setProperty(javax.naming.Context.URL_PKG_PREFIXES, value); System.setProperty(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "org.apache.naming.java.javaURLContextFactory"); } // If a SecurityManager is being used, set properties for // checkPackageAccess() and checkPackageDefinition if (System.getSecurityManager() != null) { String access = Security.getProperty("package.access"); if (access != null && access.length() > 0) access += ","; else access = "sun.,"; Security.setProperty("package.access", access + "org.apache.catalina.,org.apache.jasper."); String definition = Security.getProperty("package.definition"); if (definition != null && definition.length() > 0) definition += ","; else definition = "sun.,"; Security.setProperty("package.definition", // FIX ME package "javax." was removed to prevent HotSpot // fatal internal errors definition + "java.,org.apache.catalina.,org.apache.jasper."); } // Start the new server if (server instanceof Lifecycle) { try { server.initialize(); } catch (LifecycleException e) { System.out.println("Catalina.start: " + e); e.printStackTrace(System.out); if (e.getThrowable() != null) { System.out.println("----- Root Cause -----"); e.getThrowable().printStackTrace(System.out); } } } }
From source file:ch.swisscom.mid.verifier.MobileIdCmsVerifier.java
/** * Validates the specified certificate path incl. OCSP revocation check * //from www.j a v a2 s .c om * @param truststore * @return true if all certificate is valid * @throws Exception */ private boolean isCertValid(KeyStore truststore) throws Exception { List<X509Certificate> certlist = new ArrayList<X509Certificate>(); certlist.add(signerCert); PKIXParameters params = new PKIXParameters(truststore); // Activate certificate revocation checking params.setRevocationEnabled(true); // Activate OCSP Security.setProperty("ocsp.enable", "true"); // Activate CRLDP System.setProperty("com.sun.security.enableCRLDP", "true"); // Ensure that the ocsp.responderURL property is not set. if (Security.getProperty("ocsp.responderURL") != null) { throw new Exception("The ocsp.responderURL property must not be set"); } CertPathValidator cpv = CertPathValidator.getInstance(CertPathValidator.getDefaultType()); cpv.validate(CertificateFactory.getInstance("X.509").generateCertPath(certlist), params); return true; // No Exception, all fine.. }
From source file:com.cws.esolutions.core.processors.impl.DNSServiceRequestProcessorImpl.java
/** * @see com.cws.esolutions.core.processors.interfaces.IDNSServiceRequestProcessor#performLookup(com.cws.esolutions.core.processors.dto.DNSServiceRequest) *//*from w w w .ja va 2 s.c om*/ public DNSServiceResponse performLookup(DNSServiceRequest request) throws DNSServiceException { final String methodName = IDNSServiceRequestProcessor.CNAME + "#performLookup(final DNSServiceRequest request) throws DNSServiceException"; if (DEBUG) { DEBUGGER.debug(methodName); DEBUGGER.debug("DNSServiceRequest: {}", request); } DNSServiceResponse response = new DNSServiceResponse(); final DNSRecord dnsRecord = request.getRecord(); final String currentTimeout = Security.getProperty("networkaddress.cache.ttl"); if (DEBUG) { DEBUGGER.debug("DNSRecord: {}", dnsRecord); DEBUGGER.debug("currentTimeout: {}", currentTimeout); } try { // no authorization required for service lookup if ((StringUtils.isNotEmpty(request.getResolverHost())) || (request.getUseSystemResolver())) { List<List<String>> responseData = NetworkUtils.executeDNSLookup(request.getResolverHost(), dnsRecord.getRecordName(), dnsRecord.getRecordType().toString(), request.getSearchPath()); if (DEBUG) { DEBUGGER.debug("responseData: {}", responseData); } List<DNSRecord> responseRecords = new ArrayList<DNSRecord>(); for (List<String> responseInfo : responseData) { if (DEBUG) { DEBUGGER.debug("responseInfo: {}", responseInfo); } DNSRecord responseRecord = new DNSRecord(); responseRecord.setRecordAddress(responseInfo.get(0)); responseRecord.setRecordName(responseInfo.get(1)); responseRecord.setRecordType(DNSRecordType.valueOf(responseInfo.get(2))); if (DEBUG) { DEBUGGER.debug("responseRecord: {}", responseRecord); } responseRecords.add(responseRecord); if (DEBUG) { DEBUGGER.debug("responseRecords: {}", responseRecords); } } response.setDnsRecords(responseRecords); response.setRequestStatus(CoreServicesStatus.SUCCESS); } else { // this will run through the available slave servers List<Object[]> serverList = dao.getServersByAttribute(ServerType.DNSSLAVE.name(), 0); if (DEBUG) { DEBUGGER.debug("serverList: {}", serverList); } if ((serverList != null) && (serverList.size() != 0)) { List<DNSRecord> responseRecords = new ArrayList<DNSRecord>(); for (Object[] data : serverList) { if (DEBUG) { DEBUGGER.debug("Value: {}", data); } String serverName = (String) data[15]; if (DEBUG) { DEBUGGER.debug("serverName: {}", serverName); } List<List<String>> responseData = NetworkUtils.executeDNSLookup(serverName, dnsRecord.getRecordName(), dnsRecord.getRecordType().toString(), request.getSearchPath()); if (DEBUG) { DEBUGGER.debug("responseData: {}", responseData); } for (List<String> responseInfo : responseData) { if (DEBUG) { DEBUGGER.debug("responseInfo: {}", responseInfo); } DNSRecord responseRecord = new DNSRecord(); responseRecord.setRecordAddress(responseInfo.get(0)); responseRecord.setRecordName(responseInfo.get(1)); responseRecord.setRecordType(DNSRecordType.valueOf(responseInfo.get(2))); if (DEBUG) { DEBUGGER.debug("responseRecord: {}", responseRecord); } responseRecords.add(responseRecord); if (DEBUG) { DEBUGGER.debug("responseRecords: {}", responseRecords); } } } response.setDnsRecords(responseRecords); response.setRequestStatus(CoreServicesStatus.SUCCESS); } else { response.setRequestStatus(CoreServicesStatus.FAILURE); } } } catch (UtilityException ux) { ERROR_RECORDER.error(ux.getMessage(), ux); throw new DNSServiceException(ux.getMessage(), ux); } catch (SQLException sqx) { ERROR_RECORDER.error(sqx.getMessage(), sqx); throw new DNSServiceException(sqx.getMessage(), sqx); } finally { // reset java dns timeout try { Security.setProperty("networkaddress.cache.ttl", currentTimeout); } catch (NullPointerException npx) { } } return response; }
From source file:hudson.plugins.vcloud.VCloudDirector.java
private void fixTrustManager() { /* Install the all-trusting trust manager */ Security.addProvider(new DummyTrustProvider()); Security.setProperty("ssl.TrustManagerFactory.algorithm", "TrustAllCertificates"); }