List of usage examples for javax.net.ssl KeyManagerFactory getDefaultAlgorithm
public static final String getDefaultAlgorithm()
From source file:com.vmware.photon.controller.core.Main.java
private static PhotonControllerXenonHost startXenonHost(PhotonControllerConfig photonControllerConfig, ThriftModule thriftModule, DeployerConfig deployerConfig, SSLContext sslContext) throws Throwable { // Values for CloudStore final HostClientFactory hostClientFactory = thriftModule.getHostClientFactory(); final AgentControlClientFactory agentControlClientFactory = thriftModule.getAgentControlClientFactory(); final NsxClientFactory nsxClientFactory = new NsxClientFactory(); // Values for Scheduler final ServerSet cloudStoreServerSet = new StaticServerSet( new InetSocketAddress(photonControllerConfig.getXenonConfig().getRegistrationAddress(), Constants.PHOTON_CONTROLLER_PORT)); final CloudStoreHelper cloudStoreHelper = new CloudStoreHelper(cloudStoreServerSet); final CloseableHttpAsyncClient httpClient; try {//from www. j a v a 2 s .c o m SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial((chain, authtype) -> true).build(); httpClient = HttpAsyncClientBuilder.create() .setHostnameVerifier(SSLIOSessionStrategy.ALLOW_ALL_HOSTNAME_VERIFIER).setSSLContext(sslcontext) .build(); httpClient.start(); } catch (Throwable e) { throw new RuntimeException(e); } ServerSet apiFeServerSet = new StaticServerSet(new InetSocketAddress( photonControllerConfig.getXenonConfig().getRegistrationAddress(), Constants.MANAGEMENT_API_PORT)); logger.info("Creating PhotonController Xenon Host"); final PhotonControllerXenonHost photonControllerXenonHost = new PhotonControllerXenonHost( photonControllerConfig.getXenonConfig(), hostClientFactory, agentControlClientFactory, nsxClientFactory, cloudStoreHelper, sslContext); logger.info("Created PhotonController Xenon Host"); // Set referer Uri from the xenon host, because we do not want to rely on // CloudStoreHelper's default mechanise to create referer based on local address, // because CloudStoreHelper uses InetAddress.getLocalHost() which depends on // /etc/hosts having a hostname entry, which is not always available. // This change will allow people to run this service without need to // update their /etc/hosts file. cloudStoreHelper.setRefererUri(photonControllerXenonHost.getUri()); final ConstraintChecker checker = new CloudStoreConstraintChecker(cloudStoreHelper, photonControllerXenonHost); logger.info("Creating Cloud Store Xenon Service Group"); CloudStoreServiceGroup cloudStoreServiceGroup = createCloudStoreServiceGroup(deployerConfig.isInstaller()); logger.info("Created Cloud Store Xenon Service Group"); logger.info("Registering Cloud Store Xenon Service Group"); photonControllerXenonHost.registerCloudStore(cloudStoreServiceGroup); logger.info("Registered Cloud Store Xenon Service Group"); logger.info("Creating Scheduler Xenon Service Group"); SchedulerServiceGroup schedulerServiceGroup = createSchedulerServiceGroup(photonControllerConfig.getRoot(), checker); logger.info("Created Scheduler Xenon Service Group"); logger.info("Registering Scheduler Xenon Service Group"); photonControllerXenonHost.registerScheduler(schedulerServiceGroup); logger.info("Registered Scheduler Xenon Service Group"); logger.info("Creating Housekeeper Xenon Service Group"); HousekeeperServiceGroup housekeeperServiceGroup = createHousekeeperServiceGroup(); logger.info("Created Housekeeper Xenon Service Group"); logger.info("Registering Housekeeper Xenon Service Group"); photonControllerXenonHost.registerHousekeeper(housekeeperServiceGroup); logger.info("Registered Housekeeper Xenon Service Group"); logger.info("Creating Deployer Xenon Service Group"); DeployerServiceGroup deployerServiceGroup = createDeployerServiceGroup(photonControllerConfig, deployerConfig, apiFeServerSet, cloudStoreServerSet, httpClient); logger.info("Created Deployer Xenon Service Group"); logger.info("Registering Deployer Xenon Service Group"); photonControllerXenonHost.registerDeployer(deployerServiceGroup); logger.info("Registered Deployer Xenon Service Group"); DeployerContext deployerContext = deployerConfig.getDeployerContext(); if (deployerContext.isAuthEnabled()) { ServiceClient serviceClient = NettyHttpServiceClient.create(Main.class.getSimpleName(), Executors.newFixedThreadPool(Utils.DEFAULT_THREAD_COUNT), Executors.newScheduledThreadPool(Utils.DEFAULT_IO_THREAD_COUNT), photonControllerXenonHost); /* To make sure that Xenon uses only TLSv1.2 and disallows SSLv3, TLSv1, TLSv1.1 the Docker file for the photon-controller-core container is edited. The java.security file located inside the container at the location /var/opt/OpenJDK-* /jre/lib/security has the information under the jdk.tls.disabledAlgorithms */ SSLContext clientContext = SSLContext.getInstance(ServiceClient.TLS_PROTOCOL_NAME); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init((KeyStore) null); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore keyStore = KeyStore.getInstance("JKS"); try (FileInputStream fis = new FileInputStream(deployerContext.getKeyStorePath())) { keyStore.load(fis, deployerContext.getKeyStorePassword().toCharArray()); } keyManagerFactory.init(keyStore, deployerContext.getKeyStorePassword().toCharArray()); clientContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); serviceClient.setSSLContext(clientContext); photonControllerXenonHost.setClient(serviceClient); } logger.info("Starting PhotonController Xenon Host"); photonControllerXenonHost.start(); logger.info("Started PhotonController Xenon Host"); logger.info("Creating SystemConfig instance"); SystemConfig.createInstance(photonControllerXenonHost); logger.info("Created SystemConfig instance"); return photonControllerXenonHost; }
From source file:org.kuali.kra.s2s.service.impl.S2SConnectorServiceBase.java
/** * This method is to confgiure KeyStore and Truststore for Grants.Gov webservice client * @param tlsConfig//from ww w . j a v a 2 s . c o m * @param alias * @param mulitCampusEnabled * @throws S2SException */ protected void configureKeyStoreAndTrustStore(TLSClientParameters tlsConfig, String alias, boolean mulitCampusEnabled) throws S2SException { KeyStore keyStore = s2sCertificateReader.getKeyStore(); KeyManagerFactory keyManagerFactory; try { keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); if (alias != null && mulitCampusEnabled) { KeyStore keyStoreAlias; keyStoreAlias = KeyStore.getInstance(s2sCertificateReader.getJksType()); Certificate[] certificates = keyStore.getCertificateChain(alias); Key key = keyStore.getKey(alias, s2SUtilService.getProperty(s2sCertificateReader.getKeyStorePassword()).toCharArray()); keyStoreAlias.load(null, null); keyStoreAlias.setKeyEntry(alias, key, s2SUtilService.getProperty(s2sCertificateReader.getKeyStorePassword()).toCharArray(), certificates); keyManagerFactory.init(keyStoreAlias, s2SUtilService.getProperty(s2sCertificateReader.getKeyStorePassword()).toCharArray()); } else { keyManagerFactory.init(keyStore, s2SUtilService.getProperty(s2sCertificateReader.getKeyStorePassword()).toCharArray()); } KeyManager[] km = keyManagerFactory.getKeyManagers(); tlsConfig.setKeyManagers(km); KeyStore trustStore = s2sCertificateReader.getTrustStore(); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); TrustManager[] tm = trustManagerFactory.getTrustManagers(); tlsConfig.setTrustManagers(tm); } catch (NoSuchAlgorithmException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } catch (KeyStoreException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } catch (UnrecoverableKeyException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } catch (CertificateException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } catch (IOException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } }
From source file:com.liferay.sync.engine.lan.session.LanSession.java
private static SSLConnectionSocketFactory _getSSLSocketFactory() throws Exception { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null);//from ww w. j a v a2 s .c o m for (SyncAccount syncAccount : SyncAccountService.findAll()) { if (!syncAccount.isActive() || !syncAccount.isLanEnabled()) { continue; } try { PrivateKey privateKey = LanPEMParserUtil.parsePrivateKey(syncAccount.getLanKey()); if (privateKey == null) { _logger.error("SyncAccount {} missing valid private key", syncAccount.getSyncAccountId()); continue; } X509Certificate x509Certificate = LanPEMParserUtil .parseX509Certificate(syncAccount.getLanCertificate()); if (x509Certificate == null) { _logger.error("SyncAccount {} missing valid certificate", syncAccount.getSyncAccountId()); continue; } keyStore.setCertificateEntry(syncAccount.getLanServerUuid(), x509Certificate); keyStore.setKeyEntry(syncAccount.getLanServerUuid(), privateKey, "".toCharArray(), new Certificate[] { x509Certificate }); } catch (Exception e) { _logger.error(e.getMessage(), e); } } KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, "".toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); return new SNISSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier()); }
From source file:org.wso2.carbon.inbound.endpoint.protocol.mqtt.MqttConnectionFactory.java
protected SSLSocketFactory getSocketFactory(String keyStoreLocation, String keyStoreType, String keyStorePassword, String trustStoreLocation, String trustStoreType, String trustStorePassword, String sslVersion) throws Exception { char[] keyPassphrase = keyStorePassword.toCharArray(); KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(new FileInputStream(keyStoreLocation), keyPassphrase); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keyPassphrase); char[] trustPassphrase = trustStorePassword.toCharArray(); KeyStore trustStore = KeyStore.getInstance(trustStoreType); trustStore.load(new FileInputStream(trustStoreLocation), trustPassphrase); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); SSLContext sslContext = SSLContext.getInstance(sslVersion); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); return sslContext.getSocketFactory(); }
From source file:org.kuali.kra.s2s.service.impl.GrantsGovConnectorServiceImpl.java
/** * This method is to confgiure KeyStore and Truststore for Grants.Gov webservice client * @param tlsConfig//w ww . j av a2s .c o m * @param alias * @param mulitCampusEnabled * @throws S2SException */ protected void configureKeyStoreAndTrustStore(TLSClientParameters tlsConfig, String alias, boolean mulitCampusEnabled) throws S2SException { KeyStore keyStore = S2SCertificateReader.getKeyStore(); KeyManagerFactory keyManagerFactory; try { keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); if (alias != null && mulitCampusEnabled) { KeyStore keyStoreAlias; keyStoreAlias = KeyStore.getInstance(JKS_TYPE); Certificate[] certificates = keyStore.getCertificateChain(alias); Key key = keyStore.getKey(alias, s2SUtilService.getProperty(KEYSTORE_PASSWORD).toCharArray()); keyStoreAlias.load(null, null); keyStoreAlias.setKeyEntry(alias, key, s2SUtilService.getProperty(KEYSTORE_PASSWORD).toCharArray(), certificates); keyManagerFactory.init(keyStoreAlias, s2SUtilService.getProperty(KEYSTORE_PASSWORD).toCharArray()); } else { keyManagerFactory.init(keyStore, s2SUtilService.getProperty(KEYSTORE_PASSWORD).toCharArray()); } KeyManager[] km = keyManagerFactory.getKeyManagers(); tlsConfig.setKeyManagers(km); KeyStore trustStore = S2SCertificateReader.getTrustStore(); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); TrustManager[] tm = trustManagerFactory.getTrustManagers(); tlsConfig.setTrustManagers(tm); } catch (NoSuchAlgorithmException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } catch (KeyStoreException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } catch (UnrecoverableKeyException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } catch (CertificateException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } catch (IOException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } }
From source file:io.fabric8.kubernetes.api.KubernetesFactory.java
private void configureClientCert(WebClient webClient) { try (InputStream certInputStream = getInputStreamFromDataOrFile(clientCertData, clientCertFile)) { CertificateFactory certFactory = CertificateFactory.getInstance("X509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream); InputStream keyInputStream = getInputStreamFromDataOrFile(clientKeyData, clientKeyFile); PEMReader reader = new PEMReader(keyInputStream); RSAPrivateCrtKeySpec keySpec = new PKCS1EncodedKeySpec(reader.getDerBytes()).getKeySpec(); KeyFactory kf = KeyFactory.getInstance(clientKeyAlgo); RSAPrivateKey privKey = (RSAPrivateKey) kf.generatePrivate(keySpec); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null);/*from w w w .jav a 2s .co m*/ String alias = cert.getSubjectX500Principal().getName(); keyStore.setKeyEntry(alias, privKey, clientKeyPassword, new Certificate[] { cert }); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, clientKeyPassword); HTTPConduit conduit = WebClient.getConfig(webClient).getHttpConduit(); TLSClientParameters params = conduit.getTlsClientParameters(); if (params == null) { params = new TLSClientParameters(); conduit.setTlsClientParameters(params); } KeyManager[] existingKeyManagers = params.getKeyManagers(); KeyManager[] keyManagers; if (existingKeyManagers == null || ArrayUtils.isEmpty(existingKeyManagers)) { keyManagers = keyManagerFactory.getKeyManagers(); } else { keyManagers = (KeyManager[]) ArrayUtils.addAll(existingKeyManagers, keyManagerFactory.getKeyManagers()); } params.setKeyManagers(keyManagers); } catch (Exception e) { log.error("Could not create key manager for " + clientCertFile + " (" + clientKeyFile + ")", e); } }
From source file:org.kuali.coeus.propdev.impl.s2s.connect.S2SConnectorServiceBase.java
/** * This method is to confgiure KeyStore and Truststore for Grants.Gov webservice client * @param tlsConfig/*from w ww . j a v a2 s . c o m*/ * @param alias * @param mulitCampusEnabled * @throws S2sCommunicationException */ protected void configureKeyStoreAndTrustStore(TLSClientParameters tlsConfig, String alias, boolean mulitCampusEnabled) throws S2sCommunicationException { KeyStore keyStore = s2sCertificateReader.getKeyStore(); KeyManagerFactory keyManagerFactory; try { keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); if (alias != null && mulitCampusEnabled) { KeyStore keyStoreAlias; keyStoreAlias = KeyStore.getInstance(s2sCertificateReader.getJksType()); Certificate[] certificates = keyStore.getCertificateChain(alias); Key key = keyStore.getKey(alias, s2SConfigurationService .getValueAsString(s2sCertificateReader.getKeyStorePassword()).toCharArray()); keyStoreAlias.load(null, null); keyStoreAlias.setKeyEntry( alias, key, s2SConfigurationService .getValueAsString(s2sCertificateReader.getKeyStorePassword()).toCharArray(), certificates); keyManagerFactory.init(keyStoreAlias, s2SConfigurationService .getValueAsString(s2sCertificateReader.getKeyStorePassword()).toCharArray()); } else { keyManagerFactory.init(keyStore, s2SConfigurationService .getValueAsString(s2sCertificateReader.getKeyStorePassword()).toCharArray()); } KeyManager[] km = keyManagerFactory.getKeyManagers(); tlsConfig.setKeyManagers(km); KeyStore trustStore = s2sCertificateReader.getTrustStore(); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); TrustManager[] tm = trustManagerFactory.getTrustManagers(); tlsConfig.setTrustManagers(tm); } catch (NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException | CertificateException | IOException e) { LOG.error(e.getMessage(), e); throw new S2sCommunicationException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } }
From source file:ddf.security.realm.sts.StsRealm.java
/** * Setup key store for SSL client.//from w w w . j a va 2 s . c om */ private void setupKeyStore(TLSClientParameters tlsParams, String keyStorePath, String keyStorePassword) { File keyStoreFile = new File(keyStorePath); if (keyStoreFile.exists() && keyStorePassword != null) { FileInputStream fis = null; KeyStore keyStore = null; try { keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); fis = new FileInputStream(keyStoreFile); LOGGER.debug("Loading keyStore"); keyStore.load(fis, keyStorePassword.toCharArray()); KeyManagerFactory keyFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyFactory.init(keyStore, keyStorePassword.toCharArray()); LOGGER.debug("key manager factory initialized"); KeyManager[] km = keyFactory.getKeyManagers(); tlsParams.setKeyManagers(km); } catch (FileNotFoundException e) { LOGGER.error("Unable to find SSL store: " + keyStorePath, e); } catch (IOException e) { LOGGER.error("Unable to load key store. " + keyStoreFile, e); } catch (CertificateException e) { LOGGER.error("Unable to load certificates from key store. " + keyStoreFile, e); } catch (KeyStoreException e) { LOGGER.error("Unable to read key store: ", e); } catch (NoSuchAlgorithmException e) { LOGGER.error("Problems creating SSL socket. Usually this is " + "referring to the certificate sent by the server not being trusted by the client.", e); } catch (UnrecoverableKeyException e) { LOGGER.error("Unable to read key store: ", e); } finally { IOUtils.closeQuietly(fis); } } }
From source file:org.hyperic.hq.hqapi1.HQConnection.java
private KeyManagerFactory getKeyManagerFactory(final KeyStore keystore, final String password) throws KeyStoreException { try {//from www. ja v a 2 s . c o m KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keystore, password.toCharArray()); return keyManagerFactory; } catch (NoSuchAlgorithmException e) { // no support for algorithm, if this happens we're kind of screwed // we're using the default so it should never happen throw new KeyStoreException(e); } catch (UnrecoverableKeyException e) { // invalid password, should never happen throw new KeyStoreException(e); } }