List of usage examples for javax.net.ssl KeyManagerFactory getDefaultAlgorithm
public static final String getDefaultAlgorithm()
From source file:org.apache.ftpserver.ssl.SSLTestTemplate.java
protected FTPSClient createFTPClient() throws Exception { FTPSClient ftpsClient = new FTPSClient(useImplicit()); FileInputStream fin = new FileInputStream(FTPCLIENT_KEYSTORE); KeyStore store = KeyStore.getInstance("jks"); store.load(fin, KEYSTORE_PASSWORD.toCharArray()); fin.close();// www . jav a 2s .c om // initialize key manager factory KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(store, KEYSTORE_PASSWORD.toCharArray()); // initialize trust manager factory TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(store); clientKeyManager = keyManagerFactory.getKeyManagers()[0]; clientTrustManager = trustManagerFactory.getTrustManagers()[0]; ftpsClient.setKeyManager(clientKeyManager); ftpsClient.setTrustManager(clientTrustManager); String auth = getAuthValue(); if (auth != null) { ftpsClient.setAuthValue(auth); if (auth.equals("SSL")) { ftpsClient.setEnabledProtocols(new String[] { "SSLv3" }); } } return ftpsClient; }
From source file:it.jnrpe.server.CBindingThread.java
/** * Returns the SSL factory to be used to create the Server Socket * @throws KeyStoreException /*from w w w . j av a 2s . com*/ * @throws IOException * @throws FileNotFoundException * @throws CertificateException * @throws UnrecoverableKeyException * @throws KeyManagementException * * @see it.intesa.fi2.client.network.ISSLObjectsFactory#getSSLSocketFactory(String, String, String) */ public SSLServerSocketFactory getSSLSocketFactory(String sKeyStoreFile, String sKeyStorePwd, String sKeyStoreType) throws KeyStoreException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException, KeyManagementException { if (sKeyStoreFile == null) throw new KeyStoreException("KEYSTORE HAS NOT BEEN SPECIFIED"); if (this.getClass().getClassLoader().getResourceAsStream(sKeyStoreFile) == null) throw new KeyStoreException("COULD NOT FIND KEYSTORE '" + sKeyStoreFile + "'"); if (sKeyStorePwd == null) throw new KeyStoreException("KEYSTORE PASSWORD HAS NOT BEEN SPECIFIED"); SSLContext ctx; KeyManagerFactory kmf; try { ctx = SSLContext.getInstance("SSLv3"); kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); //KeyStore ks = getKeystore(sKeyStoreFile, sKeyStorePwd, sKeyStoreType); KeyStore ks = KeyStore.getInstance(sKeyStoreType); ks.load(this.getClass().getClassLoader().getResourceAsStream(sKeyStoreFile), sKeyStorePwd.toCharArray()); char[] passphrase = sKeyStorePwd.toCharArray(); kmf.init(ks, passphrase); ctx.init(kmf.getKeyManagers(), null, new java.security.SecureRandom()); } catch (NoSuchAlgorithmException e) { throw new SSLException("Unable to initialize SSLSocketFactory.\n" + e.getMessage()); } return ctx.getServerSocketFactory(); }
From source file:com.github.mrstampy.gameboot.otp.OtpTestConfiguration.java
/** * Ssl context.//from w w w .j a va 2 s. c o m * * @return the SSL context * @throws Exception * the exception */ @Bean(name = SERVER_SSL_CONTEXT) public SSLContext sslContext() throws Exception { char[] password = HARDCODED_NSA_APPROVED_PASSWORD.toCharArray(); KeyStore keystore = getKeyStore(); keystore.load(getResource(JKS_LOCATION), password); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keystore, password); return createContext(keystore, kmf); }
From source file:de.metas.procurement.webui.ActiveMQBrokerConfiguration.java
/** * @return embedded ActiveMQ broker or <code>null</code> *///from w w w .j a v a 2 s. co m @Bean public BrokerService brokerService() throws Exception { if (!runEmbeddedBroker) { logger.info("Skip creating an ActiveMQ broker service"); return null; } final BrokerService brokerService = new BrokerService(); if (useSSL) { final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); { final KeyStore keystore = KeyStore.getInstance("JKS"); final Resource keyStoreResource = Application.getContext().getResource(keyStoreFileResourceURL); final InputStream keyStoreStream = keyStoreResource.getInputStream(); keystore.load(keyStoreStream, keyStorePassword.toCharArray()); kmf.init(keystore, keyStorePassword.toCharArray()); } final TrustManagerFactory tmf = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); { final KeyStore trustStore = KeyStore.getInstance("JKS"); final Resource trustStoreResource = Application.getContext().getResource(trustStoreFileResourceURL); final InputStream trustStoreStream = trustStoreResource.getInputStream(); trustStore.load(trustStoreStream, trustStorePassword.toCharArray()); tmf.init(trustStore); } final SslContext sslContext = new SslContext(kmf.getKeyManagers(), tmf.getTrustManagers(), null); brokerService.setSslContext(sslContext); } // // "client" Connector { final TransportConnector connector = new TransportConnector(); connector.setUri(new URI(brokerUrl.trim())); brokerService.addConnector(connector); } // // "Network of brokers" connector if (isSet(networkConnector_discoveryAddress)) { final DiscoveryNetworkConnector discoveryNetworkConnector = new DiscoveryNetworkConnector( new URI(networkConnector_discoveryAddress.trim())); discoveryNetworkConnector.setDuplex(true); // without this, we can send to the other broker, but won't get reposnses if (isSet(networkConnector_userName)) { discoveryNetworkConnector.setUserName(networkConnector_userName.trim()); } if (isSet(networkConnector_password)) { discoveryNetworkConnector.setPassword(networkConnector_password.trim()); } // we need to set ConduitSubscriptions to false, // see section "Conduit subscriptions and consumer selectors" on http://activemq.apache.org/networks-of-brokers.html discoveryNetworkConnector.setConduitSubscriptions(false); logger.info("Adding network connector: {}", networkConnector_discoveryAddress); brokerService.addNetworkConnector(discoveryNetworkConnector); } brokerService.setBrokerName(embeddedBrokerName); brokerService.start(); logger.info("Embedded JMS broker started on URL " + brokerUrl); return brokerService; }
From source file:org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender.java
protected SSLContext getSSLContext(TransportOutDescription transportOut) throws AxisFault { KeyManager[] keymanagers = null; TrustManager[] trustManagers = null; Parameter keyParam = transportOut.getParameter("keystore"); Parameter trustParam = transportOut.getParameter("truststore"); if (keyParam != null) { OMElement ksEle = keyParam.getParameterElement().getFirstElement(); String location = ksEle.getFirstChildWithName(new QName("Location")).getText(); String type = ksEle.getFirstChildWithName(new QName("Type")).getText(); String storePassword = ksEle.getFirstChildWithName(new QName("Password")).getText(); String keyPassword = ksEle.getFirstChildWithName(new QName("KeyPassword")).getText(); try {// w ww .j a v a 2s . c om KeyStore keyStore = KeyStore.getInstance(type); URL url = getClass().getClassLoader().getResource(location); log.debug("Loading Key Store from URL : " + url); keyStore.load(url.openStream(), storePassword.toCharArray()); KeyManagerFactory kmfactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keyStore, keyPassword.toCharArray()); keymanagers = kmfactory.getKeyManagers(); } catch (GeneralSecurityException gse) { log.error("Error loading Key store : " + location, gse); throw new AxisFault("Error loading Key store : " + location, gse); } catch (IOException ioe) { log.error("Error opening Key store : " + location, ioe); throw new AxisFault("Error opening Key store : " + location, ioe); } } if (trustParam != null) { OMElement tsEle = trustParam.getParameterElement().getFirstElement(); String location = tsEle.getFirstChildWithName(new QName("Location")).getText(); String type = tsEle.getFirstChildWithName(new QName("Type")).getText(); String storePassword = tsEle.getFirstChildWithName(new QName("Password")).getText(); try { KeyStore trustStore = KeyStore.getInstance(type); URL url = getClass().getClassLoader().getResource(location); log.debug("Loading Trust Key Store from URL : " + url); trustStore.load(url.openStream(), storePassword.toCharArray()); TrustManagerFactory trustManagerfactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerfactory.init(trustStore); trustManagers = trustManagerfactory.getTrustManagers(); } catch (GeneralSecurityException gse) { log.error("Error loading Key store : " + location, gse); throw new AxisFault("Error loading Key store : " + location, gse); } catch (IOException ioe) { log.error("Error opening Key store : " + location, ioe); throw new AxisFault("Error opening Key store : " + location, ioe); } } try { SSLContext sslcontext = SSLContext.getInstance("TLS"); sslcontext.init(keymanagers, trustManagers, null); return sslcontext; } catch (GeneralSecurityException gse) { log.error("Unable to create SSL context with the given configuration", gse); throw new AxisFault("Unable to create SSL context with the given configuration", gse); } }
From source file:edu.internet2.middleware.subject.provider.LdapPEMSocketFactory.java
protected void initManagers() { // trust managers try {// w ww.j av a 2s . co m X509Certificate cert = null; if (caFilename != null) cert = readCertificate(caFilename); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("CACERT", cert); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); trustManagers = tmf.getTrustManagers(); } catch (Exception e) { log.error("ldap source cacert error: " + e); } // key managers if (certFilename != null && keyFilename != null) { char[] pw = new char[] { 0 }; try { X509Certificate cert = readCertificate(certFilename); PKCS1 pkcs = new PKCS1(); PrivateKey key = pkcs.readKey(keyFilename); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); X509Certificate[] chain = new X509Certificate[1]; chain[0] = cert; ks.setKeyEntry("CERT", (Key) key, pw, chain); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, pw); keyManagers = kmf.getKeyManagers(); } catch (Exception e) { log.error("ldap source cert/key error: " + e); } } }
From source file:org.appenders.log4j2.elasticsearch.jest.PEMCertInfo.java
@Override public void applyTo(HttpClientConfig.Builder builder) { if (java.security.Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { java.security.Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); }// w w w . j a v a 2s. c o m try (FileInputStream clientCert = new FileInputStream(new File(clientCertPath)); FileInputStream key = new FileInputStream(new File(keyPath)); FileInputStream certificateAuthoritiies = new FileInputStream(new File(caPath))) { KeyStore keyStore = PemReader.loadKeyStore(clientCert, key, Optional.ofNullable(keyPassphrase)); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keyPassphrase.toCharArray()); KeyStore trustStore = PemReader.loadTrustStore(certificateAuthoritiies); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); // TODO: add support for hostname verification modes builder.sslSocketFactory(new SSLConnectionSocketFactory(sslContext)); builder.httpsIOSessionStrategy(new SSLIOSessionStrategy(sslContext, new NoopHostnameVerifier())); } catch (IOException | GeneralSecurityException e) { throw new ConfigurationException(configExceptionMessage, e); } }
From source file:net.sf.jsignpdf.ssl.SSLInitializer.java
/** * @param options//w w w .j ava 2 s . com * @throws NoSuchAlgorithmException * @throws IOException * @throws CertificateException * @throws KeyStoreException * @throws KeyManagementException * @throws UnrecoverableKeyException */ public static void init(BasicSignerOptions options) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException { KeyManager[] km = null; if (options != null && options.getTsaServerAuthn() == ServerAuthentication.CERTIFICATE) { char[] pwd = null; if (StringUtils.isNotEmpty(options.getTsaCertFilePwd())) { pwd = options.getTsaCertFilePwd().toCharArray(); } LOGGER.info(Constants.RES.get("ssl.keymanager.init", options.getTsaCertFile())); final String ksType = StringUtils.defaultIfBlank(options.getTsaCertFileType(), "PKCS12"); KeyStore keyStore = KeyStoreUtils.loadKeyStore(ksType, options.getTsaCertFile(), pwd); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, pwd); km = keyManagerFactory.getKeyManagers(); } SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(km, TRUST_MANAGERS, null); HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); }
From source file:net.straylightlabs.archivo.net.MindRPC.java
private SSLSocketFactory createSecureSocketFactory() { try {// w w w . j ava 2 s . c om SSLContext context = SSLContext.getInstance("TLS"); KeyStore store = createKeyStore(); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(store, KEY_PASSWORD.toCharArray()); TrustManager[] trustManagers = new TrustManager[] { new AllTrustingTrustManager() }; context.init(keyManagerFactory.getKeyManagers(), trustManagers, null); return context.getSocketFactory(); } catch (GeneralSecurityException e) { logger.error("Error creating custom SSLSocketFactory: ", e); } throw new AssertionError(); }
From source file:com.predic8.membrane.core.transport.ssl.SSLContext.java
public SSLContext(SSLParser sslParser, ResolverMap resourceResolver, String baseLocation) { this.sslParser = sslParser; try {/*from w w w .ja v a2s .c om*/ String algorihm = KeyManagerFactory.getDefaultAlgorithm(); if (sslParser.getAlgorithm() != null) algorihm = sslParser.getAlgorithm(); KeyManagerFactory kmf = null; String keyStoreType = "JKS"; if (sslParser.getKeyStore() != null) { if (sslParser.getKeyStore().getKeyAlias() != null) throw new InvalidParameterException("keyAlias is not yet supported."); char[] keyPass = "changeit".toCharArray(); if (sslParser.getKeyStore().getKeyPassword() != null) keyPass = sslParser.getKeyStore().getKeyPassword().toCharArray(); if (sslParser.getKeyStore().getType() != null) keyStoreType = sslParser.getKeyStore().getType(); KeyStore ks = openKeyStore(sslParser.getKeyStore(), "JKS", keyPass, resourceResolver, baseLocation); kmf = KeyManagerFactory.getInstance(algorihm); kmf.init(ks, keyPass); Enumeration<String> aliases = ks.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (ks.isKeyEntry(alias)) { // first key is used by the KeyManagerFactory Certificate c = ks.getCertificate(alias); if (c instanceof X509Certificate) { X509Certificate x = (X509Certificate) c; dnsNames = new ArrayList<String>(); Collection<List<?>> subjectAlternativeNames = x.getSubjectAlternativeNames(); if (subjectAlternativeNames != null) for (List<?> l : subjectAlternativeNames) { if (l.get(0) instanceof Integer && ((Integer) l.get(0) == 2)) dnsNames.add(l.get(1).toString()); } } break; } } } TrustManagerFactory tmf = null; if (sslParser.getTrustStore() != null) { String trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); if (sslParser.getTrustStore().getAlgorithm() != null) trustAlgorithm = sslParser.getTrustStore().getAlgorithm(); KeyStore ks = openKeyStore(sslParser.getTrustStore(), keyStoreType, null, resourceResolver, baseLocation); tmf = TrustManagerFactory.getInstance(trustAlgorithm); tmf.init(ks); } TrustManager[] tms = tmf != null ? tmf.getTrustManagers() : null /* trust anyone: new TrustManager[] { new NullTrustManager() } */; if (sslParser.isIgnoreTimestampCheckFailure()) tms = new TrustManager[] { new TrustManagerWrapper(tms, true) }; if (sslParser.getProtocol() != null) sslc = javax.net.ssl.SSLContext.getInstance(sslParser.getProtocol()); else sslc = javax.net.ssl.SSLContext.getInstance("TLS"); sslc.init(kmf != null ? kmf.getKeyManagers() : null, tms, null); if (sslParser.getCiphers() != null) { ciphers = sslParser.getCiphers().split(","); Set<String> supportedCiphers = Sets.newHashSet(sslc.getSocketFactory().getSupportedCipherSuites()); for (String cipher : ciphers) { if (!supportedCiphers.contains(cipher)) throw new InvalidParameterException("Unknown cipher " + cipher); if (cipher.contains("_RC4_")) log.warn("Cipher " + cipher + " uses RC4, which is deprecated."); } } else { // use all default ciphers except those using RC4 String supportedCiphers[] = sslc.getSocketFactory().getDefaultCipherSuites(); ArrayList<String> ciphers = new ArrayList<String>(supportedCiphers.length); for (String cipher : supportedCiphers) if (!cipher.contains("_RC4_")) ciphers.add(cipher); sortCiphers(ciphers); this.ciphers = ciphers.toArray(new String[ciphers.size()]); } if (setUseCipherSuitesOrderMethod == null) log.warn( "Cannot set the cipher suite order before Java 8. This prevents Forward Secrecy with some SSL clients."); if (sslParser.getProtocols() != null) { protocols = sslParser.getProtocols().split(","); } else { protocols = null; } if (sslParser.getClientAuth() == null) { needClientAuth = false; wantClientAuth = false; } else if (sslParser.getClientAuth().equals("need")) { needClientAuth = true; wantClientAuth = true; } else if (sslParser.getClientAuth().equals("want")) { needClientAuth = false; wantClientAuth = true; } else { throw new RuntimeException("Invalid value '" + sslParser.getClientAuth() + "' in clientAuth: expected 'want', 'need' or not set."); } } catch (Exception e) { throw new RuntimeException(e); } }