List of usage examples for javax.net.ssl KeyManagerFactory getInstance
public static final KeyManagerFactory getInstance(String algorithm) throws NoSuchAlgorithmException
KeyManagerFactory object that acts as a factory for key managers. From source file:com.wso2telco.identity.application.authentication.endpoint.util.MutualSSLClient.java
/** * create basic SSL connection factory// w w w. j av a 2 s . co m * * @throws java.security.NoSuchAlgorithmException * @throws java.security.KeyStoreException * @throws java.security.KeyManagementException * @throws java.io.IOException * @throws java.security.UnrecoverableKeyException */ public static void initMutualSSLConnection() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, UnrecoverableKeyException { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_TYPE); keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TRUST_MANAGER_TYPE); trustManagerFactory.init(trustStore); SSLContext sslContext = SSLContext.getInstance(PROTOCOL); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); sslSocketFactory = sslContext.getSocketFactory(); }
From source file:eu.nullbyte.android.urllib.CertPinningSSLSocketFactory.java
private SSLContext createSSLContext() throws IOException { //Log.v(TAG, "createSSLContext()"); try {//www.java 2 s .c om SSLContext context = SSLContext.getInstance("TLS"); mTrustManager = new CertPinningTrustManager(certificates, lastHost); KeyManager[] keyManagers = null; if (mClientCertificate != null) { KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(mClientCertificate.getKeyStore(), mClientCertificate.getPassword().toCharArray()); keyManagers = kmf.getKeyManagers(); } context.init(keyManagers, new TrustManager[] { mTrustManager }, null); return context; } catch (Exception e) { throw new IOException(e.getMessage()); } }
From source file:org.apache.servicemix.http.processors.CommonsHttpSSLSocketFactory.java
protected final void createUnmanagedFactory(SslParameters ssl) throws Exception { SSLContext context;// ww w . j a v a 2 s. c o m if (ssl.getProvider() == null) { context = SSLContext.getInstance(ssl.getProtocol()); } else { context = SSLContext.getInstance(ssl.getProtocol(), ssl.getProvider()); } KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(ssl.getKeyManagerFactoryAlgorithm()); String keyStore = ssl.getKeyStore(); if (keyStore == null) { keyStore = System.getProperty("javax.net.ssl.keyStore"); if (keyStore == null) { throw new IllegalArgumentException( "keyStore or system property javax.net.ssl.keyStore must be set"); } } if (keyStore.startsWith("classpath:")) { try { String res = keyStore.substring(10); URL url = new ClassPathResource(res).getURL(); keyStore = url.toString(); } catch (IOException e) { throw new JBIException("Unable to find keyStore " + keyStore, e); } } String keyStorePassword = ssl.getKeyStorePassword(); if (keyStorePassword == null) { keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword"); if (keyStorePassword == null) { throw new IllegalArgumentException( "keyStorePassword or system property javax.net.ssl.keyStorePassword must be set"); } } String trustStore = ssl.getTrustStore(); String trustStorePassword = null; if (trustStore == null) { trustStore = System.getProperty("javax.net.ssl.trustStore"); } if (trustStore != null) { if (trustStore.startsWith("classpath:")) { try { String res = trustStore.substring(10); URL url = new ClassPathResource(res).getURL(); trustStore = url.toString(); } catch (IOException e) { throw new JBIException("Unable to find trustStore " + trustStore, e); } } trustStorePassword = ssl.getTrustStorePassword(); if (trustStorePassword == null) { trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword"); if (trustStorePassword == null) { throw new IllegalArgumentException( "trustStorePassword or system property javax.net.ssl.trustStorePassword must be set"); } } } KeyStore ks = KeyStore.getInstance(ssl.getKeyStoreType()); ks.load(Resource.newResource(keyStore).getInputStream(), keyStorePassword.toCharArray()); keyManagerFactory.init(ks, ssl.getKeyPassword() != null ? ssl.getKeyPassword().toCharArray() : keyStorePassword.toCharArray()); if (trustStore != null) { KeyStore ts = KeyStore.getInstance(ssl.getTrustStoreType()); ts.load(Resource.newResource(trustStore).getInputStream(), trustStorePassword.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(ssl.getTrustManagerFactoryAlgorithm()); trustManagerFactory.init(ts); context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new java.security.SecureRandom()); } else { context.init(keyManagerFactory.getKeyManagers(), null, new java.security.SecureRandom()); } factory = context.getSocketFactory(); }
From source file:org.apache.juddi.v3.client.cryptor.TransportSecurityHelper.java
public static boolean applyTransportSecurity(BindingProvider webServicePort) { try {//ww w .j a v a2 s .co m File currentdir = new File("."); String s = System.getProperty("javax.net.ssl.keyStore"); String st = System.getProperty("javax.net.ssl.trustStore"); log.info("Attempting to initialize keystore and truststore from " + s + " " + st); if (s == null) { log.warn("keystore isn't defined! " + s); return false; } else if (st == null) { log.warn("truststore isn't defined! " + s); return false; } else { File keystore = new File(s); if (keystore == null || !keystore.exists()) { log.warn("keystore doesn't exist! input was " + s + " working dir is " + currentdir.getAbsolutePath()); return false; } //File truststore =new File(System.getProperty("javax.net.ssl.trustStore")); String pwd = System.getProperty("javax.net.ssl.keyStorePassword"); if (pwd == null) { log.warn("keystore password isn't defined!"); return false; } File truststore = new File(st); if (truststore == null || !truststore.exists()) { log.warn("truststore doesn't exist! input was " + s + " working dir is " + currentdir.getAbsolutePath()); return false; } //File truststore =new File(System.getProperty("javax.net.ssl.trustStore")); String pwdt = System.getProperty("javax.net.ssl.trustStorePassword"); if (pwdt == null) { log.warn("truststore password isn't defined!"); return false; } if (keystore.exists()) { try { log.info("Using keystore from " + keystore.getAbsolutePath() + " current dir is " + currentdir.getAbsolutePath()); log.info("Using truststore from " + truststore.getAbsolutePath() + " current dir is " + currentdir.getAbsolutePath()); //log.info("Using truststure from " + truststore.getAbsolutePath() + " current dir is " + currentdir.getAbsolutePath()); SSLContext sc = SSLContext.getInstance("SSLv3"); KeyManagerFactory kmf = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(new FileInputStream(keystore), pwd.toCharArray()); kmf.init(ks, pwd.toCharArray()); String alg = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmFact = TrustManagerFactory.getInstance(alg); FileInputStream fis = new FileInputStream(st); KeyStore kst = KeyStore.getInstance("jks"); kst.load(fis, pwdt.toCharArray()); fis.close(); tmFact.init(kst); TrustManager[] tms = tmFact.getTrustManagers(); sc.init(kmf.getKeyManagers(), null, null); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); ((BindingProvider) webServicePort).getRequestContext().put( "com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory", sc.getSocketFactory()); ((BindingProvider) webServicePort).getRequestContext().put( "com.sun.xml.ws.transport.https.client.SSLSocketFactory", sc.getSocketFactory()); return true; } catch (Exception ex) { log.warn("unable to establish ssl settings", ex); } } } return false; } catch (Exception x) { log.error("unexpected error", x); } return false; }
From source file:ddf.security.common.util.CommonSSLFactory.java
/** * Creates a new SSLSocketFactory from a truststore and keystore. This is used during SSL * communication.//from w w w .ja va 2 s . co m * * @param trustStoreLoc * File path to the truststore. * @param trustStorePass * Password to the truststore. * @param keyStoreLoc * File path to the keystore. * @param keyStorePass * Password to the keystore. * @return new SSLSocketFactory instance containing the trust and key stores. * @throws IOException */ public static SSLSocketFactory createSocket(String trustStoreLoc, String trustStorePass, String keyStoreLoc, String keyStorePass) throws IOException { String methodName = "createSocket"; logger.debug("ENTERING: " + methodName); try { logger.debug("trustStoreLoc = " + trustStoreLoc); FileInputStream trustFIS = new FileInputStream(trustStoreLoc); logger.debug("keyStoreLoc = " + keyStoreLoc); FileInputStream keyFIS = new FileInputStream(keyStoreLoc); // truststore stuff KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { logger.debug("Loading trustStore"); trustStore.load(trustFIS, trustStorePass.toCharArray()); } catch (CertificateException e) { throw new IOException("Unable to load certificates from truststore. " + trustStoreLoc, e); } finally { IOUtils.closeQuietly(trustFIS); } TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); logger.debug("trust manager factory initialized"); // keystore stuff KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { logger.debug("Loading keyStore"); keyStore.load(keyFIS, keyStorePass.toCharArray()); } catch (CertificateException e) { throw new IOException("Unable to load certificates from keystore. " + keyStoreLoc, e); } finally { IOUtils.closeQuietly(keyFIS); } KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, keyStorePass.toCharArray()); logger.debug("key manager factory initialized"); // ssl context SSLContext sslCtx = SSLContext.getInstance("TLS"); sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); sslCtx.getDefaultSSLParameters().setNeedClientAuth(true); sslCtx.getDefaultSSLParameters().setWantClientAuth(true); logger.debug(exiting + methodName); return sslCtx.getSocketFactory(); } catch (KeyManagementException e) { logger.debug(exiting + methodName); throw new IOException("Unable to initialize the SSL context.", e); } catch (NoSuchAlgorithmException e) { logger.debug(exiting + methodName); throw new IOException( "Problems creating SSL socket. Usually this is " + "referring to the certificate sent by the server not being trusted by the client.", e); } catch (UnrecoverableKeyException e) { logger.debug(exiting + methodName); throw new IOException("Unable to load keystore. " + keyStoreLoc, e); } catch (KeyStoreException e) { logger.debug(exiting + methodName); throw new IOException("Unable to read keystore. " + keyStoreLoc, e); } }
From source file:com.cloudbees.tftwoway.Client.java
public static KeyManager[] getKeyManager() throws Exception { KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore store = KeyStore.getInstance("JKS"); PrivateKey clientKey = loadRSAKey(PRIVATE_KEY); X509Certificate clientCert = loadX509Key(CERTIFICATE); store.load(null);//from www . j av a 2s. c om store.setKeyEntry("key", clientKey, "123123".toCharArray(), new Certificate[] { clientCert }); keyManagerFactory.init(store, "123123".toCharArray()); return keyManagerFactory.getKeyManagers(); }
From source file:com.eviware.soapui.impl.wsdl.support.http.SoapUISSLSocketFactory.java
@SuppressWarnings("deprecation") public SoapUISSLSocketFactory(KeyStore keyStore, String keystorePassword) throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException { super(keyStore); // trust everyone! X509TrustManager tm = new X509TrustManager() { @Override/* www. j av a2 s .c o m*/ public X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkClientTrusted(X509Certificate[] certs, String authType) { } @Override public void checkServerTrusted(X509Certificate[] certs, String authType) { } }; if (keyStore != null) { KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keyStore, keystorePassword != null ? keystorePassword.toCharArray() : null); KeyManager[] keymanagers = kmfactory.getKeyManagers(); sslContext.init(keymanagers, new TrustManager[] { tm }, null); } else { sslContext.init(null, new TrustManager[] { tm }, null); } setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); }
From source file:org.eclipse.mylyn.internal.commons.net.PollingSslProtocolSocketFactory.java
public PollingSslProtocolSocketFactory() { KeyManager[] keymanagers = null; if (System.getProperty(KEY_STORE) != null && System.getProperty(KEY_STORE_PASSWORD) != null) { try {//from ww w .j a v a 2 s .co m String type = System.getProperty(KEY_STORE_TYPE, KeyStore.getDefaultType()); KeyStore keyStore = KeyStore.getInstance(type); char[] password = System.getProperty(KEY_STORE_PASSWORD).toCharArray(); keyStore.load(new FileInputStream(System.getProperty(KEY_STORE)), password); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, password); keymanagers = keyManagerFactory.getKeyManagers(); } catch (Exception e) { CommonsNetPlugin.log(IStatus.ERROR, "Could not initialize keystore", e); //$NON-NLS-1$ } } hasKeyManager = keymanagers != null; try { SSLContext sslContext = SSLContext.getInstance("SSL"); //$NON-NLS-1$ sslContext.init(keymanagers, new TrustManager[] { new TrustAllTrustManager() }, null); this.socketFactory = sslContext.getSocketFactory(); } catch (Exception e) { CommonsNetPlugin.log(IStatus.ERROR, "Could not initialize SSL context", e); //$NON-NLS-1$ } }
From source file:org.elasticsearch.client.RestClientBuilderIntegTests.java
private static SSLContext getSslContext() throws Exception { SSLContext sslContext = SSLContext.getInstance("TLS"); try (InputStream in = RestClientBuilderIntegTests.class.getResourceAsStream("/testks.jks")) { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(in, "password".toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(keyStore, "password".toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(keyStore);//from w ww .j a v a 2 s. com sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); } return sslContext; }
From source file:org.apache.nifi.framework.security.util.SslContextFactory.java
public static SSLContext createSslContext(final NiFiProperties props, final boolean strict) throws SslContextCreationException { final boolean hasKeystoreProperties = hasKeystoreProperties(props); if (hasKeystoreProperties == false) { if (strict) { throw new SslContextCreationException( "SSL context cannot be created because keystore properties have not been configured."); } else {//w ww . j a va 2s. c o m return null; } } else if (props.getNeedClientAuth() && hasTruststoreProperties(props) == false) { throw new SslContextCreationException( "Need client auth is set to 'true', but no truststore properties are configured."); } try { // prepare the trust store final KeyStore trustStore; if (hasTruststoreProperties(props)) { trustStore = KeyStoreUtils .getTrustStore(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE)); try (final InputStream trustStoreStream = new FileInputStream( props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE))) { trustStore.load(trustStoreStream, props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD).toCharArray()); } } else { trustStore = null; } final TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); // prepare the key store final KeyStore keyStore = KeyStoreUtils .getKeyStore(props.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE)); try (final InputStream keyStoreStream = new FileInputStream( props.getProperty(NiFiProperties.SECURITY_KEYSTORE))) { keyStore.load(keyStoreStream, props.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD).toCharArray()); } KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); // if the key password is provided, try to use that - otherwise default to the keystore password if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_KEY_PASSWD))) { keyManagerFactory.init(keyStore, props.getProperty(NiFiProperties.SECURITY_KEY_PASSWD).toCharArray()); } else { keyManagerFactory.init(keyStore, props.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD).toCharArray()); } // initialize the ssl context final SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); sslContext.getDefaultSSLParameters().setNeedClientAuth(props.getNeedClientAuth()); return sslContext; } catch (final KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | KeyManagementException e) { throw new SslContextCreationException(e); } }