List of usage examples for javax.net.ssl KeyManagerFactory getKeyManagers
public final KeyManager[] getKeyManagers()
From source file:net.timewalker.ffmq4.listeners.tcp.io.TcpListener.java
private SSLContext createSSLContext() throws JMSException { try {// w ww. j ava 2 s .c om String sslProtocol = settings.getStringProperty(FFMQCoreSettings.TRANSPORT_TCP_SSL_PROTOCOL, "SSLv3"); String keyManagerAlgorithm = settings .getStringProperty(FFMQCoreSettings.TRANSPORT_TCP_SSL_KEYMANAGER_ALGORITHM, "SunX509"); String keyStoreType = settings.getStringProperty(FFMQCoreSettings.TRANSPORT_TCP_SSL_KEYSTORE_TYPE, "JKS"); String keyStorePath = settings.getStringProperty(FFMQCoreSettings.TRANSPORT_TCP_SSL_KEYSTORE_PATH, "../conf/server-keystore.jks"); String keyStorePass = settings.getStringProperty(FFMQCoreSettings.TRANSPORT_TCP_SSL_KEYSTORE_PASWORD, "ffmqpass"); String keyPass = settings.getStringProperty(FFMQCoreSettings.TRANSPORT_TCP_SSL_KEYSTORE_KEY_PASSWORD, "ffmqpass"); SSLContext sslContext = SSLContext.getInstance(sslProtocol); log.debug("Created an SSL context : protocol=[" + sslContext.getProtocol() + "] provider=[" + sslContext.getProvider() + "]"); // Load available keys KeyManager[] keyManagers; File keyStoreFile = new File(keyStorePath); if (!keyStoreFile.canRead()) throw new FFMQException("Cannot read keystore file : " + keyStoreFile.getAbsolutePath(), "FS_ERROR"); KeyStore ks = KeyStore.getInstance(keyStoreType); log.debug("Created keystore : type=[" + ks.getType() + "] provider=[" + ks.getProvider() + "]"); char ksPass[] = keyStorePass.toCharArray(); char ctPass[] = keyPass.toCharArray(); log.debug("Loading keystore from " + keyStoreFile.getAbsolutePath()); InputStream kis = new FileInputStream(keyStoreFile); ks.load(kis, ksPass); kis.close(); KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgorithm); log.debug("Created KeyManagerFactory : algorithm=[" + kmf.getAlgorithm() + "] provider=[" + kmf.getProvider() + "]"); log.debug("Initializing KeyManagerFactory with keystore ..."); kmf.init(ks, ctPass); keyManagers = kmf.getKeyManagers(); sslContext.init(keyManagers, null, null); return sslContext; } catch (JMSException e) { throw e; } catch (Exception e) { throw new FFMQException("Cannot create SSL context", "NETWORK_ERROR", e); } }
From source file:org.hyperic.hq.bizapp.agent.server.CommandsServer.java
private KeyManager[] getKeyManagers(KeyStore useStore, String filePass) throws AgentStartException { KeyManagerFactory res; String alg;/*from w w w . j a v a 2 s . c o m*/ alg = KeyManagerFactory.getDefaultAlgorithm(); try { res = KeyManagerFactory.getInstance(alg); res.init(useStore, filePass.toCharArray()); } catch (Exception exc) { throw new AgentStartException("Unable to get default key " + "manager: " + exc.getMessage()); } return res.getKeyManagers(); }
From source file:org.opendaylight.aaa.cert.impl.CertificateManagerService.java
@Override public SSLContext getServerContext() { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; }/*from ww w .j a v a2 s. co m*/ SSLContext serverContext = null; try { KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(aaaCertProvider.getODLKeyStore(), aaaCertProvider.getOdlKeyStoreInfo().getStorePassword().toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); tmf.init(aaaCertProvider.getTrustKeyStore()); serverContext = SSLContext.getInstance(KeyStoreConstant.TLS_PROTOCOL); serverContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); } catch (final NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException | KeyManagementException e) { LOG.error("Error while creating SSLContext ", e); } return serverContext; }
From source file:org.apache.synapse.transport.nhttp.config.ServerConnFactoryBuilder.java
protected SSLContextDetails createSSLContext(final OMElement keyStoreEl, final OMElement trustStoreEl, final OMElement cientAuthEl, final OMElement httpsProtocolsEl, final RevocationVerificationManager verificationManager, final String sslProtocol) throws AxisFault { KeyManager[] keymanagers = null; TrustManager[] trustManagers = null; if (keyStoreEl != null) { String location = getValueOfElementWithLocalName(keyStoreEl, "Location"); String type = getValueOfElementWithLocalName(keyStoreEl, "Type"); String storePassword = getValueOfElementWithLocalName(keyStoreEl, "Password"); String keyPassword = getValueOfElementWithLocalName(keyStoreEl, "KeyPassword"); FileInputStream fis = null; try {//from ww w. ja v a2 s . co m KeyStore keyStore = KeyStore.getInstance(type); fis = new FileInputStream(location); if (log.isInfoEnabled()) { log.debug(name + " Loading Identity Keystore from : " + location); } keyStore.load(fis, storePassword.toCharArray()); KeyManagerFactory kmfactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keyStore, keyPassword.toCharArray()); keymanagers = kmfactory.getKeyManagers(); if (log.isInfoEnabled() && keymanagers != null) { for (KeyManager keymanager : keymanagers) { if (keymanager instanceof X509KeyManager) { X509KeyManager x509keymanager = (X509KeyManager) keymanager; Enumeration<String> en = keyStore.aliases(); while (en.hasMoreElements()) { String s = en.nextElement(); X509Certificate[] certs = x509keymanager.getCertificateChain(s); if (certs == null) continue; for (X509Certificate cert : certs) { log.debug(name + " Subject DN: " + cert.getSubjectDN()); log.debug(name + " Issuer DN: " + cert.getIssuerDN()); } } } } } } catch (GeneralSecurityException gse) { log.error(name + " Error loading Key store : " + location, gse); throw new AxisFault("Error loading Key store : " + location, gse); } catch (IOException ioe) { log.error(name + " Error opening Key store : " + location, ioe); throw new AxisFault("Error opening Key store : " + location, ioe); } finally { if (fis != null) { try { fis.close(); } catch (IOException ignore) { } } } } if (trustStoreEl != null) { String location = getValueOfElementWithLocalName(trustStoreEl, "Location"); String type = getValueOfElementWithLocalName(trustStoreEl, "Type"); String storePassword = getValueOfElementWithLocalName(trustStoreEl, "Password"); FileInputStream fis = null; try { KeyStore trustStore = KeyStore.getInstance(type); fis = new FileInputStream(location); if (log.isInfoEnabled()) { log.debug(name + " Loading Trust Keystore from : " + location); } trustStore.load(fis, storePassword.toCharArray()); TrustManagerFactory trustManagerfactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerfactory.init(trustStore); trustManagers = trustManagerfactory.getTrustManagers(); } catch (GeneralSecurityException gse) { log.error(name + " Error loading Key store : " + location, gse); throw new AxisFault("Error loading Key store : " + location, gse); } catch (IOException ioe) { log.error(name + " Error opening Key store : " + location, ioe); throw new AxisFault("Error opening Key store : " + location, ioe); } finally { if (fis != null) { try { fis.close(); } catch (IOException ignore) { } } } } final String s = cientAuthEl != null ? cientAuthEl.getText() : null; final SSLClientAuth clientAuth; if ("optional".equalsIgnoreCase(s)) { clientAuth = SSLClientAuth.OPTIONAL; } else if ("require".equalsIgnoreCase(s)) { clientAuth = SSLClientAuth.REQUIRED; } else { clientAuth = null; } String[] httpsProtocols = null; final String configuredHttpsProtocols = httpsProtocolsEl != null ? httpsProtocolsEl.getText() : null; if (configuredHttpsProtocols != null && configuredHttpsProtocols.trim().length() != 0) { String[] configuredValues = configuredHttpsProtocols.trim().split(","); List<String> protocolList = new ArrayList<String>(configuredValues.length); for (String protocol : configuredValues) { if (!protocol.trim().isEmpty()) { protocolList.add(protocol.trim()); } } httpsProtocols = protocolList.toArray(new String[protocolList.size()]); } try { final String sslProtocolValue = sslProtocol != null ? sslProtocol : "TLS"; SSLContext sslContext = SSLContext.getInstance(sslProtocolValue); sslContext.init(keymanagers, trustManagers, null); ServerSSLSetupHandler sslSetupHandler = (clientAuth != null || httpsProtocols != null) ? new ServerSSLSetupHandler(clientAuth, httpsProtocols, verificationManager) : null; return new SSLContextDetails(sslContext, sslSetupHandler); } catch (GeneralSecurityException gse) { log.error(name + " Unable to create SSL context with the given configuration", gse); throw new AxisFault("Unable to create SSL context with the given configuration", gse); } }
From source file:org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder.java
private SSLContext createSSLContext(OMElement keyStoreElt, OMElement trustStoreElt, boolean novalidatecert) throws AxisFault { KeyManager[] keymanagers = null; TrustManager[] trustManagers = null; if (keyStoreElt != null) { String location = keyStoreElt.getFirstChildWithName(new QName("Location")).getText(); String type = keyStoreElt.getFirstChildWithName(new QName("Type")).getText(); String storePassword = keyStoreElt.getFirstChildWithName(new QName("Password")).getText(); String keyPassword = keyStoreElt.getFirstChildWithName(new QName("KeyPassword")).getText(); FileInputStream fis = null; try {//from ww w. j a v a 2 s . c om KeyStore keyStore = KeyStore.getInstance(type); fis = new FileInputStream(location); if (log.isInfoEnabled()) { log.info(name + " Loading Identity Keystore from : " + location); } keyStore.load(fis, storePassword.toCharArray()); KeyManagerFactory kmfactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keyStore, keyPassword.toCharArray()); keymanagers = kmfactory.getKeyManagers(); } catch (GeneralSecurityException gse) { log.error(name + " Error loading Keystore : " + location, gse); throw new AxisFault("Error loading Keystore : " + location, gse); } catch (IOException ioe) { log.error(name + " Error opening Keystore : " + location, ioe); throw new AxisFault("Error opening Keystore : " + location, ioe); } finally { if (fis != null) { try { fis.close(); } catch (IOException ignore) { } } } } if (trustStoreElt != null) { if (novalidatecert && log.isWarnEnabled()) { log.warn(name + " Ignoring novalidatecert parameter since a truststore has been specified"); } String location = trustStoreElt.getFirstChildWithName(new QName("Location")).getText(); String type = trustStoreElt.getFirstChildWithName(new QName("Type")).getText(); String storePassword = trustStoreElt.getFirstChildWithName(new QName("Password")).getText(); FileInputStream fis = null; try { KeyStore trustStore = KeyStore.getInstance(type); fis = new FileInputStream(location); if (log.isInfoEnabled()) { log.info(name + " Loading Trust Keystore from : " + location); } trustStore.load(fis, storePassword.toCharArray()); TrustManagerFactory trustManagerfactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerfactory.init(trustStore); trustManagers = trustManagerfactory.getTrustManagers(); } catch (GeneralSecurityException gse) { log.error(name + " Error loading Key store : " + location, gse); throw new AxisFault("Error loading Key store : " + location, gse); } catch (IOException ioe) { log.error(name + " Error opening Key store : " + location, ioe); throw new AxisFault("Error opening Key store : " + location, ioe); } finally { if (fis != null) { try { fis.close(); } catch (IOException ignore) { } } } } else if (novalidatecert) { if (log.isWarnEnabled()) { log.warn(name + " Server certificate validation (trust) has been disabled. " + "DO NOT USE IN PRODUCTION!"); } trustManagers = new TrustManager[] { new NoValidateCertTrustManager() }; } try { final Parameter sslpParameter = transportOut.getParameter("SSLProtocol"); final String sslProtocol = sslpParameter != null ? sslpParameter.getValue().toString() : "TLS"; SSLContext sslcontext = SSLContext.getInstance(sslProtocol); sslcontext.init(keymanagers, trustManagers, null); return sslcontext; } catch (GeneralSecurityException gse) { log.error(name + " Unable to create SSL context with the given configuration", gse); throw new AxisFault("Unable to create SSL context with the given configuration", gse); } }
From source file:it.govpay.core.utils.client.BasicClient.java
private BasicClient(String bundleKey, Connettore connettore) throws ClientException { if (connettore == null) { throw new ClientException("Connettore non configurato"); }// w ww . ja v a 2 s. c o m try { this.url = new URL(connettore.getUrl()); } catch (Exception e) { throw new ClientException("La URL del connettore " + errMsg + " non e' valida: " + e); } sslContext = sslContexts.get(bundleKey); if (connettore.getTipoAutenticazione().equals(EnumAuthType.SSL)) { isSslEnabled = true; if (sslContext == null) { try { FileInputStream finKeyStore = null; FileInputStream finTrustStore = null; KeyManager[] km = null; TrustManager[] tm = null; // Autenticazione CLIENT if (connettore.getTipoSsl().equals(EnumSslType.CLIENT)) { if (connettore.getSslKsType() == null || connettore.getSslKsLocation() == null || connettore.getSslKsPasswd() == null || connettore.getSslPKeyPasswd() == null) throw new ClientException( "Configurazione SSL Client del connettore " + errMsg + " incompleta."); KeyStore keystore = KeyStore.getInstance(connettore.getSslKsType()); // JKS,PKCS12,jceks,bks,uber,gkr finKeyStore = new FileInputStream(connettore.getSslKsLocation()); keystore.load(finKeyStore, connettore.getSslKsPasswd().toCharArray()); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keystore, connettore.getSslPKeyPasswd().toCharArray()); km = keyManagerFactory.getKeyManagers(); } if (connettore.getSslTsType() == null || connettore.getSslTsLocation() == null || connettore.getSslTsPasswd() == null || connettore.getSslType() == null) throw new ClientException( "Configurazione SSL Server del connettore " + errMsg + " incompleta."); // Autenticazione SERVER KeyStore truststore = KeyStore.getInstance(connettore.getSslTsType()); // JKS,PKCS12,jceks,bks,uber,gkr finTrustStore = new FileInputStream(connettore.getSslTsLocation()); truststore.load(finTrustStore, connettore.getSslTsPasswd().toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(truststore); tm = trustManagerFactory.getTrustManagers(); // Creo contesto SSL sslContext = SSLContext.getInstance(connettore.getSslType()); sslContext.init(km, tm, null); sslContexts.put(bundleKey, sslContext); } catch (Exception e) { throw new ClientException(e); } } } if (connettore.getTipoAutenticazione().equals(EnumAuthType.HTTPBasic)) { ishttpBasicEnabled = true; httpBasicUser = connettore.getHttpUser(); httpBasicPassword = connettore.getHttpPassw(); } }
From source file:com.amazon.alexa.avs.auth.companionservice.CompanionServiceClient.java
/** * Loads the CA certificate into an in-memory keystore and creates an {@link SSLSocketFactory}. * * @return SSLSocketFactory/*from w ww . ja v a2s . c om*/ */ public SSLSocketFactory getPinnedSSLSocketFactory() { InputStream caCertInputStream = null; InputStream clientKeyPair = null; try { // Load the CA certificate into memory CertificateFactory cf = CertificateFactory.getInstance("X.509"); caCertInputStream = new FileInputStream(deviceConfig.getCompanionServiceInfo().getSslCaCert()); Certificate caCert = cf.generateCertificate(caCertInputStream); // Load the CA certificate into the trusted KeyStore KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); trustStore.setCertificateEntry("myca", caCert); // Create a TrustManagerFactory with the trusted KeyStore TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); // Load the client certificate and private key into another KeyStore KeyStore keyStore = KeyStore.getInstance("PKCS12"); clientKeyPair = new FileInputStream(deviceConfig.getCompanionServiceInfo().getSslClientKeyStore()); keyStore.load(clientKeyPair, deviceConfig.getCompanionServiceInfo().getSslClientKeyStorePassphrase().toCharArray()); // Create a TrustManagerFactory with the client key pair KeyStore KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, deviceConfig.getCompanionServiceInfo().getSslClientKeyStorePassphrase().toCharArray()); // Initialize the SSLContext and return an SSLSocketFactory; SSLContext sc = SSLContext.getInstance("TLS"); sc.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); return sc.getSocketFactory(); } catch (CertificateException | KeyStoreException | UnrecoverableKeyException | NoSuchAlgorithmException | IOException | KeyManagementException e) { throw new RuntimeException("The KeyStore for contacting the Companion Service could not be loaded.", e); } finally { IOUtils.closeQuietly(caCertInputStream); IOUtils.closeQuietly(clientKeyPair); } }
From source file:org.apache.jmeter.util.JsseSSLManager.java
private SSLContext createContext() throws GeneralSecurityException { SSLContext context;/*from w w w . j a va 2 s . c om*/ if (pro != null) { context = SSLContext.getInstance(DEFAULT_SSL_PROTOCOL, pro); // $NON-NLS-1$ } else { context = SSLContext.getInstance(DEFAULT_SSL_PROTOCOL); // $NON-NLS-1$ } KeyManagerFactory managerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); JmeterKeyStore keys = this.getKeyStore(); managerFactory.init(null, defaultpw == null ? new char[] {} : defaultpw.toCharArray()); KeyManager[] managers = managerFactory.getKeyManagers(); KeyManager[] newManagers = new KeyManager[managers.length]; log.debug(keys.getClass().toString()); // Now wrap the default managers with our key manager for (int i = 0; i < managers.length; i++) { if (managers[i] instanceof X509KeyManager) { X509KeyManager manager = (X509KeyManager) managers[i]; newManagers[i] = new WrappedX509KeyManager(manager, keys); } else { newManagers[i] = managers[i]; } } // Get the default trust managers TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmfactory.init(this.getTrustStore()); // Wrap the defaults in our custom trust manager TrustManager[] trustmanagers = tmfactory.getTrustManagers(); for (int i = 0; i < trustmanagers.length; i++) { if (trustmanagers[i] instanceof X509TrustManager) { trustmanagers[i] = new CustomX509TrustManager((X509TrustManager) trustmanagers[i]); } } context.init(newManagers, trustmanagers, this.rand); if (log.isDebugEnabled()) { String[] dCiphers = context.getSocketFactory().getDefaultCipherSuites(); String[] sCiphers = context.getSocketFactory().getSupportedCipherSuites(); int len = (dCiphers.length > sCiphers.length) ? dCiphers.length : sCiphers.length; for (int i = 0; i < len; i++) { if (i < dCiphers.length) { log.debug("Default Cipher: " + dCiphers[i]); } if (i < sCiphers.length) { log.debug("Supported Cipher: " + sCiphers[i]); } } } return context; }
From source file:test.integ.be.fedict.commons.eid.client.SSLTest.java
@Test public void testKeyManagerFactory() throws Exception { Security.addProvider(new BeIDProvider()); final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("BeID"); assertNotNull(keyManagerFactory);//www.jav a2s . co m final String algo = keyManagerFactory.getAlgorithm(); LOG.debug("key manager factory algo: " + algo); assertEquals("BeID", algo); final KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); assertNotNull(keyManagers); }
From source file:org.apache.nifi.elasticsearch.ElasticSearchClientServiceImpl.java
private SSLContext buildSslContext(SSLContextService sslService) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException { KeyStore keyStore = KeyStore.getInstance(sslService.getKeyStoreType()); KeyStore trustStore = KeyStore.getInstance("JKS"); try (final InputStream is = new FileInputStream(sslService.getKeyStoreFile())) { keyStore.load(is, sslService.getKeyStorePassword().toCharArray()); }/*from w w w.j a v a 2 s .c o m*/ try (final InputStream is = new FileInputStream(sslService.getTrustStoreFile())) { trustStore.load(is, sslService.getTrustStorePassword().toCharArray()); } final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, sslService.getKeyStorePassword().toCharArray()); final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keyStore); SSLContext context1 = SSLContext.getInstance(sslService.getSslAlgorithm()); context1.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); return context1; }