List of usage examples for javax.net.ssl KeyManagerFactory getKeyManagers
public final KeyManager[] getKeyManagers()
From source file:org.eclipse.emf.emfstore.client.model.connectionmanager.KeyStoreManager.java
/** * Returns a SSL Context. This is need for encryption, used by the * SSLSocketFactory.//from ww w .j a va 2 s . c o m * * @return SSL Context * @throws CertificateStoreException * in case of failure retrieving the context */ public SSLContext getSSLContext() throws CertificateStoreException { try { loadKeyStore(); KeyManagerFactory managerFactory = KeyManagerFactory.getInstance("SunX509"); managerFactory.init(keyStore, KEYSTOREPASSWORD.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); trustManagerFactory.init(keyStore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(managerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }); return sslContext; } catch (NoSuchAlgorithmException e) { throw new CertificateStoreException("Loading certificate failed!", e); } catch (UnrecoverableKeyException e) { throw new CertificateStoreException("Loading certificate failed!", e); } catch (KeyStoreException e) { throw new CertificateStoreException("Loading certificate failed!", e); } catch (KeyManagementException e) { throw new CertificateStoreException("Loading certificate failed!", e); } }
From source file:org.wso2.carbon.device.mgt.jaxrs.service.impl.admin.DeviceAnalyticsArtifactUploaderAdminServiceImpl.java
/** * Initializes the SSL Context/* w w w. j a v a2 s .c o m*/ */ private void initSSLConnection() throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_TYPE); keyManagerFactory.init(keyStore, keyStorePassword); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TRUST_MANAGER_TYPE); trustManagerFactory.init(trustStore); // Create and initialize SSLContext for HTTPS communication sslContext = SSLContext.getInstance(SSLV3); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); SSLContext.setDefault(sslContext); }
From source file:com.clustercontrol.plugin.impl.WebServicePlugin.java
/** * ???WebService?Agent????????/*w w w. j ava2 s . c o m*/ * @param addressPrefix ? http://x.x.x.x:xxxx? ? * @param addressBody ??? addressPrefix ?? * @param endpointInstance * @param threadPool ? */ protected void publish(String addressPrefix, String addressBody, Object endpointInstance, ThreadPoolExecutor threadPool) { try { final URL urlPrefix = new URL(addressPrefix); final String fulladdress = addressPrefix + addressBody; HttpsServer httpsServer = null; // ? HTTPS???????HttpsService???endpoit.publish????? // URL??????????HttpsService?????Hashmap???????HashMap? // HTTPSServer??????????? if ("https".equals(urlPrefix.getProtocol())) { httpsServer = httpsServerMap.get(addressPrefix); if (httpsServer == null) { // HTTPS Server??HTTPS????????????????????? String protocol = HinemosPropertyUtil.getHinemosPropertyStr("ws.https.protocol", "TLS"); String keystorePath = HinemosPropertyUtil.getHinemosPropertyStr("ws.https.keystore.path", HinemosPropertyDefault .getString(HinemosPropertyDefault.StringKey.WS_HTTPS_KEYSTORE_PATH)); String keystorePassword = HinemosPropertyUtil .getHinemosPropertyStr("ws.https.keystore.password", "hinemos"); String keystoreType = HinemosPropertyUtil.getHinemosPropertyStr("ws.https.keystore.type", "PKCS12"); log.info("Starting HTTPS Server..."); log.info("SSLContext: " + protocol + ", KeyStore: " + keystoreType); SSLContext ssl = SSLContext.getInstance(protocol); KeyManagerFactory keyFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore store = KeyStore.getInstance(keystoreType); try (InputStream in = new FileInputStream(keystorePath)) { store.load(in, keystorePassword.toCharArray()); } keyFactory.init(store, keystorePassword.toCharArray()); TrustManagerFactory trustFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustFactory.init(store); ssl.init(keyFactory.getKeyManagers(), trustFactory.getTrustManagers(), new SecureRandom()); HttpsConfigurator configurator = new HttpsConfigurator(ssl); // ??HTTPSSever???Hashmap?? httpsServer = HttpsServer .create(new InetSocketAddress(urlPrefix.getHost(), urlPrefix.getPort()), 0); httpsServer.setHttpsConfigurator(configurator); httpsServerMap.put(addressPrefix, httpsServer); } } // ?????endpoint?? log.info("publish " + fulladdress); final Endpoint endpoint = Endpoint.create(endpointInstance); endpoint.setExecutor(threadPool); if (httpsServer != null) { endpoint.publish(httpsServer.createContext(addressBody)); } else { endpoint.publish(fulladdress); } endpointList.add(endpoint); } catch (NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException | KeyManagementException | IOException | CertificateException | RuntimeException e) { log.warn("failed to publish : " + e.getClass().getSimpleName() + ", " + e.getMessage(), e); } finally { } }
From source file:com.sonatype.nexus.ssl.plugin.internal.TrustStoreImpl.java
private static KeyManager[] getSystemKeyManagers() throws Exception { KeyManagerFactory keyManagerFactory; String keyAlgorithm = System.getProperty("ssl.KeyManagerFactory.algorithm"); if (keyAlgorithm == null) { keyAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); }//from w w w . j av a 2 s . c om String keyStoreType = System.getProperty("javax.net.ssl.keyStoreType"); if (keyStoreType == null) { keyStoreType = KeyStore.getDefaultType(); } if ("none".equalsIgnoreCase(keyStoreType)) { keyManagerFactory = KeyManagerFactory.getInstance(keyAlgorithm); } else { final String keyStoreFileName = System.getProperty("javax.net.ssl.keyStore"); if (keyStoreFileName != null) { File keyStoreFile = new File(keyStoreFileName); keyManagerFactory = KeyManagerFactory.getInstance(keyAlgorithm); String keyStoreProvider = System.getProperty("javax.net.ssl.keyStoreProvider"); KeyStore keyStore; if (keyStoreProvider != null) { keyStore = KeyStore.getInstance(keyStoreType, keyStoreProvider); } else { keyStore = KeyStore.getInstance(keyStoreType); } String password = System.getProperty("javax.net.ssl.keyStorePassword"); try (FileInputStream in = new FileInputStream(keyStoreFile)) { keyStore.load(in, password != null ? password.toCharArray() : null); } keyManagerFactory.init(keyStore, password != null ? password.toCharArray() : null); } else { return null; } } return keyManagerFactory.getKeyManagers(); }
From source file:com.isecpartners.gizmo.HttpRequest.java
private synchronized SSLSocketFactory initSSL(String hostname) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, IOException, KeyManagementException, InvalidKeyException, SignatureException, NoSuchProviderException, NoCertException {/* w w w . j a v a 2s . co m*/ KeyManagerFactory kmf = null; SSLContext sslcontext = null; kmf = createKeyManagerFactory(hostname); sslcontext = SSLContext.getInstance("SSLv3", Security.getProvider("BC")); sslcontext.init(kmf.getKeyManagers(), null, null); SSLSocketFactory factory = sslcontext.getSocketFactory(); _factories.put(hostname, factory); return factory; }
From source file:org.eclipse.emf.emfstore.internal.client.model.connectionmanager.KeyStoreManager.java
/** * Returns a SSL Context. This is need for encryption, used by the * SSLSocketFactory.//www .j ava 2s . c om * * @return SSL Context * @throws ESCertificateException * in case of failure retrieving the context */ public SSLContext getSSLContext() throws ESCertificateException { try { loadKeyStore(); final KeyManagerFactory managerFactory = KeyManagerFactory.getInstance("SunX509"); //$NON-NLS-1$ managerFactory.init(keyStore, KEYSTOREPASSWORD.toCharArray()); final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); //$NON-NLS-1$ trustManagerFactory.init(keyStore); final SSLContext sslContext = SSLContext.getInstance("TLS"); //$NON-NLS-1$ sslContext.init(managerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }); return sslContext; } catch (final NoSuchAlgorithmException e) { throw new ESCertificateException(Messages.KeyStoreManager_29, e); } catch (final UnrecoverableKeyException e) { throw new ESCertificateException("Loading certificate failed!", e); //$NON-NLS-1$ } catch (final KeyStoreException e) { throw new ESCertificateException("Loading certificate failed!", e); //$NON-NLS-1$ } catch (final KeyManagementException e) { throw new ESCertificateException("Loading certificate failed!", e); //$NON-NLS-1$ } }
From source file:org.codice.ddf.cxf.client.impl.SecureCxfClientFactoryImpl.java
@SuppressWarnings("squid:S3776") private void configureConduit(ClientConfiguration clientConfig) { HTTPConduit httpConduit = clientConfig.getHttpConduit(); if (httpConduit == null) { LOGGER.info("HTTPConduit was null for {}. Unable to configure security.", this); return;/*w w w . j av a 2 s.c om*/ } if (allowRedirects) { HTTPClientPolicy clientPolicy = httpConduit.getClient(); if (clientPolicy != null) { clientPolicy.setAutoRedirect(true); Bus bus = clientConfig.getBus(); if (bus != null) { bus.getProperties().put(AUTO_REDIRECT_ALLOW_REL_URI, true); bus.getProperties().put(AUTO_REDIRECT_MAX_SAME_URI_COUNT, getSameUriRedirectMax()); } } } TLSClientParameters tlsParams = httpConduit.getTlsClientParameters(); if (tlsParams == null) { tlsParams = new TLSClientParameters(); } tlsParams.setDisableCNCheck(disableCnCheck); tlsParams.setUseHttpsURLConnectionDefaultHostnameVerifier(!disableCnCheck); String cipherSuites = System.getProperty("https.cipherSuites"); if (cipherSuites != null) { tlsParams.setCipherSuites(Arrays.asList(cipherSuites.split(","))); } KeyStore keyStore = null; KeyStore trustStore = null; try { keyStore = SecurityConstants.newKeystore(); trustStore = SecurityConstants.newTruststore(); } catch (KeyStoreException e) { LOGGER.debug("Unable to create keystore instance of type {}", System.getProperty(SecurityConstants.KEYSTORE_TYPE), e); } Path keyStoreFile; if (keyInfo != null && StringUtils.isNotBlank(keyInfo.getKeystorePath())) { keyStoreFile = Paths.get(keyInfo.getKeystorePath()); } else { keyStoreFile = Paths.get(SecurityConstants.getKeystorePath()); } Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath()); String ddfHome = System.getProperty("ddf.home"); if (ddfHome != null) { Path ddfHomePath = Paths.get(ddfHome); if (!keyStoreFile.isAbsolute()) { keyStoreFile = Paths.get(ddfHomePath.toString(), keyStoreFile.toString()); } if (!trustStoreFile.isAbsolute()) { trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString()); } } String keyStorePassword = SecurityConstants.getKeystorePassword(); String trustStorePassword = SecurityConstants.getTruststorePassword(); if (!Files.isReadable(keyStoreFile) || !Files.isReadable(trustStoreFile)) { LOGGER.debug("Unable to read system key/trust store files: [ {} ] [ {} ]", keyStoreFile, trustStoreFile); return; } try (InputStream kfis = Files.newInputStream(keyStoreFile)) { if (keyStore != null) { keyStore.load(kfis, keyStorePassword.toCharArray()); } } catch (NoSuchAlgorithmException | CertificateException | IOException e) { LOGGER.debug("Unable to load system key file.", e); } try (InputStream tfis = Files.newInputStream(trustStoreFile)) { if (trustStore != null) { trustStore.load(tfis, trustStorePassword.toCharArray()); } } catch (NoSuchAlgorithmException | CertificateException | IOException e) { LOGGER.debug("Unable to load system trust file.", e); } KeyManager[] keyManagers = null; try { KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keyStorePassword.toCharArray()); keyManagers = keyManagerFactory.getKeyManagers(); tlsParams.setKeyManagers(keyManagers); } catch (NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e) { LOGGER.debug("Unable to initialize KeyManagerFactory.", e); } TrustManager[] trustManagers = null; try { TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); trustManagers = trustManagerFactory.getTrustManagers(); tlsParams.setTrustManagers(trustManagers); } catch (NoSuchAlgorithmException | KeyStoreException e) { LOGGER.debug("Unable to initialize TrustManagerFactory.", e); } if (keyInfo != null) { LOGGER.trace("Using keystore file: {}, alias: {}", keyStoreFile, keyInfo.getAlias()); tlsParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false); tlsParams.setCertAlias(keyInfo.getAlias()); try { if (keyManagers == null) { throw new KeyManagementException("keyManagers was null"); } boolean validProtocolFound = false; String validProtocolsStr = System.getProperty("jdk.tls.client.protocols"); if (StringUtils.isNotBlank(validProtocolsStr)) { String[] validProtocols = validProtocolsStr.split(","); for (String validProtocol : validProtocols) { if (validProtocol.equals(sslProtocol)) { validProtocolFound = true; break; } } if (!validProtocolFound) { LOGGER.error("{} is not in list of valid SSL protocols {}", sslProtocol, validProtocolsStr); } } else { validProtocolFound = true; } if (validProtocolFound) { tlsParams.setSSLSocketFactory( getSSLSocketFactory(sslProtocol, keyInfo.getAlias(), keyManagers, trustManagers)); } } catch (KeyManagementException | NoSuchAlgorithmException e) { LOGGER.debug("Unable to override default SSL Socket Factory", e); } } else { tlsParams.setUseHttpsURLConnectionDefaultSslSocketFactory(true); tlsParams.setCertAlias(SystemBaseUrl.INTERNAL.getHost()); } httpConduit.setTlsClientParameters(tlsParams); }
From source file:org.wso2.carbon.inbound.endpoint.protocol.mqtt.MqttConnectionFactory.java
protected SSLSocketFactory getSocketFactory(String keyStoreLocation, String keyStoreType, String keyStorePassword, String trustStoreLocation, String trustStoreType, String trustStorePassword, String sslVersion) throws Exception { char[] keyPassphrase = keyStorePassword.toCharArray(); KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(new FileInputStream(keyStoreLocation), keyPassphrase); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keyPassphrase); char[] trustPassphrase = trustStorePassword.toCharArray(); KeyStore trustStore = KeyStore.getInstance(trustStoreType); trustStore.load(new FileInputStream(trustStoreLocation), trustPassphrase); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); SSLContext sslContext = SSLContext.getInstance(sslVersion); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); return sslContext.getSocketFactory(); }
From source file:org.apache.jmeter.protocol.amf.proxy.AmfProxy.java
/** * Get SSL connection from hashmap, creating it if necessary. * * @param host/*w ww .ja va2 s .c om*/ * @return a ssl socket factory * @throws IOException */ private SSLSocketFactory getSSLSocketFactory(String host) throws IOException { synchronized (hashHost) { if (hashHost.containsKey(host)) { log.debug("Good, already in map, host=" + host); return hashHost.get(host); } InputStream in = getCertificate(); Exception except = null; if (in != null) { KeyStore ks = null; KeyManagerFactory kmf = null; SSLContext sslcontext = null; try { ks = KeyStore.getInstance(KEYSTORE_TYPE); ks.load(in, KEYSTORE_PASSWORD); kmf = KeyManagerFactory.getInstance(KEYMANAGERFACTORY); kmf.init(ks, KEY_PASSWORD); sslcontext = SSLContext.getInstance(SSLCONTEXT_PROTOCOL); sslcontext.init(kmf.getKeyManagers(), null, null); SSLSocketFactory sslFactory = sslcontext.getSocketFactory(); hashHost.put(host, sslFactory); log.info("KeyStore for SSL loaded OK and put host in map (" + host + ")"); return sslFactory; } catch (NoSuchAlgorithmException e) { except = e; } catch (KeyManagementException e) { except = e; } catch (KeyStoreException e) { except = e; } catch (UnrecoverableKeyException e) { except = e; } catch (CertificateException e) { except = e; } finally { if (except != null) { log.error("Problem with SSL certificate", except); } IOUtils.closeQuietly(in); } } else { throw new IOException("Unable to read keystore"); } return null; } }