List of usage examples for javax.net.ssl SSLContext getDefault
public static SSLContext getDefault() throws NoSuchAlgorithmException
From source file:net.wasdev.gameon.concierge.PlayerClient.java
/** * Obtain apiKey for player id.//from w w w . ja v a2 s. c om * * @param playerId * The player id * @return The apiKey for the player */ public String getApiKey(String playerId) throws IOException { String jwt = getClientJwtForId(playerId); HttpClient client = null; if ("development".equals(System.getenv("CONCIERGE_PLAYER_MODE"))) { System.out.println("Using development mode player connection. (DefaultSSL,NoHostNameValidation)"); try { HttpClientBuilder b = HttpClientBuilder.create(); //use the default ssl context, we have a trust store configured for player cert. SSLContext sslContext = SSLContext.getDefault(); //use a very trusting truststore.. (not needed..) //SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(); b.setSSLContext(sslContext); //disable hostname validation, because we'll need to access the cert via a different hostname. b.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE); client = b.build(); } catch (Exception e) { throw new IOException(e); } } else { client = HttpClientBuilder.create().build(); } HttpGet hg = new HttpGet(playerLocation + "/" + playerId + "?jwt=" + jwt); System.out.println("Building web target " + hg.getURI().toString()); try { // Make GET request using the specified target, get result as a // string containing JSON HttpResponse r = client.execute(hg); String result = new BasicResponseHandler().handleResponse(r); // Parse the JSON response, and retrieve the apiKey field value. ObjectMapper om = new ObjectMapper(); JsonNode jn = om.readValue(result, JsonNode.class); return jn.get("apiKey").textValue(); } catch (HttpResponseException hre) { System.out.println( "Error communicating with player service: " + hre.getStatusCode() + " " + hre.getMessage()); throw hre; } catch (ResponseProcessingException rpe) { System.out.println("Error processing response " + rpe.getResponse().toString()); throw new IOException(rpe); } catch (ProcessingException | WebApplicationException ex) { //bad stuff. System.out.println("Hmm.. " + ex.getMessage()); throw new IOException(ex); } catch (IOException io) { System.out.println("Utoh.. " + io.getMessage()); throw new IOException(io); } }
From source file:cn.ctyun.amazonaws.http.AmazonHttpClient.java
/** * Disables the default strict hostname verification in this client and * instead uses a browser compatible hostname verification strategy (i.e. * cert hostname wildcards are evaulated more liberally). */// ww w . ja v a2 s . c o m public void disableStrictHostnameVerification() { /* * If SSL cert checking for endpoints is disabled, we don't need * to do any changes to the SSL context. */ if (System.getProperty("com.amazonaws.sdk.disableCertChecking") != null) { return; } try { SchemeRegistry schemeRegistry = httpClient.getConnectionManager().getSchemeRegistry(); SSLSocketFactory sf = new SSLSocketFactory(SSLContext.getDefault(), SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER); Scheme https = new Scheme("https", 443, sf); schemeRegistry.register(https); } catch (NoSuchAlgorithmException e) { throw new AmazonClientException( "Unable to access default SSL context to disable strict hostname verification"); } }
From source file:org.neo4j.ogm.drivers.http.driver.HttpDriver.java
private synchronized CloseableHttpClient httpClient() { if (httpClient == null) { // most of the time this will be false, branch-prediction will be very fast and the lock released immediately try {/*from w ww . j a v a 2 s. co m*/ HttpClientBuilder httpClientBuilder = HttpClientBuilder.create(); SSLContext sslContext = SSLContext.getDefault(); if (configuration.getTrustStrategy() != null) { if (configuration.getTrustStrategy().equals("ACCEPT_UNSIGNED")) { sslContext = new SSLContextBuilder().loadTrustMaterial(null, (arg0, arg1) -> true).build(); LOGGER.warn("Certificate validation has been disabled"); } } // setup the default or custom ssl context httpClientBuilder.setSSLContext(sslContext); HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier(); SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier); Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder .<ConnectionSocketFactory>create() .register("http", PlainConnectionSocketFactory.getSocketFactory()) .register("https", sslSocketFactory).build(); // allows multi-threaded use PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager( socketFactoryRegistry); Integer connectionPoolSize = configuration.getConnectionPoolSize(); connectionManager.setMaxTotal(connectionPoolSize); connectionManager.setDefaultMaxPerRoute(connectionPoolSize); httpClientBuilder.setConnectionManager(connectionManager); httpClient = httpClientBuilder.build(); } catch (Exception e) { throw new RuntimeException(e); } } return httpClient; }
From source file:com.streamsets.pipeline.lib.elasticsearch.ElasticsearchStageDelegate.java
private void buildSSLContext(List<Stage.ConfigIssue> issues, RestClientBuilder restClientBuilder) throws IOException { try {//from ww w . j a v a2s. c o m final SSLContext sslcontext; final String keyStorePath = conf.securityConfig.sslTrustStorePath; if (StringUtils.isEmpty(keyStorePath)) { sslcontext = SSLContext.getDefault(); } else { String keyStorePass = null; try { keyStorePass = conf.securityConfig.sslTrustStorePassword.get(); } catch (StageException e) { issues.add(context.createConfigIssue(Groups.ELASTIC_SEARCH.name(), SecurityConfig.CONF_PREFIX + "sslTrustStorePassword", Errors.ELASTICSEARCH_31, e.toString())); } if (StringUtils.isEmpty(keyStorePass)) { issues.add(context.createConfigIssue(Groups.ELASTIC_SEARCH.name(), SecurityConfig.CONF_PREFIX + "sslTrustStorePassword", Errors.ELASTICSEARCH_10)); } Path path = Paths.get(keyStorePath); if (!Files.exists(path)) { issues.add(context.createConfigIssue(Groups.ELASTIC_SEARCH.name(), SecurityConfig.CONF_PREFIX + "sslTrustStorePath", Errors.ELASTICSEARCH_11, keyStorePath)); } KeyStore keyStore = KeyStore.getInstance("jks"); try (InputStream is = Files.newInputStream(path)) { keyStore.load(is, keyStorePass.toCharArray()); } sslcontext = SSLContexts.custom().loadTrustMaterial(keyStore, null).build(); } restClientBuilder.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() { @Override public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) { return httpClientBuilder.setSSLContext(sslcontext); } }); } catch (KeyStoreException | NoSuchAlgorithmException | KeyManagementException | CertificateException e) { issues.add(context.createConfigIssue(Groups.ELASTIC_SEARCH.name(), SecurityConfig.CONF_PREFIX + "sslTrustStorePath", Errors.ELASTICSEARCH_12, e.toString(), e)); } }
From source file:org.apache.flink.runtime.rest.RestServerEndpointITCase.java
@Before public void setup() throws Exception { config.setString(WebOptions.UPLOAD_DIR, temporaryFolder.newFolder().getCanonicalPath()); defaultSSLContext = SSLContext.getDefault(); defaultSSLSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory(); final SSLContext sslClientContext = SSLUtils.createRestClientSSLContext(config); if (sslClientContext != null) { SSLContext.setDefault(sslClientContext); HttpsURLConnection.setDefaultSSLSocketFactory(sslClientContext.getSocketFactory()); }/* w w w.j a v a 2s . com*/ RestServerEndpointConfiguration serverConfig = RestServerEndpointConfiguration.fromConfiguration(config); RestClientConfiguration clientConfig = RestClientConfiguration.fromConfiguration(config); final String restAddress = "http://localhost:1234"; RestfulGateway mockRestfulGateway = mock(RestfulGateway.class); when(mockRestfulGateway.requestRestAddress(any(Time.class))) .thenReturn(CompletableFuture.completedFuture(restAddress)); final GatewayRetriever<RestfulGateway> mockGatewayRetriever = () -> CompletableFuture .completedFuture(mockRestfulGateway); testHandler = new TestHandler(CompletableFuture.completedFuture(restAddress), mockGatewayRetriever, RpcUtils.INF_TIMEOUT); TestVersionHandler testVersionHandler = new TestVersionHandler( CompletableFuture.completedFuture(restAddress), mockGatewayRetriever, RpcUtils.INF_TIMEOUT); TestVersionSelectionHandler1 testVersionSelectionHandler1 = new TestVersionSelectionHandler1( CompletableFuture.completedFuture(restAddress), mockGatewayRetriever, RpcUtils.INF_TIMEOUT); TestVersionSelectionHandler2 testVersionSelectionHandler2 = new TestVersionSelectionHandler2( CompletableFuture.completedFuture(restAddress), mockGatewayRetriever, RpcUtils.INF_TIMEOUT); testUploadHandler = new TestUploadHandler(CompletableFuture.completedFuture(restAddress), mockGatewayRetriever, RpcUtils.INF_TIMEOUT); final StaticFileServerHandler<RestfulGateway> staticFileServerHandler = new StaticFileServerHandler<>( mockGatewayRetriever, CompletableFuture.completedFuture(restAddress), RpcUtils.INF_TIMEOUT, temporaryFolder.getRoot()); final List<Tuple2<RestHandlerSpecification, ChannelInboundHandler>> handlers = Arrays.asList( Tuple2.of(new TestHeaders(), testHandler), Tuple2.of(TestUploadHeaders.INSTANCE, testUploadHandler), Tuple2.of(testVersionHandler.getMessageHeaders(), testVersionHandler), Tuple2.of(testVersionSelectionHandler1.getMessageHeaders(), testVersionSelectionHandler1), Tuple2.of(testVersionSelectionHandler2.getMessageHeaders(), testVersionSelectionHandler2), Tuple2.of(WebContentHandlerSpecification.getInstance(), staticFileServerHandler)); serverEndpoint = new TestRestServerEndpoint(serverConfig, handlers); restClient = new TestRestClient(clientConfig); serverEndpoint.start(); serverAddress = serverEndpoint.getServerAddress(); }
From source file:org.ops4j.pax.web.service.jetty.internal.JettyFactoryImpl.java
/** * {@inheritDoc}//from w ww. jav a 2 s . c o m */ @Override public ServerConnector createSecureConnector(Server server, String name, int port, String sslKeystore, String sslKeystorePassword, String sslKeyPassword, String host, String sslKeystoreType, String sslKeyAlias, String trustStore, String trustStorePassword, String trustStoreType, boolean isClientAuthNeeded, boolean isClientAuthWanted, List<String> cipherSuitesIncluded, List<String> cipherSuitesExcluded, List<String> protocolsIncluded, List<String> protocolsExcluded, Boolean sslRenegotiationAllowed, String crlPath, Boolean enableCRLDP, Boolean validateCerts, Boolean validatePeerCerts, Boolean enableOCSP, String ocspResponderURL) { // SSL Context Factory for HTTPS and SPDY SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(sslKeystore); sslContextFactory.setKeyStorePassword(sslKeystorePassword); sslContextFactory.setKeyManagerPassword(sslKeyPassword); sslContextFactory.setNeedClientAuth(isClientAuthNeeded); sslContextFactory.setWantClientAuth(isClientAuthWanted); sslContextFactory.setEnableCRLDP(enableCRLDP); sslContextFactory.setValidateCerts(validateCerts); sslContextFactory.setValidatePeerCerts(validatePeerCerts); sslContextFactory.setEnableOCSP(enableOCSP); if ((null != crlPath) && (!"".equals(crlPath))) { sslContextFactory.setCrlPath(crlPath); } if ((null != ocspResponderURL) && (!"".equals(ocspResponderURL))) { sslContextFactory.setOcspResponderURL(ocspResponderURL); } if (sslKeystoreType != null) { sslContextFactory.setKeyStoreType(sslKeystoreType); } // Java key stores may contain more than one private key entry. // Specifying the alias tells jetty which one to use. if ((null != sslKeyAlias) && (!"".equals(sslKeyAlias))) { sslContextFactory.setCertAlias(sslKeyAlias); } // Quite often it is useful to use a certificate trust store other than the JVM default. if ((null != trustStore) && (!"".equals(trustStore))) { sslContextFactory.setTrustStorePath(trustStore); } if ((null != trustStorePassword) && (!"".equals(trustStorePassword))) { sslContextFactory.setTrustStorePassword(trustStorePassword); } if ((null != trustStoreType) && (!"".equals(trustStoreType))) { sslContextFactory.setTrustStoreType(trustStoreType); } // In light of well-known attacks against weak encryption algorithms such as RC4, // it is usefull to be able to include or exclude certain ciphersuites. // Due to the overwhelming number of cipher suites using regex to specify inclusions // and exclusions greatly simplifies configuration. final String[] cipherSuites; try { SSLContext context = SSLContext.getDefault(); SSLSocketFactory sf = context.getSocketFactory(); cipherSuites = sf.getSupportedCipherSuites(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("Failed to get supported cipher suites.", e); } if (cipherSuitesIncluded != null && !cipherSuitesIncluded.isEmpty()) { final List<String> cipherSuitesToInclude = new ArrayList<>(); for (final String cipherSuite : cipherSuites) { for (final String includeRegex : cipherSuitesIncluded) { if (cipherSuite.matches(includeRegex)) { cipherSuitesToInclude.add(cipherSuite); } } } sslContextFactory.setIncludeCipherSuites( cipherSuitesToInclude.toArray(new String[cipherSuitesToInclude.size()])); } if (cipherSuitesExcluded != null && !cipherSuitesExcluded.isEmpty()) { final List<String> cipherSuitesToExclude = new ArrayList<>(); for (final String cipherSuite : cipherSuites) { for (final String excludeRegex : cipherSuitesExcluded) { if (cipherSuite.matches(excludeRegex)) { cipherSuitesToExclude.add(cipherSuite); } } } sslContextFactory.setExcludeCipherSuites( cipherSuitesToExclude.toArray(new String[cipherSuitesToExclude.size()])); } // In light of attacks against SSL 3.0 as "POODLE" it is useful to include or exclude // SSL/TLS protocols as needed. if ((null != protocolsIncluded) && (!protocolsIncluded.isEmpty())) { sslContextFactory.setIncludeProtocols(protocolsIncluded.toArray(new String[protocolsIncluded.size()])); } if ((null != protocolsExcluded) && (!protocolsExcluded.isEmpty())) { sslContextFactory.setExcludeProtocols(protocolsExcluded.toArray(new String[protocolsExcluded.size()])); } if (sslRenegotiationAllowed != null) { sslContextFactory.setRenegotiationAllowed(sslRenegotiationAllowed); } // HTTP Configuration HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.setSecureScheme(HttpScheme.HTTPS.asString()); httpConfig.setSecurePort(port); httpConfig.setOutputBufferSize(32768); // HTTPS Configuration HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); List<AbstractConnectionFactory> connectionFactories = new ArrayList<>(); HttpConnectionFactory httpConFactory = new HttpConnectionFactory(httpsConfig); SslConnectionFactory sslFactory = null; AbstractConnectionFactory http2Factory = null; NegotiatingServerConnectionFactory alpnFactory = null; if (alpnCLassesAvailable()) { log.info("HTTP/2 available, creating HttpSpdyServerConnector for Https"); // SPDY connector try { Class<?> comparatorClass = bundle.loadClass("org.eclipse.jetty.http2.HTTP2Cipher"); Comparator<String> cipherComparator = (Comparator<String>) FieldUtils .readDeclaredStaticField(comparatorClass, "COMPARATOR"); sslContextFactory.setCipherComparator(cipherComparator); sslFactory = new SslConnectionFactory(sslContextFactory, "h2"); connectionFactories.add(sslFactory); //org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory Class<?> loadClass = bundle .loadClass("org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory"); // // //ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory("spdy/3", "http/1.1"); // alpnFactory = (NegotiatingServerConnectionFactory) ConstructorUtils.invokeConstructor(loadClass, (Object) new String[] {"ssl", "http/2", "http/1.1"}); // alpnFactory.setDefaultProtocol("http/1.1"); // connectionFactories.add(alpnFactory); //HTTPSPDYServerConnectionFactory spdy = new HTTPSPDYServerConnectionFactory(SPDY.V3, httpConfig); // loadClass = bundle.loadClass("org.eclipse.jetty.spdy.server.http.HTTPSPDYServerConnectionFactory"); // loadClass = bundle.loadClass("org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory"); http2Factory = (AbstractConnectionFactory) ConstructorUtils.invokeConstructor(loadClass, httpsConfig); connectionFactories.add(http2Factory); } catch (ClassNotFoundException | NoSuchMethodException | InvocationTargetException | IllegalArgumentException | IllegalAccessException | InstantiationException e) { // TODO Auto-generated catch block e.printStackTrace(); } } else { log.info("SPDY not available, creating standard ServerConnector for Https"); sslFactory = new SslConnectionFactory(sslContextFactory, "http/1.1"); } // HttpConnectionFactory httpFactory = new HttpConnectionFactory(httpConfig); // // ServerConnector https = new ServerConnector(server); // HTTPS connector ServerConnector https = new ServerConnector(server, sslFactory, httpConFactory); for (AbstractConnectionFactory factory : connectionFactories) { https.addConnectionFactory(factory); } https.setPort(port); https.setName(name); https.setHost(host); https.setIdleTimeout(500000); /* SslContextFactory sslContextFactory = new SslContextFactory(); HttpConfiguration httpConfig = new HttpConfiguration(); SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "alpn"); ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory("spdy/3", "http/1.1"); alpn.setDefaultProtocol("http/1.1"); HTTPSPDYServerConnectionFactory spdy = new HTTPSPDYServerConnectionFactory(SPDY.V3, httpConfig); HttpConnectionFactory http = new HttpConnectionFactory(httpConfig); Server server = new Server(); ServerConnector connector = new ServerConnector(server, new ConnectionFactory[]{ssl, alpn, spdy, http}); */ return https; }
From source file:com.beyondj.gateway.handlers.detecting.DetectingGateway.java
public void handle(final SocketWrapper socket) { shutdownTacker.retain();//from ww w . j ava2s . c o m receivedConnectionAttempts.incrementAndGet(); socketsConnecting.add(socket); if (connectionTimeout > 0) { vertx.setTimer(connectionTimeout, new Handler<Long>() { public void handle(Long timerID) { if (socketsConnecting.contains(socket)) { handleConnectFailure(socket, String .format("Gateway client '%s' protocol detection timeout.", socket.remoteAddress())); } } }); } ReadStream<ReadStream> readStream = socket.readStream(); readStream.exceptionHandler(new Handler<Throwable>() { @Override public void handle(Throwable e) { handleConnectFailure(socket, String.format("Failed to route gateway client '%s' due to: %s", socket.remoteAddress(), e)); } }); readStream.endHandler(new Handler<Void>() { @Override public void handle(Void event) { handleConnectFailure(socket, String.format("Gateway client '%s' closed the connection before it could be routed.", socket.remoteAddress())); } }); readStream.dataHandler(new Handler<Buffer>() { Buffer received = new Buffer(); @Override public void handle(Buffer event) { received.appendBuffer(event); for (final Protocol protocol : protocols) { if (protocol.matches(received)) { if ("ssl".equals(protocol.getProtocolName())) { LOG.info(String.format("SSL Connection from '%s'", socket.remoteAddress())); String disabledCypherSuites = null; String enabledCipherSuites = null; if (sslConfig != null) { disabledCypherSuites = sslConfig.getDisabledCypherSuites(); enabledCipherSuites = sslConfig.getEnabledCipherSuites(); } if (sslContext == null) { try { if (sslConfig != null) { sslContext = SSLContext.getInstance(sslConfig.getProtocol()); sslContext.init(sslConfig.getKeyManagers(), sslConfig.getTrustManagers(), null); } else { sslContext = SSLContext.getDefault(); } } catch (Exception e) { handleConnectFailure(socket, "Could initialize SSL: " + e); return; } } // lets wrap it up in a SslSocketWrapper. SslSocketWrapper sslSocketWrapper = new SslSocketWrapper(socket); sslSocketWrapper.putBackHeader(received); sslSocketWrapper.initServer(sslContext, clientAuth, disabledCypherSuites, enabledCipherSuites); DetectingGateway.this.handle(sslSocketWrapper); return; } else if ("http".equals(protocol.getProtocolName())) { InetSocketAddress target = getHttpGateway(); if (target != null) { try { URI url = new URI("http://" + target.getHostString() + ":" + target.getPort()); LOG.info(String.format("Connecting '%s' to '%s:%d' using the http protocol", socket.remoteAddress(), url.getHost(), url.getPort())); ConnectionParameters params = new ConnectionParameters(); params.protocol = "http"; createClient(params, socket, url, received); return; } catch (URISyntaxException e) { handleConnectFailure(socket, "Could not build valid connect URI: " + e); return; } } else { handleConnectFailure(socket, "No http gateway available for the http protocol"); return; } } else { protocol.snoopConnectionParameters(socket, received, new Handler<ConnectionParameters>() { @Override public void handle(ConnectionParameters connectionParameters) { // this will install a new dataHandler on the socket. if (connectionParameters.protocol == null) connectionParameters.protocol = protocol.getProtocolName(); if (connectionParameters.protocolSchemes == null) connectionParameters.protocolSchemes = protocol .getProtocolSchemes(); route(socket, connectionParameters, received); } }); return; } } } if (received.length() >= maxProtocolIdentificationLength) { handleConnectFailure(socket, "Connection did not use one of the enabled protocols " + getProtocolNames()); } } }); }
From source file:ddf.ldap.ldaplogin.LdapLoginConfig.java
private void initializeSslContext() throws NoSuchAlgorithmException { // Only set if null so tests can inject a context. if (sslContext == null) { sslContext = SSLContext.getDefault(); }//from ww w . ja v a 2 s.c om }
From source file:io.apiman.gateway.platforms.servlet.connectors.ssl.SSLSessionStrategyFactory.java
private static String[] getDefaultCipherSuites() { try {//from ww w . ja va 2s. c om return SSLContext.getDefault().getDefaultSSLParameters().getCipherSuites(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } }
From source file:io.apiman.gateway.platforms.servlet.connectors.ssl.SSLSessionStrategyFactory.java
private static String[] getDefaultProtocols() { try {// w w w . java 2s .c o m return SSLContext.getDefault().getDefaultSSLParameters().getProtocols(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } }