List of usage examples for javax.net.ssl SSLContext getInstance
public static SSLContext getInstance(String protocol) throws NoSuchAlgorithmException
From source file:com.base.net.volley.toolbox.HurlStack.java
private SSLSocketFactory getDefaultSSLSocketFactory() { SSLSocketFactory mySSLSocketFactory = null; TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; }/*from ww w .j a v a 2 s.c o m*/ public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; // Install the all-trusting trust manager SSLContext sc; try { sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new SecureRandom()); mySSLSocketFactory = sc.getSocketFactory(); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (KeyManagementException e) { // TODO Auto-generated catch block e.printStackTrace(); } return mySSLSocketFactory; }
From source file:de.betterform.connector.http.ssl.KeyStoreSSLContext.java
private SSLContext createSSLContext() { try {//from w w w . j a v a 2s. c om TrustManager[] trustmanagers = null; KeyManager[] keyManagers = null; if (getKeyStoreURL() != null) { BetterFORMKeyStoreManager bfkm = new BetterFORMKeyStoreManager(); bfkm.addCustomX509KeyManager(getKeyStoreURL(), getKeyStorePasswd()); keyManagers = new KeyManager[] { bfkm }; BetterFORMTrustManager trustManagers = new BetterFORMTrustManager(); trustManagers.addCustomX509TrustManager(getKeyStoreURL(), getKeyStorePasswd()); trustmanagers = trustManagers.getTrustManagers(); } SSLContext sslcontext = SSLContext.getInstance("SSL"); sslcontext.init(keyManagers, trustmanagers, null); return sslcontext; } catch (NoSuchAlgorithmException e) { LOGGER.error(e.getMessage(), e); throw new AuthSSLInitializationError("Unsupported algorithm exception: " + e.getMessage()); } catch (KeyStoreException e) { LOGGER.error(e.getMessage(), e); throw new AuthSSLInitializationError("Keystore exception: " + e.getMessage()); } catch (GeneralSecurityException e) { LOGGER.error(e.getMessage(), e); throw new AuthSSLInitializationError("Key management exception: " + e.getMessage()); } catch (IOException e) { LOGGER.error(e.getMessage(), e); throw new AuthSSLInitializationError("I/O error reading keystore/truststore file: " + e.getMessage()); } }
From source file:com.frostwire.http.HttpClient.java
private static SSLSocketFactory buildSSLSocketFactory() { try {/*from www . j a v a 2s. c o m*/ SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, new TrustManager[] { new AllX509TrustManager() }, new SecureRandom()); SSLSocketFactory d = sc.getSocketFactory(); return new WrapSSLSocketFactory(d); } catch (Throwable e) { LOG.error("Unable to create custom SSL socket factory", e); } return null; }
From source file:es.tid.fiware.fiwareconnectors.cygnus.http.HttpClientFactory.java
/** * Gets a SchemeRegistry object accepting all the X509 certificates by default. * @return A SchemeRegistry object./*from ww w . j a v a 2 s.com*/ */ private SchemeRegistry getSchemeRegistry() { // http://stackoverflow.com/questions/2703161/how-to-ignore-ssl-certificate-errors-in-apache-httpclient-4-0 SSLContext sslContext = null; try { sslContext = SSLContext.getInstance("SSL"); } catch (NoSuchAlgorithmException e) { logger.fatal("Fatal error (SSL cannot be used, no such algorithm. Details=" + e.getMessage() + ")"); return null; } // try catch try { // set up a TrustManager that trusts everything sslContext.init(null, new TrustManager[] { new X509TrustManager() { @Override public X509Certificate[] getAcceptedIssuers() { return null; } // getAcceptedIssuers @Override public void checkClientTrusted(X509Certificate[] certs, String authType) { } // getAcceptedIssuers @Override public void checkServerTrusted(X509Certificate[] certs, String authType) { } // checkServerTrusted } }, new SecureRandom()); } catch (KeyManagementException e) { logger.fatal("Fatal error (Cannot ignore SSL certificates. Details=" + e.getMessage() + ")"); return null; } // try catch if (sslContext == null) { logger.fatal("Fatal error (Cannot ignore SSL certificates, SSL context is null)"); return null; } // if SSLSocketFactory sf = new SSLSocketFactory(sslContext); Scheme httpsScheme = new Scheme("https", 443, sf); SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(httpsScheme); return schemeRegistry; }
From source file:org.qi4j.library.http.AbstractSecureJettyTest.java
@BeforeClass public static void beforeSecureClass() throws IOException, GeneralSecurityException { defaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier(); defaultSSLSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory(); HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { public boolean verify(String string, SSLSession ssls) { return true; }// w w w .j a v a 2s .c om }); KeyStore truststore = KeyStore.getInstance("JCEKS"); truststore.load(new FileInputStream(TRUSTSTORE_FILE), KS_PASSWORD.toCharArray()); SSLContext sslCtx = SSLContext.getInstance("TLS"); TrustManagerFactory caTrustManagerFactory = TrustManagerFactory.getInstance(getX509Algorithm()); caTrustManagerFactory.init(truststore); sslCtx.init(null, caTrustManagerFactory.getTrustManagers(), null); HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); }
From source file:cn.dacas.emmclient.security.ssl.EasySSLSocketFactory.java
private static SSLContext createIgnoreSSLContext() throws IOException { try {/*from w ww .j a va 2 s . c o m*/ SSLContext context = SSLContext.getInstance("TLS"); context.init(null, new TrustManager[] { new IgnoreCertTrustManager() }, null); return context; } catch (Exception e) { e.printStackTrace(); throw new IOException(e.getMessage()); } }
From source file:ch.admin.vbs.cube.core.webservice.CubeSSLSocketFactory.java
/** * Create a new SSL socket factory.//from w w w.ja v a2s.c om * * @param keyStoreBuilder * the key store builder * @param trustStore * the trust store * @param checkRevocation * <code>true</code> if certificate revocations should be * checked, else <code>false</code> * @throws WebServiceException * if the creation failed */ public static SSLSocketFactory newSSLSocketFactory(KeyStore.Builder keyStoreBuilder, KeyStore trustStore, boolean checkRevocation) throws WebServiceException { KeyManagerFactory keyManagerFactory; try { keyManagerFactory = KeyManagerFactory.getInstance("NewSunX509"); } catch (NoSuchAlgorithmException e) { String message = "Unable to create key manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } KeyStoreBuilderParameters keyStoreBuilderParameters = new KeyStoreBuilderParameters(keyStoreBuilder); try { keyManagerFactory.init(keyStoreBuilderParameters); } catch (InvalidAlgorithmParameterException e) { String message = "Unable to initialize key manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } TrustManagerFactory trustManagerFactory; try { trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); } catch (NoSuchAlgorithmException e) { String message = "Unable to create trust manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } PKIXBuilderParameters pkixBuilderParameters; try { pkixBuilderParameters = new PKIXBuilderParameters(trustStore, null); } catch (KeyStoreException e) { String message = "The trust store is not initialized"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } catch (InvalidAlgorithmParameterException e) { String message = "The trust store does not contain any trusted certificate"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } catch (NullPointerException e) { String message = "The trust store is null"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } pkixBuilderParameters.setRevocationEnabled(checkRevocation); CertPathTrustManagerParameters certPathTrustManagerParameters = new CertPathTrustManagerParameters( pkixBuilderParameters); try { trustManagerFactory.init(certPathTrustManagerParameters); } catch (InvalidAlgorithmParameterException e) { String message = "Unable to initialize trust manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } SSLContext sslContext; try { sslContext = SSLContext.getInstance("TLS"); } catch (NoSuchAlgorithmException e) { String message = "Unable to create SSL context"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } try { sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); } catch (KeyManagementException e) { String message = "Unable to initialize SSL context"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); return sslSocketFactory; }
From source file:org.openhab.binding.ihc.ws.IhcConnectionPool.java
private void init() { // Create a local instance of cookie store cookieStore = new BasicCookieStore(); // Create local HTTP context localContext = HttpClientContext.create(); // Bind custom cookie store to the local context localContext.setCookieStore(cookieStore); httpClientBuilder = HttpClientBuilder.create(); // Setup a Trust Strategy that allows all certificates. logger.debug("Initialize SSL context"); // Create a trust manager that does not validate certificate chains, // but accept all. TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override//from www . j av a 2 s. c om public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { logger.trace("Trusting server cert: " + certs[0].getIssuerDN()); } } }; // Install the all-trusting trust manager try { // Controller supports only SSLv3 and TLSv1 sslContext = SSLContext.getInstance("TLSv1"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); } catch (NoSuchAlgorithmException e) { logger.warn("Exception", e); } catch (KeyManagementException e) { logger.warn("Exception", e); } httpClientBuilder.setSslcontext(sslContext); // Controller accepts only HTTPS connections and because normally IP // address are used on home network rather than DNS names, create custom // host name verifier. HostnameVerifier hostnameVerifier = new HostnameVerifier() { @Override public boolean verify(String arg0, SSLSession arg1) { logger.trace("HostnameVerifier: arg0 = " + arg0); logger.trace("HostnameVerifier: arg1 = " + arg1); return true; } }; // Create an SSL Socket Factory, to use our weakened "trust strategy" SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1" }, null, hostnameVerifier); Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create() .register("https", sslSocketFactory).build(); // Create connection-manager using our Registry. Allows multi-threaded // use PoolingHttpClientConnectionManager connMngr = new PoolingHttpClientConnectionManager(socketFactoryRegistry); // Increase max connection counts connMngr.setMaxTotal(20); connMngr.setDefaultMaxPerRoute(6); httpClientBuilder.setConnectionManager(connMngr); }
From source file:proxy.ElementalHttpGet.java
private static void request(HttpProcessor httpproc, HttpRequestExecutor httpexecutor, HttpCoreContext coreContext, HttpHost host, InetAddress localinetAddress) throws NoSuchAlgorithmException, IOException, HttpException { DefaultBHttpClientConnection conn = new DefaultBHttpClientConnection(8 * 1024); ConnectionReuseStrategy connStrategy = DefaultConnectionReuseStrategy.INSTANCE; try {/*from www . ja va 2 s . co m*/ String[] targets = { "/2/users/show.json?access_token=2.00SlDQsDdcZIJC94e5308f67sRL13D&uid=3550148352", "/account/rate_limit_status.json?access_token=2.00SlDQsDdcZIJC94e5308f67sRL13D" }; for (int i = 0; i < targets.length; i++) { if (!conn.isOpen()) { SSLContext sslcontext = SSLContext.getInstance("Default"); // sslcontext.init(null, null, null); SocketFactory sf = sslcontext.getSocketFactory(); SSLSocket socket = (SSLSocket) sf.createSocket(host.getHostName(), host.getPort(), localinetAddress, 0); socket.setEnabledCipherSuites(new String[] { "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" }); conn.bind(socket); // Socket socket = new Socket(host.getHostName(), host.getPort()); // conn.bind(socket); } BasicHttpRequest request = new BasicHttpRequest("GET", targets[i]); System.out.println(">> Request URI: " + request.getRequestLine().getUri()); httpexecutor.preProcess(request, httpproc, coreContext); HttpResponse response = httpexecutor.execute(request, conn, coreContext); httpexecutor.postProcess(response, httpproc, coreContext); System.out.println("<< Response: " + response.getStatusLine()); System.out.println(EntityUtils.toString(response.getEntity())); System.out.println("=============="); if (!connStrategy.keepAlive(response, coreContext)) { conn.close(); } else { System.out.println("Connection kept alive..."); } } } finally { conn.close(); } }
From source file:co.cask.cdap.security.server.ExternalMTLSAuthenticationServerTestBase.java
private HttpClient getHTTPClient(KeyManager[] kms, TrustManager[] tms) throws Exception { SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(kms, tms, new SecureRandom()); // only for test purposes ignoring check of certificate hostname matching host on which server runs SSLSocketFactory sf = new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); Scheme httpsScheme = new Scheme("https", getAuthServerPort(), sf); SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(httpsScheme); // Apache HttpClient version >4.2 should use BasicClientConnectionManager ClientConnectionManager cm = new BasicClientConnectionManager(schemeRegistry); return new DefaultHttpClient(cm); }