List of usage examples for javax.net.ssl SSLContext getSocketFactory
public final SSLSocketFactory getSocketFactory()
From source file:com.simiacryptus.util.Util.java
/** * Get input stream.//from ww w .jav a 2s. c om * * @param url the url * @return the input stream * @throws NoSuchAlgorithmException the no such algorithm exception * @throws KeyManagementException the key management exception * @throws IOException the io exception */ public static InputStream get(@javax.annotation.Nonnull String url) throws NoSuchAlgorithmException, KeyManagementException, IOException { @javax.annotation.Nonnull final TrustManager[] trustManagers = { new X509TrustManager() { @Override public void checkClientTrusted(final X509Certificate[] certs, final String authType) { } @Override public void checkServerTrusted(final X509Certificate[] certs, final String authType) { } @javax.annotation.Nonnull @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } } }; @javax.annotation.Nonnull final SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(null, trustManagers, null); final SSLSocketFactory sslFactory = ctx.getSocketFactory(); final URLConnection urlConnection = new URL(url).openConnection(); if (urlConnection instanceof HttpsURLConnection) { @javax.annotation.Nonnull final HttpsURLConnection conn = (HttpsURLConnection) urlConnection; conn.setSSLSocketFactory(sslFactory); conn.setRequestMethod("GET"); } return urlConnection.getInputStream(); }
From source file:org.sipfoundry.openfire.vcard.provider.RestInterface.java
public static String getPngStringTimeout(String urlStr) { try {/* www . j a v a 2s . c om*/ URL url = new URL(urlStr); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); if (url.getProtocol().equalsIgnoreCase("https")) { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); ((HttpsURLConnection) conn).setSSLSocketFactory(sc.getSocketFactory()); } conn.setConnectTimeout(CONNECTION_TIMEOUT); conn.setReadTimeout(READ_TIMEOUT); conn.setRequestMethod("GET"); conn.connect(); ByteArrayOutputStream os = new ByteArrayOutputStream(); BufferedImage image = ImageIO.read(conn.getInputStream()); ImageIO.write(image, "png", os); return new String(new Base64().encode(os.toByteArray())); } catch (MalformedURLException e) { logger.error("In getPngStringTimeout, MalformedURLException:" + e.getMessage()); return null; } catch (IOException e) { logger.error("In getPngStringTimeout, IOException:" + e.getMessage()); return null; } catch (Exception e) { logger.error("In getPngStringTimeout, Exception:" + e.getMessage()); return null; } }
From source file:crossbear.convergence.ConvergenceConnector.java
/** * Contact a ConvergenceNotary and ask it for all information about certificate observations it has made on a specific host. * //from www . j av a 2s. co m * Please note: Contacting a ConvergenceNotary is possible with and without sending the fingerprint of the observed certificate. In both cases the Notary will send a list of * ConvergenceCertificateObservations. The problem is that if no fingerprint is sent or the fingerprint matches the last certificate that the Notary observed for the host, the Notary will just * read the list of ConvergenceCertificateObservations from its database. It will not contact the server to see if it the certificate is still the one it uses. The problem with that is that with * this algorithm Convergence usually makes only one certificate observation per server. When asked for that server a Notary will therefore reply "I saw that certificate last July". Since * Crossbear requires statements like "I saw this certificate since last July" it will send a fake-fingerprint to the Convergence Notaries. This compels the Notary to query the server for * its current certificate. After that the Notary will update its database and will then send the updated list of ConvergenceCertificateObservations to Crossbear. * * @param notary * The notary to contact * @param hostPort * The Hostname and port of the server on which the information about the certificate observations is desired. * @return The Response-String that the Notary sent as an answer. It will contain a JSON-encoded list of ConvergenceCertificateObservations * @throws IOException * @throws KeyManagementException * @throws NoSuchAlgorithmException */ private static String contactNotary(ConvergenceNotary notary, String hostPort) throws IOException, KeyManagementException, NoSuchAlgorithmException { // Construct a fake fingerprint to send to the Notary (currently the Hex-String representation of "ConvergenceIsGreat:)") String data = "fingerprint=43:6F:6E:76:65:72:67:65:6E:63:65:49:73:47:72:65:61:74:3A:29"; // Build the url to connect to based on the Notary and the certificate's host URL url = new URL("https://" + notary.getHostPort() + "/target/" + hostPort.replace(":", "+")); // Open a HttpsURLConnection for that url HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); /* * Set a TrustManager on that connection that forces the use of the Notary's certificate. If the Notary sends any certificate that differs from the one that it is supposed to have (according * to the ConvergenceNotaries-table) an Exception will be thrown. This protects against Man-in-the-middle attacks placed between the Crossbear server and the Notary. */ SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, new TrustManager[] { new TrustSingleCertificateTM(Message.hexStringToByteArray(notary.getCertSHA256Hash())) }, new java.security.SecureRandom()); conn.setSSLSocketFactory(sc.getSocketFactory()); // Set the timeout during which the Notary has to reply conn.setConnectTimeout(3000); // POST the fake fingerprint to the Notary conn.setDoOutput(true); OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream()); wr.write(data); wr.flush(); // Get the Notary's response. Since Convergence replies with a 409-error if it has never observed a certificate conn.getInputStream() will be null. The way to get the Notarys reply in that case is to use conn.getErrorStream(). InputStream is; if (conn.getResponseCode() >= 400) { is = conn.getErrorStream(); } else { // This line should never be executed since we send a fake fingerprint that should never belong to an actually observed certificate. But who knows ... is = conn.getInputStream(); } // Read the Notary's reply and store it String response = Message.inputStreamToString(is); // Close all opened streams wr.close(); // Return the Notary's reply return response; }
From source file:keywhiz.cli.ClientUtils.java
/** * Creates a {@link OkHttpClient} to start a TLS connection. * * @param cookies list of cookies to include in the client. * @return new http client./* w w w . ja v a2 s.com*/ */ public static OkHttpClient sslOkHttpClient(List<HttpCookie> cookies) { checkNotNull(cookies); SSLContext sslContext; try { sslContext = SSLContext.getInstance("TLSv1.2"); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init((KeyStore) null); sslContext.init(new KeyManager[0], trustManagerFactory.getTrustManagers(), new SecureRandom()); } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) { throw Throwables.propagate(e); } SSLSocketFactory socketFactory = sslContext.getSocketFactory(); OkHttpClient client = new OkHttpClient().setSslSocketFactory(socketFactory) .setConnectionSpecs(Arrays.asList(ConnectionSpec.MODERN_TLS)).setFollowSslRedirects(false); client.setRetryOnConnectionFailure(false); client.networkInterceptors().add(new XsrfTokenInterceptor("XSRF-TOKEN", "X-XSRF-TOKEN")); CookieManager cookieManager = new CookieManager(); cookieManager.setCookiePolicy(CookiePolicy.ACCEPT_ALL); cookies.forEach(c -> cookieManager.getCookieStore().add(null, c)); client.setCookieHandler(cookieManager); return client; }
From source file:eu.eubrazilcc.lvl.core.http.client.TrustedHttpsClient.java
private static final void importCertificate(final String url, final KeyStore trustStore) throws Exception { final URL url2 = new URL(url); final SSLContext sslContext = SSLContext.getInstance("TLS"); final TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); final X509TrustManager defaultTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0]; final SavingTrustManager trustManager = new SavingTrustManager(defaultTrustManager); sslContext.init(null, new TrustManager[] { trustManager }, null); final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); final SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket(url2.getHost(), url2.getPort() > 0 ? url2.getPort() : 443); socket.setSoTimeout(10000);/*ww w.ja va 2 s .com*/ try { socket.startHandshake(); socket.close(); } catch (SSLException e) { } final X509Certificate[] chain = trustManager.chain; if (chain == null) { LOGGER.error("Could not obtain server certificate chain from: " + url); return; } final MessageDigest sha1 = MessageDigest.getInstance("SHA1"); final MessageDigest md5 = MessageDigest.getInstance("MD5"); for (int i = 0; i < chain.length; i++) { final X509Certificate cert = chain[i]; final String alias = url2.getHost() + "-" + (i + 1); if (!trustStore.containsAlias(alias)) { sha1.update(cert.getEncoded()); md5.update(cert.getEncoded()); LOGGER.trace("Importing certificate to trusted keystore >> " + "Subject: " + cert.getSubjectDN() + ", Issuer: " + cert.getIssuerDN() + ", SHA1: " + printHexBinary(sha1.digest()) + ", MD5: " + printHexBinary(md5.digest()) + ", Alias: " + alias); trustStore.setCertificateEntry(alias, cert); } } }
From source file:io.kodokojo.brick.gitlab.GitlabConfigurer.java
public static OkHttpClient provideDefaultOkHttpClient() { OkHttpClient httpClient = new OkHttpClient(); final TrustManager[] certs = new TrustManager[] { new X509TrustManager() { @Override//from ww w . j a v a2s. co m public X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { } @Override public void checkClientTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { } } }; SSLContext ctx = null; try { ctx = SSLContext.getInstance("TLS"); ctx.init(null, certs, new SecureRandom()); } catch (final java.security.GeneralSecurityException ex) { // } httpClient.setHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String s, SSLSession sslSession) { return true; } }); httpClient.setSslSocketFactory(ctx.getSocketFactory()); CookieManager cookieManager = new CookieManager(new GitlabCookieStore(), CookiePolicy.ACCEPT_ALL); httpClient.setCookieHandler(cookieManager); httpClient.setReadTimeout(2, TimeUnit.MINUTES); httpClient.setConnectTimeout(1, TimeUnit.MINUTES); httpClient.setWriteTimeout(1, TimeUnit.MINUTES); return httpClient; }
From source file:net.i2p.util.I2PSSLSocketFactory.java
/** * Loads certs from//w ww .j a va2 s . co m * the ~/.i2p/certificates/ and $I2P/certificates/ directories. */ private static SSLSocketFactory initSSLContext(I2PAppContext context, boolean loadSystemCerts, String relativeCertPath) throws GeneralSecurityException { Log log = context.logManager().getLog(I2PSSLSocketFactory.class); KeyStore ks; if (loadSystemCerts) { ks = KeyStoreUtil.loadSystemKeyStore(); if (ks == null) throw new GeneralSecurityException("Key Store init error"); } else { try { ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, "".toCharArray()); } catch (IOException ioe) { throw new GeneralSecurityException("Key Store init error", ioe); } } File dir = new File(context.getConfigDir(), relativeCertPath); int adds = KeyStoreUtil.addCerts(dir, ks); int totalAdds = adds; if (adds > 0) { if (log.shouldLog(Log.INFO)) log.info("Loaded " + adds + " trusted certificates from " + dir.getAbsolutePath()); } File dir2 = new File(context.getBaseDir(), relativeCertPath); if (!dir.getAbsolutePath().equals(dir2.getAbsolutePath())) { adds = KeyStoreUtil.addCerts(dir2, ks); totalAdds += adds; if (adds > 0) { if (log.shouldLog(Log.INFO)) log.info("Loaded " + adds + " trusted certificates from " + dir.getAbsolutePath()); } } if (totalAdds > 0 || loadSystemCerts) { if (log.shouldLog(Log.INFO)) log.info("Loaded total of " + totalAdds + " new trusted certificates"); } else { String msg = "No trusted certificates loaded (looked in " + dir.getAbsolutePath() + (dir.getAbsolutePath().equals(dir2.getAbsolutePath()) ? "" : (" and " + dir2.getAbsolutePath())) + ", SSL connections will fail. " + "Copy the cert in " + relativeCertPath + " from the router to the directory."; // don't continue, since we didn't load the system keystore, we have nothing. throw new GeneralSecurityException(msg); } SSLContext sslc = SSLContext.getInstance("TLS"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); sslc.init(null, tmf.getTrustManagers(), context.random()); return sslc.getSocketFactory(); }
From source file:ch.admin.vbs.cube.core.webservice.CubeSSLSocketFactory.java
/** * Create a new SSL socket factory.// www . j a v a 2 s .c o m * * @param keyStoreBuilder * the key store builder * @param trustStore * the trust store * @param checkRevocation * <code>true</code> if certificate revocations should be * checked, else <code>false</code> * @throws WebServiceException * if the creation failed */ public static SSLSocketFactory newSSLSocketFactory(KeyStore.Builder keyStoreBuilder, KeyStore trustStore, boolean checkRevocation) throws WebServiceException { KeyManagerFactory keyManagerFactory; try { keyManagerFactory = KeyManagerFactory.getInstance("NewSunX509"); } catch (NoSuchAlgorithmException e) { String message = "Unable to create key manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } KeyStoreBuilderParameters keyStoreBuilderParameters = new KeyStoreBuilderParameters(keyStoreBuilder); try { keyManagerFactory.init(keyStoreBuilderParameters); } catch (InvalidAlgorithmParameterException e) { String message = "Unable to initialize key manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } TrustManagerFactory trustManagerFactory; try { trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); } catch (NoSuchAlgorithmException e) { String message = "Unable to create trust manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } PKIXBuilderParameters pkixBuilderParameters; try { pkixBuilderParameters = new PKIXBuilderParameters(trustStore, null); } catch (KeyStoreException e) { String message = "The trust store is not initialized"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } catch (InvalidAlgorithmParameterException e) { String message = "The trust store does not contain any trusted certificate"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } catch (NullPointerException e) { String message = "The trust store is null"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } pkixBuilderParameters.setRevocationEnabled(checkRevocation); CertPathTrustManagerParameters certPathTrustManagerParameters = new CertPathTrustManagerParameters( pkixBuilderParameters); try { trustManagerFactory.init(certPathTrustManagerParameters); } catch (InvalidAlgorithmParameterException e) { String message = "Unable to initialize trust manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } SSLContext sslContext; try { sslContext = SSLContext.getInstance("TLS"); } catch (NoSuchAlgorithmException e) { String message = "Unable to create SSL context"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } try { sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); } catch (KeyManagementException e) { String message = "Unable to initialize SSL context"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); return sslSocketFactory; }
From source file:com.guster.skywebservice.library.webservice.SkyHttp.java
public static void setSSLCertificate(InputStream certificateFile) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException { CertificateFactory cf = CertificateFactory.getInstance("X.509"); Certificate cert = cf.generateCertificate(certificateFile); certificateFile.close();// ww w.j a v a2s . co m // create a keystore containing the certificate KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry("ca", cert); // create a trust manager for our certificate TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keyStore); // create a SSLContext that uses our trust manager SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); // set socket factory setSSLSocketFactory(context.getSocketFactory()); }
From source file:com.guster.skywebservice.library.webservice.SkyHttp.java
public static void trustAllCertificates(boolean yes) { trustAllCertificates = yes;/*from ww w . j ava 2 s. c o m*/ if (yes) { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { // Not implemented } @Override public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { // Not implemented } } }; try { SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); sslSocketFactory = sc.getSocketFactory(); } catch (KeyManagementException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } } }