Example usage for javax.net.ssl SSLContext init

List of usage examples for javax.net.ssl SSLContext init

  1. HOME
  2. Java
  3. javax
  4. javax.net.ssl.*
  5. SSLContext
  6. init

Introduction

In this page you can find the example usage for javax.net.ssl SSLContext init.

Prototype

public final void init(KeyManager[] km, TrustManager[] tm, SecureRandom random) throws KeyManagementException

Source Link

Document

Initializes this context.

Usage

From source file:com.groupon.odo.bmp.BrowserMobProxyHandler.java

/**
 * Returns a OkHttpClient that ignores SSL cert errors
 * @return//from  w w w.jav  a 2s. c  o  m
 */
private static OkHttpClient getUnsafeOkHttpClient() {
    try {
        // Create a trust manager that does not validate certificate chains
        final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            @Override
            public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType)
                    throws CertificateException {
            }

            @Override
            public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType)
                    throws CertificateException {
            }

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        } };

        // Install the all-trusting trust manager
        final SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
        // Create an ssl socket factory with our all-trusting manager
        final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

        OkHttpClient okHttpClient = new OkHttpClient();
        okHttpClient.setSslSocketFactory(sslSocketFactory);
        okHttpClient.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });

        return okHttpClient;
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

From source file:com.zacwolf.commons.crypto._CRYPTOfactory.java

public static KeyStore addSiteTrustChain(final String sitehostname, final int httpsport,
        final KeyStore keystore, final char[] passphrase) throws KeyStoreException, NoSuchAlgorithmException,
        CertificateException, IOException, KeyManagementException {
    final SSLContext context = SSLContext.getInstance("TLS");
    final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(keystore);/*w  ww  .  ja va  2 s .  co m*/
    final X509TrustManager dtm = (X509TrustManager) tmf.getTrustManagers()[0];
    final MyTrustManager tm = new MyTrustManager(dtm);
    context.init(null, new TrustManager[] { tm }, null);
    final SSLSocketFactory factory = context.getSocketFactory();
    final SSLSocket socket = (SSLSocket) factory.createSocket(sitehostname, httpsport);
    socket.setSoTimeout(10000);
    try {
        System.out.println("Starting SSL handshake...");
        socket.startHandshake();
        socket.close();
        System.out.println("Certificate for server " + sitehostname + " is already trusted");
    } catch (SSLException e) {
        final X509Certificate[] chain = tm.chain;
        if (chain == null) {
            System.err.println("Could not obtain server certificate chain");
            return keystore;
        }
        System.out.println("Server sent " + chain.length + " certificate(s):");
        for (int i = 0; i < chain.length; i++) {
            final X509Certificate cert = chain[i];
            MessageDigest.getInstance("SHA1").update(cert.getEncoded());
            MessageDigest.getInstance("MD5").update(cert.getEncoded());
            final String alias = sitehostname + "-" + (i + 1);
            keystore.setCertificateEntry(alias, cert);
            System.out.println("Added certificate to keystore using alias '" + alias + "'");
        }
    }
    return keystore;
}

From source file:com.flipzu.flipzu.FlipInterface.java

/**
 * Trust every server - dont check for any certificate
 *//*from   w  w w .j av  a  2 s.c  o m*/
private static void trustAllHosts() {
    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return new java.security.cert.X509Certificate[] {};
        }

        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }
    } };

    // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
        Log.e(TAG, "trustAllHosts ERROR", e.getCause());
    }
}

From source file:com.apporiented.hermesftp.utils.SecurityUtil.java

/**
 * Create the security context required for SSL communication.
 * /*from   w ww .  j  a  v  a2 s  . c om*/
 * @param keyStoreFile The name of the keystore file.
 * @param keyStorePassword The password for the keystore.
 * @return The context.
 * @throws FtpConfigException Thrown on error in configuration.
 */
public static SSLContext createSslContext(String keyStoreFile, char[] keyStorePassword)
        throws FtpConfigException {
    SSLContext sslContext;
    try {
        /* Get keystore file and password */
        InputStream ksInputStream = getKeyStoreInputStream(keyStoreFile);

        /*
         * Get the java keystore object an key manager. A keystore is where keys and
         * certificates are kept.
         */
        KeyStore keystore = KeyStore.getInstance("JKS");
        keystore.load(ksInputStream, keyStorePassword);
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(keystore, keyStorePassword);

        /*
         * An SSLContext is an environment for implementing JSSE. It is used to create a
         * ServerSocketFactory
         */
        sslContext = SSLContext.getInstance("SSL");
        sslContext.init(kmf.getKeyManagers(), null, null);
    } catch (KeyManagementException e) {

        throw new SecurityException("A key management authorization problem occurred.");
    } catch (FileNotFoundException e) {
        throw new SecurityException("The key store file could not be found.");
    } catch (KeyStoreException e) {
        throw new SecurityException("A key store problem occurred.");
    } catch (NoSuchAlgorithmException e) {
        throw new SecurityException("The hash algorithm is not supported.");
    } catch (CertificateException e) {
        throw new SecurityException("Certificate could not be loaded.");
    } catch (UnrecoverableKeyException e) {
        throw new SecurityException("Key store cannot be recovered.");
    } catch (IOException e) {
        throw new SecurityException("Reading the key store failed.");
    }
    return sslContext;
}

From source file:org.infinispan.server.test.rest.security.RESTCertSecurityTest.java

public static CloseableHttpClient securedClient(String alias) {
    try {//from  w ww  .  j  a v  a 2 s  .  c  om
        SSLContext ctx = SSLContext.getInstance("TLS");
        JBossJSSESecurityDomain jsseSecurityDomain = new JBossJSSESecurityDomain("client_cert_auth");
        jsseSecurityDomain.setKeyStorePassword("changeit");
        ClassLoader tccl = Thread.currentThread().getContextClassLoader();
        URL keystore = tccl.getResource("client.keystore");
        jsseSecurityDomain.setKeyStoreURL(keystore.getPath());
        jsseSecurityDomain.setClientAlias(alias);
        jsseSecurityDomain.reloadKeyAndTrustStore();
        KeyManager[] keyManagers = jsseSecurityDomain.getKeyManagers();
        TrustManager[] trustManagers = jsseSecurityDomain.getTrustManagers();
        ctx.init(keyManagers, trustManagers, null);
        X509HostnameVerifier verifier = new X509HostnameVerifier() {

            @Override
            public void verify(String s, SSLSocket sslSocket) throws IOException {
            }

            @Override
            public void verify(String s, X509Certificate x509Certificate) throws SSLException {
            }

            @Override
            public void verify(String s, String[] strings, String[] strings1) throws SSLException {
            }

            @Override
            public boolean verify(String string, SSLSession ssls) {
                return true;
            }
        };
        ConnectionSocketFactory sslssf = new SSLConnectionSocketFactory(ctx, verifier);//SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ConnectionSocketFactory plainsf = new PlainConnectionSocketFactory();
        Registry<ConnectionSocketFactory> sr = RegistryBuilder.<ConnectionSocketFactory>create()
                .register("http", plainsf).register("https", sslssf).build();
        HttpClientConnectionManager pcm = new PoolingHttpClientConnectionManager(sr);
        CloseableHttpClient httpClient = HttpClients.custom().setConnectionManager(pcm).build();

        return httpClient;
    } catch (Exception ex) {
        ex.printStackTrace();
        return null;
    }
}

From source file:org.jboss.as.test.integration.web.security.WebSecurityCERTTestCase.java

public static HttpClient wrapClient(HttpClient base, String alias) {
    try {/*from  w w w . j av  a 2  s . com*/
        SSLContext ctx = SSLContext.getInstance("TLS");
        JBossJSSESecurityDomain jsseSecurityDomain = new JBossJSSESecurityDomain("client-cert");
        jsseSecurityDomain.setKeyStorePassword("changeit");
        ClassLoader tccl = Thread.currentThread().getContextClassLoader();
        URL keystore = tccl.getResource("security/client.keystore");
        jsseSecurityDomain.setKeyStoreURL(keystore.getPath());
        jsseSecurityDomain.setClientAlias(alias);
        jsseSecurityDomain.reloadKeyAndTrustStore();
        KeyManager[] keyManagers = jsseSecurityDomain.getKeyManagers();
        TrustManager[] trustManagers = jsseSecurityDomain.getTrustManagers();
        ctx.init(keyManagers, trustManagers, null);
        SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ClientConnectionManager ccm = base.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", 8380, ssf));
        return new DefaultHttpClient(ccm, base.getParams());
    } catch (Exception ex) {
        ex.printStackTrace();
        return null;
    }
}

From source file:jetbrains.buildServer.vmgr.agent.Utils.java

private static SSLSocketFactory getSocketFactory() throws NoSuchAlgorithmException, KeyManagementException {
    SSLContext sslContext = SSLContext.getInstance("TLS");
    TrustManager tm = new X509TrustManager() {
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }// w  ww .  j  av  a 2s  .  com

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    };
    sslContext.init(null, new TrustManager[] { tm }, null);
    return sslContext.getSocketFactory();
}

From source file:at.alladin.rmbt.client.RMBTClient.java

public static SSLContext getSSLContext(final String caResource, final String certResource)
        throws NoSuchAlgorithmException, KeyManagementException {
    X509Certificate _ca = null;/*from   w  w w . j  a  va2 s .c om*/
    try {
        if (caResource != null) {
            final CertificateFactory cf = CertificateFactory.getInstance("X.509");
            _ca = (X509Certificate) cf
                    .generateCertificate(RMBTClient.class.getClassLoader().getResourceAsStream(caResource));
        }
    } catch (final Exception e) {
        e.printStackTrace();
    }

    final X509Certificate ca = _ca;

    X509Certificate _cert = null;
    try {
        if (certResource != null) {
            final CertificateFactory cf = CertificateFactory.getInstance("X.509");
            _cert = (X509Certificate) cf
                    .generateCertificate(RMBTClient.class.getClassLoader().getResourceAsStream(certResource));
        }
    } catch (final Exception e) {
        e.printStackTrace();
    }
    final X509Certificate cert = _cert;

    // TrustManagerFactory tmf = null;
    // try
    // {
    // if (cert != null)
    // {
    // final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    // ks.load(null, null);
    // ks.setCertificateEntry("crt", cert);
    //
    // tmf =
    // TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    // tmf.init(ks);
    // }
    // }
    // catch (Exception e)
    // {
    // e.printStackTrace();
    // }

    final TrustManager tm;
    if (cert == null)
        tm = getTrustingManager();
    else
        tm = new javax.net.ssl.X509TrustManager() {
            public X509Certificate[] getAcceptedIssuers() {
                // System.out.println("getAcceptedIssuers");
                if (ca == null)
                    return new X509Certificate[] { cert };
                else
                    return new X509Certificate[] { ca };
            }

            public void checkClientTrusted(final X509Certificate[] certs, final String authType)
                    throws CertificateException {
                // System.out.println("checkClientTrusted: " +
                // Arrays.toString(certs) + " - " + authType);
            }

            public void checkServerTrusted(final X509Certificate[] certs, final String authType)
                    throws CertificateException {
                // System.out.println("checkServerTrusted: " +
                // Arrays.toString(certs) + " - " + authType);
                if (certs == null)
                    throw new CertificateException();
                for (final X509Certificate c : certs)
                    if (cert.equals(c))
                        return;
                throw new CertificateException();
            }
        };

    final TrustManager[] trustManagers = new TrustManager[] { tm };

    javax.net.ssl.SSLContext sc;
    sc = javax.net.ssl.SSLContext.getInstance(Config.RMBT_ENCRYPTION_STRING);

    sc.init(null, trustManagers, new java.security.SecureRandom());
    return sc;
}

From source file:com.vmware.vchs.publicapi.samples.HttpUtils.java

/**
 * This method returns an HttpClient instance wrapped to trust all HTTPS certificates.
 * /*from  ww  w.  java  2s . c  o m*/
 * @return HttpClient a new instance of HttpClient
 */
static HttpClient createHttpClient() {
    HttpClient base = new DefaultHttpClient();

    try {
        SSLContext ctx = SSLContext.getInstance("TLS");

        // WARNING: This creates a TrustManager that trusts all certificates and should not be used in production code.
        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override
            public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
            }

            @Override
            public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
            }
        } };

        ctx.init(null, trustAllCerts, null);
        SSLSocketFactory ssf = new SSLSocketFactory(ctx);
        ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ClientConnectionManager ccm = base.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", 443, ssf));

        return new DefaultHttpClient(ccm, base.getParams());
    } catch (Exception ex) {
        ex.printStackTrace();
        return null;
    }
}

From source file:org.dataconservancy.archive.impl.fcrepo.ri.MultiThreadedHttpClient.java

private static SSLSocketFactory createSSLSocketFactory(boolean skipSSLTrustCheck,
        boolean skipSSLHostnameVerification) {
    SSLContext sslContext = null;
    try {/*from   w  w w. ja v a2  s.com*/
        if (skipSSLTrustCheck) {
            sslContext = SSLContext.getInstance("TLS");
            TrustManager easyTrustManager = new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] chain, String authType)
                        throws CertificateException {
                    // Oh, I am easy!
                }

                @Override
                public void checkServerTrusted(X509Certificate[] chain, String authType)
                        throws CertificateException {
                    // Oh, I am easy!
                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            };
            sslContext.init(null, new TrustManager[] { easyTrustManager }, null);
        } else {
            sslContext = SSLContext.getDefault();
        }
    } catch (KeyManagementException wontHappen) {
        throw new RuntimeException(wontHappen);
    } catch (NoSuchAlgorithmException wontHappen) {
        throw new RuntimeException(wontHappen);
    }
    SSLSocketFactory factory = new SSLSocketFactory(sslContext);
    if (skipSSLHostnameVerification) {
        factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
    }
    return factory;
}