List of usage examples for javax.net.ssl TrustManagerFactory getDefaultAlgorithm
public static final String getDefaultAlgorithm()
From source file:at.diamonddogs.net.ssl.CustomSSLSocketFactory.java
private SSLContext createCustomSSLContext(KeyStore store) { try {/*w ww .j a va 2s. co m*/ TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(store); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, CustomX509TrustManager.getWrappedTrustmanager(tmf.getTrustManagers()), null); return context; } catch (Exception e) { LOGGER.error("unable to create ssl context", e); return null; } }
From source file:keywhiz.cli.ClientUtils.java
/** * Creates a {@link OkHttpClient} to start a TLS connection. * * @param cookies list of cookies to include in the client. * @return new http client.// w w w . ja v a2 s . c o m */ public static OkHttpClient sslOkHttpClient(List<HttpCookie> cookies) { checkNotNull(cookies); SSLContext sslContext; try { sslContext = SSLContext.getInstance("TLSv1.2"); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init((KeyStore) null); sslContext.init(new KeyManager[0], trustManagerFactory.getTrustManagers(), new SecureRandom()); } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) { throw Throwables.propagate(e); } SSLSocketFactory socketFactory = sslContext.getSocketFactory(); OkHttpClient client = new OkHttpClient().setSslSocketFactory(socketFactory) .setConnectionSpecs(Arrays.asList(ConnectionSpec.MODERN_TLS)).setFollowSslRedirects(false); client.setRetryOnConnectionFailure(false); client.networkInterceptors().add(new XsrfTokenInterceptor("XSRF-TOKEN", "X-XSRF-TOKEN")); CookieManager cookieManager = new CookieManager(); cookieManager.setCookiePolicy(CookiePolicy.ACCEPT_ALL); cookies.forEach(c -> cookieManager.getCookieStore().add(null, c)); client.setCookieHandler(cookieManager); return client; }
From source file:org.everit.authentication.cas.ecm.tests.SecureHttpClient.java
/** * Constructor.//from w w w .j a va 2s . com */ public SecureHttpClient(final String principal, final BundleContext bundleContext) throws Exception { this.principal = principal; httpClientContext = HttpClientContext.create(); httpClientContext.setCookieStore(new BasicCookieStore()); KeyStore trustStore = KeyStore.getInstance("jks"); trustStore.load(bundleContext.getBundle().getResource("/jetty-keystore").openStream(), "changeit".toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustManagers, new SecureRandom()); httpClient = HttpClientBuilder.create().setSslcontext(sslContext) .setRedirectStrategy(new DefaultRedirectStrategy()).build(); }
From source file:com.manning.androidhacks.hack023.net.SimpleX509TrustManager.java
public SimpleX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException { TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); factory.init(keystore);//from www. j ava 2s . c om TrustManager[] trustmanagers = factory.getTrustManagers(); if (trustmanagers.length == 0) { throw new NoSuchAlgorithmException("No trust manager found"); } this.standardTrustManager = (X509TrustManager) trustmanagers[0]; }
From source file:org.apache.jmeter.protocol.smtp.sampler.protocol.LocalTrustStoreSSLSocketFactory.java
public LocalTrustStoreSSLSocketFactory(File truststore) { SSLContext sslcontext = null; try {/*from w w w .jav a 2 s .c om*/ KeyStore ks = KeyStore.getInstance("JKS"); // $NON-NLS-1$ InputStream stream = null; try { stream = new BufferedInputStream(new FileInputStream(truststore)); ks.load(stream, null); } finally { IOUtils.closeQuietly(stream); } TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); TrustManager[] trustmanagers = tmf.getTrustManagers(); sslcontext = SSLContext.getInstance("TLS"); // $NON-NLS-1$ sslcontext.init(null, trustmanagers, new SecureRandom()); } catch (Exception e) { throw new RuntimeException("Could not create the SSL context", e); } factory = sslcontext.getSocketFactory(); }
From source file:com.mani.fileupload.http.EasySSLSocketFactory.java
private static SSLContext createEasySSLContext() throws IOException { try {/*from www. ja v a 2s. c o m*/ // Client should send the valid key to Server InputStream clientStream = null; char[] password = null; clientStream = FileUploadApplication.getContext().getResources().openRawResource(R.raw.client); password = "fileupload".toCharArray(); KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(clientStream, password); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, password); // CA key obtained from server. KeyStore trustStore = KeyStore.getInstance("BKS"); InputStream instream = null; instream = FileUploadApplication.getContext().getResources().openRawResource(R.raw.ca); try { trustStore.load(instream, "casecret".toCharArray()); } catch (Exception e) { e.printStackTrace(); } finally { try { instream.close(); } catch (Exception ignore) { } } String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(trustStore); // Create an SSLContext that uses our TrustManager SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), null); return context; } catch (Exception e) { e.printStackTrace(); throw new IOException(e.getMessage()); } }
From source file:org.everit.osgi.authentication.cas.tests.SecureHttpClient.java
public SecureHttpClient(final String principal, final BundleContext bundleContext) throws Exception { this.principal = principal; httpClientContext = HttpClientContext.create(); httpClientContext.setCookieStore(new BasicCookieStore()); KeyStore trustStore = KeyStore.getInstance("jks"); trustStore.load(bundleContext.getBundle().getResource("/jetty-keystore").openStream(), "changeit".toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustManagers, new SecureRandom()); httpClient = HttpClientBuilder.create().setSslcontext(sslContext) .setRedirectStrategy(new DefaultRedirectStrategy()).build(); }
From source file:ch.admin.vbs.cube.core.webservice.CubeSSLSocketFactory.java
/** * Create a new SSL socket factory.// w w w. j a v a2 s .c om * * @param keyStoreBuilder * the key store builder * @param trustStore * the trust store * @param checkRevocation * <code>true</code> if certificate revocations should be * checked, else <code>false</code> * @throws WebServiceException * if the creation failed */ public static SSLSocketFactory newSSLSocketFactory(KeyStore.Builder keyStoreBuilder, KeyStore trustStore, boolean checkRevocation) throws WebServiceException { KeyManagerFactory keyManagerFactory; try { keyManagerFactory = KeyManagerFactory.getInstance("NewSunX509"); } catch (NoSuchAlgorithmException e) { String message = "Unable to create key manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } KeyStoreBuilderParameters keyStoreBuilderParameters = new KeyStoreBuilderParameters(keyStoreBuilder); try { keyManagerFactory.init(keyStoreBuilderParameters); } catch (InvalidAlgorithmParameterException e) { String message = "Unable to initialize key manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } TrustManagerFactory trustManagerFactory; try { trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); } catch (NoSuchAlgorithmException e) { String message = "Unable to create trust manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } PKIXBuilderParameters pkixBuilderParameters; try { pkixBuilderParameters = new PKIXBuilderParameters(trustStore, null); } catch (KeyStoreException e) { String message = "The trust store is not initialized"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } catch (InvalidAlgorithmParameterException e) { String message = "The trust store does not contain any trusted certificate"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } catch (NullPointerException e) { String message = "The trust store is null"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } pkixBuilderParameters.setRevocationEnabled(checkRevocation); CertPathTrustManagerParameters certPathTrustManagerParameters = new CertPathTrustManagerParameters( pkixBuilderParameters); try { trustManagerFactory.init(certPathTrustManagerParameters); } catch (InvalidAlgorithmParameterException e) { String message = "Unable to initialize trust manager factory"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } SSLContext sslContext; try { sslContext = SSLContext.getInstance("TLS"); } catch (NoSuchAlgorithmException e) { String message = "Unable to create SSL context"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } try { sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); } catch (KeyManagementException e) { String message = "Unable to initialize SSL context"; LOG.error(message + ": " + e.getMessage()); throw new WebServiceException(message, e); } SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); return sslSocketFactory; }
From source file:ddf.security.common.util.CommonSSLFactory.java
/** * Creates a new SSLSocketFactory from a truststore and keystore. This is used during SSL * communication./*w w w .j a va2 s .c o m*/ * * @param trustStoreLoc * File path to the truststore. * @param trustStorePass * Password to the truststore. * @param keyStoreLoc * File path to the keystore. * @param keyStorePass * Password to the keystore. * @return new SSLSocketFactory instance containing the trust and key stores. * @throws IOException */ public static SSLSocketFactory createSocket(String trustStoreLoc, String trustStorePass, String keyStoreLoc, String keyStorePass) throws IOException { String methodName = "createSocket"; logger.debug("ENTERING: " + methodName); try { logger.debug("trustStoreLoc = " + trustStoreLoc); FileInputStream trustFIS = new FileInputStream(trustStoreLoc); logger.debug("keyStoreLoc = " + keyStoreLoc); FileInputStream keyFIS = new FileInputStream(keyStoreLoc); // truststore stuff KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { logger.debug("Loading trustStore"); trustStore.load(trustFIS, trustStorePass.toCharArray()); } catch (CertificateException e) { throw new IOException("Unable to load certificates from truststore. " + trustStoreLoc, e); } finally { IOUtils.closeQuietly(trustFIS); } TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); logger.debug("trust manager factory initialized"); // keystore stuff KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { logger.debug("Loading keyStore"); keyStore.load(keyFIS, keyStorePass.toCharArray()); } catch (CertificateException e) { throw new IOException("Unable to load certificates from keystore. " + keyStoreLoc, e); } finally { IOUtils.closeQuietly(keyFIS); } KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, keyStorePass.toCharArray()); logger.debug("key manager factory initialized"); // ssl context SSLContext sslCtx = SSLContext.getInstance("TLS"); sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); sslCtx.getDefaultSSLParameters().setNeedClientAuth(true); sslCtx.getDefaultSSLParameters().setWantClientAuth(true); logger.debug(exiting + methodName); return sslCtx.getSocketFactory(); } catch (KeyManagementException e) { logger.debug(exiting + methodName); throw new IOException("Unable to initialize the SSL context.", e); } catch (NoSuchAlgorithmException e) { logger.debug(exiting + methodName); throw new IOException( "Problems creating SSL socket. Usually this is " + "referring to the certificate sent by the server not being trusted by the client.", e); } catch (UnrecoverableKeyException e) { logger.debug(exiting + methodName); throw new IOException("Unable to load keystore. " + keyStoreLoc, e); } catch (KeyStoreException e) { logger.debug(exiting + methodName); throw new IOException("Unable to read keystore. " + keyStoreLoc, e); } }
From source file:be.fedict.eid.idp.sp.protocol.openid.OpenIDTrustManager.java
/** * Trust only the given server certificate, and the default trusted server * certificates./*from w w w . ja v a 2 s. com*/ * * @param serverCertificate * SSL certificate to trust * @throws NoSuchAlgorithmException * could not get an SSLContext instance * @throws KeyStoreException * failed to intialize the {@link OpenIDTrustManager} */ public OpenIDTrustManager(X509Certificate serverCertificate) throws NoSuchAlgorithmException, KeyStoreException { this.serverCertificate = serverCertificate; String algorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(algorithm); trustManagerFactory.init((KeyStore) null); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); for (TrustManager trustManager : trustManagers) { if (trustManager instanceof X509TrustManager) { this.defaultTrustManager = (X509TrustManager) trustManager; break; } } if (null == this.defaultTrustManager) { throw new IllegalStateException("no default X509 trust manager found"); } }