Example usage for javax.net.ssl TrustManagerFactory getInstance

List of usage examples for javax.net.ssl TrustManagerFactory getInstance

  1. HOME
  2. Java
  3. javax
  4. javax.net.ssl.*
  5. TrustManagerFactory
  6. getInstance

Introduction

In this page you can find the example usage for javax.net.ssl TrustManagerFactory getInstance.

Prototype

public static final TrustManagerFactory getInstance(String algorithm) throws NoSuchAlgorithmException

Source Link

Document

Returns a TrustManagerFactory object that acts as a factory for trust managers.

Usage

From source file:org.apache.ftpserver.ssl.SSLTestTemplate.java

protected FTPSClient createFTPClient() throws Exception {
    FTPSClient ftpsClient = new FTPSClient(useImplicit());

    FileInputStream fin = new FileInputStream(FTPCLIENT_KEYSTORE);
    KeyStore store = KeyStore.getInstance("jks");
    store.load(fin, KEYSTORE_PASSWORD.toCharArray());
    fin.close();/*from  w  ww  . ja  v a  2s. co m*/

    // initialize key manager factory
    KeyManagerFactory keyManagerFactory = KeyManagerFactory
            .getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(store, KEYSTORE_PASSWORD.toCharArray());

    // initialize trust manager factory
    TrustManagerFactory trustManagerFactory = TrustManagerFactory
            .getInstance(TrustManagerFactory.getDefaultAlgorithm());

    trustManagerFactory.init(store);

    clientKeyManager = keyManagerFactory.getKeyManagers()[0];
    clientTrustManager = trustManagerFactory.getTrustManagers()[0];

    ftpsClient.setKeyManager(clientKeyManager);
    ftpsClient.setTrustManager(clientTrustManager);

    String auth = getAuthValue();
    if (auth != null) {
        ftpsClient.setAuthValue(auth);

        if (auth.equals("SSL")) {
            ftpsClient.setEnabledProtocols(new String[] { "SSLv3" });
        }
    }
    return ftpsClient;
}

From source file:com.utest.webservice.client.rest.AuthSSLProtocolSocketFactory.java

private static TrustManager[] createTrustManagers(final KeyStore keystore)
        throws KeyStoreException, NoSuchAlgorithmException {
    if (keystore == null) {
        throw new IllegalArgumentException("Keystore may not be null");
    }/*from   w  w  w.ja  v a2  s.c om*/
    TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmfactory.init(keystore);
    TrustManager[] trustmanagers = tmfactory.getTrustManagers();
    for (int i = 0; i < trustmanagers.length; i++) {
        if (trustmanagers[i] instanceof X509TrustManager) {
            trustmanagers[i] = new AuthSSLX509TrustManager((X509TrustManager) trustmanagers[i]);
        }
    }
    return trustmanagers;
}

From source file:com.guster.skywebservice.library.webservice.SkyHttp.java

public static void setSSLCertificate(InputStream certificateFile) throws CertificateException, IOException,
        KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    Certificate cert = cf.generateCertificate(certificateFile);

    certificateFile.close();//from   www.  j  av  a2  s .c o m

    // create a keystore containing the certificate
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, null);
    keyStore.setCertificateEntry("ca", cert);

    // create a trust manager for our certificate
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(keyStore);

    // create a SSLContext that uses our trust manager
    SSLContext context = SSLContext.getInstance("TLS");
    context.init(null, tmf.getTrustManagers(), null);

    // set socket factory
    setSSLSocketFactory(context.getSocketFactory());
}

From source file:org.appenders.log4j2.elasticsearch.jest.JKSCertInfo.java

@Override
public void applyTo(HttpClientConfig.Builder clientConfigBuilder) {

    try (FileInputStream keystoreFile = new FileInputStream(new File(keystorePath));
            FileInputStream truststoreFile = new FileInputStream(new File(truststorePath))) {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(keystoreFile, keystorePassword.toCharArray());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory
                .getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, keystorePassword.toCharArray());

        KeyStore trustStore = KeyStore.getInstance("jks");
        trustStore.load(truststoreFile, truststorePassword.toCharArray());

        TrustManagerFactory trustManagerFactory = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);

        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

        // TODO: add support for hostname verification modes
        clientConfigBuilder.sslSocketFactory(new SSLConnectionSocketFactory(sslContext));
        clientConfigBuilder/*from  w  w  w.  j  a v a 2 s  .c  o m*/
                .httpsIOSessionStrategy(new SSLIOSessionStrategy(sslContext, new NoopHostnameVerifier()));

    } catch (IOException | GeneralSecurityException e) {
        throw new ConfigurationException(configExceptionMessage, e);
    }
}

From source file:org.comixwall.pffw.Utils.java

/**
 * Create an SSL context which trusts the PFFW server certificate.
 * PFFW server certificate is self signed, hence is not verified by the default SSL context.
 *
 * @param owner Fragment which initiated the call to this method.
 * @return SSL context./*w w w.ja v a2 s . c  om*/
 */
static SSLContext getSslContext(final Fragment owner) {
    SSLContext sslContext = null;
    try {
        // Load our crt from an InputStream
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        InputStream crtInput = owner.getResources().openRawResource(
                owner.getResources().getIdentifier("server", "raw", owner.getActivity().getPackageName()));

        Certificate crt;
        try {
            crt = cf.generateCertificate(crtInput);
            logger.finest("server.crt=" + ((X509Certificate) crt).getSubjectDN());
        } finally {
            crtInput.close();
        }

        // Create a KeyStore containing our trusted crt
        String keyStoreType = KeyStore.getDefaultType();
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(null, null);
        keyStore.setCertificateEntry("server.crt", crt);

        // Create a TrustManager that trusts the crt in our KeyStore
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);

        // Create an SSLContext that uses our TrustManager
        sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, tmf.getTrustManagers(), null);

    } catch (Exception e) {
        e.printStackTrace();
        logger.severe("getSslContext exception: " + e.toString());
    }
    return sslContext;
}

From source file:org.wso2.carbon.identity.core.util.ClientAuthX509TrustManager.java

/**
 * This method reloads the TrustManager by reading the carbon server's default trust store file
 *
 * @throws Exception//from  w w w .ja v a2 s  .co m
 */
private void setupTrustManager() throws Exception {

    TrustManagerFactory trustManagerFactory = TrustManagerFactory
            .getInstance(TrustManagerFactory.getDefaultAlgorithm());
    KeyStore clientTrustStore;
    try (InputStream trustStoreInputStream = new FileInputStream(TRUST_STORE_LOCATION)) {

        clientTrustStore = KeyStore.getInstance(TRUST_STORE_TYPE);
        clientTrustStore.load(trustStoreInputStream, null);

        trustManagerFactory.init(clientTrustStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();

        for (TrustManager t : trustManagers) {
            if (t instanceof X509TrustManager) {
                trustManager = (X509TrustManager) t;
                System.setProperty(PROP_TRUST_STORE_UPDATE_REQUIRED, Boolean.FALSE.toString());
                return;
            }
        }
        throw new IdentityException("No X509TrustManager in TrustManagerFactory");
    }
}

From source file:org.openmrs.module.rheapocadapter.handler.ConnectionHandler.java

public ConnectionHandler() throws KeyStoreException, NoSuchAlgorithmException, CertificateException,
        IOException, KeyManagementException {

    InputStream keyStoreStream = getClass().getResourceAsStream("/web/module/resources/truststore.jks");

    // Load the keyStore
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(keyStoreStream, "Jembi#123".toCharArray());
    keyStoreStream.close();//  w w  w  . j a v a 2  s .  co  m

    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(keyStore);

    SSLContext ctx = SSLContext.getInstance("TLS");
    ctx.init(null, tmf.getTrustManagers(), null);

    // set SSL Factory to be used for all HTTPS connections
    sslFactory = ctx.getSocketFactory();
    setImplementationId();
}

From source file:org.lealone.cluster.security.SSLFactory.java

public static SSLContext createSSLContext(EncryptionOptions options, boolean buildTruststore)
        throws IOException {
    FileInputStream tsf = null;//from   ww w  .  j  a va  2s  . c  om
    FileInputStream ksf = null;
    SSLContext ctx;
    try {
        ctx = SSLContext.getInstance(options.protocol);
        TrustManager[] trustManagers = null;

        if (buildTruststore) {
            tsf = new FileInputStream(options.truststore);
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(options.algorithm);
            KeyStore ts = KeyStore.getInstance(options.store_type);
            ts.load(tsf, options.truststore_password.toCharArray());
            tmf.init(ts);
            trustManagers = tmf.getTrustManagers();
        }

        ksf = new FileInputStream(options.keystore);
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(options.algorithm);
        KeyStore ks = KeyStore.getInstance(options.store_type);
        ks.load(ksf, options.keystore_password.toCharArray());
        if (!checkedExpiry) {
            for (Enumeration<String> aliases = ks.aliases(); aliases.hasMoreElements();) {
                String alias = aliases.nextElement();
                if (ks.getCertificate(alias).getType().equals("X.509")) {
                    Date expires = ((X509Certificate) ks.getCertificate(alias)).getNotAfter();
                    if (expires.before(new Date()))
                        logger.warn("Certificate for {} expired on {}", alias, expires);
                }
            }
            checkedExpiry = true;
        }
        kmf.init(ks, options.keystore_password.toCharArray());

        ctx.init(kmf.getKeyManagers(), trustManagers, null);

    } catch (Exception e) {
        throw new IOException("Error creating the initializing the SSL Context", e);
    } finally {
        FileUtils.closeQuietly(tsf);
        FileUtils.closeQuietly(ksf);
    }
    return ctx;
}