List of usage examples for javax.net.ssl TrustManagerFactory getTrustManagers
public final TrustManager[] getTrustManagers()
From source file:org.candlepin.client.CustomSSLProtocolSocketFactory.java
private SSLContext createCustomSSLContext() { try {//from w w w.j ava 2 s .co m KeyManager[] keyManagers = null; // Generate key managers off of the identity certificates if // doing client auth. if (clientAuth) { KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); String[] keyCert = FileUtil.readKeyAndCert(configuration.getConsumerIdentityFilePath()); kmf.init(PemUtil.pemToKeyStore(keyCert[1], keyCert[0], "password"), "password".toCharArray()); keyManagers = kmf.getKeyManagers(); } /* and provide them for the SSLContext */ SSLContext ctx = SSLContext.getInstance("TLS"); if (configuration.isIgnoreTrustManagers()) { ctx.init(keyManagers, Utils.DUMMY_TRUST_MGRS, new SecureRandom()); } else { TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); KeyStore ks2 = KeyStore.getInstance(KeyStore.getDefaultType()); ks2.load(null, null); ks2.setCertificateEntry("candlepin", PemUtil.readCert("/etc/candlepin/certs/candlepin-ca.crt")); // ks2.load( // new FileInputStream(configuration.getKeyStoreFileLocation()), // passwd); tmf.init(ks2); ctx.init(keyManagers, tmf.getTrustManagers(), new SecureRandom()); } return ctx; } catch (Exception e) { e.printStackTrace(); throw new HttpClientError(e.getMessage()); } }
From source file:com.archivas.clienttools.arcutils.utils.net.GetCertsX509TrustManager.java
public void initStandardTrustManager(KeyStore keystore) throws NoSuchAlgorithmException, NoSuchProviderException, KeyStoreException { TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); factory.init(keystore);//from w ww. j a v a2 s.c om TrustManager[] trustmanagers = factory.getTrustManagers(); // Iterate over the returned trustmanagers, look for an instance of X509TrustManager. // If found, use that as our "default" trust manager. for (int i = 0; i < trustmanagers.length; i++) { if (trustmanagers[i] instanceof X509TrustManager) { if (standardTrustManager == null) { standardTrustManager = (X509TrustManager) trustmanagers[i]; } // break; LOG.log(Level.FINER, "standardTrustManager=" + trustmanagers[i]); } } }
From source file:org.ejbca.core.protocol.ocsp.OCSPUnidClient.java
private SSLSocketFactory getSSLFactory() throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, CertificateException, KeyManagementException { final KeyManager km[]; final TrustManager tm[]; // Put the key and certs in the user keystore (if available) if (this.ks != null) { final KeyManagerFactory kmf; kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(this.ks, this.passphrase.toCharArray()); km = kmf.getKeyManagers();//from ww w .j a v a 2s. co m } else { km = null; } // Now make a truststore to verify the server if (this.certChain != null && this.certChain.length > 0) { final KeyStore trustks = KeyStore.getInstance("jks"); trustks.load(null, "foo123".toCharArray()); // add trusted CA cert trustks.setCertificateEntry("trusted", this.certChain[this.certChain.length - 1]); final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(trustks); tm = tmf.getTrustManagers(); } else { tm = null; } if (km == null && tm == null) { return (SSLSocketFactory) SSLSocketFactory.getDefault(); } final SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(km, tm, null); return ctx.getSocketFactory(); }
From source file:org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender.java
private SSLContext createSSLContext(OMElement keyStoreElt, OMElement trustStoreElt, boolean novalidatecert) throws AxisFault { KeyManager[] keymanagers = null; TrustManager[] trustManagers = null; if (keyStoreElt != null) { String location = keyStoreElt.getFirstChildWithName(new QName("Location")).getText(); String type = keyStoreElt.getFirstChildWithName(new QName("Type")).getText(); String storePassword = keyStoreElt.getFirstChildWithName(new QName("Password")).getText(); String keyPassword = keyStoreElt.getFirstChildWithName(new QName("KeyPassword")).getText(); FileInputStream fis = null; try {//from w w w .j a v a2s . com KeyStore keyStore = KeyStore.getInstance(type); fis = new FileInputStream(location); log.info("Loading Identity Keystore from : " + location); keyStore.load(fis, storePassword.toCharArray()); KeyManagerFactory kmfactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keyStore, keyPassword.toCharArray()); keymanagers = kmfactory.getKeyManagers(); } catch (GeneralSecurityException gse) { log.error("Error loading Keystore : " + location, gse); throw new AxisFault("Error loading Keystore : " + location, gse); } catch (IOException ioe) { log.error("Error opening Keystore : " + location, ioe); throw new AxisFault("Error opening Keystore : " + location, ioe); } finally { if (fis != null) { try { fis.close(); } catch (IOException ignore) { } } } } if (trustStoreElt != null) { if (novalidatecert) { log.warn("Ignoring novalidatecert parameter since a truststore has been specified"); } String location = trustStoreElt.getFirstChildWithName(new QName("Location")).getText(); String type = trustStoreElt.getFirstChildWithName(new QName("Type")).getText(); String storePassword = trustStoreElt.getFirstChildWithName(new QName("Password")).getText(); FileInputStream fis = null; try { KeyStore trustStore = KeyStore.getInstance(type); fis = new FileInputStream(location); log.info("Loading Trust Keystore from : " + location); trustStore.load(fis, storePassword.toCharArray()); TrustManagerFactory trustManagerfactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerfactory.init(trustStore); trustManagers = trustManagerfactory.getTrustManagers(); } catch (GeneralSecurityException gse) { log.error("Error loading Key store : " + location, gse); throw new AxisFault("Error loading Key store : " + location, gse); } catch (IOException ioe) { log.error("Error opening Key store : " + location, ioe); throw new AxisFault("Error opening Key store : " + location, ioe); } finally { if (fis != null) { try { fis.close(); } catch (IOException ignore) { } } } } else if (novalidatecert) { log.warn("Server certificate validation (trust) has been disabled. " + "DO NOT USE IN PRODUCTION!"); trustManagers = new TrustManager[] { new NoValidateCertTrustManager() }; } try { SSLContext sslcontext = SSLContext.getInstance("TLS"); sslcontext.init(keymanagers, trustManagers, null); return sslcontext; } catch (GeneralSecurityException gse) { log.error("Unable to create SSL context with the given configuration", gse); throw new AxisFault("Unable to create SSL context with the given configuration", gse); } }
From source file:org.apache.streams.cassandra.CassandraClient.java
public void start() throws Exception { Objects.nonNull(config);/*from w ww.j a v a2s. com*/ LOGGER.info("CassandraClient.start {}", config); Cluster.Builder builder = Cluster.builder().withPort(config.getPort().intValue()).withoutJMXReporting() .withoutMetrics() .withSocketOptions(new SocketOptions().setConnectTimeoutMillis(DEFAULT_CONNECT_TIMEOUT_MILLIS * 10) .setReadTimeoutMillis(DEFAULT_READ_TIMEOUT_MILLIS * 10)); if (config.getSsl() != null && config.getSsl().getEnabled() == true) { Ssl ssl = config.getSsl(); KeyStore ks = KeyStore.getInstance("JKS"); InputStream trustStore = new FileInputStream(ssl.getTrustStore()); ks.load(trustStore, ssl.getTrustStorePassword().toCharArray()); InputStream keyStore = new FileInputStream(ssl.getKeyStore()); ks.load(keyStore, ssl.getKeyStorePassword().toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, ssl.getKeyStorePassword().toCharArray()); SSLContext sslContext = SSLContext.getInstance("SSLv3"); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); SSLOptions sslOptions = JdkSSLOptions.builder().withSSLContext(sslContext).build(); builder = builder.withSSL(sslOptions); } Collection<InetSocketAddress> addresses = new ArrayList<>(); for (String h : config.getHosts()) { LOGGER.info("Adding Host: {}", h); InetSocketAddress socketAddress = new InetSocketAddress(h, config.getPort().intValue()); addresses.add(socketAddress); } builder.addContactPointsWithPorts(addresses); if (StringUtils.isNotBlank(config.getUser()) && StringUtils.isNotBlank(config.getPassword())) { builder.withCredentials(config.getUser(), config.getPassword()); } cluster = builder.build(); Objects.nonNull(cluster); try { Metadata metadata = cluster.getMetadata(); LOGGER.info("Connected to cluster: {}\n", metadata.getClusterName()); for (Host host : metadata.getAllHosts()) { LOGGER.info("Datacenter: {}; Host: {}; Rack: {}\n", host.getDatacenter(), host.getAddress(), host.getRack()); } } catch (Exception e) { LOGGER.error("Exception: {}", e); throw e; } try { session = cluster.connect(); } catch (Exception e) { LOGGER.error("Exception: {}", e); throw e; } Objects.nonNull(session); }
From source file:org.glite.slcs.httpclient.ssl.ExtendedProtocolSocketFactory.java
/** * Adds the given truststore to the existing default JSSE {@link TrustManager}. * /*from www .j a v a 2 s .c o m*/ * @param truststore The truststore to add to the list. * @return An array of {@link TrustManager} * @throws KeyStoreException * @throws NoSuchAlgorithmException * @throws NoSuchProviderException */ private TrustManager[] createExtendedTrustManagers(KeyStore truststore) throws KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException { if (truststore == null) { throw new IllegalArgumentException("Truststore may not be null"); } LOG.debug("Initializing TrustManager"); // initialize with the JSSE default trustStore TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmfactory.init((KeyStore) null); TrustManager[] trustmanagers = tmfactory.getTrustManagers(); // extend the default TrustManager // LOG.debug("default JSSE TrustManager# " + trustmanagers.length); for (int i = 0; i < trustmanagers.length; i++) { if (trustmanagers[i] instanceof X509TrustManager) { LOG.debug("Installing the ExtendedTrustX509TrustManager"); trustmanagers[i] = new ExtendedX509TrustManager(truststore, (X509TrustManager) trustmanagers[i]); } } return trustmanagers; }
From source file:org.wso2.carbon.identity.core.util.ClientAuthX509TrustManager.java
/** * This method reloads the TrustManager by reading the carbon server's default trust store file * * @throws Exception//from www. ja v a 2s .c o m */ private void setupTrustManager() throws Exception { TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore clientTrustStore; try (InputStream trustStoreInputStream = new FileInputStream(TRUST_STORE_LOCATION)) { clientTrustStore = KeyStore.getInstance(TRUST_STORE_TYPE); clientTrustStore.load(trustStoreInputStream, null); trustManagerFactory.init(clientTrustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); for (TrustManager t : trustManagers) { if (t instanceof X509TrustManager) { trustManager = (X509TrustManager) t; System.setProperty(PROP_TRUST_STORE_UPDATE_REQUIRED, Boolean.FALSE.toString()); return; } } throw new IdentityException("No X509TrustManager in TrustManagerFactory"); } }
From source file:net.jradius.server.TCPListener.java
public void setConfiguration(ListenerConfigurationItem cfg, boolean noKeepAlive) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException, IOException { keepAlive = !noKeepAlive;/*from w w w .ja v a 2s . co m*/ config = cfg; Map props = config.getProperties(); String s = (String) props.get("port"); if (s != null) port = new Integer(s).intValue(); s = (String) props.get("backlog"); if (s != null) backlog = new Integer(s).intValue(); if (keepAlive) { s = (String) props.get("keepAlive"); if (s != null) keepAlive = new Boolean(s).booleanValue(); } String useSSL = (String) props.get("useSSL"); String trustAll = (String) props.get("trustAll"); if (requiresSSL || "true".equalsIgnoreCase(useSSL)) { KeyManager[] keyManagers = null; TrustManager[] trustManagers = null; String keyManager = (String) props.get("keyManager"); if (keyManager != null && keyManager.length() > 0) { try { KeyManager manager = (KeyManager) Configuration.getBean(keyManager); keyManagers = new KeyManager[] { manager }; } catch (Exception e) { e.printStackTrace(); } } else { String keystore = (String) props.get("keyStore"); String keystoreType = (String) props.get("keyStoreType"); String keystorePassword = (String) props.get("keyStorePassword"); String keyPassword = (String) props.get("keyPassword"); if (keystore != null) { if (keystoreType == null) keystoreType = "pkcs12"; KeyStore ks = KeyStore.getInstance(keystoreType); ks.load(new FileInputStream(keystore), keystorePassword == null ? null : keystorePassword.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, keyPassword == null ? null : keyPassword.toCharArray()); keyManagers = kmf.getKeyManagers(); } } String trustManager = (String) props.get("trustManager"); if (trustManager != null && trustManager.length() > 0) { try { TrustManager manager = (TrustManager) Configuration.getBean(trustManager); trustManagers = new TrustManager[] { manager }; } catch (Exception e) { e.printStackTrace(); } } else if ("true".equalsIgnoreCase(trustAll)) { trustManagers = new TrustManager[] { new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) { } public void checkServerTrusted(X509Certificate[] chain, String authType) { } public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } } }; } else { String keystore = (String) props.get("caStore"); String keystoreType = (String) props.get("caStoreType"); String keystorePassword = (String) props.get("caStorePassword"); if (keystore != null) { if (keystoreType == null) keystoreType = "pkcs12"; KeyStore caKeys = KeyStore.getInstance(keystoreType); caKeys.load(new FileInputStream(keystore), keystorePassword == null ? null : keystorePassword.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(caKeys); trustManagers = tmf.getTrustManagers(); } } SSLContext sslContext = SSLContext.getInstance("SSLv3"); sslContext.init(keyManagers, trustManagers, null); ServerSocketFactory socketFactory = sslContext.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) socketFactory.createServerSocket(port, backlog); serverSocket = sslServerSocket; if (sslWantClientAuth) sslServerSocket.setWantClientAuth(true); if (sslNeedClientAuth) sslServerSocket.setNeedClientAuth(true); if (sslEnabledProtocols != null) sslServerSocket.setEnabledProtocols(sslEnabledProtocols); if (sslEnabledCiphers != null) sslServerSocket.setEnabledCipherSuites(sslEnabledCiphers); usingSSL = true; } else { serverSocket = new ServerSocket(port, backlog); } serverSocket.setReuseAddress(true); setActive(true); }
From source file:org.kuali.kra.s2s.service.impl.GrantsGovConnectorServiceImpl.java
/** * This method is to confgiure KeyStore and Truststore for Grants.Gov webservice client * @param tlsConfig//w ww .j av a 2 s. co m * @param alias * @param mulitCampusEnabled * @throws S2SException */ protected void configureKeyStoreAndTrustStore(TLSClientParameters tlsConfig, String alias, boolean mulitCampusEnabled) throws S2SException { KeyStore keyStore = S2SCertificateReader.getKeyStore(); KeyManagerFactory keyManagerFactory; try { keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); if (alias != null && mulitCampusEnabled) { KeyStore keyStoreAlias; keyStoreAlias = KeyStore.getInstance(JKS_TYPE); Certificate[] certificates = keyStore.getCertificateChain(alias); Key key = keyStore.getKey(alias, s2SUtilService.getProperty(KEYSTORE_PASSWORD).toCharArray()); keyStoreAlias.load(null, null); keyStoreAlias.setKeyEntry(alias, key, s2SUtilService.getProperty(KEYSTORE_PASSWORD).toCharArray(), certificates); keyManagerFactory.init(keyStoreAlias, s2SUtilService.getProperty(KEYSTORE_PASSWORD).toCharArray()); } else { keyManagerFactory.init(keyStore, s2SUtilService.getProperty(KEYSTORE_PASSWORD).toCharArray()); } KeyManager[] km = keyManagerFactory.getKeyManagers(); tlsConfig.setKeyManagers(km); KeyStore trustStore = S2SCertificateReader.getTrustStore(); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); TrustManager[] tm = trustManagerFactory.getTrustManagers(); tlsConfig.setTrustManagers(tm); } catch (NoSuchAlgorithmException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } catch (KeyStoreException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } catch (UnrecoverableKeyException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } catch (CertificateException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } catch (IOException e) { LOG.error(e); throw new S2SException(KeyConstants.ERROR_KEYSTORE_CONFIG, e.getMessage()); } }
From source file:org.wso2.carbon.identity.core.util.DynamicX509TrustManager.java
/** * This method reloads the TrustManager by reading the carbon server's default trust store file * * @throws Exception/*from www . ja va2 s. c om*/ */ private void setupTrustManager() throws Exception { TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore clientTrustStore = null; try (InputStream trustStoreInputStream = new FileInputStream(TRUST_STORE_LOCATION)) { clientTrustStore = KeyStore.getInstance(TRUST_STORE_TYPE); clientTrustStore.load(trustStoreInputStream, null); trustManagerFactory.init(clientTrustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); for (TrustManager t : trustManagers) { if (t instanceof X509TrustManager) { trustManager = (X509TrustManager) t; System.setProperty(IdentityUtil.PROP_TRUST_STORE_UPDATE_REQUIRED, Boolean.FALSE.toString()); return; } } throw new IdentityException("No X509TrustManager in TrustManagerFactory"); } }