List of usage examples for javax.net.ssl TrustManagerFactory init
public final void init(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException
From source file:edu.washington.shibboleth.attribute.resolver.dc.rws.HttpDataSource.java
/** * Generate a socket factory using supplied key and trust stores *//*from w w w.j a v a2 s .c om*/ protected SSLConnectionSocketFactory getSocketFactory() throws IOException { TrustManager[] trustManagers = null; KeyManager[] keyManagers = null; try { /* trust managers */ if (caCertificateFile != null) { KeyStore trustStore; int cn = 0; log.info("Setting x509 trust from " + caCertificateFile); TrustManagerFactory tmf = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); FileInputStream in = new FileInputStream(caCertificateFile); Collection certs = cf.generateCertificates(in); trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); Iterator cit = certs.iterator(); while (cit.hasNext()) { X509Certificate cert = (X509Certificate) cit.next(); log.info(" adding " + cert.getSubjectX500Principal().toString()); System.out.println(" adding " + cert.getSubjectX500Principal().toString()); trustStore.setCertificateEntry("CACERT" + cn, cert); cn += 1; } tmf.init(trustStore); trustManagers = tmf.getTrustManagers(); } else { // no verification trustManagers = new TrustManager[] { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { return; } public void checkServerTrusted(X509Certificate[] certs, String authType) { return; } } }; } /* key manager */ if (certificateFile != null && keyFile != null) { KeyStore keyStore; KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); FileInputStream in = new FileInputStream(certificateFile); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) cf.generateCertificate(in); PKCS1 pkcs = new PKCS1(); log.info("reading key file: " + keyFile); PrivateKey key = pkcs.readKey(keyFile); X509Certificate[] chain = new X509Certificate[1]; chain[0] = cert; keyStore.setKeyEntry("CERT", (Key) key, "pw".toCharArray(), chain); kmf.init(keyStore, "pw".toCharArray()); keyManagers = kmf.getKeyManagers(); } /* socket factory */ SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(keyManagers, trustManagers, null); return new SSLConnectionSocketFactory(ctx); } catch (IOException e) { log.error("error reading cert or key error: " + e); } catch (KeyStoreException e) { log.error("keystore error: " + e); } catch (NoSuchAlgorithmException e) { log.error("sf error: " + e); } catch (KeyManagementException e) { log.error("sf error: " + e); } catch (CertificateException e) { log.error("sf error: " + e); } catch (UnrecoverableKeyException e) { log.error("sf error: " + e); } return null; }
From source file:org.apache.geode.internal.net.SocketCreator.java
private TrustManager[] getTrustManagers() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { TrustManager[] trustManagers = null; GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader(); String trustStoreType = sslConfig.getTruststoreType(); if (StringUtils.isEmpty(trustStoreType)) { // read from console, default on empty if (consoleReader.isSupported()) { trustStoreType = consoleReader .readLine("Please enter the trustStoreType (javax.net.ssl.trustStoreType) : "); } else {/*from ww w . j a v a 2 s .co m*/ trustStoreType = KeyStore.getDefaultType(); } } KeyStore ts = KeyStore.getInstance(trustStoreType); String trustStorePath = sslConfig.getTruststore(); if (StringUtils.isEmpty(trustStorePath)) { if (consoleReader.isSupported()) { trustStorePath = consoleReader .readLine("Please enter the trustStore location (javax.net.ssl.trustStore) : "); } } FileInputStream fis = new FileInputStream(trustStorePath); String passwordString = sslConfig.getTruststorePassword(); char[] password = null; if (passwordString != null) { if (passwordString.trim().equals("")) { if (!StringUtils.isEmpty(passwordString)) { String toDecrypt = "encrypted(" + passwordString + ")"; passwordString = PasswordUtil.decrypt(toDecrypt); password = passwordString.toCharArray(); } // read from the console if (StringUtils.isEmpty(passwordString) && consoleReader.isSupported()) { password = consoleReader.readPassword( "Please enter password for trustStore (javax.net.ssl.trustStorePassword) : "); } } else { password = passwordString.toCharArray(); } } ts.load(fis, password); // default algorithm can be changed by setting property "ssl.TrustManagerFactory.algorithm" in // security properties TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ts); trustManagers = tmf.getTrustManagers(); // follow the security tip in java doc if (password != null) { java.util.Arrays.fill(password, ' '); } return trustManagers; }
From source file:self.philbrown.droidQuery.Ajax.java
protected TaskResponse doInBackground(Void... arg0) { if (this.isCancelled) return null; //if synchronous, block on the background thread until ready. Then call beforeSend, etc, before resuming. if (!beforeSendIsAsync) { try {/*w w w. j ava 2 s . c o m*/ mutex.acquire(); } catch (InterruptedException e) { Log.w("AjaxTask", "Synchronization Error. Running Task Async"); } final Thread asyncThread = Thread.currentThread(); isLocked = true; mHandler.post(new Runnable() { @Override public void run() { if (options.beforeSend() != null) { if (options.context() != null) options.beforeSend().invoke($.with(options.context()), options); else options.beforeSend().invoke(null, options); } if (options.isAborted()) { cancel(true); return; } if (options.global()) { synchronized (globalTasks) { if (globalTasks.isEmpty()) { $.ajaxStart(); } globalTasks.add(Ajax.this); } $.ajaxSend(); } else { synchronized (localTasks) { localTasks.add(Ajax.this); } } isLocked = false; LockSupport.unpark(asyncThread); } }); if (isLocked) LockSupport.park(); } //here is where to use the mutex //handle cached responses Object cachedResponse = AjaxCache.sharedCache().getCachedResponse(options); //handle ajax caching option if (cachedResponse != null && options.cache()) { Success s = new Success(cachedResponse); s.reason = "cached response"; s.allHeaders = null; return s; } if (connection == null) { try { String type = options.type(); URL url = new URL(options.url()); if (type == null) { type = "GET"; } if (type.equalsIgnoreCase("CUSTOM")) { try { connection = options.customConnection(); } catch (Exception e) { connection = null; } if (connection == null) { Log.w("droidQuery.ajax", "CUSTOM type set, but AjaxOptions.customRequest is invalid. Defaulting to GET."); connection = (HttpURLConnection) url.openConnection(); connection.setRequestMethod("GET"); } } else { connection = (HttpURLConnection) url.openConnection(); connection.setRequestMethod(type); if (type.equalsIgnoreCase("POST") || type.equalsIgnoreCase("PUT")) { connection.setDoOutput(true); } } } catch (Throwable t) { if (options.debug()) t.printStackTrace(); Error e = new Error(null); AjaxError error = new AjaxError(); error.connection = connection; error.options = options; e.status = 0; e.reason = "Bad Configuration"; error.status = e.status; error.reason = e.reason; error.response = e.response; e.allHeaders = new Headers(); e.error = error; return e; } } Map<String, Object> args = new HashMap<String, Object>(); args.put("options", options); args.put("request", null); args.put("connection", connection); EventCenter.trigger("ajaxPrefilter", args, null); if (options.headers() != null) { if (options.headers().authorization() != null) { options.headers() .authorization(options.headers().authorization() + " " + options.getEncodedCredentials()); } else if (options.username() != null) { //guessing that authentication is basic options.headers().authorization("Basic " + options.getEncodedCredentials()); } for (Entry<String, String> entry : options.headers().map().entrySet()) { connection.setRequestProperty(entry.getKey(), entry.getValue()); } } if (options.data() != null) { try { OutputStream os = connection.getOutputStream(); os.write(options.data().toString().getBytes()); os.close(); } catch (Throwable t) { Log.w("Ajax", "Could not post data"); } } if (options.timeout() != 0) { connection.setConnectTimeout(options.timeout()); connection.setReadTimeout(options.timeout()); } if (options.trustedCertificate() != null) { Certificate ca = options.trustedCertificate(); String keyStoreType = KeyStore.getDefaultType(); KeyStore keyStore = null; try { keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("ca", ca); } catch (KeyStoreException e) { if (options.debug()) e.printStackTrace(); } catch (NoSuchAlgorithmException e) { if (options.debug()) e.printStackTrace(); } catch (CertificateException e) { if (options.debug()) e.printStackTrace(); } catch (IOException e) { if (options.debug()) e.printStackTrace(); } if (keyStore == null) { Log.w("Ajax", "Could not configure trusted certificate"); } else { try { //Create a TrustManager that trusts the CAs in our KeyStore String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); //Create an SSLContext that uses our TrustManager SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, tmf.getTrustManagers(), null); ((HttpsURLConnection) connection).setSSLSocketFactory(sslContext.getSocketFactory()); } catch (KeyManagementException e) { if (options.debug()) e.printStackTrace(); } catch (NoSuchAlgorithmException e) { if (options.debug()) e.printStackTrace(); } catch (KeyStoreException e) { if (options.debug()) e.printStackTrace(); } } } try { if (options.cookies() != null) { CookieManager cm = new CookieManager(); CookieStore cookies = cm.getCookieStore(); URI uri = URI.create(options.url()); for (Entry<String, String> entry : options.cookies().entrySet()) { HttpCookie cookie = new HttpCookie(entry.getKey(), entry.getValue()); cookies.add(uri, cookie); } connection.setRequestProperty("Cookie", TextUtils.join(",", cookies.getCookies())); } connection.connect(); final int statusCode = connection.getResponseCode(); final String message = connection.getResponseMessage(); if (options.dataFilter() != null) { if (options.context() != null) options.dataFilter().invoke($.with(options.context()), connection, options.dataType()); else options.dataFilter().invoke(null, connection, options.dataType()); } final Function function = options.statusCode().get(statusCode); if (function != null) { mHandler.post(new Runnable() { @Override public void run() { if (options.context() != null) function.invoke($.with(options.context()), statusCode, options.clone()); else function.invoke(null, statusCode, options.clone()); } }); } //handle dataType String dataType = options.dataType(); if (dataType == null) dataType = "text"; if (options.debug()) Log.i("Ajax", "dataType = " + dataType); Object parsedResponse = null; InputStream stream = null; try { if (dataType.equalsIgnoreCase("text") || dataType.equalsIgnoreCase("html")) { if (options.debug()) Log.i("Ajax", "parsing text"); stream = AjaxUtil.getInputStream(connection); parsedResponse = parseText(stream); } else if (dataType.equalsIgnoreCase("xml")) { if (options.debug()) Log.i("Ajax", "parsing xml"); if (options.customXMLParser() != null) { stream = AjaxUtil.getInputStream(connection); if (options.SAXContentHandler() != null) options.customXMLParser().parse(stream, options.SAXContentHandler()); else options.customXMLParser().parse(stream, new DefaultHandler()); parsedResponse = "Response handled by custom SAX parser"; } else if (options.SAXContentHandler() != null) { stream = AjaxUtil.getInputStream(connection); SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature("http://xml.org/sax/features/namespaces", false); factory.setFeature("http://xml.org/sax/features/namespace-prefixes", true); SAXParser parser = factory.newSAXParser(); XMLReader reader = parser.getXMLReader(); reader.setContentHandler(options.SAXContentHandler()); reader.parse(new InputSource(stream)); parsedResponse = "Response handled by custom SAX content handler"; } else { parsedResponse = parseXML(connection); } } else if (dataType.equalsIgnoreCase("json")) { if (options.debug()) Log.i("Ajax", "parsing json"); parsedResponse = parseJSON(connection); } else if (dataType.equalsIgnoreCase("script")) { if (options.debug()) Log.i("Ajax", "parsing script"); parsedResponse = parseScript(connection); } else if (dataType.equalsIgnoreCase("image")) { if (options.debug()) Log.i("Ajax", "parsing image"); stream = AjaxUtil.getInputStream(connection); parsedResponse = parseImage(stream); } else if (dataType.equalsIgnoreCase("raw")) { if (options.debug()) Log.i("Ajax", "parsing raw data"); parsedResponse = parseRawContent(connection); } } catch (ClientProtocolException cpe) { if (options.debug()) cpe.printStackTrace(); Error e = new Error(parsedResponse); AjaxError error = new AjaxError(); error.connection = connection; error.options = options; e.status = statusCode; e.reason = message; error.status = e.status; error.reason = e.reason; error.response = e.response; e.allHeaders = Headers.createHeaders(connection.getHeaderFields()); e.error = error; return e; } catch (Exception ioe) { if (options.debug()) ioe.printStackTrace(); Error e = new Error(parsedResponse); AjaxError error = new AjaxError(); error.connection = connection; error.options = options; e.status = statusCode; e.reason = message; error.status = e.status; error.reason = e.reason; error.response = e.response; e.allHeaders = Headers.createHeaders(connection.getHeaderFields()); e.error = error; return e; } finally { connection.disconnect(); try { if (stream != null) { stream.close(); } } catch (IOException e) { } } if (statusCode >= 300) { //an error occurred Error e = new Error(parsedResponse); Log.e("Ajax Test", parsedResponse.toString()); //AjaxError error = new AjaxError(); //error.request = request; //error.options = options; e.status = e.status; e.reason = e.reason; //error.status = e.status; //error.reason = e.reason; //error.response = e.response; e.allHeaders = Headers.createHeaders(connection.getHeaderFields()); //e.error = error; if (options.debug()) Log.i("Ajax", "Error " + e.status + ": " + e.reason); return e; } else { //handle ajax ifModified option List<String> lastModifiedHeaders = connection.getHeaderFields().get("last-modified"); if (lastModifiedHeaders.size() >= 1) { try { String h = lastModifiedHeaders.get(0); SimpleDateFormat format = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US); Date lastModified = format.parse(h); if (options.ifModified() && lastModified != null) { Date lastModifiedDate; synchronized (lastModifiedUrls) { lastModifiedDate = lastModifiedUrls.get(options.url()); } if (lastModifiedDate != null && lastModifiedDate.compareTo(lastModified) == 0) { //request response has not been modified. //Causes an error instead of a success. Error e = new Error(parsedResponse); AjaxError error = new AjaxError(); error.connection = connection; error.options = options; e.status = e.status; e.reason = e.reason; error.status = e.status; error.reason = e.reason; error.response = e.response; e.allHeaders = Headers.createHeaders(connection.getHeaderFields()); e.error = error; Function func = options.statusCode().get(304); if (func != null) { if (options.context() != null) func.invoke($.with(options.context())); else func.invoke(null); } return e; } else { synchronized (lastModifiedUrls) { lastModifiedUrls.put(options.url(), lastModified); } } } } catch (Throwable t) { Log.e("Ajax", "Could not parse Last-Modified Header", t); } } //Now handle a successful request Success s = new Success(parsedResponse); s.reason = message; s.allHeaders = Headers.createHeaders(connection.getHeaderFields()); return s; } } catch (Throwable t) { if (options.debug()) t.printStackTrace(); if (t instanceof java.net.SocketTimeoutException) { Error e = new Error(null); AjaxError error = new AjaxError(); error.connection = connection; error.options = options; error.response = e.response; e.status = 0; String reason = t.getMessage(); if (reason == null) reason = "Socket Timeout"; e.reason = reason; error.status = e.status; error.reason = e.reason; if (connection != null) e.allHeaders = Headers.createHeaders(connection.getHeaderFields()); else e.allHeaders = new Headers(); e.error = error; return e; } return null; } }
From source file:org.wisdom.engine.ssl.SSLServerContext.java
private TrustManagerFactory getTrustManagerFactoryFromKeyStore(final File maybeRoot, final String path) throws KeyStoreException { final TrustManagerFactory tmf; File file = new File(path); if (!file.isFile()) { // Second chance. file = new File(maybeRoot, path); }// ww w.j ava2 s .co m LOGGER.info("\t trust store: " + file.getAbsolutePath()); final KeyStore trustStore = KeyStore .getInstance(accessor.getConfiguration().getWithDefault("https.trustStoreType", "JKS")); LOGGER.info("\t trust store type: " + trustStore.getType()); LOGGER.info("\t trust store provider: " + trustStore.getProvider()); final char[] password = accessor.getConfiguration().getWithDefault("https.trustStorePassword", "") .toCharArray(); LOGGER.info("\t trust store password length: " + password.length); final String algorithm = accessor.getConfiguration().getWithDefault("https.trustStoreAlgorithm", KeyManagerFactory.getDefaultAlgorithm()); LOGGER.info("\t trust store algorithm: " + algorithm); if (file.isFile()) { FileInputStream stream = null; try { stream = new FileInputStream(file); trustStore.load(stream, password); tmf = TrustManagerFactory.getInstance(algorithm); tmf.init(trustStore); } catch (final Exception e) { throw new RuntimeException(HTTPSFAIL + e.getMessage(), e); } finally { IOUtils.closeQuietly(stream); } } else { throw new RuntimeException( "Cannot load trust store from '" + file.getAbsolutePath() + "', " + "the file does not exist"); } return tmf; }
From source file:com.sonatype.nexus.ssl.plugin.internal.TrustStoreImpl.java
private static TrustManager[] getSystemTrustManagers() throws Exception { TrustManagerFactory trustManagerFactory; String trustAlgorithm = System.getProperty("ssl.TrustManagerFactory.algorithm"); if (trustAlgorithm == null) { trustAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); }/*from w ww.j a v a2 s . co m*/ String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType"); if (trustStoreType == null) { trustStoreType = KeyStore.getDefaultType(); } if ("none".equalsIgnoreCase(trustStoreType)) { trustManagerFactory = TrustManagerFactory.getInstance(trustAlgorithm); } else { File trustStoreFile; KeyStore trustStore; String trustStoreFileName = System.getProperty("javax.net.ssl.trustStore"); if (trustStoreFileName != null) { trustStoreFile = new File(trustStoreFileName); trustManagerFactory = TrustManagerFactory.getInstance(trustAlgorithm); final String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider"); if (trustStoreProvider != null) { trustStore = KeyStore.getInstance(trustStoreType, trustStoreProvider); } else { trustStore = KeyStore.getInstance(trustStoreType); } } else { File javaHome = new File(System.getProperty("java.home")); File file = new File(javaHome, "lib/security/jssecacerts"); if (!file.exists()) { file = new File(javaHome, "lib/security/cacerts"); trustStoreFile = file; } else { trustStoreFile = file; } trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); } final String password = System.getProperty("javax.net.ssl.trustStorePassword"); try (FileInputStream in = new FileInputStream(trustStoreFile)) { trustStore.load(in, password != null ? password.toCharArray() : null); } trustManagerFactory.init(trustStore); } return trustManagerFactory.getTrustManagers(); }
From source file:io.swagger.client.ApiClient.java
/** * Apply SSL related settings to httpClient according to the current values of * verifyingSsl and sslCaCert.// w w w. j av a 2s . c o m */ private void applySslSettings() { try { KeyManager[] keyManagers = null; TrustManager[] trustManagers = null; HostnameVerifier hostnameVerifier = null; if (!verifyingSsl) { TrustManager trustAll = new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; SSLContext sslContext = SSLContext.getInstance("TLS"); trustManagers = new TrustManager[] { trustAll }; hostnameVerifier = new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }; } else if (sslCaCert != null) { char[] password = null; // Any password will work. CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(sslCaCert); if (certificates.isEmpty()) { throw new IllegalArgumentException("expected non-empty set of trusted certificates"); } KeyStore caKeyStore = newEmptyKeyStore(password); int index = 0; for (Certificate certificate : certificates) { String certificateAlias = "ca" + Integer.toString(index++); caKeyStore.setCertificateEntry(certificateAlias, certificate); } TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(caKeyStore); trustManagers = trustManagerFactory.getTrustManagers(); } if (keyManagers != null || trustManagers != null) { SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagers, trustManagers, new SecureRandom()); httpClient.setSslSocketFactory(sslContext.getSocketFactory()); } else { httpClient.setSslSocketFactory(null); } httpClient.setHostnameVerifier(hostnameVerifier); } catch (GeneralSecurityException e) { throw new RuntimeException(e); } }
From source file:iracing.webapi.IracingWebApi.java
private void installCerts() throws Exception { String host = "members.iracing.com"; int port = 443; char[] password = CERT_STORE_PASSWORD.toCharArray(); File file = new File("jssecacerts"); if (!file.isFile()) { char seperator = File.separatorChar; File dir = new File(System.getProperty("java.home") + seperator + "lib" + seperator + "security"); file = new File(dir, "jssecacerts"); if (!file.isFile()) { file = new File(dir, "cacerts"); }/*ww w . java2s . c o m*/ } KeyStore ks; InputStream in = new FileInputStream(file); ks = KeyStore.getInstance(KeyStore.getDefaultType()); try { ks.load(in, password); } catch (Exception e) { } in.close(); SSLContext context = SSLContext.getInstance("TLS"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); context.init(null, new TrustManager[] { tm }, null); SSLSocketFactory factory = context.getSocketFactory(); SSLSocket socket = null; try { socket = (SSLSocket) factory.createSocket(host, port); socket.setSoTimeout(10000); socket.startHandshake(); } catch (Exception e) { //e.printStackTrace(); } finally { if (socket != null) socket.close(); } X509Certificate[] chain = tm.chain; if (chain == null) return; MessageDigest sha1 = MessageDigest.getInstance("SHA1"); MessageDigest md5 = MessageDigest.getInstance("MD5"); for (int i = 0; i < chain.length; i++) { X509Certificate cert = chain[i]; sha1.update(cert.getEncoded()); md5.update(cert.getEncoded()); } for (int count = 0; count < chain.length; count++) { X509Certificate cert = chain[count]; String alias = host + "-" + (count + 1); ks.setCertificateEntry(alias, cert); OutputStream out = new FileOutputStream("jssecacerts"); try { ks.store(out, password); } finally { out.close(); } } }
From source file:com.openshift.restclient.ClientBuilder.java
private TrustManagerFactory initTrustManagerFactory(String alias, X509Certificate cert, Collection<X509Certificate> certs) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException { TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); if (alias != null && (cert != null || certs != null)) { KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); // need this load to initialize the key store, and allow for the subsequent set certificate entry ks.load(null, null);//from w w w. jav a 2 s .c om if (cert != null) { cert.checkValidity(); ks.setCertificateEntry(alias, cert); } if (certs != null) { int i = 0; for (X509Certificate x509 : certs) { x509.checkValidity(); ks.setCertificateEntry(alias + i, x509); i++; } } // testing has proven that you can only call init() once for a TrustManagerFactory wrt loading certs // from the KeyStore ... subsequent KeyStore.setCertificateEntry / TrustManagerFactory.init calls are // ignored. // So if a specific cert is required to validate this connection's communication with the server, add it up front // in the ctor. trustManagerFactory.init(ks); } else { trustManagerFactory.init((KeyStore) null); } return trustManagerFactory; }
From source file:net.myrrix.client.ClientRecommender.java
private SSLSocketFactory buildSSLSocketFactory() throws IOException { final HostnameVerifier defaultVerifier = HttpsURLConnection.getDefaultHostnameVerifier(); HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override//from w w w .ja v a 2 s . c om public boolean verify(String hostname, SSLSession sslSession) { return ignoreHTTPSHost || "localhost".equals(hostname) || "127.0.0.1".equals(hostname) || defaultVerifier.verify(hostname, sslSession); } }); try { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); File trustStoreFile = config.getKeystoreFile().getAbsoluteFile(); String password = config.getKeystorePassword(); Preconditions.checkNotNull(password); InputStream in = new FileInputStream(trustStoreFile); try { keyStore.load(in, password.toCharArray()); } finally { in.close(); } TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keyStore); SSLContext ctx; try { ctx = SSLContext.getInstance("TLSv1.1"); // Java 7 only } catch (NoSuchAlgorithmException ignored) { log.info("TLSv1.1 unavailable, falling back to TLSv1"); ctx = SSLContext.getInstance("TLSv1"); // Java 6 // This also seems to be necessary: if (System.getProperty("https.protocols") == null) { System.setProperty("https.protocols", "TLSv1"); } } ctx.init(null, tmf.getTrustManagers(), null); return ctx.getSocketFactory(); } catch (NoSuchAlgorithmException nsae) { // can't happen? throw new IllegalStateException(nsae); } catch (KeyStoreException kse) { throw new IOException(kse); } catch (KeyManagementException kme) { throw new IOException(kme); } catch (CertificateException ce) { throw new IOException(ce); } }
From source file:org.apache.geode.management.internal.cli.commands.ConnectCommand.java
private TrustManager[] getTrustManagers(SSLConfig sslConfig, boolean skipSslVerification) throws Exception { FileInputStream trustStoreStream = null; TrustManagerFactory trustManagerFactory = null; if (skipSslVerification) { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }//from w w w.java2 s .c o m public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; return trustAllCerts; } try { // load server public key if (StringUtils.isNotBlank(sslConfig.getTruststore())) { KeyStore serverPub = KeyStore.getInstance(sslConfig.getTruststoreType()); trustStoreStream = new FileInputStream(sslConfig.getTruststore()); serverPub.load(trustStoreStream, sslConfig.getTruststorePassword().toCharArray()); trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(serverPub); } } finally { if (trustStoreStream != null) { trustStoreStream.close(); } } return trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null; }