List of usage examples for org.apache.commons.net.util TrustManagerUtils getDefaultTrustManager
public static X509TrustManager getDefaultTrustManager(KeyStore keyStore) throws GeneralSecurityException
From source file:net.di2e.ecdr.security.ssl.client.cxf.CxfSSLClientConfigurationImpl.java
@Override public void configurationUpdateCallback(Map<String, String> updatedConfiguration) { if (updatedConfiguration != null) { String keystore = updatedConfiguration.get(ConfigurationManager.KEY_STORE); String keystorePassword = updatedConfiguration.get(ConfigurationManager.KEY_STORE_PASSWORD); KeyManager[] keyManagers = null; if (StringUtils.isNotBlank(keystore) && keystorePassword != null) { try { KeyManager manager = KeyManagerUtils.createClientKeyManager(new File(keystore), keystorePassword); keyManagers = new KeyManager[1]; keyManagers[0] = manager; } catch (IOException | GeneralSecurityException ex) { LOGGER.debug("Could not access keystore {}, using default java keystore.", keystore); }//from w ww . j av a 2 s. c o m } String trustStoreLocation = updatedConfiguration.get(ConfigurationManager.TRUST_STORE); String trustStorePassword = updatedConfiguration.get(ConfigurationManager.TRUST_STORE_PASSWORD); TrustManager[] trustManagers = null; if (StringUtils.isNotBlank(trustStoreLocation) && trustStorePassword != null) { try (FileInputStream fis = new FileInputStream(trustStoreLocation)) { KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { trustStore.load(fis, StringUtils.isNotEmpty(trustStorePassword) ? trustStorePassword.toCharArray() : null); trustManagers = new TrustManager[1]; trustManagers[0] = TrustManagerUtils.getDefaultTrustManager(trustStore); } catch (IOException ioe) { LOGGER.debug("Could not load truststore {}, using default java truststore"); } } catch (IOException | GeneralSecurityException ex) { LOGGER.debug("Could not access truststore {}, using default java truststore.", trustStoreLocation); } } synchronized (tlsClientParameters) { LOGGER.debug( "Setting the CXF KeyManager and TrustManager based on the Platform Global Configuration values"); tlsClientParameters.setKeyManagers(keyManagers); tlsClientParameters.setTrustManagers(trustManagers); } } }
From source file:com.streamsets.pipeline.lib.remote.FTPRemoteConnector.java
@Override protected void initAndConnect(List<Stage.ConfigIssue> issues, ConfigIssueContext context, URI remoteURI, Label remoteGroup, Label credGroup) { options = new FileSystemOptions(); this.remoteURI = remoteURI; if (remoteConfig.strictHostChecking) { issues.add(context.createConfigIssue(credGroup.getLabel(), CONF_PREFIX + "strictHostChecking", Errors.REMOTE_07));/*from w ww . j a v a 2s . c o m*/ } switch (remoteConfig.auth) { case PRIVATE_KEY: issues.add( context.createConfigIssue(credGroup.getLabel(), CONF_PREFIX + "privateKey", Errors.REMOTE_06)); break; case PASSWORD: String username = resolveUsername(remoteURI, issues, context, credGroup); String password = resolvePassword(remoteURI, issues, context, credGroup); if (remoteURI.getUserInfo() != null) { remoteURI = UriBuilder.fromUri(remoteURI).userInfo(null).build(); } StaticUserAuthenticator authenticator = new StaticUserAuthenticator(remoteURI.getHost(), username, password); try { DefaultFileSystemConfigBuilder.getInstance().setUserAuthenticator(options, authenticator); } catch (FileSystemException e) { // This method doesn't actually ever throw a FileSystemException, it simply declares that it does... // This shouldn't happen, but just in case, we'll log it LOG.error("Unexpected Exception", e); } break; case NONE: break; default: break; } FtpFileSystemConfigBuilder configBuilder = FtpFileSystemConfigBuilder.getInstance(); if (remoteURI.getScheme().equals(FTPS_SCHEME)) { configBuilder = FtpsFileSystemConfigBuilder.getInstance(); FtpsFileSystemConfigBuilder.getInstance().setFtpsMode(options, remoteConfig.ftpsMode.getMode()); FtpsFileSystemConfigBuilder.getInstance().setDataChannelProtectionLevel(options, remoteConfig.ftpsDataChannelProtectionLevel.getLevel()); if (remoteConfig.useFTPSClientCert) { setFtpsUserKeyManagerOrTrustManager(remoteConfig.ftpsClientCertKeystoreFile, CONF_PREFIX + "ftpsClientCertKeystoreFile", remoteConfig.ftpsClientCertKeystorePassword, CONF_PREFIX + "ftpsClientCertKeystorePassword", remoteConfig.ftpsClientCertKeystoreType, true, issues, context, credGroup); } switch (remoteConfig.ftpsTrustStoreProvider) { case FILE: setFtpsUserKeyManagerOrTrustManager(remoteConfig.ftpsTruststoreFile, CONF_PREFIX + "ftpsTruststoreFile", remoteConfig.ftpsTruststorePassword, CONF_PREFIX + "ftpsTruststorePassword", remoteConfig.ftpsTruststoreType, false, issues, context, credGroup); break; case JVM_DEFAULT: try { FtpsFileSystemConfigBuilder.getInstance().setTrustManager(options, TrustManagerUtils.getDefaultTrustManager(null)); } catch (GeneralSecurityException e) { issues.add(context.createConfigIssue(credGroup.getLabel(), CONF_PREFIX + "ftpsTruststoreFile", Errors.REMOTE_14, "trust", "JVM", e.getMessage(), e)); } break; case ALLOW_ALL: // fall through default: FtpsFileSystemConfigBuilder.getInstance().setTrustManager(options, TrustManagerUtils.getAcceptAllTrustManager()); break; } } configBuilder.setPassiveMode(options, true); configBuilder.setUserDirIsRoot(options, remoteConfig.userDirIsRoot); // Only actually try to connect and authenticate if there were no issues if (issues.isEmpty()) { LOG.info("Connecting to {}", remoteURI.toString()); try { remoteDir = VFS.getManager().resolveFile(remoteURI.toString(), options); remoteDir.refresh(); if (remoteConfig.createPathIfNotExists && !remoteDir.exists()) { remoteDir.createFolder(); } remoteDir.getChildren(); } catch (FileSystemException e) { LOG.error(Errors.REMOTE_11.getMessage(), remoteURI.toString(), e.getMessage(), e); issues.add(context.createConfigIssue(remoteGroup.getLabel(), CONF_PREFIX + "remoteAddress", Errors.REMOTE_11, remoteURI.toString(), e.getMessage(), e)); } } }
From source file:jenkins.plugins.publish_over_ftp.BapFtpHostConfiguration.java
public FTPClient createFTPClient() throws GeneralSecurityException, FileNotFoundException, IOException { if (useFtpOverTls) { FTPSClient c = new FTPSClient(false); KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType()); String trustStorePath = System.getProperty("javax.net.ssl.trustStore"); if (trustStorePath != null) { String trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword"); if (trustStorePassword != null) { ts.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray()); } else { ts.load(new FileInputStream(trustStorePath), null); }/*from w w w. j a v a 2s .com*/ } else { ts.load(null); } if (trustedCertificate != null) { InputStream certStream = new ByteArrayInputStream(trustedCertificate.getBytes()); X509Certificate x509certificate = (X509Certificate) CertificateFactory.getInstance("X.509") .generateCertificate(certStream); ts.setCertificateEntry(x509certificate.getSubjectDN().getName(), x509certificate); } c.setTrustManager(TrustManagerUtils.getDefaultTrustManager(ts)); return c; } return new FTPClient(); }
From source file:com.appdynamics.monitors.mongo.MongoDBMonitor.java
private SSLSocketFactory getSocketFactoryFromPEM(String filePath) throws Exception { Security.addProvider(new BouncyCastleProvider()); PEMParser pemParser = new PEMParser(new FileReader(getConfigFilename(filePath))); pemParser.readObject();//from w w w.ja va2 s. com PemObject pemObject = pemParser.readPemObject(); pemParser.close(); X509CertificateHolder holder = new X509CertificateHolder(pemObject.getContent()); X509Certificate bc = new JcaX509CertificateConverter().setProvider("BC").getCertificate(holder); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry("ca", bc); TrustManager trustManager = TrustManagerUtils.getDefaultTrustManager(keyStore); SSLContext sslContext = SSLContextUtils.createSSLContext("TLS", null, trustManager); return sslContext.getSocketFactory(); }
From source file:com.streamsets.pipeline.lib.remote.FTPRemoteConnector.java
private void setFtpsUserKeyManagerOrTrustManager(String file, String fileConfigName, CredentialValue password, String passwordConfigName, KeyStoreType keyStoreType, boolean isKeystore, // or truststore List<Stage.ConfigIssue> issues, ConfigIssueContext context, Label group) { if (file != null && !file.isEmpty()) { File keystoreFile = new File(file); String keystorePassword = resolveCredential(password, passwordConfigName, issues, context, group); try {/*from ww w. j a v a 2s . c om*/ KeyStore keystore = loadKeystore(keystoreFile, keyStoreType.getJavaValue(), keystorePassword); try { if (isKeystore) { FtpsFileSystemConfigBuilder.getInstance().setKeyManager(options, KeyManagerUtils.createClientKeyManager(keystore, null, keystorePassword)); } else { FtpsFileSystemConfigBuilder.getInstance().setTrustManager(options, TrustManagerUtils.getDefaultTrustManager(keystore)); } } catch (GeneralSecurityException e) { issues.add(context.createConfigIssue(group.getLabel(), fileConfigName, Errors.REMOTE_15, isKeystore ? "key" : "trust", e.getMessage(), e)); } } catch (IOException | GeneralSecurityException e) { issues.add(context.createConfigIssue(group.getLabel(), fileConfigName, Errors.REMOTE_14, isKeystore ? "key" : "trust", keystoreFile.getAbsolutePath(), e.getMessage(), e)); } } else { if (isKeystore) { issues.add(context.createConfigIssue(group.getLabel(), fileConfigName, Errors.REMOTE_12)); } else { issues.add(context.createConfigIssue(group.getLabel(), fileConfigName, Errors.REMOTE_13)); } } }
From source file:org.teiid.resource.adapter.ftp.FtpManagedConnectionFactory.java
public void setCertificate(String certificate) { this.certificate = certificate; if (this.certificate != null && Files.exists(Paths.get(this.certificate))) { try {/* w w w . j a va2s . c o m*/ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); //$NON-NLS-1$ InputStream in = Files.newInputStream(Paths.get(this.certificate)); Certificate cert = certificateFactory.generateCertificate(in); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); keyStore.setCertificateEntry("alias", cert); //$NON-NLS-1$ trustManager = TrustManagerUtils.getDefaultTrustManager(keyStore); } catch (IOException | GeneralSecurityException e) { throw new TeiidRuntimeException(UTIL.getString("ftp_certificate_path", certificate, e)); //$NON-NLS-1$ } } }