List of usage examples for org.apache.http.conn.ssl SSLContextBuilder loadTrustMaterial
public SSLContextBuilder loadTrustMaterial(final KeyStore truststore) throws NoSuchAlgorithmException, KeyStoreException
From source file:be.dnsbelgium.rdap.client.RDAPCLI.java
public static void main(String[] args) { LOGGER.debug("Create the command line parser"); CommandLineParser parser = new GnuParser(); LOGGER.debug("Create the options"); Options options = new RDAPOptions(Locale.ENGLISH); try {/*w w w. j a va 2 s .c o m*/ LOGGER.debug("Parse the command line arguments"); CommandLine line = parser.parse(options, args); if (line.hasOption("help")) { printHelp(options); return; } if (line.getArgs().length == 0) { throw new IllegalArgumentException("You must provide a query"); } String query = line.getArgs()[0]; Type type = (line.getArgs().length == 2) ? Type.valueOf(line.getArgs()[1].toUpperCase()) : guessQueryType(query); LOGGER.debug("Query: {}, Type: {}", query, type); try { SSLContextBuilder sslContextBuilder = SSLContexts.custom(); if (line.hasOption(RDAPOptions.TRUSTSTORE)) { sslContextBuilder.loadTrustMaterial( RDAPClient.getKeyStoreFromFile(new File(line.getOptionValue(RDAPOptions.TRUSTSTORE)), line.getOptionValue(RDAPOptions.TRUSTSTORE_TYPE, RDAPOptions.DEFAULT_STORETYPE), line.getOptionValue(RDAPOptions.TRUSTSTORE_PASS, RDAPOptions.DEFAULT_PASS))); } if (line.hasOption(RDAPOptions.KEYSTORE)) { sslContextBuilder.loadKeyMaterial( RDAPClient.getKeyStoreFromFile(new File(line.getOptionValue(RDAPOptions.KEYSTORE)), line.getOptionValue(RDAPOptions.KEYSTORE_TYPE, RDAPOptions.DEFAULT_STORETYPE), line.getOptionValue(RDAPOptions.KEYSTORE_PASS, RDAPOptions.DEFAULT_PASS)), line.getOptionValue(RDAPOptions.KEYSTORE_PASS, RDAPOptions.DEFAULT_PASS).toCharArray()); } SSLContext sslContext = sslContextBuilder.build(); final String url = line.getOptionValue(RDAPOptions.URL); final HttpHost host = Utils.httpHost(url); HashSet<Header> headers = new HashSet<Header>(); headers.add(new BasicHeader("Accept-Language", line.getOptionValue(RDAPOptions.LANG, Locale.getDefault().toString()))); HttpClientBuilder httpClientBuilder = HttpClients.custom().setDefaultHeaders(headers) .setSSLSocketFactory(new SSLConnectionSocketFactory(sslContext, (line.hasOption(RDAPOptions.INSECURE) ? new AllowAllHostnameVerifier() : new BrowserCompatHostnameVerifier()))); if (line.hasOption(RDAPOptions.USERNAME) && line.hasOption(RDAPOptions.PASSWORD)) { BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(new AuthScope(host.getHostName(), host.getPort()), new UsernamePasswordCredentials(line.getOptionValue(RDAPOptions.USERNAME), line.getOptionValue(RDAPOptions.PASSWORD))); httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); } RDAPClient rdapClient = new RDAPClient(httpClientBuilder.build(), url); ObjectMapper mapper = new ObjectMapper(); JsonNode json = null; switch (type) { case DOMAIN: json = rdapClient.getDomainAsJson(query); break; case ENTITY: json = rdapClient.getEntityAsJson(query); break; case AUTNUM: json = rdapClient.getAutNum(query); break; case IP: json = rdapClient.getIp(query); break; case NAMESERVER: json = rdapClient.getNameserver(query); break; } PrintWriter out = new PrintWriter(System.out, true); if (line.hasOption(RDAPOptions.RAW)) { mapper.writer().writeValue(out, json); } else if (line.hasOption(RDAPOptions.PRETTY)) { mapper.writer(new DefaultPrettyPrinter()).writeValue(out, json); } else if (line.hasOption(RDAPOptions.YAML)) { DumperOptions dumperOptions = new DumperOptions(); dumperOptions.setPrettyFlow(true); dumperOptions.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK); dumperOptions.setSplitLines(true); Yaml yaml = new Yaml(dumperOptions); Map data = mapper.convertValue(json, Map.class); yaml.dump(data, out); } else { mapper.writer(new MinimalPrettyPrinter()).writeValue(out, json); } out.flush(); } catch (Exception e) { LOGGER.error(e.getMessage(), e); System.exit(-1); } } catch (org.apache.commons.cli.ParseException e) { printHelp(options); System.exit(-1); } }
From source file:test.SAMLAttributeQueryExample.java
/** * Build the HTTP client./*w w w. jav a 2 s .com*/ * * @param idpCertificateFile path to idp certificate file * @param clientPrivateKeyFile path to client private key file * @param clientCertificateFile path to client certificate file * @return the HTTP client * @throws Exception if an error occurs */ @Nonnull public static HttpClient buildHttpClient(@Nonnull final String idpCertificateFile, @Nonnull final String clientPrivateKeyFile, @Nonnull final String clientCertificateFile) throws Exception { X509Certificate idpCert = CertUtil.readCertificate(idpCertificateFile); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); trustStore.setCertificateEntry("idp", idpCert); PrivateKey clientPrivateKey = KeyPairUtil.readPrivateKey(clientPrivateKeyFile); X509Certificate clientCert = CertUtil.readCertificate(clientCertificateFile); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setKeyEntry("me", clientPrivateKey, "secret".toCharArray(), new Certificate[] { clientCert }); SSLContextBuilder sslContextBuilder = SSLContexts.custom(); sslContextBuilder.loadTrustMaterial(trustStore); sslContextBuilder.loadKeyMaterial(keyStore, "secret".toCharArray()); SSLContext sslcontext = sslContextBuilder.build(); CloseableHttpClient httpClient = HttpClients.custom().setSslcontext(sslcontext).build(); return httpClient; }
From source file:org.metaeffekt.dcc.shell.RemoteAgentTest.java
private HttpClient newHttpClient() throws GeneralSecurityException, IOException { final char[] password = "DYKK8T8m9nKqBRPZ".toCharArray(); final KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(getClass().getResourceAsStream("/dcc-shell.keystore"), password); final KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(getClass().getResourceAsStream("/dcc-shell.truststore"), password); final SSLContextBuilder sslContextBuilder = SSLContexts.custom(); sslContextBuilder.loadKeyMaterial(keyStore, password); sslContextBuilder.loadTrustMaterial(trustStore); final HttpClientBuilder builder = HttpClientBuilder.create(); builder.setSslcontext(sslContextBuilder.build()); builder.setHostnameVerifier(new AllowAllHostnameVerifier()); final HttpClient client = builder.build(); return client; }
From source file:com.github.kpavlov.ssl.DynamicSSLSocketFactory.java
private SSLSocketFactory createSSLSocketFactory(String host) { try {// w w w . j a v a2 s .c o m final KeyStore keyStore = keyStoreProvider.getKeyStore(host); final KeyStore trustStore = keyStoreProvider.getTrustStore(host); final char[] keyPassword = keyPasswordProvider.getPassword(host); final SSLContextBuilder contextBuilder = SSLContexts.custom(); if (keyStore != null) { contextBuilder.loadKeyMaterial(keyStore, keyPassword); } if (trustStore != null) { contextBuilder.loadTrustMaterial(trustStore); } SSLContext sslContext = contextBuilder.useTLS().build(); return sslContext.getSocketFactory(); } catch (Exception e) { LOGGER.error("Unable to create SSLContext", e); } return null; }
From source file:com.floragunn.searchguard.test.helper.rest.RestHelper.java
protected final CloseableHttpClient getHTTPClient() throws Exception { final HttpClientBuilder hcb = HttpClients.custom(); if (enableHTTPClientSSL) { log.debug("Configure HTTP client with SSL"); final KeyStore myTrustStore = KeyStore.getInstance("JKS"); myTrustStore.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath(truststore)), "changeit".toCharArray()); final KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath(keystore)), "changeit".toCharArray()); final SSLContextBuilder sslContextbBuilder = SSLContexts.custom().useTLS(); if (trustHTTPServerCertificate) { sslContextbBuilder.loadTrustMaterial(myTrustStore); }/* w ww.j av a2 s. com*/ if (sendHTTPClientCertificate) { sslContextbBuilder.loadKeyMaterial(keyStore, "changeit".toCharArray()); } final SSLContext sslContext = sslContextbBuilder.build(); String[] protocols = null; if (enableHTTPClientSSLv3Only) { protocols = new String[] { "SSLv3" }; } else { protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" }; } final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, protocols, null, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); hcb.setSSLSocketFactory(sslsf); } hcb.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60 * 1000).build()); return hcb.build(); }
From source file:org.metaeffekt.dcc.agent.DccAgentTest.java
private HttpClient newHttpClient() throws GeneralSecurityException, IOException { final char[] password = "changeit".toCharArray(); final KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(DccAgentTest.class.getResourceAsStream("/client.keystore"), password); final KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(DccAgentTest.class.getResourceAsStream("/client.truststore"), password); final SSLContextBuilder sslContextBuilder = SSLContexts.custom(); sslContextBuilder.loadKeyMaterial(keyStore, password); sslContextBuilder.loadTrustMaterial(trustStore); final HttpClientBuilder builder = HttpClientBuilder.create(); builder.setSslcontext(sslContextBuilder.build()); builder.setHostnameVerifier(new AllowAllHostnameVerifier()); final HttpClient client = builder.build(); return client; }
From source file:com.floragunn.searchguard.ssl.AbstractUnitTest.java
protected final CloseableHttpClient getHTTPClient() throws Exception { final HttpClientBuilder hcb = HttpClients.custom(); if (enableHTTPClientSSL) { log.debug("Configure HTTP client with SSL"); final KeyStore myTrustStore = KeyStore.getInstance("JKS"); myTrustStore.load(new FileInputStream(getAbsoluteFilePathFromClassPath("truststore.jks")), "changeit".toCharArray()); final KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream(getAbsoluteFilePathFromClassPath("node-0-keystore.jks")), "changeit".toCharArray()); final SSLContextBuilder sslContextbBuilder = SSLContexts.custom().useTLS(); if (trustHTTPServerCertificate) { sslContextbBuilder.loadTrustMaterial(myTrustStore); }// ww w . j ava 2 s . c o m if (sendHTTPClientCertificate) { sslContextbBuilder.loadKeyMaterial(keyStore, "changeit".toCharArray()); } final SSLContext sslContext = sslContextbBuilder.build(); String[] protocols = null; if (enableHTTPClientSSLv3Only) { protocols = new String[] { "SSLv3" }; } else { protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" }; } final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, protocols, null, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); hcb.setSSLSocketFactory(sslsf); } hcb.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60 * 1000).build()); return hcb.build(); }
From source file:io.cloudslang.content.httpclient.build.conn.SSLConnectionSocketFactoryBuilder.java
protected void createTrustKeystore(SSLContextBuilder sslContextBuilder, boolean useTrustCert) { if (useTrustCert) { KeyStore trustKeyStore;//from www .j a v a 2 s . co m try { //todo should we do this 'create' in each and every step? trustKeyStore = createKeyStore(new URL(trustKeystore), trustPassword); sslContextBuilder.loadTrustMaterial(trustKeyStore); } catch (IOException ioe) { throw new IllegalArgumentException(ioe.getMessage() + ". " + BAD_TRUST_KEYSTORE_ERROR, ioe); } catch (GeneralSecurityException gse) { throw new IllegalArgumentException(gse.getMessage() + ". " + INVALID_TRUST_KEYSTORE_ERROR, gse); } } }
From source file:com.liferay.jsonwebserviceclient.JSONWebServiceClientImpl.java
protected SSLConnectionSocketFactory getSSLConnectionSocketFactory() { SSLContextBuilder sslContextBuilder = SSLContexts.custom(); SSLContext sslContext = null; try {/*from w w w . j a v a 2s.c om*/ sslContextBuilder.loadTrustMaterial(_keyStore); sslContext = sslContextBuilder.build(); sslContext.init(null, new TrustManager[] { new X509TrustManagerImpl() }, null); } catch (Exception e) { throw new RuntimeException(e); } return new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1" }, null, SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER); }
From source file:common.rest.client.transport.HttpClientSSLKeyStore.java
/** * Constructs the {@link org.apache.http.conn.socket.ConnectionSocketFactory} according to the options specified during the * construction time. The returned instance can be used to register an <b><tt>https</tt></b> * sheme in the {@link org.apache.http.conn.socket.ConnectionSocketFactory} while costructing an Apache HTTP client. * * @return <tt>SSLSocketFactory</tt> instance *///from w w w .ja v a 2s . com public LayeredConnectionSocketFactory getSocketFactory() { // @formatter:off final X509HostnameVerifier hostnameVerifier = m_disableHostnameVerifier ? SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER : SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; // @formatter:on try { SSLContextBuilder sslContextBuilder = SSLContexts.custom(); if (m_keyStore != null) { // this key store must contain the key/cert of the client sslContextBuilder.loadKeyMaterial(m_keyStore, m_keyStorePassword.toCharArray()); } if (m_trustStore != null) { // this key store must contain the certs needed and trusted to verify the servers cert sslContextBuilder.loadTrustMaterial(m_trustStore); } return new SSLConnectionSocketFactory(sslContextBuilder.build(), hostnameVerifier); } catch (Exception e) { throw new IllegalStateException("Failed to create SSL Socket Factory", e); } }