List of usage examples for org.apache.http.conn.ssl SSLContextBuilder loadTrustMaterial
public SSLContextBuilder loadTrustMaterial(final KeyStore truststore) throws NoSuchAlgorithmException, KeyStoreException
From source file:com.floragunn.searchguard.AbstractUnitTest.java
protected final CloseableHttpClient getHTTPClient() throws Exception { final HttpClientBuilder hcb = HttpClients.custom(); if (enableHTTPClientSSL) { log.debug("Configure HTTP client with SSL"); final KeyStore myTrustStore = KeyStore.getInstance("JKS"); myTrustStore.load(new FileInputStream(getAbsoluteFilePathFromClassPath("truststore.jks")), "changeit".toCharArray()); final KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream(getAbsoluteFilePathFromClassPath(keystore)), "changeit".toCharArray()); final SSLContextBuilder sslContextbBuilder = SSLContexts.custom().useTLS(); if (trustHTTPServerCertificate) { sslContextbBuilder.loadTrustMaterial(myTrustStore); }//from w w w . j a va2 s. co m if (sendHTTPClientCertificate) { sslContextbBuilder.loadKeyMaterial(keyStore, "changeit".toCharArray()); } final SSLContext sslContext = sslContextbBuilder.build(); String[] protocols = null; if (enableHTTPClientSSLv3Only) { protocols = new String[] { "SSLv3" }; } else { protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" }; } final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, protocols, null, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); hcb.setSSLSocketFactory(sslsf); } hcb.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60 * 1000).build()); return hcb.build(); }
From source file:org.metaeffekt.dcc.controller.execution.RemoteExecutor.java
private CloseableHttpClient instantiateHttpClientWithTimeout() throws IOException, GeneralSecurityException { final KeyStore keyStore = loadKeyStore(sslConfiguration.getKeyStoreLocation(), sslConfiguration.getKeyStorePassword()); final KeyStore trustStore = loadKeyStore(sslConfiguration.getTrustStoreLocation(), sslConfiguration.getTrustStorePassword()); final SSLContextBuilder sslContextBuilder = SSLContexts.custom(); sslContextBuilder.loadKeyMaterial(keyStore, sslConfiguration.getKeyStorePassword()); sslContextBuilder.loadTrustMaterial(trustStore); final HttpClientBuilder builder = HttpClientBuilder.create(); builder.setSslcontext(sslContextBuilder.build()); builder.setHostnameVerifier(new AllowAllHostnameVerifier()); final CloseableHttpClient client = builder.build(); return client; }
From source file:net.jimj.automaton.Bot.java
private void connect() { LOGGER.debug("Connecting..."); try {//from ww w . j a v a 2s . c om SSLContext ctx = null; if (StringUtils.isNotBlank(config.getIrcKeystoreLocation())) { SSLContextBuilder ctxBuilder = SSLContexts.custom(); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try (FileInputStream keyInStream = new FileInputStream( new File(config.getIrcKeystoreLocation()));) { trustStore.load(keyInStream, config.getIrcKeystorePassword().toCharArray()); } ctxBuilder.loadTrustMaterial(trustStore); ctx = ctxBuilder.build(); } IRCConnection.Builder connectionBuilder = IRCConnection.builder().withHost(config.getServer()) .withNick(config.getNick()); if (config.getPort() != -1) { connectionBuilder = connectionBuilder.withPort(config.getPort()).withSSLContext(ctx); } IRCConnection ircConnection = connectionBuilder.withListener(this).build(); ircConnection.connect(); ircClient = new IRCClient(ircConnection); } catch (Exception e) { LOGGER.error("Exception in go method ", e); } }
From source file:io.fabric8.elasticsearch.ElasticsearchIntegrationTest.java
protected final CloseableHttpClient getHttpClient() throws Exception { final HttpClientBuilder hcb = HttpClients.custom(); if (enableHttpClientSSL) { log.debug("Configure HTTP client with SSL"); final KeyStore myTrustStore = KeyStore.getInstance("JKS"); myTrustStore.load(new FileInputStream(truststore), password.toCharArray()); final KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream(keystore), password.toCharArray()); final SSLContextBuilder sslContextbBuilder = SSLContexts.custom().useTLS(); if (trustHttpServerCertificate) { sslContextbBuilder.loadTrustMaterial(myTrustStore); }/*from w ww. j a v a2 s . co m*/ if (sendHttpClientCertificate) { sslContextbBuilder.loadKeyMaterial(keyStore, "changeit".toCharArray()); } final SSLContext sslContext = sslContextbBuilder.build(); String[] protocols = null; if (enableHttpClientSSLv3Only) { protocols = new String[] { "SSLv3" }; } else { protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" }; } final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, protocols, null, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); hcb.setSSLSocketFactory(sslsf); } hcb.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60 * 1000).build()); return hcb.build(); }
From source file:org.apache.sling.discovery.etcd.EtcdDiscoveryService.java
private void buildHttpClient(@Nonnull String keystoreFilePath, @Nonnull String keystorePwdFilePath) { boolean hasKeyStore = !isEmpty(keystoreFilePath); RequestConfig requestConfig = RequestConfig.custom().setSocketTimeout(socketTimeout) .setConnectTimeout(connectionTimeout).setRedirectsEnabled(true).setStaleConnectionCheckEnabled(true) .build();//from w w w . j a v a 2 s .c o m HttpClientBuilder builder = HttpClients.custom().setDefaultRequestConfig(requestConfig) .addInterceptorFirst(new GzipRequestInterceptor()) .addInterceptorFirst(new GzipResponseInterceptor()); if (hasKeyStore) { final SSLContextBuilder sslContextBuilder = SSLContexts.custom(); LOG.info("Loading keystore from file: {}", keystoreFilePath); char[] pwd = readPwd(keystorePwdFilePath); try { KeyStore keystore = loadKeyStore(keystoreFilePath, pwd); sslContextBuilder.loadTrustMaterial(keystore); sslContextBuilder.loadKeyMaterial(keystore, pwd); LOG.info("Setup custom SSL context"); SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory( sslContextBuilder.build()); Registry<ConnectionSocketFactory> connectionSocketFactory = RegistryBuilder .<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.INSTANCE) .register("https", sslConnectionSocketFactory).build(); builder.setSSLSocketFactory(sslConnectionSocketFactory); connectionManager = new PoolingHttpClientConnectionManager(connectionSocketFactory); } catch (UnrecoverableKeyException e) { throw wrap(e); } catch (NoSuchAlgorithmException e) { throw wrap(e); } catch (KeyStoreException e) { throw wrap(e); } catch (KeyManagementException e) { throw wrap(e); } finally { reset(pwd); } } else { connectionManager = new PoolingHttpClientConnectionManager(); } builder.setConnectionManager(connectionManager); httpClient = builder.build(); }
From source file:com.floragunn.searchguard.httpclient.HttpClient.java
private final CloseableHttpClient createHTTPClient() throws NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException, KeyManagementException { // basic auth // pki auth/*www . j av a 2s . c o m*/ // kerberos auth final org.apache.http.impl.client.HttpClientBuilder hcb = HttpClients.custom(); if (ssl) { final SSLContextBuilder sslContextbBuilder = SSLContexts.custom().useTLS(); if (log.isTraceEnabled()) { log.trace("Configure HTTP client with SSL"); } if (trustStore != null) { final KeyStore myTrustStore = KeyStore .getInstance(trustStore.getName().endsWith("jks") ? "JKS" : "PKCS12"); myTrustStore.load(new FileInputStream(trustStore), truststorePassword == null || truststorePassword.isEmpty() ? null : truststorePassword.toCharArray()); sslContextbBuilder.loadTrustMaterial(myTrustStore); } if (keystore != null) { final KeyStore keyStore = KeyStore .getInstance(keystore.getName().endsWith("jks") ? "JKS" : "PKCS12"); keyStore.load(new FileInputStream(keystore), keystorePassword == null || keystorePassword.isEmpty() ? null : keystorePassword.toCharArray()); sslContextbBuilder.loadKeyMaterial(keyStore, keystorePassword == null || keystorePassword.isEmpty() ? null : keystorePassword.toCharArray()); } final SSLContext sslContext = sslContextbBuilder.build(); final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1.1", "TLSv1.2" }, null, verifyHostnames ? SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER : SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); hcb.setSSLSocketFactory(sslsf); } /*if (keytab != null) { //System.setProperty("java.security.auth.login.config", "login.conf"); //System.setProperty("java.security.krb5.conf", "krb5.conf"); final CredentialsProvider credsProvider = new BasicCredentialsProvider(); //SPNEGO/Kerberos setup log.debug("SPNEGO activated"); final AuthSchemeProvider nsf = new LoginSPNegoSchemeFactory(true); final Credentials jaasCreds = new JaasCredentials(); credsProvider.setCredentials(new AuthScope(null, -1, null, AuthSchemes.SPNEGO), jaasCreds); credsProvider.setCredentials(new AuthScope(null, -1, null, AuthSchemes.NTLM), new NTCredentials("Guest", "Guest", "Guest", "Guest")); final Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider> create() .register(AuthSchemes.SPNEGO, nsf).register(AuthSchemes.NTLM, new NTLMSchemeFactory()).build(); hcb.setDefaultAuthSchemeRegistry(authSchemeRegistry); hcb.setDefaultCredentialsProvider(credsProvider); }*/ if (basicCredentials != null) { hcb.setDefaultHeaders( Lists.newArrayList(new BasicHeader(HttpHeaders.AUTHORIZATION, "Basic " + basicCredentials))); } return hcb.build(); }