Example usage for org.apache.http.conn.ssl SSLContextBuilder setSecureRandom

List of usage examples for org.apache.http.conn.ssl SSLContextBuilder setSecureRandom

  1. HOME
  2. Java
  3. org.apache.http
  4. org.apache.http.conn.ssl.*
  5. SSLContextBuilder
  6. setSecureRandom

Introduction

In this page you can find the example usage for org.apache.http.conn.ssl SSLContextBuilder setSecureRandom.

Prototype

public SSLContextBuilder setSecureRandom(final SecureRandom secureRandom)

Source Link

Usage

From source file:org.apache.solr.util.SSLTestConfig.java

/**
 * Builds a new SSLContext for jetty servers which have been configured based on the settings of 
 * this object./*from w w w.  ja  v  a  2  s.  c o  m*/
 *
 * NOTE: Uses a completely insecure {@link SecureRandom} instance to prevent tests from blocking 
 * due to lack of entropy, also explicitly allows the use of self-signed 
 * certificates (since that's what is almost always used during testing).
 * almost always used during testing). 
 */
public SSLContext buildServerSSLContext()
        throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {

    assert isSSLMode();

    SSLContextBuilder builder = SSLContexts.custom();
    builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);

    builder.loadKeyMaterial(buildKeyStore(keyStore, getKeyStorePassword()),
            getKeyStorePassword().toCharArray());

    if (isClientAuthMode()) {
        builder.loadTrustMaterial(buildKeyStore(trustStore, getTrustStorePassword()),
                new TrustSelfSignedStrategy()).build();

    }

    return builder.build();
}

From source file:org.apache.solr.util.SSLTestConfig.java

/**
 * Builds a new SSLContext for HTTP <b>clients</b> to use when communicating with servers which have 
 * been configured based on the settings of this object.  
 *
 * NOTE: Uses a completely insecure {@link SecureRandom} instance to prevent tests from blocking 
 * due to lack of entropy, also explicitly allows the use of self-signed 
 * certificates (since that's what is almost always used during testing).
 *//*from  w w w. jav a2  s  .  c  o m*/
public SSLContext buildClientSSLContext()
        throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {

    assert isSSLMode();

    SSLContextBuilder builder = SSLContexts.custom();
    builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);

    // NOTE: KeyStore & TrustStore are swapped because they are from configured from server perspective...
    // we are a client - our keystore contains the keys the server trusts, and vice versa
    builder.loadTrustMaterial(buildKeyStore(keyStore, getKeyStorePassword()), new TrustSelfSignedStrategy())
            .build();

    if (isClientAuthMode()) {
        builder.loadKeyMaterial(buildKeyStore(trustStore, getTrustStorePassword()),
                getTrustStorePassword().toCharArray());

    }

    return builder.build();
}

From source file:org.bonitasoft.connectors.rest.RESTConnector.java

/**
 * Set the request builder based on the request
 * //ww  w.  jav  a 2 s. co  m
 * @param ssl The request SSL options
 * @param httpClientBuilder The request builder
 * @throws Exception
 */
private void setSSL(final SSL ssl, final HttpClientBuilder httpClientBuilder) throws Exception {
    if (ssl != null) {
        final SSLContextBuilder sslContextBuilder = new SSLContextBuilder();

        if (ssl.getTrustStore() != null) {
            final KeyStore trustStore = ssl.getTrustStore().generateKeyStore();
            if (ssl.isUseSelfSignedCertificate()) {
                sslContextBuilder.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy());
            } else {
                sslContextBuilder.loadTrustMaterial(trustStore);
            }
        }

        if (ssl.getKeyStore() != null) {
            final KeyStore keyStore = ssl.getKeyStore().generateKeyStore();
            final String keyStorePassword = ssl.getKeyStore().getPassword();
            sslContextBuilder.loadKeyMaterial(keyStore, keyStorePassword.toCharArray());
        }

        sslContextBuilder.setSecureRandom(null);

        if (ssl.isUseTLS()) {
            sslContextBuilder.useTLS();
        } else {
            sslContextBuilder.useSSL();
        }

        final SSLVerifier verifier = ssl.getSslVerifier();
        X509HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER;
        switch (verifier) {
        case BROWSER:
            hostnameVerifier = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
            break;
        case ALLOW:
            hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
            break;
        case STRICT:
            hostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER;
            break;
        default:
            hostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER;
            break;
        }

        final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
                sslContextBuilder.build(), hostnameVerifier);
        httpClientBuilder.setSSLSocketFactory(socketFactory);
    }
}