List of usage examples for org.apache.http.conn.ssl SSLContextBuilder useTLS
public SSLContextBuilder useTLS()
From source file:com.esri.geoevent.test.performance.provision.GeoEventProvisioner.java
private SSLConnectionSocketFactory getSSLSocketFactory() { KeyStore trustStore;/*from w w w.ja v a 2s .c o m*/ try { trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); TrustStrategy trustStrategy = new TrustStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }; SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); sslContextBuilder.loadTrustMaterial(trustStore, trustStrategy); sslContextBuilder.useTLS(); SSLContext sslContext = sslContextBuilder.build(); SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext); return sslSocketFactory; } catch (GeneralSecurityException | IOException e) { System.err.println("SSL Error : " + e.getMessage()); } return null; }
From source file:com.github.kpavlov.ssl.DynamicSSLSocketFactory.java
private SSLSocketFactory createSSLSocketFactory(String host) { try {/*from w w w . j ava 2 s . co m*/ final KeyStore keyStore = keyStoreProvider.getKeyStore(host); final KeyStore trustStore = keyStoreProvider.getTrustStore(host); final char[] keyPassword = keyPasswordProvider.getPassword(host); final SSLContextBuilder contextBuilder = SSLContexts.custom(); if (keyStore != null) { contextBuilder.loadKeyMaterial(keyStore, keyPassword); } if (trustStore != null) { contextBuilder.loadTrustMaterial(trustStore); } SSLContext sslContext = contextBuilder.useTLS().build(); return sslContext.getSocketFactory(); } catch (Exception e) { LOGGER.error("Unable to create SSLContext", e); } return null; }
From source file:ru.anr.base.facade.web.api.RestClient.java
/** * Configuring an apache client to support untrusted ssl connections. This * can be useful for test purposes only. * // www . ja v a2s . c o m * @return Apache {@link HttpClient} */ private HttpClient buildSSLClient() { TrustStrategy acceptingTrustStrategy = new TrustStrategy() { @Override public boolean isTrusted(X509Certificate[] certificate, String authType) { return true; } }; try { SSLContextBuilder sslBuilder = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy); SSLContext sslContext = sslBuilder.useTLS().build(); SSLConnectionSocketFactory sf = new SSLConnectionSocketFactory(sslContext, new AllowAllHostnameVerifier()); return HttpClients.custom().setSSLSocketFactory(sf).build(); } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException ex) { throw new ApplicationException(ex); } }
From source file:org.jenkinsci.plugins.bitbucketNotifier.BitbucketNotifier.java
/** * Helper in place to allow us to define out HttpClient SSL context * * @param ignoreUnverifiedSSL//www .j a v a2 s . c o m * @param credentials * @return * @throws UnrecoverableKeyException * @throws NoSuchAlgorithmException * @throws KeyStoreException * @throws KeyManagementException */ private SSLContext buildSslContext(boolean ignoreUnverifiedSSL, Credentials credentials) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException { SSLContextBuilder customContext = SSLContexts.custom(); if (credentials instanceof CertificateCredentials) { customContext = customContext.loadKeyMaterial(((CertificateCredentials) credentials).getKeyStore(), ((CertificateCredentials) credentials).getPassword().getPlainText().toCharArray()); } if (ignoreUnverifiedSSL) { TrustStrategy easyStrategy = new TrustStrategy() { public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }; customContext = customContext.loadTrustMaterial(null, easyStrategy); } return customContext.useTLS().build(); }
From source file:org.bonitasoft.connectors.rest.RESTConnector.java
/** * Set the request builder based on the request * // w ww . java 2 s. co m * @param ssl The request SSL options * @param httpClientBuilder The request builder * @throws Exception */ private void setSSL(final SSL ssl, final HttpClientBuilder httpClientBuilder) throws Exception { if (ssl != null) { final SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); if (ssl.getTrustStore() != null) { final KeyStore trustStore = ssl.getTrustStore().generateKeyStore(); if (ssl.isUseSelfSignedCertificate()) { sslContextBuilder.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()); } else { sslContextBuilder.loadTrustMaterial(trustStore); } } if (ssl.getKeyStore() != null) { final KeyStore keyStore = ssl.getKeyStore().generateKeyStore(); final String keyStorePassword = ssl.getKeyStore().getPassword(); sslContextBuilder.loadKeyMaterial(keyStore, keyStorePassword.toCharArray()); } sslContextBuilder.setSecureRandom(null); if (ssl.isUseTLS()) { sslContextBuilder.useTLS(); } else { sslContextBuilder.useSSL(); } final SSLVerifier verifier = ssl.getSslVerifier(); X509HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; switch (verifier) { case BROWSER: hostnameVerifier = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; break; case ALLOW: hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; break; case STRICT: hostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; break; default: hostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; break; } final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( sslContextBuilder.build(), hostnameVerifier); httpClientBuilder.setSSLSocketFactory(socketFactory); } }
From source file:org.openscore.content.httpclient.build.conn.SSLConnectionSocketFactoryBuilder.java
public SSLConnectionSocketFactory build() { if (!"true".equalsIgnoreCase(trustAllRootsStr) && !"false".equalsIgnoreCase(trustAllRootsStr)) { throw new IllegalArgumentException("'trustAllRoots' can only be 'true' or 'false'"); }/*w ww .j a v a 2 s.com*/ boolean trustAllRoots = Boolean.parseBoolean(trustAllRootsStr); SSLContextBuilder sslContextBuilder = SSLContexts.custom(); if (!trustAllRoots) { boolean useClientCert = !StringUtils.isEmpty(keystore); //validate SSL certificates sent by the server boolean useTrustCert = !StringUtils.isEmpty(trustKeystore); String javaKeystore = System.getProperty("java.home") + "/lib/security/cacerts"; boolean storeExists = new File(javaKeystore).exists(); if (!useClientCert && storeExists) { keystore = "file:" + javaKeystore; keystorePassword = (StringUtils.isEmpty(keystorePassword)) ? "changeit" : keystorePassword; useClientCert = true; } else if (useClientCert && !keystore.startsWith("http")) { keystore = "file:" + keystore; } if (!useTrustCert && storeExists) { trustKeystore = "file:" + javaKeystore; trustPassword = (StringUtils.isEmpty(trustPassword)) ? "changeit" : trustPassword; useTrustCert = true; } else if (useTrustCert && !trustKeystore.startsWith("http")) { trustKeystore = "file:" + trustKeystore; } createTrustKeystore(sslContextBuilder, useTrustCert); //todo client key authentication should not depend on 'trustAllRoots' createKeystore(sslContextBuilder, useClientCert); } else { try { //need to override isTrusted() method to accept CA certs because the Apache HTTP Client ver.4.3 will only accepts self-signed certificates sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }); } catch (Exception e) { throw new IllegalArgumentException(e.getMessage() + ". " + TRUST_ALL_ROOTS_ERROR + trustAllRoots, e); } } sslContextBuilder.useSSL(); sslContextBuilder.useTLS(); SSLConnectionSocketFactory sslsf; try { String x509HostnameVerifierStr = x509HostnameVerifier.toLowerCase(); X509HostnameVerifier x509HostnameVerifier = null; switch (x509HostnameVerifierStr) { case "strict": x509HostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; break; case "browser_compatible": x509HostnameVerifier = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; break; case "allow_all": x509HostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; break; default: x509HostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; } sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), x509HostnameVerifier); } catch (Exception e) { throw new RuntimeException(e.getMessage() + ". " + SSL_CONNECTION_ERROR, e); } return sslsf; }
From source file:io.cloudslang.content.httpclient.build.conn.SSLConnectionSocketFactoryBuilder.java
public SSLConnectionSocketFactory build() { if (!"true".equalsIgnoreCase(trustAllRootsStr) && !"false".equalsIgnoreCase(trustAllRootsStr)) { throw new IllegalArgumentException("'trustAllRoots' can only be 'true' or 'false'"); }/* w ww .ja v a 2s .co m*/ boolean trustAllRoots = Boolean.parseBoolean(trustAllRootsStr); SSLContextBuilder sslContextBuilder = SSLContexts.custom(); if (!trustAllRoots) { boolean useClientCert = !StringUtils.isEmpty(keystore); //validate SSL certificates sent by the server boolean useTrustCert = !StringUtils.isEmpty(trustKeystore); String javaKeystore = System.getProperty("java.home") + "/lib/security/cacerts"; boolean storeExists = new File(javaKeystore).exists(); if (!useClientCert && storeExists) { keystore = "file:" + javaKeystore; keystorePassword = (StringUtils.isEmpty(keystorePassword)) ? "changeit" : keystorePassword; useClientCert = true; } else if (useClientCert && !keystore.startsWith("http")) { keystore = "file:" + keystore; } if (!useTrustCert && storeExists) { trustKeystore = "file:" + javaKeystore; trustPassword = (StringUtils.isEmpty(trustPassword)) ? "changeit" : trustPassword; useTrustCert = true; } else if (useTrustCert && !trustKeystore.startsWith("http")) { trustKeystore = "file:" + trustKeystore; } createTrustKeystore(sslContextBuilder, useTrustCert); //todo client key authentication should not depend on 'trustAllRoots' createKeystore(sslContextBuilder, useClientCert); } else { try { //need to override isTrusted() method to accept CA certs because the Apache HTTP Client ver.4.3 will only accepts self-signed certificates sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }); } catch (Exception e) { throw new IllegalArgumentException(e.getMessage() + ". " + TRUST_ALL_ROOTS_ERROR + trustAllRoots, e); } } sslContextBuilder.useSSL(); sslContextBuilder.useTLS(); SSLConnectionSocketFactory sslsf; try { String x509HostnameVerifierStr = x509HostnameVerifierInputValue.toLowerCase(); X509HostnameVerifier x509HostnameVerifier; switch (x509HostnameVerifierStr) { case "strict": x509HostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; break; case "browser_compatible": x509HostnameVerifier = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; break; case "allow_all": x509HostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; break; default: throw new IllegalArgumentException("Invalid value '" + x509HostnameVerifierInputValue + "' for input 'x509HostnameVerifier'. Valid values: 'strict','browser_compatible','allow_all'."); } // Allow SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols only. Client-server communication starts with TLSv1.2 and fallbacks to SSLv3 if needed. sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), SUPPORTED_PROTOCOLS, null, x509HostnameVerifier); } catch (Exception e) { if (e instanceof IllegalArgumentException) { throw new IllegalArgumentException(e.getMessage()); } throw new RuntimeException(e.getMessage() + ". " + SSL_CONNECTION_ERROR, e); } return sslsf; }