List of usage examples for org.apache.http.conn.ssl SSLContexts custom
public static SSLContextBuilder custom()
From source file:org.codice.ddf.commands.solr.SolrHttpWrapper.java
private SSLContext getSslContext() { String keystorePath = System.getProperty(SecurityConstants.KEYSTORE_PATH); String keystorePassword = System.getProperty(SecurityConstants.KEYSTORE_PASSWORD); String truststorePath = System.getProperty(SecurityConstants.TRUSTSTORE_PATH); String truststorePassword = System.getProperty(SecurityConstants.TRUSTSTORE_PASSWORD); if (keystorePath == null || keystorePassword == null || truststorePath == null || truststorePassword == null) { throw new IllegalArgumentException("KeyStore and TrustStore system properties must be set."); }/*from w ww. ja va 2 s . c om*/ KeyStore trustStore = getKeyStore(truststorePath, truststorePassword); KeyStore keyStore = getKeyStore(keystorePath, keystorePassword); SSLContext sslContext; try { sslContext = SSLContexts.custom().loadKeyMaterial(keyStore, keystorePassword.toCharArray()) .loadTrustMaterial(trustStore).useTLS().build(); } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { LOGGER.error("Unable to create secure HttpClient", e); return null; } sslContext.getDefaultSSLParameters().setNeedClientAuth(true); sslContext.getDefaultSSLParameters().setWantClientAuth(true); return sslContext; }
From source file:org.codice.solr.factory.impl.HttpClientBuilder.java
private static SSLContext getSslContext() { final Boolean check = AccessController .doPrivileged((PrivilegedAction<Boolean>) () -> (System.getProperty(KEY_STORE) == null || System.getProperty(KEY_STORE_PASS) == null || System.getProperty(TRUST_STORE) == null || System.getProperty(TRUST_STORE_PASS) == null)); if (check) {//from w ww . j a v a 2 s . c om throw new IllegalArgumentException("KeyStore and TrustStore system properties must be set."); } final KeyStore[] trustStore = new KeyStore[1]; final KeyStore[] keyStore = new KeyStore[1]; AccessController.doPrivileged((PrivilegedAction<Object>) () -> { trustStore[0] = getKeyStore(System.getProperty(TRUST_STORE), System.getProperty(TRUST_STORE_PASS)); keyStore[0] = getKeyStore(System.getProperty(KEY_STORE), System.getProperty(KEY_STORE_PASS)); return null; }); SSLContext sslContext = null; try { sslContext = SSLContexts.custom().loadKeyMaterial(keyStore[0], AccessController .doPrivileged((PrivilegedAction<String>) () -> System.getProperty(KEY_STORE_PASS)) .toCharArray()) .loadTrustMaterial(trustStore[0]).useTLS().build(); sslContext.getDefaultSSLParameters().setNeedClientAuth(true); sslContext.getDefaultSSLParameters().setWantClientAuth(true); } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { throw new IllegalArgumentException( "Unable to use javax.net.ssl.keyStorePassword to load key material to create SSL context for Solr client."); } return sslContext; }
From source file:org.codice.solr.factory.SolrClientFactory.java
private static SSLContext getSslContext() { if (System.getProperty("javax.net.ssl.keyStore") == null || System.getProperty("javax.net.ssl.keyStorePassword") == null || System.getProperty("javax.net.ssl.trustStore") == null || System.getProperty("javax.net.ssl.trustStorePassword") == null) { throw new IllegalArgumentException("KeyStore and TrustStore system properties must be" + " set."); }//from ww w .jav a 2 s .c o m KeyStore trustStore = getKeyStore(System.getProperty("javax.net.ssl.trustStore"), System.getProperty("javax.net.ssl.trustStorePassword")); KeyStore keyStore = getKeyStore(System.getProperty("javax.net.ssl.keyStore"), System.getProperty("javax.net.ssl.keyStorePassword")); SSLContext sslContext = null; try { sslContext = SSLContexts.custom() .loadKeyMaterial(keyStore, System.getProperty("javax.net.ssl.keyStorePassword").toCharArray()) .loadTrustMaterial(trustStore).useTLS().build(); } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { LOGGER.error("Unable to create secure HttpClient", e); return null; } sslContext.getDefaultSSLParameters().setNeedClientAuth(true); sslContext.getDefaultSSLParameters().setWantClientAuth(true); return sslContext; }
From source file:org.jasig.cas.authentication.FileTrustStoreSslSocketFactory.java
/** * Gets the trusted ssl context.//w w w . j a v a2 s .co m * * @param trustStoreFile the trust store file * @param trustStorePassword the trust store password * @param trustStoreType the trust store type * @return the trusted ssl context */ private static SSLContext getTrustedSslContext(final File trustStoreFile, final String trustStorePassword, final String trustStoreType) { try { if (!trustStoreFile.exists() || !trustStoreFile.canRead()) { throw new FileNotFoundException( "Truststore file cannot be located at " + trustStoreFile.getCanonicalPath()); } final FileInputStream casStream = new FileInputStream(trustStoreFile); final KeyStore casTrustStore = KeyStore.getInstance(trustStoreType); final char[] trustStorePasswordCharArray = trustStorePassword.toCharArray(); casTrustStore.load(casStream, trustStorePasswordCharArray); IOUtils.closeQuietly(casStream); final String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); final X509KeyManager customKeyManager = getKeyManager("PKIX", casTrustStore, trustStorePasswordCharArray); final X509KeyManager jvmKeyManager = getKeyManager(defaultAlgorithm, null, null); final X509TrustManager customTrustManager = getTrustManager("PKIX", casTrustStore); final X509TrustManager jvmTrustManager = getTrustManager(defaultAlgorithm, null); final KeyManager[] keyManagers = { new CompositeX509KeyManager(Arrays.asList(jvmKeyManager, customKeyManager)) }; final TrustManager[] trustManagers = { new CompositeX509TrustManager(Arrays.asList(jvmTrustManager, customTrustManager)) }; final SSLContext context = SSLContexts.custom().useSSL().build(); context.init(keyManagers, trustManagers, null); return context; } catch (final Exception e) { LOGGER.error(e.getMessage(), e); throw new RuntimeException(e); } }
From source file:org.jboss.as.test.integration.security.common.SSLTruststoreUtil.java
public static HttpClient getHttpClientWithSSL(File keyStoreFile, String keyStorePassword, File trustStoreFile, String trustStorePassword) { try {/*from w ww .ja v a2 s . c o m*/ final KeyStore truststore = loadKeyStore(trustStoreFile, trustStorePassword.toCharArray()); final KeyStore keystore = keyStoreFile != null ? loadKeyStore(keyStoreFile, keyStorePassword.toCharArray()) : null; SSLContextBuilder sslContextBuilder = SSLContexts.custom().useTLS().loadTrustMaterial(truststore); if (keyStoreFile != null) { sslContextBuilder.loadKeyMaterial(keystore, keyStorePassword.toCharArray()); } SSLContext sslContext = sslContextBuilder.build(); SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, new AllowAllHostnameVerifier()); Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create() .register("http", PlainConnectionSocketFactory.getSocketFactory()) .register("https", socketFactory).build(); return HttpClientBuilder.create().setSSLSocketFactory(socketFactory) .setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) .setConnectionManager(new PoolingHttpClientConnectionManager(registry)) .setSchemePortResolver(new DefaultSchemePortResolver()).build(); } catch (Exception e) { LOGGER.error( "Creating HttpClient with customized SSL failed. We are returning the default one instead.", e); return HttpClients.createDefault(); } }
From source file:org.opennms.core.web.HttpClientWrapper.java
/** * Trust self-signed certificates./* w w w . j a v a2 s . c o m*/ * @throws GeneralSecurityException */ public HttpClientWrapper trustSelfSigned(final String scheme) throws GeneralSecurityException { LOG.debug("trustSelfSigned: scheme={}", scheme); assertNotInitialized(); m_sslContext.put(scheme, SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).useTLS().build()); return this; }