List of usage examples for org.apache.http.ssl SSLContextBuilder loadKeyMaterial
public SSLContextBuilder loadKeyMaterial(final KeyStore keystore, final char[] keyPassword) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException
From source file:org.syslog_ng.elasticsearch_v2.client.http.ESHttpsClient.java
private void loadKeyMaterial(SSLContextBuilder sslContextBuilder, KeyStore keyStore, String password) { try {/* ww w .j a v a2 s .c om*/ sslContextBuilder.loadKeyMaterial(keyStore, password.toCharArray()); } catch (NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e) { throw new ESHttpClient.HttpClientBuilderException("Error loading keyStore material", e); } }
From source file:com.thoughtworks.go.agent.common.ssl.GoAgentServerHttpClientBuilder.java
public CloseableHttpClient build() throws Exception { HttpClientBuilder builder = HttpClients.custom(); builder.useSystemProperties();/*from w w w.j a v a2s. c om*/ builder.setDefaultSocketConfig(SocketConfig.custom().setTcpNoDelay(true).setSoKeepAlive(true).build()) .setKeepAliveStrategy(DefaultConnectionKeepAliveStrategy.INSTANCE); HostnameVerifier hostnameVerifier = sslVerificationMode.verifier(); TrustStrategy trustStrategy = sslVerificationMode.trustStrategy(); KeyStore trustStore = agentTruststore(); SSLContextBuilder sslContextBuilder = SSLContextBuilder.create().useProtocol( systemEnvironment.get(SystemEnvironment.GO_SSL_TRANSPORT_PROTOCOL_TO_BE_USED_BY_AGENT)); if (trustStore != null || trustStrategy != null) { sslContextBuilder.loadTrustMaterial(trustStore, trustStrategy); } sslContextBuilder.loadKeyMaterial(agentKeystore(), keystorePassword().toCharArray()); SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory( sslContextBuilder.build(), hostnameVerifier); builder.setSSLSocketFactory(sslConnectionSocketFactory); return builder.build(); }
From source file:net.maritimecloud.identityregistry.keycloak.spi.eventprovider.McEventListenerProvider.java
private CloseableHttpClient buildHttpClient() { KeyStore keyStore = null;//from w w w.j a v a 2 s.c om KeyStore trustStore = null; FileInputStream instreamKeystore = null; FileInputStream instreamTruststore = null; try { keyStore = KeyStore.getInstance("jks"); instreamKeystore = new FileInputStream(keystorePath); keyStore.load(instreamKeystore, keystorePassword.toCharArray()); if (truststorePath != null && !truststorePath.isEmpty()) { trustStore = KeyStore.getInstance("jks"); instreamTruststore = new FileInputStream(truststorePath); trustStore.load(instreamTruststore, truststorePassword.toCharArray()); } } catch (NoSuchAlgorithmException e) { log.error("Threw exception", e); return null; } catch (CertificateException e) { log.error("Threw exception", e); return null; } catch (IOException e) { log.error("Threw exception", e); return null; } catch (KeyStoreException e) { log.error("Threw exception", e); return null; } finally { try { if (instreamKeystore != null) { instreamKeystore.close(); } if (instreamTruststore != null) { instreamTruststore.close(); } } catch (IOException e) { log.error("Threw exception", e); } } // Trust own CA and all self-signed certs SSLContext sslcontext; try { SSLContextBuilder sslContextBuilder = SSLContexts.custom(); sslContextBuilder.loadKeyMaterial(keyStore, keystorePassword.toCharArray()); // If you have a trust store - should only be needed when the site we contact use self-signed certificates. if (trustStore != null) { sslContextBuilder.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()); } sslContextBuilder.loadKeyMaterial(keyStore, keystorePassword.toCharArray()); sslcontext = sslContextBuilder.build(); } catch (KeyManagementException e) { log.error("Threw exception", e); return null; } catch (UnrecoverableKeyException e) { log.error("Threw exception", e); return null; } catch (NoSuchAlgorithmException e) { log.error("Threw exception", e); return null; } catch (KeyStoreException e) { log.error("Threw exception", e); return null; } SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, new NoopHostnameVerifier()); CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build(); return httpclient; }
From source file:org.ulyssis.ipp.publisher.HttpOutput.java
private SSLContext createSslCustomContext() { try {/* w w w . j a v a 2 s. c o m*/ SSLContextBuilder builder = SSLContexts.custom(); if (options.getKeystore().isPresent()) { KeyStore cks = KeyStore.getInstance(KeyStore.getDefaultType()); cks.load(new FileInputStream(options.getKeystore().get().toFile()), options.getKeystorePass().toCharArray()); builder.loadKeyMaterial(cks, options.getKeystorePass().toCharArray()); } if (options.getTruststore().isPresent()) { KeyStore tks = KeyStore.getInstance(KeyStore.getDefaultType()); tks.load(new FileInputStream(options.getTruststore().get().toFile()), options.getTruststorePass().toCharArray()); builder.loadTrustMaterial(tks, new TrustSelfSignedStrategy()); } if (!options.getKeystore().isPresent() && !options.getKeystore().isPresent()) { return SSLContext.getDefault(); } return builder.build(); } catch (Exception e) { // TODO: DO SOMETHING WITH THE EXCEPTION! LOG.error("Exception", e); } return null; }
From source file:org.ulyssis.ipp.publisher.HttpServerPublisher.java
private SSLContext sslContext() { try {/* www . ja v a2 s . co m*/ KeyStore cks = KeyStore.getInstance(KeyStore.getDefaultType()); cks.load(new FileInputStream(options.getKeystore().get().toFile()), options.getKeystorePass().toCharArray()); SSLContextBuilder builder = SSLContexts.custom(); if (options.getTruststore().isPresent()) { KeyStore tks = KeyStore.getInstance(KeyStore.getDefaultType()); tks.load(new FileInputStream(options.getTruststore().get().toFile()), options.getTruststorePass().toCharArray()); builder.loadTrustMaterial(tks, new TrustSelfSignedStrategy()); } return builder.loadKeyMaterial(cks, options.getKeystorePass().toCharArray()).build(); } catch (Exception e) { // TODO: DO SOMETHING WITH THE EXCEPTION! LOG.error("Exception", e); } return null; }
From source file:com.thinkbiganalytics.nifi.v2.core.metadata.MetadataProviderSelectorService.java
/** * Taken from NiFi GetHttp Processor//w ww .j ava 2 s.co m */ private SSLContext createSSLContext(final SSLContextService service) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException { final SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); if (StringUtils.isNotBlank(service.getTrustStoreFile())) { final KeyStore truststore = KeyStore.getInstance(service.getTrustStoreType()); try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) { truststore.load(in, service.getTrustStorePassword().toCharArray()); } sslContextBuilder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy()); } if (StringUtils.isNotBlank(service.getKeyStoreFile())) { final KeyStore keystore = KeyStore.getInstance(service.getKeyStoreType()); try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) { keystore.load(in, service.getKeyStorePassword().toCharArray()); } sslContextBuilder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray()); } sslContextBuilder.useProtocol(service.getSslAlgorithm()); return sslContextBuilder.build(); }
From source file:org.apache.nifi.processors.standard.GetHTTP.java
private SSLContext createSSLContext(final SSLContextService service) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException { final SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); if (StringUtils.isNotBlank(service.getTrustStoreFile())) { final KeyStore truststore = KeyStoreUtils.getTrustStore(service.getTrustStoreType()); try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) { truststore.load(in, service.getTrustStorePassword().toCharArray()); }//from w w w.ja v a 2 s. c o m sslContextBuilder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy()); } if (StringUtils.isNotBlank(service.getKeyStoreFile())) { final KeyStore keystore = KeyStoreUtils.getKeyStore(service.getKeyStoreType()); try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) { keystore.load(in, service.getKeyStorePassword().toCharArray()); } sslContextBuilder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray()); } sslContextBuilder.useProtocol(service.getSslAlgorithm()); return sslContextBuilder.build(); }
From source file:com.networknt.client.Client.java
private SSLContext sslContext() throws ClientException, IOException, NoSuchAlgorithmException, KeyManagementException { SSLContext sslContext = null; Map<String, Object> tlsMap = (Map) config.get(TLS); if (tlsMap != null) { SSLContextBuilder builder = SSLContexts.custom(); // load trust store, this is the server public key certificate // first check if javax.net.ssl.trustStore system properties is set. It is only necessary if the server // certificate doesn't have the entire chain. Boolean loadTrustStore = (Boolean) tlsMap.get(LOAD_TRUST_STORE); if (loadTrustStore != null && loadTrustStore == true) { String trustStoreName = System.getProperty(TRUST_STORE_PROPERTY); String trustStorePass = System.getProperty(TRUST_STORE_PASSWORD_PROPERTY); if (trustStoreName != null && trustStorePass != null) { logger.info("Loading trust store from system property at " + Encode.forJava(trustStoreName)); } else { trustStoreName = (String) tlsMap.get(TRUST_STORE); trustStorePass = (String) tlsMap.get(TRUST_PASS); logger.info("Loading trust store from config at " + Encode.forJava(trustStoreName)); }//w w w . j ava2 s . c o m KeyStore trustStore = null; if (trustStoreName != null && trustStorePass != null) { InputStream trustStream = Config.getInstance().getInputStreamFromFile(trustStoreName); if (trustStream != null) { try { trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(trustStream, trustStorePass.toCharArray()); builder.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()); } catch (CertificateException ce) { logger.error("CertificateException: Unable to load trust store.", ce); throw new ClientException("CertificateException: Unable to load trust store.", ce); } catch (KeyStoreException kse) { logger.error("KeyStoreException: Unable to load trust store.", kse); throw new ClientException("KeyStoreException: Unable to load trust store.", kse); } finally { trustStream.close(); } } } } // load key store for client certificate if two way ssl is used. Boolean loadKeyStore = (Boolean) tlsMap.get(LOAD_KEY_STORE); if (loadKeyStore != null && loadKeyStore == true) { String keyStoreName = (String) tlsMap.get(KEY_STORE); String keyStorePass = (String) tlsMap.get(KEY_PASS); KeyStore keyStore = null; if (keyStoreName != null && keyStorePass != null) { InputStream keyStream = Config.getInstance().getInputStreamFromFile(keyStoreName); if (keyStream != null) { try { keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(keyStream, keyStorePass.toCharArray()); builder.loadKeyMaterial(keyStore, keyStorePass.toCharArray()); } catch (CertificateException ce) { logger.error("CertificateException: Unable to load key store.", ce); throw new ClientException("CertificateException: Unable to load key store.", ce); } catch (KeyStoreException kse) { logger.error("KeyStoreException: Unable to load key store.", kse); throw new ClientException("KeyStoreException: Unable to load key store.", kse); } catch (UnrecoverableKeyException uke) { logger.error("UnrecoverableKeyException: Unable to load key store.", uke); throw new ClientException("UnrecoverableKeyException: Unable to load key store.", uke); } finally { keyStream.close(); } } } } sslContext = builder.build(); } return sslContext; }
From source file:org.apache.gobblin.elasticsearch.writer.ElasticsearchRestWriter.java
private static RestClient buildRestClient(List<InetSocketTransportAddress> hosts, int threadCount, boolean sslEnabled, String keyStoreType, String keyStoreFilePassword, String identityFilepath, String trustStoreType, String trustStoreFilePassword, String cacertsFilepath) throws Exception { HttpHost[] httpHosts = new HttpHost[hosts.size()]; String scheme = sslEnabled ? "https" : "http"; for (int h = 0; h < httpHosts.length; h++) { InetSocketTransportAddress host = hosts.get(h); httpHosts[h] = new HttpHost(host.getAddress(), host.getPort(), scheme); }/*from w ww. j av a2 s . c om*/ RestClientBuilder builder = RestClient.builder(httpHosts); if (sslEnabled) { log.info("ssl configuration: trustStoreType = {}, cacertsFilePath = {}", trustStoreType, cacertsFilepath); KeyStore truststore = KeyStore.getInstance(trustStoreType); FileInputStream trustInputStream = new FileInputStream(cacertsFilepath); try { truststore.load(trustInputStream, trustStoreFilePassword.toCharArray()); } finally { trustInputStream.close(); } SSLContextBuilder sslBuilder = SSLContexts.custom().loadTrustMaterial(truststore, null); log.info("ssl key configuration: keyStoreType = {}, keyFilePath = {}", keyStoreType, identityFilepath); KeyStore keystore = KeyStore.getInstance(keyStoreType); FileInputStream keyInputStream = new FileInputStream(identityFilepath); try { keystore.load(keyInputStream, keyStoreFilePassword.toCharArray()); } finally { keyInputStream.close(); } sslBuilder.loadKeyMaterial(keystore, keyStoreFilePassword.toCharArray()); final SSLContext sslContext = sslBuilder.build(); builder = builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> httpAsyncClientBuilder // Set ssl context .setSSLContext(sslContext).setSSLHostnameVerifier(new NoopHostnameVerifier()) // Configure number of threads for clients .setDefaultIOReactorConfig(IOReactorConfig.custom().setIoThreadCount(threadCount).build())); } else { builder = builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> httpAsyncClientBuilder // Configure number of threads for clients .setDefaultIOReactorConfig(IOReactorConfig.custom().setIoThreadCount(threadCount).build())); } // Configure timeouts builder.setRequestConfigCallback( requestConfigBuilder -> requestConfigBuilder.setConnectionRequestTimeout(0)); // Important, otherwise the client has spurious timeouts return builder.build(); }