List of usage examples for java.security KeyStore setCertificateEntry
public final void setCertificateEntry(String alias, Certificate cert) throws KeyStoreException
From source file:org.exoplatform.services.videocall.AuthService.java
protected static TrustManager[] getTrustManagers(InputStream trustStoreFile, String trustStorePassword) throws Exception { CertificateFactory certificateFactory = null; try {/*from w w w. j av a2 s.c o m*/ certificateFactory = CertificateFactory.getInstance("X.509"); } catch (CertificateException e) { if (LOG.isErrorEnabled()) { LOG.error("Could not initialize the certificate " + e.getMessage()); } } Certificate caCert = null; try { caCert = certificateFactory.generateCertificate(trustStoreFile); } catch (CertificateException e) { if (LOG.isErrorEnabled()) { LOG.error("Bad key or certificate in " + trustStoreFile, e.getMessage()); } } KeyStore trustStore = null; try { trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); } catch (KeyStoreException e) { if (LOG.isErrorEnabled()) { LOG.error("Java implementation cannot manipulate " + KeyStore.getDefaultType() + " keystores"); } } catch (NoSuchAlgorithmException e) { if (LOG.isErrorEnabled()) { LOG.error("Could not initialize truststore ", e); } } catch (CertificateException e) { if (LOG.isErrorEnabled()) { LOG.error("Could not initialize truststore ", e); } } catch (IOException e) { if (LOG.isErrorEnabled()) { LOG.error("Could not initialize truststore ", e); } } try { trustStore.setCertificateEntry("CA", caCert); } catch (KeyStoreException e) { if (LOG.isErrorEnabled()) { LOG.error(trustStoreFile + " cannot be used as a CA", e); } } TrustManagerFactory tmf = null; try { tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); } catch (NoSuchAlgorithmException e) { if (LOG.isErrorEnabled()) { LOG.error("Java implementation cannot manipulate " + KeyStore.getDefaultType() + " trusts", e); } } catch (KeyStoreException e) { LOG.error("Java implementation cannot manipulate " + KeyStore.getDefaultType() + " trusts", e); } return tmf.getTrustManagers(); }
From source file:com.shekhargulati.reactivex.docker.client.ssl.DockerCertificates.java
private DockerCertificates(final Builder builder) throws DockerCertificateException { if ((builder.caCertPath == null) || (builder.clientCertPath == null) || (builder.clientKeyPath == null)) { throw new DockerCertificateException( "caCertPath, clientCertPath, and clientKeyPath must all be specified"); }/* w w w . j ava 2s . c o m*/ try { final CertificateFactory cf = CertificateFactory.getInstance("X.509"); final Certificate caCert = cf.generateCertificate(Files.newInputStream(builder.caCertPath)); final Certificate clientCert = cf.generateCertificate(Files.newInputStream(builder.clientCertPath)); final PEMKeyPair clientKeyPair = (PEMKeyPair) new PEMParser( Files.newBufferedReader(builder.clientKeyPath, Charset.defaultCharset())).readObject(); final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec( clientKeyPair.getPrivateKeyInfo().getEncoded()); final KeyFactory kf = KeyFactory.getInstance("RSA"); final PrivateKey clientKey = kf.generatePrivate(spec); final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); trustStore.setEntry("ca", new KeyStore.TrustedCertificateEntry(caCert), null); final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, KEY_STORE_PASSWORD); keyStore.setCertificateEntry("client", clientCert); keyStore.setKeyEntry("key", clientKey, KEY_STORE_PASSWORD, new Certificate[] { clientCert }); this.sslContext = SSLContexts.custom().loadTrustMaterial(trustStore) .loadKeyMaterial(keyStore, KEY_STORE_PASSWORD).useTLS().build(); } catch (CertificateException | IOException | NoSuchAlgorithmException | InvalidKeySpecException | KeyStoreException | UnrecoverableKeyException | KeyManagementException e) { throw new DockerCertificateException(e); } }
From source file:com.shekhargulati.reactivex.rxokhttp.SslCertificates.java
private SslCertificates(final Builder builder) throws SslCertificateException { if ((builder.caCertPath == null) || (builder.clientCertPath == null) || (builder.clientKeyPath == null)) { throw new SslCertificateException( "caCertPath, clientCertPath, and clientKeyPath must all be specified"); }// www .jav a 2 s . c o m try { final CertificateFactory cf = CertificateFactory.getInstance("X.509"); final Certificate caCert = cf.generateCertificate(Files.newInputStream(builder.caCertPath)); final Certificate clientCert = cf.generateCertificate(Files.newInputStream(builder.clientCertPath)); final PEMKeyPair clientKeyPair = (PEMKeyPair) new PEMParser( Files.newBufferedReader(builder.clientKeyPath, Charset.defaultCharset())).readObject(); final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec( clientKeyPair.getPrivateKeyInfo().getEncoded()); final KeyFactory kf = KeyFactory.getInstance("RSA"); final PrivateKey clientKey = kf.generatePrivate(spec); final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); trustStore.setEntry("ca", new KeyStore.TrustedCertificateEntry(caCert), null); final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, KEY_STORE_PASSWORD); keyStore.setCertificateEntry("client", clientCert); keyStore.setKeyEntry("key", clientKey, KEY_STORE_PASSWORD, new Certificate[] { clientCert }); this.sslContext = SSLContexts.custom().loadTrustMaterial(trustStore) .loadKeyMaterial(keyStore, KEY_STORE_PASSWORD).useTLS().build(); } catch (java.security.cert.CertificateException | IOException | NoSuchAlgorithmException | InvalidKeySpecException | KeyStoreException | UnrecoverableKeyException | KeyManagementException e) { throw new SslCertificateException(e); } }
From source file:jp.pigumer.mqtt.Client.java
Optional<KeyStore> loadKeyStore() {
X509Certificate cert;/* ww w .ja v a 2s. co m*/
if (caFile == null) {
return Optional.empty();
}
try (InputStream is = caFile.getInputStream()) {
InputStreamReader isr = new InputStreamReader(is);
PEMParser parser = new PEMParser(isr);
X509CertificateHolder holder = (X509CertificateHolder) parser.readObject();
cert = new JcaX509CertificateConverter().getCertificate(holder);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", cert);
return Optional.of(keyStore);
} catch (Exception e) {
LOGGER.log(Level.SEVERE, "failed load", e);
return Optional.empty();
}
}
From source file:com.amazon.alexa.avs.companion.ProvisioningClient.java
private SSLSocketFactory getPinnedSSLSocketFactory(Context context) throws Exception { InputStream caCertInputStream = null; try {/*from w w w. ja va 2 s .c o m*/ caCertInputStream = context.getResources().openRawResource(R.raw.ca); CertificateFactory cf = CertificateFactory.getInstance("X.509"); Certificate caCert = cf.generateCertificate(caCertInputStream); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); trustStore.setCertificateEntry("myca", caCert); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustManagerFactory.getTrustManagers(), null); return sslContext.getSocketFactory(); } finally { IOUtils.closeQuietly(caCertInputStream); } }
From source file:org.strongswan.android.ui.activity.TrustedCertificateImportActivity.java
/** * Try to store the given certificate in the KeyStore. * * @param certificate//from w ww . j av a 2s . co m * @return whether it was successfully stored */ private boolean storeCertificate(X509Certificate certificate) { try { KeyStore store = KeyStore.getInstance("LocalCertificateStore"); store.load(null, null); store.setCertificateEntry(null, certificate); TrustedCertificateManager.getInstance().reset(); return true; } catch (Exception e) { e.printStackTrace(); return false; } }
From source file:com.axelor.apps.account.ebics.client.HttpRequestSender.java
private DefaultHttpClient getSecuredHttpClient(Certificate cert) throws AxelorException { DefaultHttpClient client = new DefaultHttpClient(); try {//from w w w. j a va 2 s .c o m KeyStore keystore = KeyStore.getInstance("jks"); char[] password = "NoPassword".toCharArray(); keystore.load(null, password); keystore.setCertificateEntry("certficate.host", cert); Scheme https = new Scheme("https", 443, new SSLSocketFactory(keystore)); client.getConnectionManager().getSchemeRegistry().register(https); } catch (Exception e) { e.printStackTrace(); throw new AxelorException(I18n.get("Error adding certificate"), IException.TECHNICAL); } return client; }
From source file:com.machinepublishers.jbrowserdriver.StreamConnectionClient.java
private static SSLContext sslContext() { final String property = SettingsManager.settings().ssl(); if (property != null && !property.isEmpty() && !"null".equals(property)) { if ("trustanything".equals(property)) { try { return SSLContexts.custom().loadTrustMaterial(KeyStore.getInstance(KeyStore.getDefaultType()), new TrustStrategy() { public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; }/*from w w w. jav a 2 s . c om*/ }).build(); } catch (Throwable t) { LogsServer.instance().exception(t); } } else { try { String location = property; location = location.equals("compatible") ? "https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt" : location; File cachedPemFile = new File("./pemfile_cached"); boolean remote = location.startsWith("https://") || location.startsWith("http://"); if (remote && cachedPemFile.exists() && (System.currentTimeMillis() - cachedPemFile.lastModified() < 48 * 60 * 60 * 1000)) { location = cachedPemFile.getAbsolutePath(); remote = false; } String pemBlocks = null; if (remote) { HttpURLConnection remotePemFile = (HttpURLConnection) StreamHandler .defaultConnection(new URL(location)); remotePemFile.setRequestMethod("GET"); remotePemFile.connect(); pemBlocks = Util.toString(remotePemFile.getInputStream(), Util.charset(remotePemFile)); cachedPemFile.delete(); Files.write(Paths.get(cachedPemFile.getAbsolutePath()), pemBlocks.getBytes("utf-8")); } else { pemBlocks = new String(Files.readAllBytes(Paths.get(new File(location).getAbsolutePath())), "utf-8"); } KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); CertificateFactory cf = CertificateFactory.getInstance("X.509"); Matcher matcher = pemBlock.matcher(pemBlocks); boolean found = false; while (matcher.find()) { String pemBlock = matcher.group(1).replaceAll("[\\n\\r]+", ""); ByteArrayInputStream byteStream = new ByteArrayInputStream( Base64.getDecoder().decode(pemBlock)); java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) cf .generateCertificate(byteStream); String alias = cert.getSubjectX500Principal().getName("RFC2253"); if (alias != null && !keyStore.containsAlias(alias)) { found = true; keyStore.setCertificateEntry(alias, cert); } } if (found) { KeyManagerFactory keyManager = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManager.init(keyStore, null); TrustManagerFactory trustManager = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManager.init(keyStore); SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManager.getKeyManagers(), trustManager.getTrustManagers(), null); return context; } } catch (Throwable t) { LogsServer.instance().exception(t); } } } return SSLContexts.createSystemDefault(); }
From source file:com.brienwheeler.apps.tomcat.TomcatBean.java
private void configureNetwork() throws Exception { if (port > 0) { tomcat.setPort(port);//from ww w . j ava2 s.c om } else { tomcat.getService().removeConnector(tomcat.getConnector()); } if (sslPort > 0) { StringBuffer randomPass = new StringBuffer(); for (int i = 0; i < 10; i++) randomPass.append(characters.charAt((int) (characters.length() * Math.random()))); String keystorePass = randomPass.toString(); RSAPrivateKey privateKey = readKeyFile(); log.info("successfully read SSL private key from " + sslKeyFile.getAbsolutePath()); X509Certificate certificate = readCertFile(); log.info("successfully read SSL certificate from " + sslCertFile.getAbsolutePath()); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null); keyStore.setCertificateEntry("cert-alias", certificate); keyStore.setKeyEntry("key-alias", privateKey, keystorePass.toCharArray(), new Certificate[] { certificate }); File keyStoreFile = new File("tcks"); keyStore.store(new FileOutputStream(keyStoreFile), keystorePass.toCharArray()); Connector sslConnector = new Connector(); sslConnector.setPort(sslPort); sslConnector.setSecure(true); sslConnector.setScheme("https"); sslConnector.setAttribute("keystoreFile", keyStoreFile.getAbsolutePath()); sslConnector.setAttribute("keystorePass", keystorePass); sslConnector.setAttribute("clientAuth", "false"); sslConnector.setAttribute("sslProtocol", "TLS"); sslConnector.setAttribute("SSLEnabled", true); tomcat.getService().addConnector(sslConnector); } }
From source file:com.screenslicer.common.LenientHttpsConfig.java
private LenientHttpsConfig() { AsyncHttpClientConfig configTmp = null; SSLContext sslContextTmp = null; try {//from w w w. java 2 s .c o m AsyncHttpClient client = new AsyncHttpClient(); configTmp = client.getConfig(); IOUtils.closeQuietly(client); client = null; X509Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509") .generateCertificate(CommonUtil.class.getResourceAsStream("screenslicer.internal.cert")); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); keyStore.setCertificateEntry(cert.getSubjectX500Principal().getName(), cert); KeyManagerFactory keyManager = KeyManagerFactory.getInstance("SunX509"); keyManager.init(keyStore, null); TrustManagerFactory trustManager = TrustManagerFactory.getInstance("X509"); trustManager.init(keyStore); sslContextTmp = SSLContext.getInstance("TLS"); sslContextTmp.init(keyManager.getKeyManagers(), trustManager.getTrustManagers(), null); } catch (Throwable t) { } config = configTmp; sslContext = sslContextTmp; }