List of usage examples for javax.net.ssl KeyManagerFactory getInstance
public static final KeyManagerFactory getInstance(String algorithm) throws NoSuchAlgorithmException
KeyManagerFactory object that acts as a factory for key managers. From source file:net.jradius.server.TCPListener.java
public void setConfiguration(ListenerConfigurationItem cfg, boolean noKeepAlive) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException, IOException { keepAlive = !noKeepAlive;/*from www . j av a 2 s .co m*/ config = cfg; Map props = config.getProperties(); String s = (String) props.get("port"); if (s != null) port = new Integer(s).intValue(); s = (String) props.get("backlog"); if (s != null) backlog = new Integer(s).intValue(); if (keepAlive) { s = (String) props.get("keepAlive"); if (s != null) keepAlive = new Boolean(s).booleanValue(); } String useSSL = (String) props.get("useSSL"); String trustAll = (String) props.get("trustAll"); if (requiresSSL || "true".equalsIgnoreCase(useSSL)) { KeyManager[] keyManagers = null; TrustManager[] trustManagers = null; String keyManager = (String) props.get("keyManager"); if (keyManager != null && keyManager.length() > 0) { try { KeyManager manager = (KeyManager) Configuration.getBean(keyManager); keyManagers = new KeyManager[] { manager }; } catch (Exception e) { e.printStackTrace(); } } else { String keystore = (String) props.get("keyStore"); String keystoreType = (String) props.get("keyStoreType"); String keystorePassword = (String) props.get("keyStorePassword"); String keyPassword = (String) props.get("keyPassword"); if (keystore != null) { if (keystoreType == null) keystoreType = "pkcs12"; KeyStore ks = KeyStore.getInstance(keystoreType); ks.load(new FileInputStream(keystore), keystorePassword == null ? null : keystorePassword.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, keyPassword == null ? null : keyPassword.toCharArray()); keyManagers = kmf.getKeyManagers(); } } String trustManager = (String) props.get("trustManager"); if (trustManager != null && trustManager.length() > 0) { try { TrustManager manager = (TrustManager) Configuration.getBean(trustManager); trustManagers = new TrustManager[] { manager }; } catch (Exception e) { e.printStackTrace(); } } else if ("true".equalsIgnoreCase(trustAll)) { trustManagers = new TrustManager[] { new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) { } public void checkServerTrusted(X509Certificate[] chain, String authType) { } public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } } }; } else { String keystore = (String) props.get("caStore"); String keystoreType = (String) props.get("caStoreType"); String keystorePassword = (String) props.get("caStorePassword"); if (keystore != null) { if (keystoreType == null) keystoreType = "pkcs12"; KeyStore caKeys = KeyStore.getInstance(keystoreType); caKeys.load(new FileInputStream(keystore), keystorePassword == null ? null : keystorePassword.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(caKeys); trustManagers = tmf.getTrustManagers(); } } SSLContext sslContext = SSLContext.getInstance("SSLv3"); sslContext.init(keyManagers, trustManagers, null); ServerSocketFactory socketFactory = sslContext.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) socketFactory.createServerSocket(port, backlog); serverSocket = sslServerSocket; if (sslWantClientAuth) sslServerSocket.setWantClientAuth(true); if (sslNeedClientAuth) sslServerSocket.setNeedClientAuth(true); if (sslEnabledProtocols != null) sslServerSocket.setEnabledProtocols(sslEnabledProtocols); if (sslEnabledCiphers != null) sslServerSocket.setEnabledCipherSuites(sslEnabledCiphers); usingSSL = true; } else { serverSocket = new ServerSocket(port, backlog); } serverSocket.setReuseAddress(true); setActive(true); }
From source file:it.anyplace.sync.core.security.KeystoreHandler.java
public KeyManager[] getKeyManagers() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, KEY_PASSWORD.toCharArray()); return keyManagerFactory.getKeyManagers(); }
From source file:edu.vt.middleware.ldap.LdapTLSSocketFactory.java
/** * This attempts to load the KeyManagers from the supplied <code> * InputStream</code> using the supplied password. * * @param is <code>InputStream</code> containing the keystore * @param password <code>String</code> to unlock the keystore * @param storeType <code>String</code> of keystore * * @return <code>KeyManager[]</code> * * @throws IOException if the keystore cannot be loaded * @throws GeneralSecurityException if an errors occurs while loading the * KeyManagers/*www .jav a 2 s.com*/ */ private KeyManager[] initKeyManager(final InputStream is, final String password, final String storeType) throws IOException, GeneralSecurityException { KeyManager[] km = null; if (is != null) { final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(this.loadKeyStore(is, password, storeType), password != null ? password.toCharArray() : null); km = kmf.getKeyManagers(); } return km; }
From source file:com.thejoshwa.ultrasonic.androidapp.service.ssl.SSLSocketFactory.java
private static SSLContext createSSLContext(String algorithm, final KeyStore keystore, final String keystorePassword, final KeyStore truststore, final SecureRandom random, final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException { if (algorithm == null) { algorithm = TLS;//from w w w.j a v a 2s.c o m } KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null); KeyManager[] keymanagers = kmfactory.getKeyManagers(); TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmfactory.init(keystore); TrustManager[] trustmanagers = tmfactory.getTrustManagers(); if (trustmanagers != null && trustStrategy != null) { for (int i = 0; i < trustmanagers.length; i++) { TrustManager tm = trustmanagers[i]; if (tm instanceof X509TrustManager) { trustmanagers[i] = new TrustManagerDecorator((X509TrustManager) tm, trustStrategy); } } } SSLContext sslcontext = SSLContext.getInstance(algorithm); sslcontext.init(keymanagers, trustmanagers, random); return sslcontext; }
From source file:com.clustercontrol.plugin.impl.WebServicePlugin.java
/** * ???WebService?Agent????????/*from w ww. j a v a 2 s . c om*/ * @param addressPrefix ? http://x.x.x.x:xxxx? ? * @param addressBody ??? addressPrefix ?? * @param endpointInstance * @param threadPool ? */ protected void publish(String addressPrefix, String addressBody, Object endpointInstance, ThreadPoolExecutor threadPool) { try { final URL urlPrefix = new URL(addressPrefix); final String fulladdress = addressPrefix + addressBody; HttpsServer httpsServer = null; // ? HTTPS???????HttpsService???endpoit.publish????? // URL??????????HttpsService?????Hashmap???????HashMap? // HTTPSServer??????????? if ("https".equals(urlPrefix.getProtocol())) { httpsServer = httpsServerMap.get(addressPrefix); if (httpsServer == null) { // HTTPS Server??HTTPS????????????????????? String protocol = HinemosPropertyUtil.getHinemosPropertyStr("ws.https.protocol", "TLS"); String keystorePath = HinemosPropertyUtil.getHinemosPropertyStr("ws.https.keystore.path", HinemosPropertyDefault .getString(HinemosPropertyDefault.StringKey.WS_HTTPS_KEYSTORE_PATH)); String keystorePassword = HinemosPropertyUtil .getHinemosPropertyStr("ws.https.keystore.password", "hinemos"); String keystoreType = HinemosPropertyUtil.getHinemosPropertyStr("ws.https.keystore.type", "PKCS12"); log.info("Starting HTTPS Server..."); log.info("SSLContext: " + protocol + ", KeyStore: " + keystoreType); SSLContext ssl = SSLContext.getInstance(protocol); KeyManagerFactory keyFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore store = KeyStore.getInstance(keystoreType); try (InputStream in = new FileInputStream(keystorePath)) { store.load(in, keystorePassword.toCharArray()); } keyFactory.init(store, keystorePassword.toCharArray()); TrustManagerFactory trustFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustFactory.init(store); ssl.init(keyFactory.getKeyManagers(), trustFactory.getTrustManagers(), new SecureRandom()); HttpsConfigurator configurator = new HttpsConfigurator(ssl); // ??HTTPSSever???Hashmap?? httpsServer = HttpsServer .create(new InetSocketAddress(urlPrefix.getHost(), urlPrefix.getPort()), 0); httpsServer.setHttpsConfigurator(configurator); httpsServerMap.put(addressPrefix, httpsServer); } } // ?????endpoint?? log.info("publish " + fulladdress); final Endpoint endpoint = Endpoint.create(endpointInstance); endpoint.setExecutor(threadPool); if (httpsServer != null) { endpoint.publish(httpsServer.createContext(addressBody)); } else { endpoint.publish(fulladdress); } endpointList.add(endpoint); } catch (NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException | KeyManagementException | IOException | CertificateException | RuntimeException e) { log.warn("failed to publish : " + e.getClass().getSimpleName() + ", " + e.getMessage(), e); } finally { } }
From source file:com.dbay.apns4j.tools.ApnsTools.java
public final static SocketFactory createSocketFactory(InputStream keyStore, String password, String keystoreType, String algorithm, String protocol) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, KeyManagementException, CertificateExpiredException { char[] pwdChars = password.toCharArray(); KeyStore ks = KeyStore.getInstance(keystoreType); ks.load(keyStore, pwdChars);/*w w w . java 2s .co m*/ // ?? Enumeration<String> enums = ks.aliases(); String alias = ""; if (enums.hasMoreElements()) { alias = enums.nextElement(); } if (StringUtils.isNotEmpty(alias)) { X509Certificate certificate = (X509Certificate) ks.getCertificate(alias); if (null != certificate) { String type = certificate.getType(); int ver = certificate.getVersion(); String name = certificate.getSubjectDN().getName(); String serialNumber = certificate.getSerialNumber().toString(16); String issuerDN = certificate.getIssuerDN().getName(); String sigAlgName = certificate.getSigAlgName(); String publicAlgorithm = certificate.getPublicKey().getAlgorithm(); Date before = certificate.getNotBefore(); Date after = certificate.getNotAfter(); String beforeStr = DateFormatUtils.format(before, "yyyy-MM-dd HH:mm:ss"); String afterStr = DateFormatUtils.format(after, "yyyy-MM-dd HH:mm:ss"); // ?? long expire = DateUtil.getNumberOfDaysBetween(new Date(), after); if (expire <= 0) { if (LOG.isErrorEnabled()) { LOG.error( "?[{}], [{}], ?[{}], ??[{}], ?[{}], ??[{}], [{}], [{}][{}], ?[{}]", name, type, ver, serialNumber, issuerDN, sigAlgName, publicAlgorithm, beforeStr, afterStr, Math.abs(expire)); } throw new CertificateExpiredException("??[" + Math.abs(expire) + "]"); } if (LOG.isInfoEnabled()) { LOG.info( "?[{}], [{}], ?[{}], ??[{}], ?[{}], ??[{}], [{}], [{}][{}], ?[{}]?", name, type, ver, serialNumber, issuerDN, sigAlgName, publicAlgorithm, beforeStr, afterStr, expire); } } } KeyManagerFactory kf = KeyManagerFactory.getInstance(algorithm); kf.init(ks, pwdChars); TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); tmf.init((KeyStore) null); SSLContext context = SSLContext.getInstance(protocol); context.init(kf.getKeyManagers(), tmf.getTrustManagers(), null); return context.getSocketFactory(); }
From source file:org.opendaylight.aaa.cert.impl.CertificateManagerService.java
@Override public SSLContext getServerContext() { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; }//from ww w . j av a 2 s. c o m SSLContext serverContext = null; try { KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(aaaCertProvider.getODLKeyStore(), aaaCertProvider.getOdlKeyStoreInfo().getStorePassword().toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); tmf.init(aaaCertProvider.getTrustKeyStore()); serverContext = SSLContext.getInstance(KeyStoreConstant.TLS_PROTOCOL); serverContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); } catch (final NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException | KeyManagementException e) { LOG.error("Error while creating SSLContext ", e); } return serverContext; }
From source file:org.wso2.carbon.inbound.ibmmq.poll.IbmMqConsumer.java
public void sslConnection() { String keyStoreLocation = properties.getProperty(ibmMqConstant.SSL_KEYSTORE_LOCATION); String keyStoreType = properties.getProperty(ibmMqConstant.SSL_KEYSTORE_TYPE); String keyStorePassword = properties.getProperty(ibmMqConstant.SSL_KEYSTORE_PASSWORD); String trustStoreLocation = properties.getProperty(ibmMqConstant.SSL_TRUSTSTORE_LOCATION); String trustStoreType = properties.getProperty(ibmMqConstant.SSL_TRUSTSTORE_TYPE); String sslVersion = properties.getProperty(ibmMqConstant.SSL_VERSION); String sslFipsRequired = properties.getProperty(ibmMqConstant.SSL_FIPS); String sslCipherSuite = properties.getProperty(ibmMqConstant.SSL_CIPHERSUITE); boolean sslFips = Boolean.parseBoolean(sslFipsRequired); try {/*from w w w .ja va 2 s .co m*/ char[] keyPassphrase = keyStorePassword.toCharArray(); KeyStore ks = KeyStore.getInstance(keyStoreType); ks.load(new FileInputStream(keyStoreLocation), keyPassphrase); KeyStore trustStore = KeyStore.getInstance(trustStoreType); trustStore.load(new FileInputStream(trustStoreLocation), null); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); keyManagerFactory.init(ks, keyPassphrase); SSLContext sslContext = SSLContext.getInstance(sslVersion); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); MQEnvironment.sslSocketFactory = sslContext.getSocketFactory(); MQEnvironment.sslFipsRequired = sslFips; MQEnvironment.sslCipherSuite = sslCipherSuite; } catch (Exception ex) { handleException(ex.getMessage()); } }
From source file:org.jenkinsci.remoting.protocol.ProtocolStackLoopbackLoadStress.java
public ProtocolStackLoopbackLoadStress(boolean nio, boolean ssl) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableKeyException, KeyManagementException, OperatorCreationException { KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA"); gen.initialize(2048); // maximum supported by JVM with export restrictions keyPair = gen.generateKeyPair();/* w ww . ja va 2 s. c o m*/ Date now = new Date(); Date firstDate = new Date(now.getTime() + TimeUnit.DAYS.toMillis(10)); Date lastDate = new Date(now.getTime() + TimeUnit.DAYS.toMillis(-10)); SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo .getInstance(keyPair.getPublic().getEncoded()); X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE); X500Name subject = nameBuilder.addRDN(BCStyle.CN, getClass().getSimpleName()).addRDN(BCStyle.C, "US") .build(); X509v3CertificateBuilder certGen = new X509v3CertificateBuilder(subject, BigInteger.ONE, firstDate, lastDate, subject, subjectPublicKeyInfo); JcaX509ExtensionUtils instance = new JcaX509ExtensionUtils(); certGen.addExtension(X509Extension.subjectKeyIdentifier, false, instance.createSubjectKeyIdentifier(subjectPublicKeyInfo)); ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(BOUNCY_CASTLE_PROVIDER) .build(keyPair.getPrivate()); certificate = new JcaX509CertificateConverter().setProvider(BOUNCY_CASTLE_PROVIDER) .getCertificate(certGen.build(signer)); char[] password = "password".toCharArray(); KeyStore store = KeyStore.getInstance("jks"); store.load(null, password); store.setKeyEntry("alias", keyPair.getPrivate(), password, new Certificate[] { certificate }); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(store, password); context = SSLContext.getInstance("TLS"); context.init(kmf.getKeyManagers(), new TrustManager[] { new PublicKeyMatchingX509ExtendedTrustManager(keyPair.getPublic()) }, null); hub = IOHub.create(executorService); serverSocketChannel = ServerSocketChannel.open(); acceptor = new Acceptor(serverSocketChannel, nio, ssl); }