List of usage examples for javax.net.ssl KeyManagerFactory getKeyManagers
public final KeyManager[] getKeyManagers()
From source file:org.apache.cassandra.security.SSLFactory.java
@SuppressWarnings("resource") public static SSLContext createSSLContext(EncryptionOptions options, boolean buildTruststore) throws IOException { FileInputStream tsf = null;/*w w w. ja va 2s .c o m*/ FileInputStream ksf = null; SSLContext ctx; try { ctx = SSLContext.getInstance(options.protocol); TrustManager[] trustManagers = null; if (buildTruststore) { tsf = new FileInputStream(options.truststore); TrustManagerFactory tmf = TrustManagerFactory.getInstance(options.algorithm); KeyStore ts = KeyStore.getInstance(options.store_type); ts.load(tsf, options.truststore_password.toCharArray()); tmf.init(ts); trustManagers = tmf.getTrustManagers(); } ksf = new FileInputStream(options.keystore); KeyManagerFactory kmf = KeyManagerFactory.getInstance(options.algorithm); KeyStore ks = KeyStore.getInstance(options.store_type); ks.load(ksf, options.keystore_password.toCharArray()); if (!checkedExpiry) { for (Enumeration<String> aliases = ks.aliases(); aliases.hasMoreElements();) { String alias = aliases.nextElement(); if (ks.getCertificate(alias).getType().equals("X.509")) { Date expires = ((X509Certificate) ks.getCertificate(alias)).getNotAfter(); if (expires.before(new Date())) logger.warn("Certificate for {} expired on {}", alias, expires); } } checkedExpiry = true; } kmf.init(ks, options.keystore_password.toCharArray()); ctx.init(kmf.getKeyManagers(), trustManagers, null); } catch (Exception e) { throw new IOException("Error creating the initializing the SSL Context", e); } finally { FileUtils.closeQuietly(tsf); FileUtils.closeQuietly(ksf); } return ctx; }
From source file:org.apache.synapse.config.SynapseConfigUtils.java
/** * Helper method to create a HttpSURLConnection with provided KeyStores * * @param url Https URL/*from www.jav a 2 s . co m*/ * @param synapseProperties properties for extracting info * @param proxy if there is a proxy * @return gives out the connection created */ private static HttpsURLConnection getHttpsURLConnection(URL url, Properties synapseProperties, Proxy proxy) { if (log.isDebugEnabled()) { log.debug("Creating a HttpsURL Connection from given URL : " + url); } KeyManager[] keyManagers = null; TrustManager[] trustManagers = null; IdentityKeyStoreInformation identityInformation = KeyStoreInformationFactory .createIdentityKeyStoreInformation(synapseProperties); if (identityInformation != null) { KeyManagerFactory keyManagerFactory = identityInformation.getIdentityKeyManagerFactoryInstance(); if (keyManagerFactory != null) { keyManagers = keyManagerFactory.getKeyManagers(); } } else { if (log.isDebugEnabled()) { log.debug("There is no private key entry store configuration." + " Will use JDK's default one"); } } TrustKeyStoreInformation trustInformation = KeyStoreInformationFactory .createTrustKeyStoreInformation(synapseProperties); if (trustInformation != null) { TrustManagerFactory trustManagerFactory = trustInformation.getTrustManagerFactoryInstance(); if (trustManagerFactory != null) { trustManagers = trustManagerFactory.getTrustManagers(); } } else { if (log.isDebugEnabled()) { log.debug("There is no trusted certificate store configuration." + " Will use JDK's default one"); } } try { HttpsURLConnection connection; if (proxy != null) { connection = (HttpsURLConnection) url.openConnection(proxy); } else { connection = (HttpsURLConnection) url.openConnection(); } //Create a SSLContext SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagers, trustManagers, null); connection.setSSLSocketFactory(sslContext.getSocketFactory()); if (trustInformation != null) { // Determine is it need to overwrite default Host Name verifier boolean enableHostnameVerifier = true; String value = trustInformation.getParameter(KeyStoreInformation.ENABLE_HOST_NAME_VERIFIER); if (value != null) { enableHostnameVerifier = Boolean.parseBoolean(value); } if (!enableHostnameVerifier) { if (log.isDebugEnabled()) { log.debug("Overriding default HostName Verifier." + "HostName verification disabled"); } connection.setHostnameVerifier(new javax.net.ssl.HostnameVerifier() { public boolean verify(String hostname, javax.net.ssl.SSLSession session) { if (log.isTraceEnabled()) { log.trace("HostName verification disabled"); log.trace("Host: " + hostname); log.trace("Peer Host: " + session.getPeerHost()); } return true; } }); } else { if (log.isDebugEnabled()) { log.debug("Using default HostName verifier..."); } } } return connection; } catch (NoSuchAlgorithmException e) { handleException("Error loading SSLContext ", e); } catch (KeyManagementException e) { handleException("Error initiation SSLContext with KeyManagers", e); } catch (IOException e) { handleException("Error opening a https connection from URL : " + url, e); } return null; }
From source file:org.apache.juddi.v3.client.cryptor.TransportSecurityHelper.java
public static boolean applyTransportSecurity(BindingProvider webServicePort) { try {//from w ww. j av a 2 s. c o m File currentdir = new File("."); String s = System.getProperty("javax.net.ssl.keyStore"); String st = System.getProperty("javax.net.ssl.trustStore"); log.info("Attempting to initialize keystore and truststore from " + s + " " + st); if (s == null) { log.warn("keystore isn't defined! " + s); return false; } else if (st == null) { log.warn("truststore isn't defined! " + s); return false; } else { File keystore = new File(s); if (keystore == null || !keystore.exists()) { log.warn("keystore doesn't exist! input was " + s + " working dir is " + currentdir.getAbsolutePath()); return false; } //File truststore =new File(System.getProperty("javax.net.ssl.trustStore")); String pwd = System.getProperty("javax.net.ssl.keyStorePassword"); if (pwd == null) { log.warn("keystore password isn't defined!"); return false; } File truststore = new File(st); if (truststore == null || !truststore.exists()) { log.warn("truststore doesn't exist! input was " + s + " working dir is " + currentdir.getAbsolutePath()); return false; } //File truststore =new File(System.getProperty("javax.net.ssl.trustStore")); String pwdt = System.getProperty("javax.net.ssl.trustStorePassword"); if (pwdt == null) { log.warn("truststore password isn't defined!"); return false; } if (keystore.exists()) { try { log.info("Using keystore from " + keystore.getAbsolutePath() + " current dir is " + currentdir.getAbsolutePath()); log.info("Using truststore from " + truststore.getAbsolutePath() + " current dir is " + currentdir.getAbsolutePath()); //log.info("Using truststure from " + truststore.getAbsolutePath() + " current dir is " + currentdir.getAbsolutePath()); SSLContext sc = SSLContext.getInstance("SSLv3"); KeyManagerFactory kmf = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(new FileInputStream(keystore), pwd.toCharArray()); kmf.init(ks, pwd.toCharArray()); String alg = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmFact = TrustManagerFactory.getInstance(alg); FileInputStream fis = new FileInputStream(st); KeyStore kst = KeyStore.getInstance("jks"); kst.load(fis, pwdt.toCharArray()); fis.close(); tmFact.init(kst); TrustManager[] tms = tmFact.getTrustManagers(); sc.init(kmf.getKeyManagers(), null, null); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); ((BindingProvider) webServicePort).getRequestContext().put( "com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory", sc.getSocketFactory()); ((BindingProvider) webServicePort).getRequestContext().put( "com.sun.xml.ws.transport.https.client.SSLSocketFactory", sc.getSocketFactory()); return true; } catch (Exception ex) { log.warn("unable to establish ssl settings", ex); } } } return false; } catch (Exception x) { log.error("unexpected error", x); } return false; }
From source file:org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils.java
/** * Initializes the SSL Context/*from w w w . jav a 2 s .c om*/ */ private static void initSSLConnection() throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_TYPE); keyManagerFactory.init(keyStore, keyStorePassword); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TRUST_MANAGER_TYPE); trustManagerFactory.init(trustStore); // Create and initialize SSLContext for HTTPS communication sslContext = SSLContext.getInstance(SSLV3); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); SSLContext.setDefault(sslContext); }
From source file:org.apache.ftpserver.ssl.MinaClientAuthTest.java
protected FTPSClient createFTPClient() throws Exception { FTPSClient client = new FTPSClient(useImplicit()); client.setNeedClientAuth(true);/*from w w w . j a v a 2 s . co m*/ KeyStore ks = KeyStore.getInstance("JKS"); FileInputStream fis = new FileInputStream(FTPCLIENT_KEYSTORE); ks.load(fis, KEYSTORE_PASSWORD.toCharArray()); fis.close(); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, KEYSTORE_PASSWORD.toCharArray()); client.setKeyManager(kmf.getKeyManagers()[0]); return client; }
From source file:com.thoughtworks.go.security.AuthSSLKeyManagerFactory.java
private KeyManager[] createKeyManagers(KeyStore keystore) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { bombIfNull(keystore, "Keystore may not be null"); LOG.trace("Initializing key manager"); KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keystore, keystorePassword.toCharArray()); return kmfactory.getKeyManagers(); }
From source file:com.terradue.dsi.wire.KeyManagerProvider.java
@Override public KeyManager[] get() { final char[] password = this.password.toCharArray(); try {//from w w w . jav a 2 s. c o m final KeyStore store = new KeyMaterial(certificate, certificate, password).getKeyStore(); store.load(null, password); // initialize key and trust managers -> default behavior final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); // password for key and store have to be the same IIRC keyManagerFactory.init(store, password); return keyManagerFactory.getKeyManagers(); } catch (Exception e) { throw new ProvisionException("Impossible to initialize SSL certificate/key", e); } }
From source file:com.fanmei.pay4j.http.WeixinSSLRequestExecutor.java
public WeixinSSLRequestExecutor(WeixinConfig weixinConfig) throws WeixinException { InputStream inputStream = this.getClass().getClassLoader() .getResourceAsStream(weixinConfig.getCertificateFile()); try {//from ww w .j a v a2 s . co m String password = weixinConfig.getAccount().getCertificateKey(); KeyStore keyStore = KeyStore.getInstance(Constants.PKCS12); keyStore.load(inputStream, password.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(Constants.SunX509); kmf.init(keyStore, password.toCharArray()); SSLContext sslContext = SSLContext.getInstance(Constants.TLS); sslContext.init(kmf.getKeyManagers(), null, new java.security.SecureRandom()); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext); httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build(); } catch (Exception e) { throw WeixinException.of("Key load error", e); } finally { if (inputStream != null) { try { inputStream.close(); } catch (IOException e) { } } } }
From source file:edu.internet2.middleware.subject.provider.LdapPEMSocketFactory.java
protected void initManagers() { // trust managers try {//w ww .j ava2 s . co m X509Certificate cert = null; if (caFilename != null) cert = readCertificate(caFilename); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("CACERT", cert); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); trustManagers = tmf.getTrustManagers(); } catch (Exception e) { log.error("ldap source cacert error: " + e); } // key managers if (certFilename != null && keyFilename != null) { char[] pw = new char[] { 0 }; try { X509Certificate cert = readCertificate(certFilename); PKCS1 pkcs = new PKCS1(); PrivateKey key = pkcs.readKey(keyFilename); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); X509Certificate[] chain = new X509Certificate[1]; chain[0] = cert; ks.setKeyEntry("CERT", (Key) key, pw, chain); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, pw); keyManagers = kmf.getKeyManagers(); } catch (Exception e) { log.error("ldap source cert/key error: " + e); } } }
From source file:com.mani.fileupload.http.EasySSLSocketFactory.java
private static SSLContext createEasySSLContext() throws IOException { try {/*from w w w. j a v a 2s. co m*/ // Client should send the valid key to Server InputStream clientStream = null; char[] password = null; clientStream = FileUploadApplication.getContext().getResources().openRawResource(R.raw.client); password = "fileupload".toCharArray(); KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(clientStream, password); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, password); // CA key obtained from server. KeyStore trustStore = KeyStore.getInstance("BKS"); InputStream instream = null; instream = FileUploadApplication.getContext().getResources().openRawResource(R.raw.ca); try { trustStore.load(instream, "casecret".toCharArray()); } catch (Exception e) { e.printStackTrace(); } finally { try { instream.close(); } catch (Exception ignore) { } } String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(trustStore); // Create an SSLContext that uses our TrustManager SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), null); return context; } catch (Exception e) { e.printStackTrace(); throw new IOException(e.getMessage()); } }