List of usage examples for javax.net.ssl KeyManagerFactory getKeyManagers
public final KeyManager[] getKeyManagers()
From source file:org.apache.abdera.protocol.client.util.ClientAuthSSLProtocolSocketFactory.java
public Socket createSocket(String host, int port, InetAddress chost, int cport, HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException { SSLContext context;/* ww w . j a va 2 s.c o m*/ SSLSocketFactory factory = null; SSLSocket socket = null; try { KeyManagerFactory kmf; context = SSLContext.getInstance(protocol); kmf = KeyManagerFactory.getInstance(kmfFactory); TrustManager tm = (this.tm != null) ? this.tm : new NonOpTrustManager(); kmf.init(ks, keyStorePass.toCharArray()); context.init(kmf.getKeyManagers(), new TrustManager[] { tm }, null); factory = context.getSocketFactory(); socket = (SSLSocket) factory.createSocket(host, port); return socket; } catch (Exception e) { throw new RuntimeException(e); } }
From source file:org.wso2.msf4j.conf.SSLHandlerFactory.java
public SSLHandlerFactory(SSLConfig sslConfig) { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; }/*w ww . ja va2s. co m*/ try { KeyStore ks = getKeyStore(sslConfig.getKeyStore(), sslConfig.getKeyStorePassword()); // Set up key manager factory to use our key store KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ks, sslConfig.getCertificatePassword() != null ? sslConfig.getCertificatePassword().toCharArray() : sslConfig.getKeyStorePassword().toCharArray()); KeyManager[] keyManagers = kmf.getKeyManagers(); TrustManager[] trustManagers = null; if (sslConfig.getTrustKeyStore() != null) { this.needClientAuth = true; KeyStore tks = getKeyStore(sslConfig.getTrustKeyStore(), sslConfig.getTrustKeyStorePassword()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); tmf.init(tks); trustManagers = tmf.getTrustManagers(); } serverContext = SSLContext.getInstance(protocol); serverContext.init(keyManagers, trustManagers, null); } catch (UnrecoverableKeyException | KeyManagementException | NoSuchAlgorithmException | KeyStoreException | IOException e) { throw new IllegalArgumentException("Failed to initialize the server-side SSLContext", e); } }
From source file:org.candlepin.client.CustomSSLProtocolSocketFactory.java
private SSLContext createCustomSSLContext() { try {// w ww . j a va2 s . c om KeyManager[] keyManagers = null; // Generate key managers off of the identity certificates if // doing client auth. if (clientAuth) { KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); String[] keyCert = FileUtil.readKeyAndCert(configuration.getConsumerIdentityFilePath()); kmf.init(PemUtil.pemToKeyStore(keyCert[1], keyCert[0], "password"), "password".toCharArray()); keyManagers = kmf.getKeyManagers(); } /* and provide them for the SSLContext */ SSLContext ctx = SSLContext.getInstance("TLS"); if (configuration.isIgnoreTrustManagers()) { ctx.init(keyManagers, Utils.DUMMY_TRUST_MGRS, new SecureRandom()); } else { TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); KeyStore ks2 = KeyStore.getInstance(KeyStore.getDefaultType()); ks2.load(null, null); ks2.setCertificateEntry("candlepin", PemUtil.readCert("/etc/candlepin/certs/candlepin-ca.crt")); // ks2.load( // new FileInputStream(configuration.getKeyStoreFileLocation()), // passwd); tmf.init(ks2); ctx.init(keyManagers, tmf.getTrustManagers(), new SecureRandom()); } return ctx; } catch (Exception e) { e.printStackTrace(); throw new HttpClientError(e.getMessage()); } }
From source file:org.cloudcoder.submitsvc.oop.builder.WebappSocketFactory.java
private SSLSocketFactory createSocketFactory() throws IOException, GeneralSecurityException { String keyStoreType = "JKS"; InputStream keyStoreInputStream = this.getClass().getClassLoader().getResourceAsStream(keystoreFilename); if (keyStoreInputStream == null) { throw new IOException("Could not load keystore " + keystoreFilename); }//from ww w . ja va2s . c om KeyStore keyStore; try { keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(keyStoreInputStream, keystorePassword.toCharArray()); } finally { IOUtils.closeQuietly(keyStoreInputStream); } TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "SunJSSE"); //trustManagerFactory.init(trustStore); // XXX Load the cert (public key) here instead of the private key? trustManagerFactory.init(keyStore); // TrustManager X509TrustManager x509TrustManager = null; for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) { if (trustManager instanceof X509TrustManager) { x509TrustManager = (X509TrustManager) trustManager; break; } } if (x509TrustManager == null) { throw new IllegalArgumentException("Cannot find x509TrustManager"); } // KeyManager KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE"); keyManagerFactory.init(keyStore, keystorePassword.toCharArray()); X509KeyManager x509KeyManager = null; for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) { if (keyManager instanceof X509KeyManager) { x509KeyManager = (X509KeyManager) keyManager; break; } } if (x509KeyManager == null) { throw new NullPointerException(); } SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(new KeyManager[] { x509KeyManager }, new TrustManager[] { x509TrustManager }, null); return sslContext.getSocketFactory(); }
From source file:net.lightbody.bmp.proxy.jetty.http.SunJsseListener.java
protected SSLServerSocketFactory createFactory() throws Exception { _keystore = System.getProperty(KEYSTORE_PROPERTY, _keystore); log.info(KEYSTORE_PROPERTY + "=" + _keystore); if (_password == null) _password = Password.getPassword(PASSWORD_PROPERTY, null, null); log.info(PASSWORD_PROPERTY + "=" + _password.toStarString()); if (_keypassword == null) _keypassword = Password.getPassword(KEYPASSWORD_PROPERTY, null, _password.toString()); log.info(KEYPASSWORD_PROPERTY + "=" + _keypassword.toStarString()); KeyStore ks = null;/*from w w w. ja v a 2 s. co m*/ log.info(KEYSTORE_TYPE_PROPERTY + "=" + _keystore_type); if (_keystore_provider_class != null) { // find provider. // avoid creating another instance if already installed in Security. java.security.Provider[] installed_providers = Security.getProviders(); java.security.Provider myprovider = null; for (int i = 0; i < installed_providers.length; i++) { if (installed_providers[i].getClass().getName().equals(_keystore_provider_class)) { myprovider = installed_providers[i]; break; } } if (myprovider == null) { // not installed yet, create instance and add it myprovider = (java.security.Provider) Class.forName(_keystore_provider_class).newInstance(); Security.addProvider(myprovider); } log.info(KEYSTORE_PROVIDER_CLASS_PROPERTY + "=" + _keystore_provider_class); ks = KeyStore.getInstance(_keystore_type, myprovider.getName()); } else if (_keystore_provider_name != null) { log.info(KEYSTORE_PROVIDER_NAME_PROPERTY + "=" + _keystore_provider_name); ks = KeyStore.getInstance(_keystore_type, _keystore_provider_name); } else { ks = KeyStore.getInstance(_keystore_type); log.info(KEYSTORE_PROVIDER_NAME_PROPERTY + "=[DEFAULT]"); } ks.load(new FileInputStream(new File(_keystore)), _password.toString().toCharArray()); KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509", "SunJSSE"); km.init(ks, _keypassword.toString().toCharArray()); KeyManager[] kma = km.getKeyManagers(); TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509", "SunJSSE"); if (_useDefaultTrustStore) { tm.init((KeyStore) null); } else { tm.init(ks); } TrustManager[] tma = tm.getTrustManagers(); SSLContext sslc = SSLContext.getInstance("SSL"); sslc.init(kma, tma, SecureRandom.getInstance("SHA1PRNG")); SSLServerSocketFactory ssfc = sslc.getServerSocketFactory(); log.info("SSLServerSocketFactory=" + ssfc); return ssfc; }
From source file:de.betterform.connector.http.ssl.BetterFORMKeyStoreManager.java
private X509KeyManager getJavaDefaultKeyManager() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException { KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(null, null);/* w w w .j a v a2s .c om*/ KeyManager[] x509KeyManagers = keyManagerFactory.getKeyManagers(); if (x509KeyManagers != null && x509KeyManagers.length > 0) { for (int i = 0; i < x509KeyManagers.length; i++) { if (x509KeyManagers[i] instanceof X509KeyManager) { return (X509KeyManager) x509KeyManagers[i]; } } } BetterFORMKeyStoreManager.LOGGER .warn("BetterFORMKeyStoreManager: No key managers available for default algorithm."); return null; }
From source file:com.bt.pi.api.http.SimpleHttpsServerFactoryBean.java
protected HttpServer getInitializedServer(InetSocketAddress address) throws IOException { HttpsServer server = HttpsServer.create(address, getBacklog()); try {/*from w w w . j ava 2 s . c o m*/ SSLContext sslContext = SSLContext.getInstance(sslContextProtocol); KeyStore ks = KeyStore.getInstance(keyStoreType); InputStream is = keyStoreLocation.getInputStream(); try { ks.load(is, password); } catch (EOFException e) { LOG.warn(String.format( "Unable to load certificate store %s. This may be possible because https isn't enabled with a valid certificate", keyStoreLocation)); return null; } KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgorithm); kmf.init(ks, password); TrustManagerFactory tmf = TrustManagerFactory.getInstance(trustManagerAlgorithm); tmf.init(ks); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); final SSLEngine m_engine = sslContext.createSSLEngine(); server.setHttpsConfigurator(new HttpsConfigurator(sslContext) { public void configure(HttpsParameters params) { params.setSSLParameters(getSSLContext().getDefaultSSLParameters()); params.setNeedClientAuth(false); params.setWantClientAuth(false); params.setCipherSuites(m_engine.getEnabledCipherSuites()); params.setProtocols(m_engine.getEnabledProtocols()); } }); } catch (Throwable e) { throw new IOException("initializing HttpsServer failed due to exception", e); } return server; }
From source file:se.vgregion.delegation.server.Server.java
/** * This method sets up the security./*from w w w. j a va 2s .c o m*/ * * @param port * @throws IOException * @throws GeneralSecurityException */ private void setupServerEngineFactory(int port) throws IOException, GeneralSecurityException { TLSServerParameters tlsParams = new TLSServerParameters(); String userhome = System.getProperty("user.home"); String certFilePath = userhome + "/.delegation-service/" + propertiesBean.getCertFileName(); // String trustStoreFilePath = userhome + "/.delegation-service/prod-truststore.jks"; String trustStoreFilePath = userhome + "/.delegation-service/" + propertiesBean.getClientAuthCertFilename(); InputStream resourceAsStream = new FileInputStream(certFilePath); KeyStore keyStore = KeyStore.getInstance("PKCS12"); try { keyStore.load(resourceAsStream, propertiesBean.getCertPass().toCharArray()); } finally { resourceAsStream.close(); } KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keyStore, propertiesBean.getCertPass().toCharArray()); tlsParams.setKeyManagers(keyManagerFactory.getKeyManagers()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); // trustManagerFactory.init(keyStore); InputStream is = new FileInputStream(trustStoreFilePath); KeyStore trustStore = KeyStore.getInstance("JKS"); // trustStore.load(is, "password".toCharArray()); trustStore.load(is, propertiesBean.getClientAuthCertPass().toCharArray()); trustManagerFactory.init(trustStore); TrustManager[] trustMgrs = trustManagerFactory.getTrustManagers(); tlsParams.setTrustManagers(trustMgrs); // FiltersType filter = new FiltersType(); // filter.getInclude().add(".*"); // tlsParams.setCipherSuitesFilter(filter); ClientAuthentication clientAuth = new ClientAuthentication(); // clientAuth.setRequired(true); // clientAuth.setWant(true); clientAuth.setRequired(true); clientAuth.setWant(false); tlsParams.setClientAuthentication(clientAuth); // if (propertiesBean.isClientCertSecurityActive()) { // CertificateConstraintsType constraints = new CertificateConstraintsType(); // DNConstraintsType constraintsType = new DNConstraintsType(); // // constraintsType.setCombinator(CombinatorType.ANY); // System.out.println("propertiesBean.getRegularExpressionClientCert() " // + propertiesBean.getRegularExpressionClientCert()); // String regularExpression = propertiesBean.getRegularExpressionClientCert(); // // constraintsType.getRegularExpression().add(regularExpression); // constraints.setSubjectDNConstraints(constraintsType); // tlsParams.setCertConstraints(constraints); // } engineFactory = new JettyHTTPServerEngineFactory(); engineFactory.setTLSServerParametersForPort(port, tlsParams); }
From source file:org.codice.ddf.spatial.ogc.catalog.common.TestTrustedRemoteSource.java
private TLSClientParameters getTLSParameters(KeyStore keyStore, String keystorePassword, KeyStore trustStore) { TLSClientParameters tlsParams = new TLSClientParameters(); try {//from www.ja va2 s. c o m TrustManagerFactory trustFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustFactory.init(trustStore); TrustManager[] tm = trustFactory.getTrustManagers(); tlsParams.setTrustManagers(tm); KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyFactory.init(keyStore, keystorePassword.toCharArray()); KeyManager[] km = keyFactory.getKeyManagers(); tlsParams.setKeyManagers(km); } catch (Exception e) { LOGGER.warn("Could not load keystores, may be an error with the filesystem", e); } FiltersType filter = new FiltersType(); filter.getInclude().addAll(SecuritySettingsService.SSL_ALLOWED_ALGORITHMS); filter.getExclude().addAll(SecuritySettingsService.SSL_DISALLOWED_ALGORITHMS); tlsParams.setCipherSuitesFilter(filter); return tlsParams; }
From source file:org.cloudcoder.builder2.server.WebappSocketFactory.java
private SSLSocketFactory createSocketFactory() throws IOException, GeneralSecurityException { String keyStoreType = "JKS"; String keystoreFilename = options.getKeystoreFilename(); InputStream keyStoreInputStream = this.getClass().getClassLoader().getResourceAsStream(keystoreFilename); if (keyStoreInputStream == null) { throw new IOException("Could not load keystore " + keystoreFilename); }/* www .j av a 2 s .c om*/ KeyStore keyStore; String keystorePassword = options.getKeystorePassword(); try { keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(keyStoreInputStream, keystorePassword.toCharArray()); } finally { IOUtils.closeQuietly(keyStoreInputStream); } TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", "SunJSSE"); //trustManagerFactory.init(trustStore); // XXX Load the cert (public key) here instead of the private key? trustManagerFactory.init(keyStore); // TrustManager X509TrustManager x509TrustManager = null; for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) { if (trustManager instanceof X509TrustManager) { x509TrustManager = (X509TrustManager) trustManager; break; } } if (x509TrustManager == null) { throw new IllegalArgumentException("Cannot find x509TrustManager"); } // KeyManager KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE"); keyManagerFactory.init(keyStore, keystorePassword.toCharArray()); X509KeyManager x509KeyManager = null; for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) { if (keyManager instanceof X509KeyManager) { x509KeyManager = (X509KeyManager) keyManager; break; } } if (x509KeyManager == null) { throw new NullPointerException(); } SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(new KeyManager[] { x509KeyManager }, new TrustManager[] { x509TrustManager }, null); return sslContext.getSocketFactory(); }