List of usage examples for javax.net.ssl SSLContext getDefaultSSLParameters
public final SSLParameters getDefaultSSLParameters()
From source file:ddf.security.common.util.CommonSSLFactory.java
/** * Creates a new SSLSocketFactory from a truststore and keystore. This is used during SSL * communication.// w w w . j a va 2 s . co m * * @param trustStoreLoc * File path to the truststore. * @param trustStorePass * Password to the truststore. * @param keyStoreLoc * File path to the keystore. * @param keyStorePass * Password to the keystore. * @return new SSLSocketFactory instance containing the trust and key stores. * @throws IOException */ public static SSLSocketFactory createSocket(String trustStoreLoc, String trustStorePass, String keyStoreLoc, String keyStorePass) throws IOException { String methodName = "createSocket"; logger.debug("ENTERING: " + methodName); try { logger.debug("trustStoreLoc = " + trustStoreLoc); FileInputStream trustFIS = new FileInputStream(trustStoreLoc); logger.debug("keyStoreLoc = " + keyStoreLoc); FileInputStream keyFIS = new FileInputStream(keyStoreLoc); // truststore stuff KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { logger.debug("Loading trustStore"); trustStore.load(trustFIS, trustStorePass.toCharArray()); } catch (CertificateException e) { throw new IOException("Unable to load certificates from truststore. " + trustStoreLoc, e); } finally { IOUtils.closeQuietly(trustFIS); } TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); logger.debug("trust manager factory initialized"); // keystore stuff KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { logger.debug("Loading keyStore"); keyStore.load(keyFIS, keyStorePass.toCharArray()); } catch (CertificateException e) { throw new IOException("Unable to load certificates from keystore. " + keyStoreLoc, e); } finally { IOUtils.closeQuietly(keyFIS); } KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, keyStorePass.toCharArray()); logger.debug("key manager factory initialized"); // ssl context SSLContext sslCtx = SSLContext.getInstance("TLS"); sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); sslCtx.getDefaultSSLParameters().setNeedClientAuth(true); sslCtx.getDefaultSSLParameters().setWantClientAuth(true); logger.debug(exiting + methodName); return sslCtx.getSocketFactory(); } catch (KeyManagementException e) { logger.debug(exiting + methodName); throw new IOException("Unable to initialize the SSL context.", e); } catch (NoSuchAlgorithmException e) { logger.debug(exiting + methodName); throw new IOException( "Problems creating SSL socket. Usually this is " + "referring to the certificate sent by the server not being trusted by the client.", e); } catch (UnrecoverableKeyException e) { logger.debug(exiting + methodName); throw new IOException("Unable to load keystore. " + keyStoreLoc, e); } catch (KeyStoreException e) { logger.debug(exiting + methodName); throw new IOException("Unable to read keystore. " + keyStoreLoc, e); } }
From source file:org.apache.nifi.framework.security.util.SslContextFactory.java
public static SSLContext createSslContext(final NiFiProperties props, final boolean strict) throws SslContextCreationException { final boolean hasKeystoreProperties = hasKeystoreProperties(props); if (hasKeystoreProperties == false) { if (strict) { throw new SslContextCreationException( "SSL context cannot be created because keystore properties have not been configured."); } else {// w w w.j av a2s . c o m return null; } } else if (props.getNeedClientAuth() && hasTruststoreProperties(props) == false) { throw new SslContextCreationException( "Need client auth is set to 'true', but no truststore properties are configured."); } try { // prepare the trust store final KeyStore trustStore; if (hasTruststoreProperties(props)) { trustStore = KeyStoreUtils .getTrustStore(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE)); try (final InputStream trustStoreStream = new FileInputStream( props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE))) { trustStore.load(trustStoreStream, props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD).toCharArray()); } } else { trustStore = null; } final TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); // prepare the key store final KeyStore keyStore = KeyStoreUtils .getKeyStore(props.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE)); try (final InputStream keyStoreStream = new FileInputStream( props.getProperty(NiFiProperties.SECURITY_KEYSTORE))) { keyStore.load(keyStoreStream, props.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD).toCharArray()); } KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); // if the key password is provided, try to use that - otherwise default to the keystore password if (StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_KEY_PASSWD))) { keyManagerFactory.init(keyStore, props.getProperty(NiFiProperties.SECURITY_KEY_PASSWD).toCharArray()); } else { keyManagerFactory.init(keyStore, props.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD).toCharArray()); } // initialize the ssl context final SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); sslContext.getDefaultSSLParameters().setNeedClientAuth(props.getNeedClientAuth()); return sslContext; } catch (final KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | KeyManagementException e) { throw new SslContextCreationException(e); } }
From source file:org.codice.ddf.commands.solr.SolrHttpWrapper.java
private SSLContext getSslContext() { String keystorePath = System.getProperty(SecurityConstants.KEYSTORE_PATH); String keystorePassword = System.getProperty(SecurityConstants.KEYSTORE_PASSWORD); String truststorePath = System.getProperty(SecurityConstants.TRUSTSTORE_PATH); String truststorePassword = System.getProperty(SecurityConstants.TRUSTSTORE_PASSWORD); if (keystorePath == null || keystorePassword == null || truststorePath == null || truststorePassword == null) { throw new IllegalArgumentException("KeyStore and TrustStore system properties must be set."); }/*from ww w. j a va 2s . c o m*/ KeyStore trustStore = getKeyStore(truststorePath, truststorePassword); KeyStore keyStore = getKeyStore(keystorePath, keystorePassword); SSLContext sslContext; try { sslContext = SSLContexts.custom().loadKeyMaterial(keyStore, keystorePassword.toCharArray()) .loadTrustMaterial(trustStore).useTLS().build(); } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { LOGGER.error("Unable to create secure HttpClient", e); return null; } sslContext.getDefaultSSLParameters().setNeedClientAuth(true); sslContext.getDefaultSSLParameters().setWantClientAuth(true); return sslContext; }
From source file:org.codice.solr.factory.impl.HttpClientBuilder.java
private static SSLContext getSslContext() { final Boolean check = AccessController .doPrivileged((PrivilegedAction<Boolean>) () -> (System.getProperty(KEY_STORE) == null || System.getProperty(KEY_STORE_PASS) == null || System.getProperty(TRUST_STORE) == null || System.getProperty(TRUST_STORE_PASS) == null)); if (check) {/*from w ww . java 2 s . c om*/ throw new IllegalArgumentException("KeyStore and TrustStore system properties must be set."); } final KeyStore[] trustStore = new KeyStore[1]; final KeyStore[] keyStore = new KeyStore[1]; AccessController.doPrivileged((PrivilegedAction<Object>) () -> { trustStore[0] = getKeyStore(System.getProperty(TRUST_STORE), System.getProperty(TRUST_STORE_PASS)); keyStore[0] = getKeyStore(System.getProperty(KEY_STORE), System.getProperty(KEY_STORE_PASS)); return null; }); SSLContext sslContext = null; try { sslContext = SSLContexts.custom().loadKeyMaterial(keyStore[0], AccessController .doPrivileged((PrivilegedAction<String>) () -> System.getProperty(KEY_STORE_PASS)) .toCharArray()) .loadTrustMaterial(trustStore[0]).useTLS().build(); sslContext.getDefaultSSLParameters().setNeedClientAuth(true); sslContext.getDefaultSSLParameters().setWantClientAuth(true); } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { throw new IllegalArgumentException( "Unable to use javax.net.ssl.keyStorePassword to load key material to create SSL context for Solr client."); } return sslContext; }
From source file:org.codice.solr.factory.SolrClientFactory.java
private static SSLContext getSslContext() { if (System.getProperty("javax.net.ssl.keyStore") == null || System.getProperty("javax.net.ssl.keyStorePassword") == null || System.getProperty("javax.net.ssl.trustStore") == null || System.getProperty("javax.net.ssl.trustStorePassword") == null) { throw new IllegalArgumentException("KeyStore and TrustStore system properties must be" + " set."); }// ww w.j ava2 s .c o m KeyStore trustStore = getKeyStore(System.getProperty("javax.net.ssl.trustStore"), System.getProperty("javax.net.ssl.trustStorePassword")); KeyStore keyStore = getKeyStore(System.getProperty("javax.net.ssl.keyStore"), System.getProperty("javax.net.ssl.keyStorePassword")); SSLContext sslContext = null; try { sslContext = SSLContexts.custom() .loadKeyMaterial(keyStore, System.getProperty("javax.net.ssl.keyStorePassword").toCharArray()) .loadTrustMaterial(trustStore).useTLS().build(); } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { LOGGER.error("Unable to create secure HttpClient", e); return null; } sslContext.getDefaultSSLParameters().setNeedClientAuth(true); sslContext.getDefaultSSLParameters().setWantClientAuth(true); return sslContext; }