List of usage examples for javax.net.ssl SSLContext getSocketFactory
public final SSLSocketFactory getSocketFactory()
From source file:org.gldapdaemon.core.Configurator.java
public Configurator(String configPath, Properties properties, boolean userHome, byte mode) throws Exception { this.mode = mode; int i;/*from w w w .ja va2 s. co m*/ File programRootDir = null; if (mode == MODE_EMBEDDED) { // Embedded mode standaloneMode = false; config = properties; String workPath = getConfigProperty(WORK_DIR, null); workDirectory = new File(workPath); } else { // Load config if (configPath != null) { configFile = new File(configPath); } InputStream in = null; boolean configInClassPath = false; if (configFile == null || !configFile.isFile()) { try { in = Configurator.class.getResourceAsStream("/gcal-daemon.cfg"); configInClassPath = in != null; } catch (Exception ignored) { in = null; } if (in == null) { System.out.println("INFO | Searching main configuration file..."); String path = (new File("x")).getAbsolutePath().replace('\\', '/'); i = path.lastIndexOf('/'); if (i > 1) { i = path.lastIndexOf('/', i - 1); if (i > 1) { configFile = new File(path.substring(0, i), "conf/gcal-daemon.cfg"); } } if (configFile == null || !configFile.isFile()) { configFile = new File("/usr/local/sbin/GCALDaemon/conf/gcal-daemon.cfg"); } if (configFile == null || !configFile.isFile()) { configFile = new File("/GCALDaemon/conf/gcal-daemon.cfg"); } if (configFile == null || !configFile.isFile()) { File root = new File("/"); String[] dirs = root.list(); if (dirs != null) { for (i = 0; i < dirs.length; i++) { configFile = new File('/' + dirs[i] + "/GCALDaemon/conf/gcal-daemon.cfg"); if (configFile.isFile()) { break; } } } } if (configFile == null || !configFile.isFile()) { throw new FileNotFoundException("Missing main configuration file: " + configPath); } if (!userHome) { // Open global config file in = new FileInputStream(configFile); } } } else { if (!userHome) { // Open global config file in = new FileInputStream(configFile); } } standaloneMode = !configInClassPath; if (in != null) { // Load global config file config.load(new BufferedInputStream(in)); in.close(); } // Loading config from classpath if (configFile == null) { try { URL url = Configurator.class.getResource("/gcal-daemon.cfg"); configFile = new File(url.getFile()); } catch (Exception ignored) { } } programRootDir = configFile.getParentFile().getParentFile(); System.setProperty("gldapdaemon.program.dir", programRootDir.getAbsolutePath()); String workPath = getConfigProperty(WORK_DIR, null); File directory; if (workPath == null) { directory = new File(programRootDir, "work"); } else { directory = new File(workPath); } if (!directory.isDirectory()) { if (!directory.mkdirs()) { directory = new File("work"); directory.mkdirs(); } } workDirectory = directory; // User-specific config file handler if (userHome) { boolean useGlobal = true; try { String home = System.getProperty("user.home", null); if (home != null) { File userConfig = new File(home, ".gcaldaemon/gcal-daemon.cfg"); if (!userConfig.isFile()) { // Create new user-specific config File userDir = new File(home, ".gcaldaemon"); userDir.mkdirs(); copyFile(configFile, userConfig); if (!userConfig.isFile()) { userConfig.delete(); userDir.delete(); } } if (userConfig.isFile()) { // Load user-specific config configFile = userConfig; in = new FileInputStream(configFile); config.load(new BufferedInputStream(in)); in.close(); useGlobal = false; } } } catch (Exception ignored) { } if (useGlobal) { // Load global config file config.load(new BufferedInputStream(in)); in.close(); } } } // Init logger ProgressMonitor monitor = null; if (standaloneMode && mode != MODE_CONFIGEDITOR) { // Compute log config path String logConfig = getConfigProperty(LOG_CONFIG, "logger-config.cfg"); logConfig = logConfig.replace('\\', '/'); File logConfigFile; if (logConfig.indexOf('/') == -1) { logConfigFile = new File(programRootDir, "conf/" + logConfig); } else { logConfigFile = new File(logConfig); } if (logConfigFile.isFile()) { String logConfigPath = logConfigFile.getAbsolutePath(); System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.Log4JLogger"); System.setProperty("log4j.defaultInitOverride", "false"); System.setProperty("log4j.configuration", logConfigPath); try { PropertyConfigurator.configure(logConfigPath); } catch (Throwable ignored) { ignored.printStackTrace(); } } } if (mode == MODE_CONFIGEDITOR) { // Show monitor try { monitor = new ProgressMonitor(); monitor.setVisible(true); Thread.sleep(400); } catch (Exception ignored) { } // Init simple logger try { System.setProperty("log4j.defaultInitOverride", "false"); Logger root = Logger.getRootLogger(); root.removeAllAppenders(); root.addAppender(new ConsoleAppender(new SimpleLayout())); root.setLevel(Level.INFO); } catch (Throwable ingored) { } } // Disable unnecessary INFO messages of the GData API try { java.util.logging.Logger logger = java.util.logging.Logger.getLogger("com.google"); logger.setLevel(java.util.logging.Level.WARNING); } catch (Throwable ingored) { } Log log = LogFactory.getLog(Configurator.class); log.info(VERSION + " starting..."); if (configFile != null && log.isDebugEnabled()) { log.debug("Config loaded successfully (" + configFile + ")."); } // Check Java version double jvmVersion = 1.5; try { jvmVersion = Float.valueOf(System.getProperty("java.version", "1.5").substring(0, 3)).floatValue(); } catch (Exception ignored) { } if (jvmVersion < 1.5) { log.fatal("GCALDaemon requires at least Java 1.5! Current version: " + System.getProperty("java.version")); throw new Exception("Invalid JVM version!"); } // Check permission if (workDirectory.isDirectory() && !workDirectory.canWrite()) { if (System.getProperty("os.name", "unknown").toLowerCase().indexOf("windows") == -1) { String path = workDirectory.getCanonicalPath(); if (programRootDir != null) { path = programRootDir.getCanonicalPath(); } log.warn("Please check the file permissions on the '" + workDirectory.getCanonicalPath() + "' folder!\r\n" + "Hint: [sudo] chmod -R 777 " + path); } } // Disable SSL validation try { // Create a trust manager that does not validate certificate chains javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[] { new javax.net.ssl.X509TrustManager() { public final java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public final void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } public final void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; // Install the all-trusting trust manager javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (Throwable ignored) { } // Replace hostname verifier try { javax.net.ssl.HostnameVerifier hv[] = new javax.net.ssl.HostnameVerifier[] { new javax.net.ssl.HostnameVerifier() { public final boolean verify(String hostName, javax.net.ssl.SSLSession session) { return true; } } }; javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(hv[0]); } catch (Throwable ignored) { } // Setup proxy String proxyHost = getConfigProperty(PROXY_HOST, null); if (proxyHost != null) { String proxyPort = getConfigProperty(PROXY_PORT, null); if (proxyPort == null) { log.warn("Missing 'proxy.port' configuration property!"); } else { // HTTP proxy server properties System.setProperty("http.proxyHost", proxyHost); System.setProperty("http.proxyPort", proxyPort); System.setProperty("http.proxySet", "true"); // HTTPS proxy server properties System.setProperty("https.proxyHost", proxyHost); System.setProperty("https.proxyPort", proxyPort); System.setProperty("https.proxySet", "true"); // Setup proxy credentials String username = getConfigProperty(PROXY_USERNAME, null); String encodedPassword = getConfigProperty(PROXY_PASSWORD, null); if (username != null) { if (encodedPassword == null) { log.warn("Missing 'proxy.password' configuration property!"); } else { String password = StringUtils.decodePassword(encodedPassword); // HTTP auth credentials System.setProperty("http.proxyUser", username); System.setProperty("http.proxyUserName", username); System.setProperty("http.proxyPassword", password); // HTTPS auth credentials System.setProperty("https.proxyUser", username); System.setProperty("https.proxyUserName", username); System.setProperty("https.proxyPassword", password); } } } } // Get feed event duplication ratio String percent = getConfigProperty(FEED_DUPLICATION_FILTER, "70").trim(); if (percent.endsWith("%")) { percent = percent.substring(0, percent.length() - 1).trim(); } double ratio = Double.parseDouble(percent) / 100; if (ratio < 0.4) { ratio = 0.4; log.warn("The smallest enabled filter percent is '40%'!"); } else { if (ratio > 1) { log.warn("The largest filter percent is '100%'!"); ratio = 1; } } duplicationRatio = ratio; // Displays time zone log.info("Local time zone is " + TimeZone.getDefault().getDisplayName() + "."); // Get main thread group ThreadGroup mainGroup = Thread.currentThread().getThreadGroup(); while (mainGroup.getParent() != null) { mainGroup = mainGroup.getParent(); } // Init Gmail pool boolean enableLDAP = getConfigProperty(LDAP_ENABLED, false); if (enableLDAP) { gmailPool = startService(log, mainGroup, "org.gldapdaemon.core.GmailPool"); } // Init LDAP listener if (enableLDAP) { contactLoader = startService(log, mainGroup, "org.gldapdaemon.core.ldap.ContactLoader"); } else { if (standaloneMode) { log.info("LDAP server disabled."); } } // Clear configuration holder config.clear(); }
From source file:org.projectforge.core.ConfigXml.java
private SSLSocketFactory createSSLSocketFactory(final InputStream is, final String passphrase) throws Exception { final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(is, passphrase.toCharArray()); is.close();/*from w ww . j a va 2s. co m*/ final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); final X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; final SSLContext context = SSLContext.getInstance("TLS"); context.init(null, new TrustManager[] { defaultTrustManager }, null); return context.getSocketFactory(); }
From source file:org.codice.alliance.nsili.client.NsiliClient.java
private void doTrustAllCertificates() throws NoSuchAlgorithmException, KeyManagementException { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override//from w w w . j a va 2s .c o m public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { return; } @Override public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { return; } @Override public X509Certificate[] getAcceptedIssuers() { return null; } } }; // Set HttpsURLConnection settings SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); HostnameVerifier hostnameVerifier = (s, sslSession) -> s.equalsIgnoreCase(sslSession.getPeerHost()); HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier); }
From source file:com.streamsets.datacollector.http.TestWebServerTaskHttpHttps.java
private void configureHttpsUrlConnection(HttpsURLConnection conn) throws Exception { SSLContext sc = SSLContext.getInstance("SSL"); TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; }// w ww . j a v a 2 s. c om public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; sc.init(null, trustAllCerts, new java.security.SecureRandom()); conn.setSSLSocketFactory(sc.getSocketFactory()); conn.setHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String s, SSLSession sslSession) { return true; } }); }
From source file:TestHTTPSource.java
public void doTestHttps(String protocol) throws Exception { Type listType = new TypeToken<List<JSONEvent>>() { }.getType();//from w w w.j ava 2 s. co m List<JSONEvent> events = Lists.newArrayList(); Random rand = new Random(); for (int i = 0; i < 10; i++) { Map<String, String> input = Maps.newHashMap(); for (int j = 0; j < 10; j++) { input.put(String.valueOf(i) + String.valueOf(j), String.valueOf(i)); } input.put("MsgNum", String.valueOf(i)); JSONEvent e = new JSONEvent(); e.setHeaders(input); e.setBody(String.valueOf(rand.nextGaussian()).getBytes("UTF-8")); events.add(e); } Gson gson = new Gson(); String json = gson.toJson(events, listType); HttpsURLConnection httpsURLConnection = null; try { TrustManager[] trustAllCerts = { new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws CertificateException { // noop } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws CertificateException { // noop } public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } } }; SSLContext sc = null; javax.net.ssl.SSLSocketFactory factory = null; if (System.getProperty("java.vendor").contains("IBM")) { sc = SSLContext.getInstance("SSL_TLS"); } else { sc = SSLContext.getInstance("SSL"); } HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } }; sc.init(null, trustAllCerts, new SecureRandom()); if (protocol != null) { factory = new DisabledProtocolsSocketFactory(sc.getSocketFactory(), protocol); } else { factory = sc.getSocketFactory(); } HttpsURLConnection.setDefaultSSLSocketFactory(factory); HttpsURLConnection.setDefaultHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); URL sslUrl = new URL("https://0.0.0.0:" + sslPort); httpsURLConnection = (HttpsURLConnection) sslUrl.openConnection(); httpsURLConnection.setDoInput(true); httpsURLConnection.setDoOutput(true); httpsURLConnection.setRequestMethod("POST"); httpsURLConnection.getOutputStream().write(json.getBytes()); int statusCode = httpsURLConnection.getResponseCode(); Assert.assertEquals(200, statusCode); Transaction transaction = channel.getTransaction(); transaction.begin(); for (int i = 0; i < 10; i++) { Event e = channel.take(); Assert.assertNotNull(e); Assert.assertEquals(String.valueOf(i), e.getHeaders().get("MsgNum")); } transaction.commit(); transaction.close(); } finally { httpsURLConnection.disconnect(); } }
From source file:org.sickbeard.SickBeard.java
public SickBeard(String hostname, String port, String api, boolean https, String extraPath, String user, String password, boolean trustAll, String trustMe) { this.hostname = hostname; this.port = port; this.extraPath = "/" + extraPath + "/"; this.path = this.extraPath + "/api/" + api + "/"; try {/*from ww w . jav a 2 s .c o m*/ this.https = https; this.scheme = https ? "https" : "http"; Authenticator.setDefault(new SickAuthenticator(user, password, hostname)); HostnameVerifier verifier; SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager(trustAll, trustMe) }, new SecureRandom()); if (trustAll) { verifier = new AllowAllHostnameVerifier(); } else { verifier = new StrictHostnameVerifier(); } HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(verifier); } catch (Exception e) { ; } /*********************************************************** * ANDROID SPECIFIC START * ***********************************************************/ // start a AsyncTask to try and find the actual api version number AsyncTask<Void, Void, CommandsJson> task = new AsyncTask<Void, Void, CommandsJson>() { @Override protected CommandsJson doInBackground(Void... arg0) { try { return SickBeard.this.sbGetCommands(); } catch (Exception e) { Log.e("SickBeard", e.getMessage(), e); return null; } } @Override protected void onPostExecute(CommandsJson result) { // do nothing because this is a network error if (result == null) return; try { // if we get a version use it SickBeard.this.apiVersion = Integer.valueOf(result.api_version); } catch (NumberFormatException e) { // 2 was the odd float so assume its 2 if we cant get an int SickBeard.this.apiVersion = 2; } } }; task.execute(); /*********************************************************** * ANDROID SPECIFIC END * ***********************************************************/ }
From source file:be.fedict.trust.client.XKMS2Client.java
/** * If set, unilateral TLS authentication will occurs, verifying the server * {@link X509Certificate} specified {@link PublicKey}. * <p/>//from w ww . j a v a 2 s. c o m * WARNING: only works when using the JAX-WS RI. * * @param publicKey * public key to validate server TLS certificate against. */ public void setServicePublicKey(final PublicKey publicKey) { // Create TrustManager TrustManager[] trustManager = { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { X509Certificate serverCertificate = chain[0]; LOG.debug("server X509 subject: " + serverCertificate.getSubjectX500Principal().toString()); LOG.debug("authentication type: " + authType); if (null == publicKey) { LOG.warn("not performing any server certificate validation at all"); return; } try { serverCertificate.verify(publicKey); LOG.debug("valid server certificate"); } catch (InvalidKeyException e) { throw new CertificateException("Invalid Key"); } catch (NoSuchAlgorithmException e) { throw new CertificateException("No such algorithm"); } catch (NoSuchProviderException e) { throw new CertificateException("No such provider"); } catch (SignatureException e) { throw new CertificateException("Wrong signature"); } } public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { throw new CertificateException("this trust manager cannot be used as server-side trust manager"); } } }; // Create SSL Context try { SSLContext sslContext = SSLContext.getInstance("TLS"); SecureRandom secureRandom = new SecureRandom(); sslContext.init(null, trustManager, secureRandom); LOG.debug("SSL context provider: " + sslContext.getProvider().getName()); // Setup TrustManager for validation Map<String, Object> requestContext = ((BindingProvider) this.port).getRequestContext(); requestContext.put("com.sun.xml.ws.transport.https.client.SSLSocketFactory", sslContext.getSocketFactory()); } catch (KeyManagementException e) { String msg = "key management error: " + e.getMessage(); LOG.error(msg, e); throw new RuntimeException(msg, e); } catch (NoSuchAlgorithmException e) { String msg = "TLS algo not present: " + e.getMessage(); LOG.error(msg, e); throw new RuntimeException(msg, e); } }
From source file:edu.uiuc.ncsa.myproxy.MyProxyLogon.java
/** * Connects to the MyProxy server at the desired host and port. Requires * host authentication via SSL. The host's certificate subject must * match the requested hostname. If CA certificates are found in the * standard GSI locations, they will be used to verify the server's * certificate. If trust roots are requested and no CA certificates are * found, the server's certificate will still be accepted. */// w ww .j ava 2s .c o m public void connect() throws IOException, GeneralSecurityException { try { SSLContext sc = SSLContext.getInstance("SSL"); MyTrustManager mtm = new MyTrustManager(getMlf(), getExistingTrustRootPath(), getServerDN()); mtm.setHost(hostLookup()); TrustManager[] trustAllCerts = new TrustManager[] { mtm }; sc.init(getKeyManagers(), trustAllCerts, new java.security.SecureRandom()); SSLSocketFactory sf = sc.getSocketFactory(); this.socket = (SSLSocket) sf.createSocket(this.hostLookup(), this.port); if (0 < getSocketTimeout()) { // NOTE that this is an integer that is used for milliseconds. socket.setSoTimeout((int) getSocketTimeout()); } this.socket.startHandshake(); this.socketIn = new BufferedInputStream(this.socket.getInputStream()); this.socketOut = new BufferedOutputStream(this.socket.getOutputStream()); this.state = State.CONNECTED; } catch (Throwable t) { handleException(t, getClass().getSimpleName() + " could not connect to the server, socket " + (this.socket == null ? "" : "not") + " created."); } }
From source file:guru.mmp.common.http.SecureHttpClientBuilder.java
private synchronized SSLConnectionSocketFactory getSSLConnectionSocketFactory() { if (sslSocketFactory == null) { try {/*from w w w.j a v a2s. c o m*/ SSLContext sslContext = SSLContext.getInstance("TLS"); // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { // Skip client verification step } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { if (serverValidationEnabled) { // TODO: Implement server certificate validation } } public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } } }; sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); sslSocketFactory = new SSLConnectionSocketFactory(sslContext.getSocketFactory(), new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession sslSession) { if (serverValidationEnabled) { // TODO: Implement proper verification of the server identity -- MARCUS } return true; // if (hostname.equalsIgnoreCase(sslSession.getPeerHost())) // { // return true; // } // else // { // logger.error("Failed to verify the SSL connection to the host (" // + hostname + ") which returned a certificate for the host (" + sslSession.getPeerHost() + ")"); // // return false; // } } }); } catch (Throwable e) { throw new RuntimeException("Failed to create the no-trust SSL socket factory", e); } } return sslSocketFactory; }
From source file:org.apache.nifi.processors.standard.InvokeHTTP.java
@OnScheduled public void setUpClient(final ProcessContext context) throws IOException { okHttpClientAtomicReference.set(null); OkHttpClient okHttpClient = new OkHttpClient(); // Add a proxy if set final String proxyHost = context.getProperty(PROP_PROXY_HOST).getValue(); final Integer proxyPort = context.getProperty(PROP_PROXY_PORT).asInteger(); if (proxyHost != null && proxyPort != null) { final Proxy proxy = new Proxy(Type.HTTP, new InetSocketAddress(proxyHost, proxyPort)); okHttpClient.setProxy(proxy);/*from ww w .ja v a 2 s. c o m*/ } // Set timeouts okHttpClient.setConnectTimeout( (context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()), TimeUnit.MILLISECONDS); okHttpClient.setReadTimeout( context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(), TimeUnit.MILLISECONDS); // Set whether to follow redirects okHttpClient.setFollowRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean()); final SSLContextService sslService = context.getProperty(PROP_SSL_CONTEXT_SERVICE) .asControllerService(SSLContextService.class); final SSLContext sslContext = sslService == null ? null : sslService.createSSLContext(ClientAuth.NONE); // check if the ssl context is set and add the factory if so if (sslContext != null) { okHttpClient.setSslSocketFactory(sslContext.getSocketFactory()); } // check the trusted hostname property and override the HostnameVerifier String trustedHostname = trimToEmpty(context.getProperty(PROP_TRUSTED_HOSTNAME).getValue()); if (!trustedHostname.isEmpty()) { okHttpClient.setHostnameVerifier( new OverrideHostnameVerifier(trustedHostname, okHttpClient.getHostnameVerifier())); } setAuthenticator(okHttpClient, context); useChunked = context.getProperty(PROP_USE_CHUNKED_ENCODING).asBoolean(); okHttpClientAtomicReference.set(okHttpClient); }