List of usage examples for javax.net.ssl SSLContext init
public final void init(KeyManager[] km, TrustManager[] tm, SecureRandom random) throws KeyManagementException
From source file:com.groupon.odo.bmp.BrowserMobProxyHandler.java
/** * Returns a OkHttpClient that ignores SSL cert errors * @return//from w w w.jav a 2s. c o m */ private static OkHttpClient getUnsafeOkHttpClient() { try { // Create a trust manager that does not validate certificate chains final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } } }; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); // Create an ssl socket factory with our all-trusting manager final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); OkHttpClient okHttpClient = new OkHttpClient(); okHttpClient.setSslSocketFactory(sslSocketFactory); okHttpClient.setHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); return okHttpClient; } catch (Exception e) { throw new RuntimeException(e); } }
From source file:com.zacwolf.commons.crypto._CRYPTOfactory.java
public static KeyStore addSiteTrustChain(final String sitehostname, final int httpsport, final KeyStore keystore, final char[] passphrase) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, KeyManagementException { final SSLContext context = SSLContext.getInstance("TLS"); final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keystore);/*w ww . ja va 2 s . co m*/ final X509TrustManager dtm = (X509TrustManager) tmf.getTrustManagers()[0]; final MyTrustManager tm = new MyTrustManager(dtm); context.init(null, new TrustManager[] { tm }, null); final SSLSocketFactory factory = context.getSocketFactory(); final SSLSocket socket = (SSLSocket) factory.createSocket(sitehostname, httpsport); socket.setSoTimeout(10000); try { System.out.println("Starting SSL handshake..."); socket.startHandshake(); socket.close(); System.out.println("Certificate for server " + sitehostname + " is already trusted"); } catch (SSLException e) { final X509Certificate[] chain = tm.chain; if (chain == null) { System.err.println("Could not obtain server certificate chain"); return keystore; } System.out.println("Server sent " + chain.length + " certificate(s):"); for (int i = 0; i < chain.length; i++) { final X509Certificate cert = chain[i]; MessageDigest.getInstance("SHA1").update(cert.getEncoded()); MessageDigest.getInstance("MD5").update(cert.getEncoded()); final String alias = sitehostname + "-" + (i + 1); keystore.setCertificateEntry(alias, cert); System.out.println("Added certificate to keystore using alias '" + alias + "'"); } } return keystore; }
From source file:com.flipzu.flipzu.FlipInterface.java
/** * Trust every server - dont check for any certificate *//*from w w w .j av a 2 s.c o m*/ private static void trustAllHosts() { // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[] {}; } public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } } }; // Install the all-trusting trust manager try { SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (Exception e) { Log.e(TAG, "trustAllHosts ERROR", e.getCause()); } }
From source file:com.apporiented.hermesftp.utils.SecurityUtil.java
/** * Create the security context required for SSL communication. * /*from w ww . j a v a2 s . c om*/ * @param keyStoreFile The name of the keystore file. * @param keyStorePassword The password for the keystore. * @return The context. * @throws FtpConfigException Thrown on error in configuration. */ public static SSLContext createSslContext(String keyStoreFile, char[] keyStorePassword) throws FtpConfigException { SSLContext sslContext; try { /* Get keystore file and password */ InputStream ksInputStream = getKeyStoreInputStream(keyStoreFile); /* * Get the java keystore object an key manager. A keystore is where keys and * certificates are kept. */ KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(ksInputStream, keyStorePassword); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(keystore, keyStorePassword); /* * An SSLContext is an environment for implementing JSSE. It is used to create a * ServerSocketFactory */ sslContext = SSLContext.getInstance("SSL"); sslContext.init(kmf.getKeyManagers(), null, null); } catch (KeyManagementException e) { throw new SecurityException("A key management authorization problem occurred."); } catch (FileNotFoundException e) { throw new SecurityException("The key store file could not be found."); } catch (KeyStoreException e) { throw new SecurityException("A key store problem occurred."); } catch (NoSuchAlgorithmException e) { throw new SecurityException("The hash algorithm is not supported."); } catch (CertificateException e) { throw new SecurityException("Certificate could not be loaded."); } catch (UnrecoverableKeyException e) { throw new SecurityException("Key store cannot be recovered."); } catch (IOException e) { throw new SecurityException("Reading the key store failed."); } return sslContext; }
From source file:org.infinispan.server.test.rest.security.RESTCertSecurityTest.java
public static CloseableHttpClient securedClient(String alias) { try {//from w ww . j a v a 2 s . c om SSLContext ctx = SSLContext.getInstance("TLS"); JBossJSSESecurityDomain jsseSecurityDomain = new JBossJSSESecurityDomain("client_cert_auth"); jsseSecurityDomain.setKeyStorePassword("changeit"); ClassLoader tccl = Thread.currentThread().getContextClassLoader(); URL keystore = tccl.getResource("client.keystore"); jsseSecurityDomain.setKeyStoreURL(keystore.getPath()); jsseSecurityDomain.setClientAlias(alias); jsseSecurityDomain.reloadKeyAndTrustStore(); KeyManager[] keyManagers = jsseSecurityDomain.getKeyManagers(); TrustManager[] trustManagers = jsseSecurityDomain.getTrustManagers(); ctx.init(keyManagers, trustManagers, null); X509HostnameVerifier verifier = new X509HostnameVerifier() { @Override public void verify(String s, SSLSocket sslSocket) throws IOException { } @Override public void verify(String s, X509Certificate x509Certificate) throws SSLException { } @Override public void verify(String s, String[] strings, String[] strings1) throws SSLException { } @Override public boolean verify(String string, SSLSession ssls) { return true; } }; ConnectionSocketFactory sslssf = new SSLConnectionSocketFactory(ctx, verifier);//SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); ConnectionSocketFactory plainsf = new PlainConnectionSocketFactory(); Registry<ConnectionSocketFactory> sr = RegistryBuilder.<ConnectionSocketFactory>create() .register("http", plainsf).register("https", sslssf).build(); HttpClientConnectionManager pcm = new PoolingHttpClientConnectionManager(sr); CloseableHttpClient httpClient = HttpClients.custom().setConnectionManager(pcm).build(); return httpClient; } catch (Exception ex) { ex.printStackTrace(); return null; } }
From source file:org.jboss.as.test.integration.web.security.WebSecurityCERTTestCase.java
public static HttpClient wrapClient(HttpClient base, String alias) { try {/*from w w w . j av a 2 s . com*/ SSLContext ctx = SSLContext.getInstance("TLS"); JBossJSSESecurityDomain jsseSecurityDomain = new JBossJSSESecurityDomain("client-cert"); jsseSecurityDomain.setKeyStorePassword("changeit"); ClassLoader tccl = Thread.currentThread().getContextClassLoader(); URL keystore = tccl.getResource("security/client.keystore"); jsseSecurityDomain.setKeyStoreURL(keystore.getPath()); jsseSecurityDomain.setClientAlias(alias); jsseSecurityDomain.reloadKeyAndTrustStore(); KeyManager[] keyManagers = jsseSecurityDomain.getKeyManagers(); TrustManager[] trustManagers = jsseSecurityDomain.getTrustManagers(); ctx.init(keyManagers, trustManagers, null); SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); ClientConnectionManager ccm = base.getConnectionManager(); SchemeRegistry sr = ccm.getSchemeRegistry(); sr.register(new Scheme("https", 8380, ssf)); return new DefaultHttpClient(ccm, base.getParams()); } catch (Exception ex) { ex.printStackTrace(); return null; } }
From source file:jetbrains.buildServer.vmgr.agent.Utils.java
private static SSLSocketFactory getSocketFactory() throws NoSuchAlgorithmException, KeyManagementException { SSLContext sslContext = SSLContext.getInstance("TLS"); TrustManager tm = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { }// w ww . j av a 2s . com public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return null; } }; sslContext.init(null, new TrustManager[] { tm }, null); return sslContext.getSocketFactory(); }
From source file:at.alladin.rmbt.client.RMBTClient.java
public static SSLContext getSSLContext(final String caResource, final String certResource) throws NoSuchAlgorithmException, KeyManagementException { X509Certificate _ca = null;/*from w w w . j a va2 s .c om*/ try { if (caResource != null) { final CertificateFactory cf = CertificateFactory.getInstance("X.509"); _ca = (X509Certificate) cf .generateCertificate(RMBTClient.class.getClassLoader().getResourceAsStream(caResource)); } } catch (final Exception e) { e.printStackTrace(); } final X509Certificate ca = _ca; X509Certificate _cert = null; try { if (certResource != null) { final CertificateFactory cf = CertificateFactory.getInstance("X.509"); _cert = (X509Certificate) cf .generateCertificate(RMBTClient.class.getClassLoader().getResourceAsStream(certResource)); } } catch (final Exception e) { e.printStackTrace(); } final X509Certificate cert = _cert; // TrustManagerFactory tmf = null; // try // { // if (cert != null) // { // final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); // ks.load(null, null); // ks.setCertificateEntry("crt", cert); // // tmf = // TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); // tmf.init(ks); // } // } // catch (Exception e) // { // e.printStackTrace(); // } final TrustManager tm; if (cert == null) tm = getTrustingManager(); else tm = new javax.net.ssl.X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { // System.out.println("getAcceptedIssuers"); if (ca == null) return new X509Certificate[] { cert }; else return new X509Certificate[] { ca }; } public void checkClientTrusted(final X509Certificate[] certs, final String authType) throws CertificateException { // System.out.println("checkClientTrusted: " + // Arrays.toString(certs) + " - " + authType); } public void checkServerTrusted(final X509Certificate[] certs, final String authType) throws CertificateException { // System.out.println("checkServerTrusted: " + // Arrays.toString(certs) + " - " + authType); if (certs == null) throw new CertificateException(); for (final X509Certificate c : certs) if (cert.equals(c)) return; throw new CertificateException(); } }; final TrustManager[] trustManagers = new TrustManager[] { tm }; javax.net.ssl.SSLContext sc; sc = javax.net.ssl.SSLContext.getInstance(Config.RMBT_ENCRYPTION_STRING); sc.init(null, trustManagers, new java.security.SecureRandom()); return sc; }
From source file:com.vmware.vchs.publicapi.samples.HttpUtils.java
/** * This method returns an HttpClient instance wrapped to trust all HTTPS certificates. * /*from ww w. java 2s . c o m*/ * @return HttpClient a new instance of HttpClient */ static HttpClient createHttpClient() { HttpClient base = new DefaultHttpClient(); try { SSLContext ctx = SSLContext.getInstance("TLS"); // WARNING: This creates a TrustManager that trusts all certificates and should not be used in production code. TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } @Override public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; ctx.init(null, trustAllCerts, null); SSLSocketFactory ssf = new SSLSocketFactory(ctx); ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); ClientConnectionManager ccm = base.getConnectionManager(); SchemeRegistry sr = ccm.getSchemeRegistry(); sr.register(new Scheme("https", 443, ssf)); return new DefaultHttpClient(ccm, base.getParams()); } catch (Exception ex) { ex.printStackTrace(); return null; } }
From source file:org.dataconservancy.archive.impl.fcrepo.ri.MultiThreadedHttpClient.java
private static SSLSocketFactory createSSLSocketFactory(boolean skipSSLTrustCheck, boolean skipSSLHostnameVerification) { SSLContext sslContext = null; try {/*from w w w. ja v a2 s.com*/ if (skipSSLTrustCheck) { sslContext = SSLContext.getInstance("TLS"); TrustManager easyTrustManager = new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { // Oh, I am easy! } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { // Oh, I am easy! } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; sslContext.init(null, new TrustManager[] { easyTrustManager }, null); } else { sslContext = SSLContext.getDefault(); } } catch (KeyManagementException wontHappen) { throw new RuntimeException(wontHappen); } catch (NoSuchAlgorithmException wontHappen) { throw new RuntimeException(wontHappen); } SSLSocketFactory factory = new SSLSocketFactory(sslContext); if (skipSSLHostnameVerification) { factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); } return factory; }