Example usage for javax.net.ssl SSLContext init

List of usage examples for javax.net.ssl SSLContext init

Introduction

In this page you can find the example usage for javax.net.ssl SSLContext init.

Prototype

public final void init(KeyManager[] km, TrustManager[] tm, SecureRandom random) throws KeyManagementException 

Source Link

Document

Initializes this context.

Usage

From source file:com.groupon.odo.bmp.BrowserMobProxyHandler.java

/**
 * Returns a OkHttpClient that ignores SSL cert errors
 * @return//from  w w w.jav  a 2s. c  o  m
 */
private static OkHttpClient getUnsafeOkHttpClient() {
    try {
        // Create a trust manager that does not validate certificate chains
        final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            @Override
            public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType)
                    throws CertificateException {
            }

            @Override
            public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType)
                    throws CertificateException {
            }

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        } };

        // Install the all-trusting trust manager
        final SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
        // Create an ssl socket factory with our all-trusting manager
        final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

        OkHttpClient okHttpClient = new OkHttpClient();
        okHttpClient.setSslSocketFactory(sslSocketFactory);
        okHttpClient.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });

        return okHttpClient;
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

From source file:com.zacwolf.commons.crypto._CRYPTOfactory.java

public static KeyStore addSiteTrustChain(final String sitehostname, final int httpsport,
        final KeyStore keystore, final char[] passphrase) throws KeyStoreException, NoSuchAlgorithmException,
        CertificateException, IOException, KeyManagementException {
    final SSLContext context = SSLContext.getInstance("TLS");
    final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(keystore);/*w  ww  .  ja va  2 s .  co m*/
    final X509TrustManager dtm = (X509TrustManager) tmf.getTrustManagers()[0];
    final MyTrustManager tm = new MyTrustManager(dtm);
    context.init(null, new TrustManager[] { tm }, null);
    final SSLSocketFactory factory = context.getSocketFactory();
    final SSLSocket socket = (SSLSocket) factory.createSocket(sitehostname, httpsport);
    socket.setSoTimeout(10000);
    try {
        System.out.println("Starting SSL handshake...");
        socket.startHandshake();
        socket.close();
        System.out.println("Certificate for server " + sitehostname + " is already trusted");
    } catch (SSLException e) {
        final X509Certificate[] chain = tm.chain;
        if (chain == null) {
            System.err.println("Could not obtain server certificate chain");
            return keystore;
        }
        System.out.println("Server sent " + chain.length + " certificate(s):");
        for (int i = 0; i < chain.length; i++) {
            final X509Certificate cert = chain[i];
            MessageDigest.getInstance("SHA1").update(cert.getEncoded());
            MessageDigest.getInstance("MD5").update(cert.getEncoded());
            final String alias = sitehostname + "-" + (i + 1);
            keystore.setCertificateEntry(alias, cert);
            System.out.println("Added certificate to keystore using alias '" + alias + "'");
        }
    }
    return keystore;
}

From source file:com.flipzu.flipzu.FlipInterface.java

/**
 * Trust every server - dont check for any certificate
 *//*from   w  w w .j av  a  2 s.c  o m*/
private static void trustAllHosts() {
    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return new java.security.cert.X509Certificate[] {};
        }

        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }
    } };

    // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
        Log.e(TAG, "trustAllHosts ERROR", e.getCause());
    }
}

From source file:com.apporiented.hermesftp.utils.SecurityUtil.java

/**
 * Create the security context required for SSL communication.
 * /*from   w ww .  j  a  v  a2 s  . c om*/
 * @param keyStoreFile The name of the keystore file.
 * @param keyStorePassword The password for the keystore.
 * @return The context.
 * @throws FtpConfigException Thrown on error in configuration.
 */
public static SSLContext createSslContext(String keyStoreFile, char[] keyStorePassword)
        throws FtpConfigException {
    SSLContext sslContext;
    try {
        /* Get keystore file and password */
        InputStream ksInputStream = getKeyStoreInputStream(keyStoreFile);

        /*
         * Get the java keystore object an key manager. A keystore is where keys and
         * certificates are kept.
         */
        KeyStore keystore = KeyStore.getInstance("JKS");
        keystore.load(ksInputStream, keyStorePassword);
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        kmf.init(keystore, keyStorePassword);

        /*
         * An SSLContext is an environment for implementing JSSE. It is used to create a
         * ServerSocketFactory
         */
        sslContext = SSLContext.getInstance("SSL");
        sslContext.init(kmf.getKeyManagers(), null, null);
    } catch (KeyManagementException e) {

        throw new SecurityException("A key management authorization problem occurred.");
    } catch (FileNotFoundException e) {
        throw new SecurityException("The key store file could not be found.");
    } catch (KeyStoreException e) {
        throw new SecurityException("A key store problem occurred.");
    } catch (NoSuchAlgorithmException e) {
        throw new SecurityException("The hash algorithm is not supported.");
    } catch (CertificateException e) {
        throw new SecurityException("Certificate could not be loaded.");
    } catch (UnrecoverableKeyException e) {
        throw new SecurityException("Key store cannot be recovered.");
    } catch (IOException e) {
        throw new SecurityException("Reading the key store failed.");
    }
    return sslContext;
}

From source file:org.infinispan.server.test.rest.security.RESTCertSecurityTest.java

public static CloseableHttpClient securedClient(String alias) {
    try {//from  w ww  .  j  a v  a 2 s  .  c  om
        SSLContext ctx = SSLContext.getInstance("TLS");
        JBossJSSESecurityDomain jsseSecurityDomain = new JBossJSSESecurityDomain("client_cert_auth");
        jsseSecurityDomain.setKeyStorePassword("changeit");
        ClassLoader tccl = Thread.currentThread().getContextClassLoader();
        URL keystore = tccl.getResource("client.keystore");
        jsseSecurityDomain.setKeyStoreURL(keystore.getPath());
        jsseSecurityDomain.setClientAlias(alias);
        jsseSecurityDomain.reloadKeyAndTrustStore();
        KeyManager[] keyManagers = jsseSecurityDomain.getKeyManagers();
        TrustManager[] trustManagers = jsseSecurityDomain.getTrustManagers();
        ctx.init(keyManagers, trustManagers, null);
        X509HostnameVerifier verifier = new X509HostnameVerifier() {

            @Override
            public void verify(String s, SSLSocket sslSocket) throws IOException {
            }

            @Override
            public void verify(String s, X509Certificate x509Certificate) throws SSLException {
            }

            @Override
            public void verify(String s, String[] strings, String[] strings1) throws SSLException {
            }

            @Override
            public boolean verify(String string, SSLSession ssls) {
                return true;
            }
        };
        ConnectionSocketFactory sslssf = new SSLConnectionSocketFactory(ctx, verifier);//SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ConnectionSocketFactory plainsf = new PlainConnectionSocketFactory();
        Registry<ConnectionSocketFactory> sr = RegistryBuilder.<ConnectionSocketFactory>create()
                .register("http", plainsf).register("https", sslssf).build();
        HttpClientConnectionManager pcm = new PoolingHttpClientConnectionManager(sr);
        CloseableHttpClient httpClient = HttpClients.custom().setConnectionManager(pcm).build();

        return httpClient;
    } catch (Exception ex) {
        ex.printStackTrace();
        return null;
    }
}

From source file:org.jboss.as.test.integration.web.security.WebSecurityCERTTestCase.java

public static HttpClient wrapClient(HttpClient base, String alias) {
    try {/*from  w w w . j av  a 2  s . com*/
        SSLContext ctx = SSLContext.getInstance("TLS");
        JBossJSSESecurityDomain jsseSecurityDomain = new JBossJSSESecurityDomain("client-cert");
        jsseSecurityDomain.setKeyStorePassword("changeit");
        ClassLoader tccl = Thread.currentThread().getContextClassLoader();
        URL keystore = tccl.getResource("security/client.keystore");
        jsseSecurityDomain.setKeyStoreURL(keystore.getPath());
        jsseSecurityDomain.setClientAlias(alias);
        jsseSecurityDomain.reloadKeyAndTrustStore();
        KeyManager[] keyManagers = jsseSecurityDomain.getKeyManagers();
        TrustManager[] trustManagers = jsseSecurityDomain.getTrustManagers();
        ctx.init(keyManagers, trustManagers, null);
        SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ClientConnectionManager ccm = base.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", 8380, ssf));
        return new DefaultHttpClient(ccm, base.getParams());
    } catch (Exception ex) {
        ex.printStackTrace();
        return null;
    }
}

From source file:jetbrains.buildServer.vmgr.agent.Utils.java

private static SSLSocketFactory getSocketFactory() throws NoSuchAlgorithmException, KeyManagementException {
    SSLContext sslContext = SSLContext.getInstance("TLS");
    TrustManager tm = new X509TrustManager() {
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }// w  ww .  j  av  a 2s  .  com

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    };
    sslContext.init(null, new TrustManager[] { tm }, null);
    return sslContext.getSocketFactory();
}

From source file:at.alladin.rmbt.client.RMBTClient.java

public static SSLContext getSSLContext(final String caResource, final String certResource)
        throws NoSuchAlgorithmException, KeyManagementException {
    X509Certificate _ca = null;/*from   w  w w . j  a  va2 s .c om*/
    try {
        if (caResource != null) {
            final CertificateFactory cf = CertificateFactory.getInstance("X.509");
            _ca = (X509Certificate) cf
                    .generateCertificate(RMBTClient.class.getClassLoader().getResourceAsStream(caResource));
        }
    } catch (final Exception e) {
        e.printStackTrace();
    }

    final X509Certificate ca = _ca;

    X509Certificate _cert = null;
    try {
        if (certResource != null) {
            final CertificateFactory cf = CertificateFactory.getInstance("X.509");
            _cert = (X509Certificate) cf
                    .generateCertificate(RMBTClient.class.getClassLoader().getResourceAsStream(certResource));
        }
    } catch (final Exception e) {
        e.printStackTrace();
    }
    final X509Certificate cert = _cert;

    // TrustManagerFactory tmf = null;
    // try
    // {
    // if (cert != null)
    // {
    // final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    // ks.load(null, null);
    // ks.setCertificateEntry("crt", cert);
    //
    // tmf =
    // TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    // tmf.init(ks);
    // }
    // }
    // catch (Exception e)
    // {
    // e.printStackTrace();
    // }

    final TrustManager tm;
    if (cert == null)
        tm = getTrustingManager();
    else
        tm = new javax.net.ssl.X509TrustManager() {
            public X509Certificate[] getAcceptedIssuers() {
                // System.out.println("getAcceptedIssuers");
                if (ca == null)
                    return new X509Certificate[] { cert };
                else
                    return new X509Certificate[] { ca };
            }

            public void checkClientTrusted(final X509Certificate[] certs, final String authType)
                    throws CertificateException {
                // System.out.println("checkClientTrusted: " +
                // Arrays.toString(certs) + " - " + authType);
            }

            public void checkServerTrusted(final X509Certificate[] certs, final String authType)
                    throws CertificateException {
                // System.out.println("checkServerTrusted: " +
                // Arrays.toString(certs) + " - " + authType);
                if (certs == null)
                    throw new CertificateException();
                for (final X509Certificate c : certs)
                    if (cert.equals(c))
                        return;
                throw new CertificateException();
            }
        };

    final TrustManager[] trustManagers = new TrustManager[] { tm };

    javax.net.ssl.SSLContext sc;
    sc = javax.net.ssl.SSLContext.getInstance(Config.RMBT_ENCRYPTION_STRING);

    sc.init(null, trustManagers, new java.security.SecureRandom());
    return sc;
}

From source file:com.vmware.vchs.publicapi.samples.HttpUtils.java

/**
 * This method returns an HttpClient instance wrapped to trust all HTTPS certificates.
 * /*from  ww  w.  java  2s . c  o m*/
 * @return HttpClient a new instance of HttpClient
 */
static HttpClient createHttpClient() {
    HttpClient base = new DefaultHttpClient();

    try {
        SSLContext ctx = SSLContext.getInstance("TLS");

        // WARNING: This creates a TrustManager that trusts all certificates and should not be used in production code.
        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override
            public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
            }

            @Override
            public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
            }
        } };

        ctx.init(null, trustAllCerts, null);
        SSLSocketFactory ssf = new SSLSocketFactory(ctx);
        ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ClientConnectionManager ccm = base.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", 443, ssf));

        return new DefaultHttpClient(ccm, base.getParams());
    } catch (Exception ex) {
        ex.printStackTrace();
        return null;
    }
}

From source file:org.dataconservancy.archive.impl.fcrepo.ri.MultiThreadedHttpClient.java

private static SSLSocketFactory createSSLSocketFactory(boolean skipSSLTrustCheck,
        boolean skipSSLHostnameVerification) {
    SSLContext sslContext = null;
    try {/*from   w  w w. ja v a2  s.com*/
        if (skipSSLTrustCheck) {
            sslContext = SSLContext.getInstance("TLS");
            TrustManager easyTrustManager = new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] chain, String authType)
                        throws CertificateException {
                    // Oh, I am easy!
                }

                @Override
                public void checkServerTrusted(X509Certificate[] chain, String authType)
                        throws CertificateException {
                    // Oh, I am easy!
                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            };
            sslContext.init(null, new TrustManager[] { easyTrustManager }, null);
        } else {
            sslContext = SSLContext.getDefault();
        }
    } catch (KeyManagementException wontHappen) {
        throw new RuntimeException(wontHappen);
    } catch (NoSuchAlgorithmException wontHappen) {
        throw new RuntimeException(wontHappen);
    }
    SSLSocketFactory factory = new SSLSocketFactory(sslContext);
    if (skipSSLHostnameVerification) {
        factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
    }
    return factory;
}