List of usage examples for javax.net.ssl SSLContext setDefault
public static void setDefault(SSLContext context)
From source file:jp.co.cyberagent.jenkins.plugins.AndroidAppZonePublisher.java
private void setUpSsl() { // TODO maybe have setting or given certificate to check with. try {/*from ww w. j a va 2s .c om*/ SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager() }, new SecureRandom()); SSLContext.setDefault(ctx); } catch (Exception e) { e.printStackTrace(); } }
From source file:org.apache.solr.cloud.TestMiniSolrCloudClusterSSL.java
/** * Constructs a cluster with the specified sslConfigs, runs {@link #checkClusterWithCollectionCreations}, * then verifies that if we modify the default SSLContext (mimicing <code>javax.net.ssl.*</code> * sysprops set on JVM startup) and reset to the default HttpClientBuilder, new HttpSolrClient instances * will still be able to talk to our servers. * * @see SSLContext#setDefault/*from ww w. j a v a 2s . c o m*/ * @see HttpClientUtil#resetHttpClientBuilder * @see #checkClusterWithCollectionCreations */ private void checkClusterWithNodeReplacement(SSLTestConfig sslConfig) throws Exception { final JettyConfig config = JettyConfig.builder().withSSLConfig(sslConfig).build(); final MiniSolrCloudCluster cluster = new MiniSolrCloudCluster(NUM_SERVERS, createTempDir(), config); try { checkClusterWithCollectionCreations(cluster, sslConfig); // Change the defaul SSLContext to match our test config, or to match our original system default if // our test config doesn't use SSL, and reset HttpClientUtil to it's defaults so it picks up our // SSLContext that way. SSLContext.setDefault(sslConfig.isSSLMode() ? sslConfig.buildClientSSLContext() : DEFAULT_SSL_CONTEXT); HttpClientUtil.resetHttpClientBuilder(); // recheck that we can communicate with all the jetty instances in our cluster checkClusterJettys(cluster, sslConfig); } finally { cluster.shutdown(); } }
From source file:eu.europa.ec.markt.dss.validation102853.https.CommonDataLoader.java
private RegistryBuilder<ConnectionSocketFactory> setConnectionManagerSchemeHttps( RegistryBuilder<ConnectionSocketFactory> socketFactoryRegistryBuilder) throws DSSException { try {//from w w w . ja v a2s. c om SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager() }, new SecureRandom()); SSLContext.setDefault(sslContext); final SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory( sslContext); return socketFactoryRegistryBuilder.register("https", sslConnectionSocketFactory); } catch (Exception e) { throw new DSSException(e); } }
From source file:org.apache.stratos.adc.mgt.cli.CommandLineService.java
public boolean login(String serverURL, String username, String password, boolean validateLogin) throws CommandException { try {//www .j a va2 s . co m // Following code will avoid validating certificate SSLContext sc; // Get SSL context sc = SSLContext.getInstance("SSL"); // Create empty HostnameVerifier HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String urlHostName, SSLSession session) { return true; } }; // Create a trust manager that does not validate certificate // chains TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; sc.init(null, trustAllCerts, new java.security.SecureRandom()); SSLContext.setDefault(sc); HttpsURLConnection.setDefaultHostnameVerifier(hv); } catch (Exception e) { throw new RuntimeException("Error while authentication process!", e); } // Initialize Service Stub try { initializeApplicationManagementStub(serverURL, username, password); } catch (AxisFault e) { System.out.println("Error connecting to the back-end"); throw new CommandException(e); } try { if (validateLogin) { String tenantDomain = stub.getTenantDomain(); if (logger.isDebugEnabled()) { logger.debug("Tenant Domain {}", tenantDomain); } return (tenantDomain != null); } else { // Just return true as we don't need to validate return true; } } catch (RemoteException e) { System.out.println("Authentication failed!"); throw new CommandException(e); } }
From source file:org.wso2.carbon.identity.application.authentication.endpoint.util.TenantMgtAdminServiceClient.java
/** * Create basic SSL connection factory/*w w w . j a va 2s.c o m*/ * * @throws AuthenticationException */ public static void initMutualSSLConnection(boolean hostNameVerificationEnabled) throws AuthenticationException { try { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyManagerType); keyManagerFactory.init(keyStore, keyStorePassword); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerType); trustManagerFactory.init(trustStore); // Create and initialize SSLContext for HTTPS communication SSLContext sslContext = SSLContext.getInstance(protocol); if (hostNameVerificationEnabled) { sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); sslSocketFactory = sslContext.getSocketFactory(); if (log.isDebugEnabled()) { log.debug("Mutual SSL Client initialized with Hostname Verification enabled"); } } else { // All the code below is to overcome host name verification failure we get in certificate // validation due to self signed certificate. // Create empty HostnameVerifier HostnameVerifier hv = new HostnameVerifier() { @Override public boolean verify(String urlHostName, SSLSession session) { return true; } }; // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[0]; } @Override public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { /* skipped implementation */ } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { /* skipped implementation */ } } }; sslContext.init(keyManagerFactory.getKeyManagers(), trustAllCerts, new java.security.SecureRandom()); if (log.isDebugEnabled()) { log.debug("SSL Context is initialized with trust manager for excluding certificate validation"); } SSLContext.setDefault(sslContext); sslSocketFactory = sslContext.getSocketFactory(); HttpsURLConnection.setDefaultHostnameVerifier(hv); if (log.isDebugEnabled()) { log.debug("Mutual SSL Client initialized with Hostname Verification disabled"); } } } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { throw new AuthenticationException("Error while trying to load Trust Store.", e); } }
From source file:com.cisco.oss.foundation.http.apache.ApacheHttpClient.java
@Override protected void configureClient() { RequestConfig.Builder requestBuilder = RequestConfig.custom(); requestBuilder = requestBuilder.setConnectTimeout(metadata.getConnectTimeout()); requestBuilder = requestBuilder.setSocketTimeout(metadata.getReadTimeout()); requestBuilder = requestBuilder.setStaleConnectionCheckEnabled(metadata.isStaleConnectionCheckEnabled()); RequestConfig requestConfig = requestBuilder.build(); boolean addSslSupport = StringUtils.isNotEmpty(metadata.getKeyStorePath()) && StringUtils.isNotEmpty(metadata.getKeyStorePassword()); boolean addTrustSupport = StringUtils.isNotEmpty(metadata.getTrustStorePath()) && StringUtils.isNotEmpty(metadata.getTrustStorePassword()); autoCloseable = metadata.isAutoCloseable(); HttpClientBuilder httpClientBuilder = HttpClientBuilder.create(); SSLContext sslContext = null; try {/*from w w w . j a v a 2 s .com*/ String keystoreType = "JKS"; if (addSslSupport && addTrustSupport) { KeyStore keyStore = KeyStore.getInstance(keystoreType); keyStore.load(new FileInputStream(metadata.getKeyStorePath()), metadata.getKeyStorePassword().toCharArray()); KeyStore trustStore = KeyStore.getInstance(keystoreType); trustStore.load(new FileInputStream(metadata.getTrustStorePath()), metadata.getTrustStorePassword().toCharArray()); sslContext = SSLContexts.custom().useProtocol("TLS") .loadKeyMaterial(keyStore, metadata.getKeyStorePassword().toCharArray()) .loadTrustMaterial(trustStore, null).build(); } else if (addSslSupport) { TrustManagerFactory tmf = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore keyStore = KeyStore.getInstance(keystoreType); keyStore.load(new FileInputStream(metadata.getKeyStorePath()), metadata.getKeyStorePassword().toCharArray()); tmf.init(keyStore); sslContext = SSLContexts.custom().useProtocol("SSL") .loadKeyMaterial(keyStore, metadata.getKeyStorePassword().toCharArray()).build(); sslContext.init(null, tmf.getTrustManagers(), null); SSLConnectionSocketFactory sf = new SSLConnectionSocketFactory(sslContext, hostnameVerifier); httpClientBuilder.setSSLSocketFactory(sf); } else if (addTrustSupport) { KeyStore trustStore = KeyStore.getInstance(keystoreType); trustStore.load(new FileInputStream(metadata.getTrustStorePath()), metadata.getTrustStorePassword().toCharArray()); sslContext = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(trustStore, null).build(); } if (addSslSupport | addTrustSupport) { SSLContext.setDefault(sslContext); httpClientBuilder.setSslcontext(sslContext); } } catch (Exception e) { LOGGER.error("can't set TLS Support. Error is: {}", e, e); } httpClientBuilder.setMaxConnPerRoute(metadata.getMaxConnectionsPerAddress()) .setMaxConnTotal(metadata.getMaxConnectionsTotal()).setDefaultRequestConfig(requestConfig) .evictExpiredConnections().evictIdleConnections(metadata.getIdleTimeout(), TimeUnit.MILLISECONDS) .setKeepAliveStrategy(new InfraConnectionKeepAliveStrategy(metadata.getIdleTimeout())); HttpAsyncClientBuilder httpAsyncClientBuilder = HttpAsyncClients.custom(); httpAsyncClientBuilder.setDefaultRequestConfig(requestConfig) .setMaxConnPerRoute(metadata.getMaxConnectionsPerAddress()) .setMaxConnTotal(metadata.getMaxConnectionsTotal()) .setKeepAliveStrategy(new InfraConnectionKeepAliveStrategy(metadata.getIdleTimeout())) .setSSLContext(sslContext); if (metadata.isDisableCookies()) { httpClientBuilder.disableCookieManagement(); httpAsyncClientBuilder.disableCookieManagement(); } if (hostnameVerifier != null) { httpClientBuilder.setSSLHostnameVerifier(hostnameVerifier); httpAsyncClientBuilder.setSSLHostnameVerifier(hostnameVerifier); } if (!followRedirects) { httpClientBuilder.disableRedirectHandling(); } httpClient = httpClientBuilder.build(); httpAsyncClient = httpAsyncClientBuilder.build(); httpAsyncClient.start(); }
From source file:net.sf.taverna.t2.security.credentialmanager.impl.HTTPSConnectionAndTrustConfirmationIT.java
@After // Clean up the credentialManagerDirectory we created for testing public void cleanUp() throws NoSuchAlgorithmException, KeyManagementException, NoSuchProviderException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException { // assertTrue(credentialManagerDirectory.exists()); // assertFalse(credentialManagerDirectory.listFiles().length == 0); // something was created there if (credentialManagerDirectory.exists()) { try {/* w w w . ja v a 2 s . c o m*/ FileUtils.deleteDirectory(credentialManagerDirectory); System.out.println( "Deleting Credential Manager's directory: " + credentialManagerDirectory.getAbsolutePath()); } catch (IOException e) { System.out.println(e.getStackTrace()); } } // Reset the SSLSocketFactory in JVM so we always have a clean start SSLContext sc = null; sc = SSLContext.getInstance("SSLv3"); // Create a "default" JSSE X509KeyManager. KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509", "SunJSSE"); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, null); kmf.init(ks, "blah".toCharArray()); // Create a "default" JSSE X509TrustManager. TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509", "SunJSSE"); KeyStore ts = KeyStore.getInstance("JKS"); ts.load(null, null); tmf.init(ts); sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); SSLContext.setDefault(sc); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); }
From source file:ch.lipsch.subsonic4j.internal.SubsonicServiceImpl.java
private synchronized void allowUntrustedCerts() throws KeyManagementException, NoSuchAlgorithmException { SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager() }, new SecureRandom()); SSLContext.setDefault(ctx); HostnameVerifier hv = new HostnameVerifier() { @Override/* www . j av a 2 s. c o m*/ public boolean verify(String hostname, SSLSession session) { return true; } }; defaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier(); HttpsURLConnection.setDefaultHostnameVerifier(hv); }
From source file:com.framework.testcase.testrail.APIClient.java
public static void ignoreCert() { try {//w w w. j a va2 s . c o m SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager() }, new SecureRandom()); SSLContext.setDefault(ctx); } catch (Exception e) { e.printStackTrace(); } }