List of usage examples for javax.net.ssl SSLSocket getNeedClientAuth
public abstract boolean getNeedClientAuth();
From source file:net.lightbody.bmp.proxy.jetty.http.ClientCertAuthenticator.java
/** * @return UserPrinciple if authenticated or null if not. If * Authentication fails, then the authenticator may have committed * the response as an auth challenge or redirect. * @exception IOException /*from w w w.j a v a 2s . co m*/ */ public Principal authenticate(UserRealm realm, String pathInContext, HttpRequest request, HttpResponse response) throws IOException { java.security.cert.X509Certificate[] certs = (java.security.cert.X509Certificate[]) request .getAttribute("javax.servlet.request.X509Certificate"); if (response != null && (certs == null || certs.length == 0 || certs[0] == null)) { // No certs available so lets try and force the issue // Get the SSLSocket Object s = HttpConnection.getHttpConnection().getConnection(); if (!(s instanceof SSLSocket)) return null; SSLSocket socket = (SSLSocket) s; if (!socket.getNeedClientAuth()) { // Need to re-handshake socket.setNeedClientAuth(true); socket.startHandshake(); // Need to wait here - but not forever. The Handshake // Listener API does not look like a good option to // avoid waiting forever. So we will take a slightly // busy timelimited approach. For now: for (int i = (_maxHandShakeSeconds * 4); i-- > 0;) { certs = (java.security.cert.X509Certificate[]) request .getAttribute("javax.servlet.request.X509Certificate"); if (certs != null && certs.length > 0 && certs[0] != null) break; try { Thread.sleep(250); } catch (Exception e) { break; } } } } if (certs == null || certs.length == 0 || certs[0] == null) return null; Principal principal = certs[0].getSubjectDN(); if (principal == null) principal = certs[0].getIssuerDN(); String username = principal == null ? "clientcert" : principal.getName(); Principal user = realm.authenticate(username, certs, request); request.setAuthType(SecurityConstraint.__CERT_AUTH); if (user != null) request.setAuthUser(user.getName()); request.setUserPrincipal(user); return user; }
From source file:org.apache.camel.component.file.remote.FtpsEndpoint.java
/** * Create the FTPS client.//from w w w. jav a 2 s . c o m */ protected FTPClient createFtpClient() throws Exception { FTPSClient client = null; if (sslContextParameters != null) { SSLContext context = sslContextParameters.createSSLContext(); client = new FTPSClient(getFtpsConfiguration().isImplicit(), context); // The FTPSClient tries to manage the following SSLSocket related configuration options // on its own based on internal configuration options. FTPSClient does not lend itself // to subclassing for the purpose of overriding this behavior (private methods, fields, etc.). // As such, we create a socket (preconfigured by SSLContextParameters) from the context // we gave to FTPSClient and then setup FTPSClient to reuse the already configured configuration // from the socket for all future sockets it creates. Not sexy and a little brittle, but it works. SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); client.setEnabledCipherSuites(socket.getEnabledCipherSuites()); client.setEnabledProtocols(socket.getEnabledProtocols()); client.setNeedClientAuth(socket.getNeedClientAuth()); client.setWantClientAuth(socket.getWantClientAuth()); client.setEnabledSessionCreation(socket.getEnableSessionCreation()); } else { client = new FTPSClient(getFtpsConfiguration().getSecurityProtocol(), getFtpsConfiguration().isImplicit()); if (ftpClientKeyStoreParameters != null) { String type = (ftpClientKeyStoreParameters.containsKey("type")) ? (String) ftpClientKeyStoreParameters.get("type") : KeyStore.getDefaultType(); String file = (String) ftpClientKeyStoreParameters.get("file"); String password = (String) ftpClientKeyStoreParameters.get("password"); String algorithm = (ftpClientKeyStoreParameters.containsKey("algorithm")) ? (String) ftpClientKeyStoreParameters.get("algorithm") : KeyManagerFactory.getDefaultAlgorithm(); String keyPassword = (String) ftpClientKeyStoreParameters.get("keyPassword"); KeyStore keyStore = KeyStore.getInstance(type); FileInputStream keyStoreFileInputStream = new FileInputStream(new File(file)); try { keyStore.load(keyStoreFileInputStream, password.toCharArray()); } finally { IOHelper.close(keyStoreFileInputStream, "keyStore", log); } KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(algorithm); keyMgrFactory.init(keyStore, keyPassword.toCharArray()); client.setNeedClientAuth(true); client.setKeyManager(keyMgrFactory.getKeyManagers()[0]); } if (ftpClientTrustStoreParameters != null) { String type = (ftpClientTrustStoreParameters.containsKey("type")) ? (String) ftpClientTrustStoreParameters.get("type") : KeyStore.getDefaultType(); String file = (String) ftpClientTrustStoreParameters.get("file"); String password = (String) ftpClientTrustStoreParameters.get("password"); String algorithm = (ftpClientTrustStoreParameters.containsKey("algorithm")) ? (String) ftpClientTrustStoreParameters.get("algorithm") : TrustManagerFactory.getDefaultAlgorithm(); KeyStore trustStore = KeyStore.getInstance(type); FileInputStream trustStoreFileInputStream = new FileInputStream(new File(file)); try { trustStore.load(trustStoreFileInputStream, password.toCharArray()); } finally { IOHelper.close(trustStoreFileInputStream, "trustStore", log); } TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(algorithm); trustMgrFactory.init(trustStore); client.setTrustManager(trustMgrFactory.getTrustManagers()[0]); } } return client; }
From source file:org.apache.nifi.registry.security.util.CertificateUtils.java
private static ClientAuth getClientAuthStatus(SSLSocket sslSocket) { return sslSocket.getNeedClientAuth() ? ClientAuth.NEED : sslSocket.getWantClientAuth() ? ClientAuth.WANT : ClientAuth.NONE; }