List of usage examples for javax.net.ssl TrustManagerFactory getInstance
public static final TrustManagerFactory getInstance(String algorithm) throws NoSuchAlgorithmException
TrustManagerFactory object that acts as a factory for trust managers. From source file:com.cloudera.nav.sdk.client.SSLUtils.java
private static X509TrustManager loadTrustManager(String type, String file, String password) throws IOException, GeneralSecurityException { X509TrustManager trustManager = null; KeyStore ks = KeyStore.getInstance(type); try (FileInputStream in = new FileInputStream(file)) { ks.load(in, password.toCharArray()); LOG.debug("Loaded truststore '" + file + "'"); }//from ww w.j a v a 2 s . co m TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(SSLCERTIFICATE); trustManagerFactory.init(ks); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); for (TrustManager trustManager1 : trustManagers) { if (trustManager1 instanceof X509TrustManager) { trustManager = (X509TrustManager) trustManager1; break; } } return trustManager; }
From source file:org.apache.cassandra.security.SSLFactory.java
@SuppressWarnings("resource") public static SSLContext createSSLContext(EncryptionOptions options, boolean buildTruststore) throws IOException { FileInputStream tsf = null;//from w w w . j a v a 2s. c o m FileInputStream ksf = null; SSLContext ctx; try { ctx = SSLContext.getInstance(options.protocol); TrustManager[] trustManagers = null; if (buildTruststore) { tsf = new FileInputStream(options.truststore); TrustManagerFactory tmf = TrustManagerFactory.getInstance(options.algorithm); KeyStore ts = KeyStore.getInstance(options.store_type); ts.load(tsf, options.truststore_password.toCharArray()); tmf.init(ts); trustManagers = tmf.getTrustManagers(); } ksf = new FileInputStream(options.keystore); KeyManagerFactory kmf = KeyManagerFactory.getInstance(options.algorithm); KeyStore ks = KeyStore.getInstance(options.store_type); ks.load(ksf, options.keystore_password.toCharArray()); if (!checkedExpiry) { for (Enumeration<String> aliases = ks.aliases(); aliases.hasMoreElements();) { String alias = aliases.nextElement(); if (ks.getCertificate(alias).getType().equals("X.509")) { Date expires = ((X509Certificate) ks.getCertificate(alias)).getNotAfter(); if (expires.before(new Date())) logger.warn("Certificate for {} expired on {}", alias, expires); } } checkedExpiry = true; } kmf.init(ks, options.keystore_password.toCharArray()); ctx.init(kmf.getKeyManagers(), trustManagers, null); } catch (Exception e) { throw new IOException("Error creating the initializing the SSL Context", e); } finally { FileUtils.closeQuietly(tsf); FileUtils.closeQuietly(ksf); } return ctx; }
From source file:org.qi4j.library.http.AbstractSecureJettyTest.java
@BeforeClass public static void beforeSecureClass() throws IOException, GeneralSecurityException { defaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier(); defaultSSLSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory(); HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { public boolean verify(String string, SSLSession ssls) { return true; }//from w ww . ja v a 2 s. com }); KeyStore truststore = KeyStore.getInstance("JCEKS"); truststore.load(new FileInputStream(TRUSTSTORE_FILE), KS_PASSWORD.toCharArray()); SSLContext sslCtx = SSLContext.getInstance("TLS"); TrustManagerFactory caTrustManagerFactory = TrustManagerFactory.getInstance(getX509Algorithm()); caTrustManagerFactory.init(truststore); sslCtx.init(null, caTrustManagerFactory.getTrustManagers(), null); HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); }
From source file:dk.netarkivet.common.distribute.HTTPSRemoteFileRegistry.java
private HTTPSRemoteFileRegistry() { FileInputStream keyStoreInputStream = null; try {/*w w w .j a v a 2 s. com*/ keyStoreInputStream = new FileInputStream(KEYSTORE_PATH); KeyStore store = KeyStore.getInstance(SUN_JCEKS_KEYSTORE_TYPE); store.load(keyStoreInputStream, KEYSTORE_PASSWORD.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(SUN_X509_CERTIFICATE_ALGORITHM); kmf.init(store, KEY_PASSWORD.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(SUN_X509_CERTIFICATE_ALGORITHM); tmf.init(store); sslContext = SSLContext.getInstance(SSL_PROTOCOL); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), SecureRandom.getInstance(SHA1_PRNG_RANDOM_ALGORITHM)); } catch (GeneralSecurityException | IOException e) { throw new IOFailure("Unable to create secure environment for keystore '" + KEYSTORE_PATH + "'", e); } finally { IOUtils.closeQuietly(keyStoreInputStream); } }
From source file:com.amazon.alexa.avs.auth.companionservice.CompanionServiceClient.java
/** * Loads the CA certificate into an in-memory keystore and creates an {@link SSLSocketFactory}. * * @return SSLSocketFactory// w w w. j a v a 2s . com */ public SSLSocketFactory getPinnedSSLSocketFactory() { InputStream caCertInputStream = null; InputStream clientKeyPair = null; try { // Load the CA certificate into memory CertificateFactory cf = CertificateFactory.getInstance("X.509"); caCertInputStream = new FileInputStream(deviceConfig.getCompanionServiceInfo().getSslCaCert()); Certificate caCert = cf.generateCertificate(caCertInputStream); // Load the CA certificate into the trusted KeyStore KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); trustStore.setCertificateEntry("myca", caCert); // Create a TrustManagerFactory with the trusted KeyStore TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); // Load the client certificate and private key into another KeyStore KeyStore keyStore = KeyStore.getInstance("PKCS12"); clientKeyPair = new FileInputStream(deviceConfig.getCompanionServiceInfo().getSslClientKeyStore()); keyStore.load(clientKeyPair, deviceConfig.getCompanionServiceInfo().getSslClientKeyStorePassphrase().toCharArray()); // Create a TrustManagerFactory with the client key pair KeyStore KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, deviceConfig.getCompanionServiceInfo().getSslClientKeyStorePassphrase().toCharArray()); // Initialize the SSLContext and return an SSLSocketFactory; SSLContext sc = SSLContext.getInstance("TLS"); sc.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); return sc.getSocketFactory(); } catch (CertificateException | KeyStoreException | UnrecoverableKeyException | NoSuchAlgorithmException | IOException | KeyManagementException e) { throw new RuntimeException("The KeyStore for contacting the Companion Service could not be loaded.", e); } finally { IOUtils.closeQuietly(caCertInputStream); IOUtils.closeQuietly(clientKeyPair); } }
From source file:it.drwolf.ridire.session.ssl.EasyX509TrustManager.java
/** * Constructor for EasyX509TrustManager. *//* w w w. j a v a2 s. c o m*/ public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException { super(); TrustManagerFactory factory = TrustManagerFactory.getInstance("SunX509"); factory.init(keystore); TrustManager[] trustmanagers = factory.getTrustManagers(); if (trustmanagers.length == 0) { throw new NoSuchAlgorithmException("SunX509 trust manager not supported"); } this.standardTrustManager = (X509TrustManager) trustmanagers[0]; }
From source file:org.hyperic.util.security.DatabaseSSLProviderImpl.java
private TrustManagerFactory getTrustManagerFactory(final KeyStore keystore) throws KeyStoreException, IOException { try {//from w w w .j ava 2 s . c o m TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keystore); return trustManagerFactory; } catch (NoSuchAlgorithmException e) { // no support for algorithm, if this happens we're kind of screwed // we're using the default so it should never happen log.error("The algorithm is not supported. Error message:" + e.getMessage()); throw new KeyStoreException(e); } }
From source file:gov.nist.toolkit.soap.axis2.AuthSSLProtocolSocketFactory.java
private static TrustManager[] createTrustManagers(final KeyStore keystore) throws KeyStoreException, NoSuchAlgorithmException { if (keystore == null) { throw new IllegalArgumentException("Keystore may not be null"); }// w ww .j av a 2 s .com LOG.debug("Initializing trust manager"); TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmfactory.init(keystore); TrustManager[] trustmanagers = tmfactory.getTrustManagers(); LOG.debug("Found " + trustmanagers.length + " trust managers"); for (int i = 0; i < trustmanagers.length; i++) { if (trustmanagers[i] instanceof X509TrustManager) { trustmanagers[i] = new AuthSSLX509TrustManager((X509TrustManager) trustmanagers[i]); } else { System.out.println("non 509 trust manager: class is " + trustmanagers[i].getClass().getName()); } } return trustmanagers; }
From source file:org.wso2.carbon.identity.core.util.DynamicX509TrustManager.java
/** * This method reloads the TrustManager by reading the carbon server's default trust store file * * @throws Exception// w ww . j ava2 s.com */ private void setupTrustManager() throws Exception { TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore clientTrustStore = null; try (InputStream trustStoreInputStream = new FileInputStream(TRUST_STORE_LOCATION)) { clientTrustStore = KeyStore.getInstance(TRUST_STORE_TYPE); clientTrustStore.load(trustStoreInputStream, null); trustManagerFactory.init(clientTrustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); for (TrustManager t : trustManagers) { if (t instanceof X509TrustManager) { trustManager = (X509TrustManager) t; System.setProperty(IdentityUtil.PROP_TRUST_STORE_UPDATE_REQUIRED, Boolean.FALSE.toString()); return; } } throw new IdentityException("No X509TrustManager in TrustManagerFactory"); } }
From source file:org.appenders.log4j2.elasticsearch.jest.PEMCertInfo.java
@Override public void applyTo(HttpClientConfig.Builder builder) { if (java.security.Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { java.security.Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); }//from ww w . j av a 2 s. c o m try (FileInputStream clientCert = new FileInputStream(new File(clientCertPath)); FileInputStream key = new FileInputStream(new File(keyPath)); FileInputStream certificateAuthoritiies = new FileInputStream(new File(caPath))) { KeyStore keyStore = PemReader.loadKeyStore(clientCert, key, Optional.ofNullable(keyPassphrase)); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keyPassphrase.toCharArray()); KeyStore trustStore = PemReader.loadTrustStore(certificateAuthoritiies); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); // TODO: add support for hostname verification modes builder.sslSocketFactory(new SSLConnectionSocketFactory(sslContext)); builder.httpsIOSessionStrategy(new SSLIOSessionStrategy(sslContext, new NoopHostnameVerifier())); } catch (IOException | GeneralSecurityException e) { throw new ConfigurationException(configExceptionMessage, e); } }