List of usage examples for javax.net.ssl TrustManagerFactory getTrustManagers
public final TrustManager[] getTrustManagers()
From source file:org.apache.jmeter.protocol.smtp.sampler.protocol.LocalTrustStoreSSLSocketFactory.java
public LocalTrustStoreSSLSocketFactory(File truststore) { SSLContext sslcontext = null; try {//from w w w .j a v a 2 s .co m KeyStore ks = KeyStore.getInstance("JKS"); // $NON-NLS-1$ InputStream stream = null; try { stream = new BufferedInputStream(new FileInputStream(truststore)); ks.load(stream, null); } finally { IOUtils.closeQuietly(stream); } TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); TrustManager[] trustmanagers = tmf.getTrustManagers(); sslcontext = SSLContext.getInstance("TLS"); // $NON-NLS-1$ sslcontext.init(null, trustmanagers, new SecureRandom()); } catch (Exception e) { throw new RuntimeException("Could not create the SSL context", e); } factory = sslcontext.getSocketFactory(); }
From source file:com.fatwire.dta.sscrawler.EasyX509TrustManager.java
/** * Constructor for EasyX509TrustManager. *///from w w w .j a v a 2 s.c om public EasyX509TrustManager(final KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException { super(); final TrustManagerFactory factory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); factory.init(keystore); final TrustManager[] trustmanagers = factory.getTrustManagers(); if (trustmanagers.length == 0) { throw new NoSuchAlgorithmException("no trust manager found"); } standardTrustManager = (X509TrustManager) trustmanagers[0]; }
From source file:org.everit.osgi.authentication.cas.tests.SecureHttpClient.java
public SecureHttpClient(final String principal, final BundleContext bundleContext) throws Exception { this.principal = principal; httpClientContext = HttpClientContext.create(); httpClientContext.setCookieStore(new BasicCookieStore()); KeyStore trustStore = KeyStore.getInstance("jks"); trustStore.load(bundleContext.getBundle().getResource("/jetty-keystore").openStream(), "changeit".toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustManagers, new SecureRandom()); httpClient = HttpClientBuilder.create().setSslcontext(sslContext) .setRedirectStrategy(new DefaultRedirectStrategy()).build(); }
From source file:edu.internet2.middleware.subject.provider.LdapPEMSocketFactory.java
protected void initManagers() { // trust managers try {/*from w w w.j a v a 2 s. co m*/ X509Certificate cert = null; if (caFilename != null) cert = readCertificate(caFilename); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("CACERT", cert); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); trustManagers = tmf.getTrustManagers(); } catch (Exception e) { log.error("ldap source cacert error: " + e); } // key managers if (certFilename != null && keyFilename != null) { char[] pw = new char[] { 0 }; try { X509Certificate cert = readCertificate(certFilename); PKCS1 pkcs = new PKCS1(); PrivateKey key = pkcs.readKey(keyFilename); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); X509Certificate[] chain = new X509Certificate[1]; chain[0] = cert; ks.setKeyEntry("CERT", (Key) key, pw, chain); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, pw); keyManagers = kmf.getKeyManagers(); } catch (Exception e) { log.error("ldap source cert/key error: " + e); } } }
From source file:org.hyperic.util.security.DefaultSSLProviderImpl.java
public DefaultSSLProviderImpl(KeystoreConfig keystoreConfig, boolean acceptUnverifiedCertificates) { if (log.isDebugEnabled()) { log.debug("Keystore info: alias=" + keystoreConfig.getAlias() + ", acceptUnverifiedCertificates=" + acceptUnverifiedCertificates); }/*from w w w . j a va 2 s . com*/ final boolean debug = log.isDebugEnabled(); final StopWatch watch = new StopWatch(); try { KeystoreManager keystoreMgr = KeystoreManager.getKeystoreManager(); KeyStore trustStore = keystoreMgr.getKeyStore(keystoreConfig); KeyManagerFactory keyManagerFactory = getKeyManagerFactory(trustStore, keystoreConfig.getFilePassword()); TrustManagerFactory trustManagerFactory = getTrustManagerFactory(trustStore); X509TrustManager defaultTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0]; X509TrustManager customTrustManager = keystoreMgr.getCustomTrustManager(defaultTrustManager, keystoreConfig, acceptUnverifiedCertificates, trustStore); sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[] { customTrustManager }, new SecureRandom()); // XXX Should we use ALLOW_ALL_HOSTNAME_VERIFIER (least restrictive) or // BROWSER_COMPATIBLE_HOSTNAME_VERIFIER (moderate restrictive) or // STRICT_HOSTNAME_VERIFIER (most restrictive)??? sslSocketFactory = new SSLSocketFactory(sslContext, getHostnameVerifier()); } catch (Exception e) { throw new IllegalStateException(e); } finally { if (debug) log.debug("readCert: " + watch); } }
From source file:org.everit.authentication.cas.ecm.tests.SecureHttpClient.java
/** * Constructor.//from w ww. jav a 2s .c om */ public SecureHttpClient(final String principal, final BundleContext bundleContext) throws Exception { this.principal = principal; httpClientContext = HttpClientContext.create(); httpClientContext.setCookieStore(new BasicCookieStore()); KeyStore trustStore = KeyStore.getInstance("jks"); trustStore.load(bundleContext.getBundle().getResource("/jetty-keystore").openStream(), "changeit".toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustManagers, new SecureRandom()); httpClient = HttpClientBuilder.create().setSslcontext(sslContext) .setRedirectStrategy(new DefaultRedirectStrategy()).build(); }
From source file:be.fgov.kszbcss.rhq.websphere.connector.security.TrustStoreManager.java
private void reloadTrustManager() throws GeneralSecurityException, IOException { if (trustManager.get() == null) { log.info("Initializing trust manager using " + truststoreFile); } else {//from www.j a v a2s. c om log.info("Reinitializing trust manager"); } TrustManagerFactory factory = TrustManagerFactory.getInstance("IbmPKIX", "IBMJSSE2"); factory.init(loadTrustStore()); TrustManager[] trustManagers = factory.getTrustManagers(); if (log.isDebugEnabled()) { log.debug("Returned trust managers: " + Arrays.asList(trustManagers)); } trustManager.set((X509TrustManager) trustManagers[0]); }
From source file:com.gsf.dowload.nfe.HSProtocolSocketFactory.java
public TrustManager[] createTrustManagers() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(new FileInputStream(TRUSTSTORE), "sistec".toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); return trustManagerFactory.getTrustManagers(); }
From source file:org.elasticsearch.xpack.security.transport.ssl.SslIntegrationTests.java
public void testThatHttpUsingSSLv3IsRejected() throws Exception { SSLContext sslContext = SSLContext.getInstance("SSL"); TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); factory.init((KeyStore) null); sslContext.init(null, factory.getTrustManagers(), new SecureRandom()); SSLConnectionSocketFactory sf = new SSLConnectionSocketFactory(sslContext, new String[] { "SSLv3" }, null, NoopHostnameVerifier.INSTANCE); try (CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(sf).build()) { CloseableHttpResponse result = SocketAccess .doPrivileged(() -> client.execute(new HttpGet(getNodeUrl()))); fail("Expected a connection error due to SSLv3 not being supported by default"); } catch (Exception e) { assertThat(e, is(instanceOf(SSLHandshakeException.class))); }//from w ww.ja v a2 s. co m }