List of usage examples for javax.net.ssl TrustManagerFactory init
public final void init(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException
From source file:com.github.mrstampy.gameboot.otp.OtpTestConfiguration.java
private SSLContext createContext(KeyStore keystore, KeyManagerFactory kmf) throws Exception { TrustManagerFactory trustFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustFactory.init(keystore); SSLContext sslContext = SSLContext.getInstance(PROTOCOL); sslContext.init(kmf == null ? null : kmf.getKeyManagers(), trustFactory.getTrustManagers(), null); return sslContext; }
From source file:dk.netarkivet.common.distribute.HTTPSRemoteFileRegistry.java
private HTTPSRemoteFileRegistry() { FileInputStream keyStoreInputStream = null; try {//from w w w .ja va2s.co m keyStoreInputStream = new FileInputStream(KEYSTORE_PATH); KeyStore store = KeyStore.getInstance(SUN_JCEKS_KEYSTORE_TYPE); store.load(keyStoreInputStream, KEYSTORE_PASSWORD.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(SUN_X509_CERTIFICATE_ALGORITHM); kmf.init(store, KEY_PASSWORD.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(SUN_X509_CERTIFICATE_ALGORITHM); tmf.init(store); sslContext = SSLContext.getInstance(SSL_PROTOCOL); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), SecureRandom.getInstance(SHA1_PRNG_RANDOM_ALGORITHM)); } catch (GeneralSecurityException | IOException e) { throw new IOFailure("Unable to create secure environment for keystore '" + KEYSTORE_PATH + "'", e); } finally { IOUtils.closeQuietly(keyStoreInputStream); } }
From source file:edu.internet2.middleware.subject.provider.LdapPEMSocketFactory.java
protected void initManagers() { // trust managers try {/*from ww w . j av a 2s . c o m*/ X509Certificate cert = null; if (caFilename != null) cert = readCertificate(caFilename); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setCertificateEntry("CACERT", cert); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); trustManagers = tmf.getTrustManagers(); } catch (Exception e) { log.error("ldap source cacert error: " + e); } // key managers if (certFilename != null && keyFilename != null) { char[] pw = new char[] { 0 }; try { X509Certificate cert = readCertificate(certFilename); PKCS1 pkcs = new PKCS1(); PrivateKey key = pkcs.readKey(keyFilename); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); X509Certificate[] chain = new X509Certificate[1]; chain[0] = cert; ks.setKeyEntry("CERT", (Key) key, pw, chain); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, pw); keyManagers = kmf.getKeyManagers(); } catch (Exception e) { log.error("ldap source cert/key error: " + e); } } }
From source file:org.openhab.binding.neato.internal.VendorVorwerk.java
/** * Trust the self signed certificate.//from w w w .ja v a 2s .c o m * * @param connection */ public void applyNucleoSslConfiguration(HttpsURLConnection connection) { KeyStore keyStore; try { keyStore = KeyStore.getInstance("JKS"); keyStore.load(this.getClass().getClassLoader().getResourceAsStream("keystore.jks"), "geheim".toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); SSLContext sslctx = SSLContext.getInstance("SSL"); sslctx.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom()); connection.setSSLSocketFactory(sslctx.getSocketFactory()); } catch (KeyStoreException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (CertificateException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (KeyManagementException e) { // TODO Auto-generated catch block e.printStackTrace(); } }
From source file:com.bt.pi.api.http.SimpleHttpsServerFactoryBean.java
protected HttpServer getInitializedServer(InetSocketAddress address) throws IOException { HttpsServer server = HttpsServer.create(address, getBacklog()); try {// w w w . j a va 2s.c o m SSLContext sslContext = SSLContext.getInstance(sslContextProtocol); KeyStore ks = KeyStore.getInstance(keyStoreType); InputStream is = keyStoreLocation.getInputStream(); try { ks.load(is, password); } catch (EOFException e) { LOG.warn(String.format( "Unable to load certificate store %s. This may be possible because https isn't enabled with a valid certificate", keyStoreLocation)); return null; } KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgorithm); kmf.init(ks, password); TrustManagerFactory tmf = TrustManagerFactory.getInstance(trustManagerAlgorithm); tmf.init(ks); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); final SSLEngine m_engine = sslContext.createSSLEngine(); server.setHttpsConfigurator(new HttpsConfigurator(sslContext) { public void configure(HttpsParameters params) { params.setSSLParameters(getSSLContext().getDefaultSSLParameters()); params.setNeedClientAuth(false); params.setWantClientAuth(false); params.setCipherSuites(m_engine.getEnabledCipherSuites()); params.setProtocols(m_engine.getEnabledProtocols()); } }); } catch (Throwable e) { throw new IOException("initializing HttpsServer failed due to exception", e); } return server; }
From source file:com.alphabetbloc.accessmrs.utilities.MyTrustManager.java
public MyTrustManager(KeyStore localKeyStore) { try {//from ww w . j av a 2 s.c o m TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init((KeyStore) null); defaultTrustManager = findX509TrustManager(tmf); if (defaultTrustManager == null) { throw new IllegalStateException("Couldn't find X509TrustManager"); } localTrustManager = new LocalStoreX509TrustManager(localKeyStore); List<X509Certificate> allIssuers = new ArrayList<X509Certificate>(); for (X509Certificate cert : localTrustManager.getAcceptedIssuers()) { allIssuers.add(cert); } for (X509Certificate cert : defaultTrustManager.getAcceptedIssuers()) { allIssuers.add(cert); } acceptedIssuers = allIssuers.toArray(new X509Certificate[allIssuers.size()]); } catch (GeneralSecurityException e) { Log.e(TAG, "We have caught an exception in creating a trust manager!"); throw new RuntimeException(e); } }
From source file:org.elasticsearch.xpack.security.transport.ssl.SslIntegrationTests.java
public void testThatHttpUsingSSLv3IsRejected() throws Exception { SSLContext sslContext = SSLContext.getInstance("SSL"); TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); factory.init((KeyStore) null); sslContext.init(null, factory.getTrustManagers(), new SecureRandom()); SSLConnectionSocketFactory sf = new SSLConnectionSocketFactory(sslContext, new String[] { "SSLv3" }, null, NoopHostnameVerifier.INSTANCE); try (CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(sf).build()) { CloseableHttpResponse result = SocketAccess .doPrivileged(() -> client.execute(new HttpGet(getNodeUrl()))); fail("Expected a connection error due to SSLv3 not being supported by default"); } catch (Exception e) { assertThat(e, is(instanceOf(SSLHandshakeException.class))); }// w w w . j a v a2 s . co m }
From source file:org.jboss.as.test.syslogserver.TLSSyslogServer.java
/** * Creates custom sslContext from keystore and truststore configured in * * @see org.productivity.java.syslog4j.server.impl.net.tcp.TCPNetSyslogServer#initialize() *//*w w w. ja va2 s . co m*/ @Override public void initialize() throws SyslogRuntimeException { super.initialize(); final SSLTCPNetSyslogServerConfigIF config = (SSLTCPNetSyslogServerConfigIF) this.tcpNetSyslogServerConfig; try { final char[] keystorePwd = config.getKeyStorePassword().toCharArray(); final KeyStore keystore = loadKeyStore(config.getKeyStore(), keystorePwd); final char[] truststorePassword = config.getTrustStorePassword().toCharArray(); final KeyStore truststore = loadKeyStore(config.getTrustStore(), truststorePassword); final KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keystore, keystorePwd); final TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(truststore); sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); } catch (Exception e) { LOGGER.error("Exception occurred during SSLContext for TLS syslog server initialization", e); throw new SyslogRuntimeException(e); } }
From source file:org.thingsboard.rule.engine.mqtt.credentials.CertPemClientCredentials.java
private TrustManagerFactory createAndInitTrustManagerFactory() throws Exception { X509Certificate caCertHolder; caCertHolder = readCertFile(caCert); KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); caKeyStore.load(null, null);/*from w w w . ja va 2 s . c om*/ caKeyStore.setCertificateEntry("caCert-cert", caCertHolder); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(caKeyStore); return trustManagerFactory; }
From source file:org.apache.ftpserver.ssl.SSLTestTemplate.java
protected FTPSClient createFTPClient() throws Exception { FTPSClient ftpsClient = new FTPSClient(useImplicit()); FileInputStream fin = new FileInputStream(FTPCLIENT_KEYSTORE); KeyStore store = KeyStore.getInstance("jks"); store.load(fin, KEYSTORE_PASSWORD.toCharArray()); fin.close();//from w ww . j a v a 2s .c o m // initialize key manager factory KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(store, KEYSTORE_PASSWORD.toCharArray()); // initialize trust manager factory TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(store); clientKeyManager = keyManagerFactory.getKeyManagers()[0]; clientTrustManager = trustManagerFactory.getTrustManagers()[0]; ftpsClient.setKeyManager(clientKeyManager); ftpsClient.setTrustManager(clientTrustManager); String auth = getAuthValue(); if (auth != null) { ftpsClient.setAuthValue(auth); if (auth.equals("SSL")) { ftpsClient.setEnabledProtocols(new String[] { "SSLv3" }); } } return ftpsClient; }