List of usage examples for org.apache.http.ssl SSLContextBuilder loadTrustMaterial
public SSLContextBuilder loadTrustMaterial(final URL url, final char[] storePassword) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException
From source file:com.buffalokiwi.api.APIHttpClient.java
/** * Create a HTTP client that uses a self-signed and always trusted * SSL strategy.//from w ww .ja v a 2 s. co m * * @param custom The client builder * @return builder with unsafe SSL strategy * @throws APIException If there is a problem creating the client or strategy */ private HttpClientBuilder setClientToSelfSigned(final HttpClientBuilder custom) throws APIException { final SSLContextBuilder builder = new SSLContextBuilder(); try { builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()); SSLConnectionSocketFactory sf = new SSLConnectionSocketFactory(builder.build()); return custom.setSSLSocketFactory(sf); } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { throw new APIException("Failed to create self-signed trust strategy and/or SSL-enabled HTTP Client", e); } }
From source file:org.ulyssis.ipp.publisher.HttpOutput.java
private SSLContext createSslCustomContext() { try {/*from w ww . jav a 2 s .c o m*/ SSLContextBuilder builder = SSLContexts.custom(); if (options.getKeystore().isPresent()) { KeyStore cks = KeyStore.getInstance(KeyStore.getDefaultType()); cks.load(new FileInputStream(options.getKeystore().get().toFile()), options.getKeystorePass().toCharArray()); builder.loadKeyMaterial(cks, options.getKeystorePass().toCharArray()); } if (options.getTruststore().isPresent()) { KeyStore tks = KeyStore.getInstance(KeyStore.getDefaultType()); tks.load(new FileInputStream(options.getTruststore().get().toFile()), options.getTruststorePass().toCharArray()); builder.loadTrustMaterial(tks, new TrustSelfSignedStrategy()); } if (!options.getKeystore().isPresent() && !options.getKeystore().isPresent()) { return SSLContext.getDefault(); } return builder.build(); } catch (Exception e) { // TODO: DO SOMETHING WITH THE EXCEPTION! LOG.error("Exception", e); } return null; }
From source file:org.apache.geode.rest.internal.web.controllers.RestAPIsWithSSLDUnitTest.java
private CloseableHttpClient getSSLBasedHTTPClient(Properties properties) throws Exception { KeyStore clientKeys = KeyStore.getInstance("JKS"); File keystoreJKSForPath = findKeyStoreJKS(properties); clientKeys.load(new FileInputStream(keystoreJKSForPath), "password".toCharArray()); KeyStore clientTrust = KeyStore.getInstance("JKS"); File trustStoreJKSForPath = findTrustStoreJKSForPath(properties); clientTrust.load(new FileInputStream(trustStoreJKSForPath), "password".toCharArray()); // this is needed SSLContextBuilder custom = SSLContexts.custom(); SSLContextBuilder sslContextBuilder = custom.loadTrustMaterial(clientTrust, new TrustSelfSignedStrategy()); SSLContext sslcontext = sslContextBuilder .loadKeyMaterial(clientKeys, "password".toCharArray(), (aliases, socket) -> { if (aliases.size() == 1) { return aliases.keySet().stream().findFirst().get(); }/* w ww. ja v a 2s. c o m*/ if (!StringUtils.isEmpty(properties.getProperty(INVALID_CLIENT_ALIAS))) { return properties.getProperty(INVALID_CLIENT_ALIAS); } else { return properties.getProperty(SSL_WEB_ALIAS); } }).build(); // Host checking is disabled here , as tests might run on multiple hosts and // host entries can not be assumed SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslcontext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); return HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build(); }
From source file:org.apache.nifi.processors.standard.GetHTTP.java
private SSLContext createSSLContext(final SSLContextService service) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException { final SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); if (StringUtils.isNotBlank(service.getTrustStoreFile())) { final KeyStore truststore = KeyStoreUtils.getTrustStore(service.getTrustStoreType()); try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) { truststore.load(in, service.getTrustStorePassword().toCharArray()); }/*from ww w.ja va 2s .c o m*/ sslContextBuilder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy()); } if (StringUtils.isNotBlank(service.getKeyStoreFile())) { final KeyStore keystore = KeyStoreUtils.getKeyStore(service.getKeyStoreType()); try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) { keystore.load(in, service.getKeyStorePassword().toCharArray()); } sslContextBuilder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray()); } sslContextBuilder.useProtocol(service.getSslAlgorithm()); return sslContextBuilder.build(); }
From source file:com.lehman.ic9.net.httpClient.java
/** * Build client method is used initialize the HTTP client and is * called from perform request.//from w w w. j a va2 s.c om * @param httpGet is a HttpRequest object with the request. * @throws NoSuchAlgorithmException Exception * @throws KeyStoreException Exception * @throws KeyManagementException Exception * @throws AuthenticationException Exception */ private void buildClient(HttpRequest httpGet) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, AuthenticationException { this.hcb = HttpClients.custom(); this.hcb.setDefaultCookieStore(this.cs); this.hcb.setDefaultCredentialsProvider(this.cp); this.hcb.setDefaultRequestConfig(this.rcb.build()); if (this.allowSelfSigned) { SSLContextBuilder sslBuilder = new SSLContextBuilder(); sslBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy()); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslBuilder.build(), SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); this.hcb.setSSLSocketFactory(sslsf); } this.buildAuth(httpGet); if (this.tcpNoDelay) { SocketConfig socketConfig = SocketConfig.custom().setTcpNoDelay(true).build(); this.hcb.setDefaultSocketConfig(socketConfig); } this.cli = hcb.build(); }
From source file:com.liferay.petra.json.web.service.client.BaseJSONWebServiceClientImpl.java
protected SSLIOSessionStrategy getSSLIOSessionStrategy() { SSLContextBuilder sslContextBuilder = SSLContexts.custom(); SSLContext sslContext = null; try {// www . j a v a 2s . com sslContextBuilder.loadTrustMaterial(_keyStore, new TrustSelfSignedStrategy()); sslContext = sslContextBuilder.build(); sslContext.init(null, new TrustManager[] { new X509TrustManagerImpl() }, null); } catch (Exception e) { throw new RuntimeException(e); } return new SSLIOSessionStrategy(sslContext, new String[] { "TLSv1" }, null, SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER); }
From source file:org.commonjava.util.jhttpc.HttpFactory.java
private SSLConnectionSocketFactory createSSLSocketFactory(final SiteConfig location) throws JHttpCException { SSLConnectionSocketFactory fac = (SSLConnectionSocketFactory) location.getAttribute(SSL_FACTORY_ATTRIB); if (fac != null) { return fac; }/*from w w w. ja va 2s . c o m*/ KeyStore ks = null; KeyStore ts = null; final String kcPem = location.getKeyCertPem(); final String kcPass = passwords.lookup(new PasswordKey(location, PasswordType.KEY)); if (kcPem != null) { logger.debug("Adding client key/certificate from: {}", location); if (kcPass == null || kcPass.length() < 1) { logger.error("Invalid configuration. Location: {} cannot have an empty key password!", location.getUri()); throw new JHttpCException( "Location: " + location.getUri() + " is misconfigured! Key password cannot be empty."); } try { logger.trace("Reading Client SSL key from:\n\n{}\n\n", kcPem); ks = SSLUtils.readKeyAndCert(kcPem, kcPass); logger.trace("Keystore contains the following certificates: {}", new CertEnumerator(ks, kcPass)); } catch (final CertificateException e) { logger.error(String.format( "Invalid configuration. Location: %s has an invalid client certificate! Error: %s", location.getUri(), e.getMessage()), e); throw new JHttpCException( "Failed to initialize SSL connection for repository: " + location.getUri()); } catch (final KeyStoreException e) { logger.error(String.format( "Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", location.getUri(), e.getMessage()), e); throw new JHttpCException( "Failed to initialize SSL connection for repository: " + location.getUri()); } catch (final NoSuchAlgorithmException e) { logger.error(String.format( "Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", location.getUri(), e.getMessage()), e); throw new JHttpCException( "Failed to initialize SSL connection for repository: " + location.getUri()); } catch (final InvalidKeySpecException e) { logger.error( String.format("Invalid configuration. Invalid client key for repository: %s. Error: %s", location.getUri(), e.getMessage()), e); throw new JHttpCException( "Failed to initialize SSL connection for repository: " + location.getUri()); } catch (IOException e) { throw new JHttpCException("Failed to read client SSL key/certificate from: %s. Reason: %s", e, location, e.getMessage()); } catch (JHttpCException e) { throw new JHttpCException("Failed to read client SSL key/certificate from: %s. Reason: %s", e, location, e.getMessage()); } } else { logger.debug("No client key/certificate found"); } final String sPem = location.getServerCertPem(); // logger.debug( "Server certificate PEM:\n{}", sPem ); if (sPem != null) { logger.debug("Loading TrustStore (server SSL) information from: {}", location); try { logger.trace("Reading Server SSL cert from:\n\n{}\n\n", sPem); ts = SSLUtils.decodePEMTrustStore(sPem, location.getHost()); logger.trace("Trust store contains the following certificates:\n{}", new CertEnumerator(ts, null)); } catch (final CertificateException e) { logger.error(String.format( "Invalid configuration. Location: %s has an invalid server certificate! Error: %s", location.getUri(), e.getMessage()), e); throw new JHttpCException( "Failed to initialize SSL connection for repository: " + location.getUri()); } catch (final KeyStoreException e) { logger.error(String.format( "Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", location.getUri(), e.getMessage()), e); throw new JHttpCException( "Failed to initialize SSL connection for repository: " + location.getUri()); } catch (final NoSuchAlgorithmException e) { logger.error(String.format( "Invalid configuration. Cannot initialize keystore for repository: %s. Error: %s", location.getUri(), e.getMessage()), e); throw new JHttpCException( "Failed to initialize SSL connection for repository: " + location.getUri()); } catch (IOException e) { throw new JHttpCException( "Failed to read server SSL certificate(s) (or couldn't parse server hostname) from: %s. Reason: %s", e, location, e.getMessage()); } } else { logger.debug("No server certificates found"); } if (ks != null || ts != null) { logger.debug("Setting up SSL context."); try { SSLContextBuilder sslBuilder = SSLContexts.custom().useProtocol(SSLConnectionSocketFactory.TLS); if (ks != null) { logger.trace("Loading key material for SSL context..."); PrivateKeyStrategy pkStrategy = new MonolithicKeyStrategy(); sslBuilder.loadKeyMaterial(ks, kcPass.toCharArray(), pkStrategy); } if (ts != null) { logger.trace("Loading trust material for SSL context..."); SiteTrustType trustType = location.getTrustType(); if (trustType == null) { trustType = SiteTrustType.DEFAULT; } sslBuilder.loadTrustMaterial(ts, trustType.getTrustStrategy()); } SSLContext ctx = sslBuilder.build(); fac = new SSLConnectionSocketFactory(ctx, new DefaultHostnameVerifier()); location.setAttribute(SSL_FACTORY_ATTRIB, fac); return fac; } catch (final KeyManagementException e) { logger.error( "Invalid configuration. Cannot initialize SSL socket factory for repository: {}. Error: {}", e, location.getUri(), e.getMessage()); throw new JHttpCException( "Failed to initialize SSL connection for repository: " + location.getUri()); } catch (final UnrecoverableKeyException e) { logger.error( "Invalid configuration. Cannot initialize SSL socket factory for repository: {}. Error: {}", e, location.getUri(), e.getMessage()); throw new JHttpCException( "Failed to initialize SSL connection for repository: " + location.getUri()); } catch (final NoSuchAlgorithmException e) { logger.error( "Invalid configuration. Cannot initialize SSL socket factory for repository: {}. Error: {}", e, location.getUri(), e.getMessage()); throw new JHttpCException( "Failed to initialize SSL connection for repository: " + location.getUri()); } catch (final KeyStoreException e) { logger.error( "Invalid configuration. Cannot initialize SSL socket factory for repository: {}. Error: {}", e, location.getUri(), e.getMessage()); throw new JHttpCException( "Failed to initialize SSL connection for repository: " + location.getUri()); } } else { logger.debug("No SSL configuration present; no SSL context created."); } return null; }
From source file:com.ibm.og.client.ApacheClient.java
private void configureTrustStores(final SSLContextBuilder builder) { try {//from w ww. ja v a2 s . co m if (this.trustStore != null) { char[] password = null; if (this.trustStorePassword != null) { password = this.trustStorePassword.toCharArray(); } builder.loadTrustMaterial(this.trustStore, password); } if (this.trustSelfSignedCertificates) { builder.loadTrustMaterial(TrustSelfSignedStrategy.INSTANCE); } } catch (final Exception e) { throw new RuntimeException(e); } }