Example #1
1
  public static SSLContext createSSLContext(
      boolean clientMode, String keystore, String password, String trustStore, String trustPassword)
      throws Exception {
    // Create/initialize the SSLContext with key material
    char[] passphrase = password.toCharArray();
    // First initialize the key and trust material.
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(keystore), passphrase);
    SSLContext sslContext = SSLContext.getInstance("TLS");

    if (clientMode) {
      // TrustManager's decide whether to allow connections.
      TrustManagerFactory tmf =
          TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      tmf.init(ks);
      sslContext.init(null, tmf.getTrustManagers(), null);

    } else {
      // KeyManager's decide which key material to use.
      KeyManagerFactory kmf =
          KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
      kmf.init(ks, passphrase);

      if (trustStore != null) {
        KeyStore ts = KeyStore.getInstance("JKS");
        ts.load(new FileInputStream(trustStore), trustPassword.toCharArray());
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        tmf.init(ts);
        System.out.println("Using the trust store for client auth");
        sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
      } else sslContext.init(kmf.getKeyManagers(), null, null);
    }
    return sslContext;
  }
Example #2
0
 public static void main(String[] args) throws Exception {
   Properties properties = new Properties();
   FileInputStream propFile = new FileInputStream("store.properties");
   properties.load(propFile);
   final String id = properties.getProperty("ID");
   final String placeForFiles = properties.getProperty("FilePlace");
   int servicePort = Integer.parseInt(properties.getProperty("ServicePort"));
   int tcpPort = Integer.parseInt(properties.getProperty("TCPPort"));
   String ksName = properties.getProperty("KeyStore");
   KeyStore ks = KeyStore.getInstance(properties.getProperty("KeyStoreType"));
   char[] password = properties.getProperty("Password").toCharArray();
   char[] passwordForKey = properties.getProperty("PasswordForKey").toCharArray();
   ks.load(new FileInputStream(ksName), password);
   KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
   kmf.init(ks, passwordForKey);
   SSLContext context = SSLContext.getInstance("TLS");
   context.init(kmf.getKeyManagers(), null, null);
   SSLServerSocketFactory ssf = context.getServerSocketFactory();
   SSLServerSocket serverSocket = (SSLServerSocket) ssf.createServerSocket(tcpPort);
   ServiceThread serviceThread = new ServiceThread(servicePort, id);
   serviceThread.start();
   while (!serverSocket.isClosed()) {
     ClientThread client = new ClientThread(placeForFiles);
     SSLSocket socket = (SSLSocket) serverSocket.accept();
     socket.startHandshake();
     client.setSocket(socket);
     client.start();
   }
 }
  /** connection with SSL */
  public void sslConnection() {
    String keyStoreLocation = properties.getProperty(IbmMqConstants.SSL_KEYSTORE_LOCATION);
    String keyStoreType = properties.getProperty(IbmMqConstants.SSL_KEYSTORE_TYPE);
    String keyStorePassword = properties.getProperty(IbmMqConstants.SSL_KEYSTORE_PASSWORD);
    String trustStoreLocation = properties.getProperty(IbmMqConstants.SSL_TRUSTSTORE_LOCATION);
    String trustStoreType = properties.getProperty(IbmMqConstants.SSL_TRUSTSTORE_TYPE);
    String sslVersion = properties.getProperty(IbmMqConstants.SSL_VERSION);
    String sslFipsRequired = properties.getProperty(IbmMqConstants.SSL_FIPS);
    String sslCipherSuite = properties.getProperty(IbmMqConstants.SSL_CIPHERSUITE);
    boolean sslFips = Boolean.parseBoolean(sslFipsRequired);
    try {
      char[] keyPassphrase = keyStorePassword.toCharArray();
      KeyStore ks = KeyStore.getInstance(keyStoreType);
      ks.load(new FileInputStream(keyStoreLocation), keyPassphrase);
      KeyStore trustStore = KeyStore.getInstance(trustStoreType);
      trustStore.load(new FileInputStream(trustStoreLocation), null);

      TrustManagerFactory trustManagerFactory =
          TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      KeyManagerFactory keyManagerFactory =
          KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

      trustManagerFactory.init(trustStore);
      keyManagerFactory.init(ks, keyPassphrase);
      SSLContext sslContext = SSLContext.getInstance(sslVersion);
      sslContext.init(
          keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
      mqProperties.put(MQConstants.SSL_SOCKET_FACTORY_PROPERTY, sslContext);
      mqProperties.put(MQConstants.SSL_FIPS_REQUIRED_PROPERTY, sslFips);
      mqProperties.put(MQConstants.SSL_CIPHER_SUITE_PROPERTY, sslCipherSuite);
    } catch (Exception ex) {
      handleException(ex.getMessage());
    }
  }
Example #4
0
 private static SSLContext getContext(
     KeyManagerFactory kmf, TrustManagerFactory tmf, KeyStore ks) {
   try {
     KeyManager[] kms = kmf.getKeyManagers();
     for (int i = 0; i < kms.length; i++) {
       // cast is safe since we used KEYMANAGER_ALGORITHM=SunX509
       // above
       BasicX509KeyManager wrapper = new BasicX509KeyManager((X509KeyManager) kms[i], CERT_ALIAS);
       kms[i] = wrapper;
     }
     TrustManager[] tms = tmf.getTrustManagers();
     for (int i = 0; i < tms.length; i++) {
       // safe cast since we used PKIX, SunJSSE above
       BasicX509TrustManager wrapper = new BasicX509TrustManager((X509TrustManager) tms[i]);
       tms[i] = wrapper;
     }
     SSLContext ctx = SSLContext.getInstance(SSL_PROTOCOL);
     log.debug("KMF returned " + kms.length + " KeyManagers");
     log.debug("TMF returned " + tms.length + " TrustManagers");
     ctx.init(kms, tms, null);
     return ctx;
   } catch (NoSuchAlgorithmException ex) {
     throw new RuntimeException("failed to find SSLContext for " + SSL_PROTOCOL, ex);
   } catch (KeyManagementException ex) {
     throw new RuntimeException("failed to init SSLContext", ex);
   }
 }
  /** Gets the initialized key managers. */
  protected KeyManager[] getKeyManagers(
      String keystoreType, String keystoreProvider, String algorithm, String keyAlias)
      throws Exception {

    KeyManager[] kms = null;

    String keystorePass = getKeystorePassword();

    KeyStore ks = getKeystore(keystoreType, keystoreProvider, keystorePass);
    if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
      throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias));
    }

    KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
    String keyPass = endpoint.getKeyPass();
    if (keyPass == null) {
      keyPass = keystorePass;
    }
    kmf.init(ks, keyPass.toCharArray());

    kms = kmf.getKeyManagers();
    if (keyAlias != null) {
      String alias = keyAlias;
      if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType)) {
        alias = alias.toLowerCase(Locale.ENGLISH);
      }
      for (int i = 0; i < kms.length; i++) {
        kms[i] = new JSSEKeyManager((X509KeyManager) kms[i], alias);
      }
    }

    return kms;
  }
Example #6
0
 private static KeyManager[] getKeyMgrs(
     VertxInternal vertx, final String ksPath, final String ksPassword) throws Exception {
   KeyManagerFactory fact = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
   KeyStore ks = loadStore(vertx, ksPath, ksPassword);
   fact.init(ks, ksPassword != null ? ksPassword.toCharArray() : null);
   return fact.getKeyManagers();
 }
Example #7
0
    MyX509KeyManager(File keyStore, char[] password) throws Exception {
      // create a "default" JSSE X509KeyManager.

      KeyStore ks = KeyStore.getInstance("JKS");
      ks.load(new FileInputStream(keyStore), password);

      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
      kmf.init(ks, password);

      KeyManager kms[] = kmf.getKeyManagers();

      /*
       * Iterate over the returned keymanagers, look
       * for an instance of X509KeyManager.  If found,
       * use that as our "default" key manager.
       */
      for (int i = 0; i < kms.length; i++) {
        if (kms[i] instanceof X509KeyManager) {
          pkixKeyManager = (X509KeyManager) kms[i];
          return;
        }
      }

      /*
       * Find some other way to initialize, or else we have to fail the
       * constructor.
       */
      throw new Exception("Couldn't initialize");
    }
  /**
   * Creates the key managers to be used by the factory from the associated key store and password.
   *
   * @return the newly created array of key managers
   * @throws ClientSslContextFactoryException if an exception is detected in loading the key store
   */
  private KeyManager[] createKeyManagers() throws ClientSslContextFactoryException {

    final KeyManagerFactory factory;

    try {
      factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
      factory.init(this.keyStore, this.keyStorePassword.toCharArray());
    } catch (NoSuchAlgorithmException e) {
      throw new ClientSslContextFactoryException(
          String.format(
              "Failed to create the key store because the algorithm %s is not supported. ",
              KeyManagerFactory.getDefaultAlgorithm()),
          e);
    } catch (UnrecoverableKeyException e) {
      throw new ClientSslContextFactoryException(
          "Unrecoverable Key Exception initializing key manager factory; this is probably fatal",
          e);
    } catch (KeyStoreException e) {
      throw new ClientSslContextFactoryException(
          "KeyStore exception initializing key manager factory; this is probably fatal", e);
    }

    KeyManager[] managers = factory.getKeyManagers();

    LOGGER.debug("Key managers are initialized. Total {} managers. ", managers.length);

    return managers;
  }
  /** Creates a new TlsSocketFactory */
  public TlsSocketFactory(TlsContext tls_context)
      throws java.security.KeyStoreException, java.security.KeyManagementException,
          java.security.UnrecoverableKeyException, java.security.NoSuchAlgorithmException {
    KeyStore ks = tls_context.getKeyStore();
    // get key managers
    KeyManagerFactory key_manager_factory =
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    key_manager_factory.init(ks, TlsContext.DEFAULT_PASSWORD);
    KeyManager[] key_managers = key_manager_factory.getKeyManagers();
    TrustManager[] trust_managers;
    // get trust managers
    if (tls_context.isTrustAll()) {
      X509TrustManager trust_all =
          new X509TrustManager() {
            public X509Certificate[] getAcceptedIssuers() {
              return new X509Certificate[0];
            }

            public void checkClientTrusted(X509Certificate[] certs, String auth_type) {}

            public void checkServerTrusted(X509Certificate[] certs, String auth_type) {}
          };
      trust_managers = new TrustManager[] {trust_all};
    } else {
      TrustManagerFactory trust_manager_factory =
          TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      trust_manager_factory.init(ks);
      trust_managers = trust_manager_factory.getTrustManagers();
    }
    // install only the trust managers
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(key_managers, trust_managers, null /*new java.security.SecureRandom()*/);
    // get the socket factory
    ssl_factory = sc.getSocketFactory();
  }
  /**
   * @return
   * @throws NoSuchAlgorithmException
   * @throws KeyStoreException
   * @throws UnrecoverableKeyException
   * @throws IOException
   * @throws CertificateException
   */
  private KeyManager[] initKeyManagers()
      throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, IOException,
          CertificateException {
    // Initialize trust manager factory and set trusted CA list using keystore
    if (StringUtils.isEmpty(this.keyStorePath)) {
      log.info("Unset [keyStorePath] parameter, disable local private and certificate.");
      return null;
    } else {
      log.info(
          String.format("Loading private key and certificate from store: [%s]", this.keyStorePath));
      // Load key store
      KeyStore keystore = KeyStore.getInstance("JKS");
      InputStream in = Helper.getResourceAsStream(this.getClass(), this.keyStorePath);
      if (in == null) {
        throw new IOException(
            String.format("Could not reading from : [%s]", this.trustCertsStorePath));
      }
      keystore.load(in, this.keyStorePassword);

      KeyManagerFactory kmf = KeyManagerFactory.getInstance(this.getKeyManagerAlgorithm());
      kmf.init(keystore, this.keyStoreKeyPassword);
      log.info(String.format("Initialized key store: [%s]", this.keyStorePath));

      KeyManager[] keyManagers = kmf.getKeyManagers();
      return keyManagers;
    }
  }
  private static SSLContext createBougusServerSslContext()
      throws GeneralSecurityException, IOException {
    // Create keystore
    KeyStore ks = KeyStore.getInstance("JKS");
    InputStream in = null;
    try {
      in = BogusSslContextFactory.class.getResourceAsStream(BOGUS_KEYSTORE);
      ks.load(in, BOGUS_PW);
    } finally {
      if (in != null) {
        try {
          in.close();
        } catch (IOException ignored) {
        }
      }
    }

    // Set up key manager factory to use our key store
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM);
    kmf.init(ks, BOGUS_PW);

    // Initialize the SSLContext to work with our key managers.
    SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
    sslContext.init(kmf.getKeyManagers(), BogusTrustManagerFactory.X509_MANAGERS, null);

    return sslContext;
  }
  /** Gets the initialized key managers. */
  protected KeyManager[] getKeyManagers(String algorithm, String keyAlias) throws Exception {

    KeyManager[] kms = null;

    String keystorePass = getKeystorePassword();

    KeyStore ks = getKeystore(keystorePass);
    if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
      throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias));
    }

    KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
    kmf.init(ks, keystorePass.toCharArray());

    kms = kmf.getKeyManagers();
    if (keyAlias != null) {
      // START SJSAS 6266949
      /*
      if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType)) {
          keyAlias = keyAlias.toLowerCase();
      }
      */
      // END SJSAS 6266949

      for (int i = 0; i < kms.length; i++) {
        kms[i] = new JSSEKeyManager((X509KeyManager) kms[i], keyAlias);
      }
    }

    return kms;
  }
 private static SSLContext createSSLContext(
     final String algorithm,
     final KeyStore keystore,
     final String keystorePassword,
     final KeyStore truststore,
     final SecureRandom random,
     final TrustStrategy trustStrategy)
     throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException,
         KeyManagementException {
   String algo = algorithm != null ? algorithm : TLS;
   KeyManagerFactory kmfactory =
       KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
   kmfactory.init(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null);
   KeyManager[] keymanagers = kmfactory.getKeyManagers();
   TrustManagerFactory tmfactory =
       TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
   tmfactory.init(truststore);
   TrustManager[] trustmanagers = tmfactory.getTrustManagers();
   if (trustmanagers != null && trustStrategy != null) {
     for (int i = 0; i < trustmanagers.length; i++) {
       TrustManager tm = trustmanagers[i];
       if (tm instanceof X509TrustManager) {
         trustmanagers[i] = new TrustManagerDecorator((X509TrustManager) tm, trustStrategy);
       }
     }
   }
   SSLContext sslcontext = SSLContext.getInstance(algo);
   sslcontext.init(keymanagers, trustmanagers, random);
   return sslcontext;
 }
Example #14
0
  public TLSServer(KeyStore keyStore, String password, String protocol, int port)
      throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
          UnrecoverableKeyException, KeyManagementException {

    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
    keyManagerFactory.init(keyStore, password.toCharArray());
    KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();

    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
    trustManagerFactory.init(keyStore);
    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
    sslContext = SSLContext.getInstance(protocol);
    sslContext.init(keyManagers, trustManagers, null);

    cipherSuites = sslContext.getServerSocketFactory().getSupportedCipherSuites();

    if (LOGGER.isDebugEnabled()) {
      LOGGER.debug("Provider: " + sslContext.getProvider());
      LOGGER.debug(
          "Supported cipher suites ("
              + sslContext.getServerSocketFactory().getSupportedCipherSuites().length
              + ")");
      for (String c : sslContext.getServerSocketFactory().getSupportedCipherSuites()) {
        LOGGER.debug(" " + c);
      }
    }

    this.port = port;
    LOGGER.info("SSL Server successfully initialized!");
  }
Example #15
0
 /**
  * Returns SSLContext with TESTED_SECURITY_PROTOCOL protocol and sets up keys.
  *
  * @return - SSLContext with a protocol specified by TESTED_SECURITY_PROTOCOL.
  */
 public static SSLContext getContext() {
   try {
     java.security.Security.setProperty("jdk.tls.disabledAlgorithms", "");
     java.security.Security.setProperty("jdk.certpath.disabledAlgorithms", "");
     KeyStore ks = KeyStore.getInstance("JKS");
     KeyStore ts = KeyStore.getInstance("JKS");
     char[] passphrase = PASSWD.toCharArray();
     try (FileInputStream keyFileStream = new FileInputStream(KEY_FILE_NAME)) {
       ks.load(keyFileStream, passphrase);
     }
     try (FileInputStream trustFileStream = new FileInputStream(TRUST_FILE_NAME)) {
       ts.load(trustFileStream, passphrase);
     }
     KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
     kmf.init(ks, passphrase);
     TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
     tmf.init(ts);
     SSLContext sslCtx = SSLContext.getInstance(TESTED_SECURITY_PROTOCOL);
     sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
     return sslCtx;
   } catch (KeyStoreException
       | IOException
       | NoSuchAlgorithmException
       | CertificateException
       | UnrecoverableKeyException
       | KeyManagementException ex) {
     throw new Error("Unexpected exception", ex);
   }
 }
Example #16
0
  private static SSLContext sslContext(String keystoreFile, String password)
      throws GeneralSecurityException, IOException {
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    InputStream in = new FileInputStream(keystoreFile);
    try {
      keystore.load(in, password.toCharArray());
    } finally {
      Util.closeQuietly(in);
    }
    KeyManagerFactory keyManagerFactory =
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keystore, password.toCharArray());

    TrustManagerFactory trustManagerFactory =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(keystore);

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(
        keyManagerFactory.getKeyManagers(),
        trustManagerFactory.getTrustManagers(),
        new SecureRandom());

    return sslContext;
  }
 public void init(Properties properties) throws Exception {
   KeyStore ks = KeyStore.getInstance("JKS");
   KeyStore ts = KeyStore.getInstance("JKS");
   String keyStorePassword = properties.getProperty("keyStorePassword");
   if (keyStorePassword == null) {
     keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
   }
   String keyStore = properties.getProperty("keyStore");
   if (keyStore == null) {
     keyStore = System.getProperty("javax.net.ssl.keyStore");
   }
   if (keyStore == null || keyStorePassword == null) {
     throw new RuntimeException("SSL is enabled but keyStore[Password] properties aren't set!");
   }
   String keyManagerAlgorithm = getProperty(properties, "keyManagerAlgorithm", "SunX509");
   String trustManagerAlgorithm = getProperty(properties, "trustManagerAlgorithm", "SunX509");
   String protocol = getProperty(properties, "protocol", "TLS");
   final char[] passPhrase = keyStorePassword.toCharArray();
   final String keyStoreFile = keyStore;
   ks.load(new FileInputStream(keyStoreFile), passPhrase);
   ts.load(new FileInputStream(keyStoreFile), passPhrase);
   KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgorithm);
   kmf.init(ks, passPhrase);
   TrustManagerFactory tmf = TrustManagerFactory.getInstance(trustManagerAlgorithm);
   tmf.init(ts);
   sslContext = SSLContext.getInstance(protocol);
   sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
 }
Example #18
0
  /** Loads a keystore from a base64-encoded String. Returns the KeyManager[] for the result. */
  private KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception {
    String algorithm = KeyManagerFactory.getDefaultAlgorithm();
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(algorithm);
    keyManagerFactory.init(keyStore, PASSWORD.toCharArray());

    return keyManagerFactory.getKeyManagers();
  }
 private KeyManager[] getKeyManagers(InputStream certificate, String passphrase)
     throws IOException {
   if (key_managers == null) {
     KeyStore ks;
     try {
       ks = KeyStore.getInstance("PKCS12");
     } catch (KeyStoreException e) {
       throw new RuntimeException("Unable to create key store.");
     }
     char certphrase[] = passphrase.toCharArray();
     try {
       ks.load(certificate, certphrase);
     } catch (GeneralSecurityException e) {
       throw new RuntimeException("Bad certificate or unknown type.");
     } finally {
       closeQuietly(certificate);
     }
     KeyManagerFactory kmf;
     try {
       kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
       kmf.init(ks, certphrase);
     } catch (GeneralSecurityException e) {
       throw new RuntimeException(e.getMessage());
     }
     key_managers = kmf.getKeyManagers();
   }
   return key_managers;
 }
Example #20
0
  // =========================================================================================================
  // HTTPS handling
  private HttpServer createHttpsServer(
      InetSocketAddress pSocketAddress, JolokiaServerConfig pConfig) {
    // initialise the HTTPS server
    try {
      HttpsServer server = HttpsServer.create(pSocketAddress, pConfig.getBacklog());
      SSLContext sslContext = SSLContext.getInstance(pConfig.getSecureSocketProtocol());

      // initialise the keystore
      KeyStore ks = getKeyStore(pConfig);

      // setup the key manager factory
      KeyManagerFactory kmf = getKeyManagerFactory(pConfig);
      kmf.init(ks, pConfig.getKeystorePassword());

      // setup the trust manager factory
      TrustManagerFactory tmf = getTrustManagerFactory(pConfig);
      tmf.init(ks);

      // setup the HTTPS context and parameters
      sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

      // Update the config to filter out bad protocols or ciphers
      pConfig.updateHTTPSSettingsFromContext(sslContext);

      server.setHttpsConfigurator(new JolokiaHttpsConfigurator(sslContext, pConfig));
      return server;
    } catch (GeneralSecurityException e) {
      throw new IllegalStateException("Cannot use keystore for https communication: " + e, e);
    } catch (IOException e) {
      throw new IllegalStateException("Cannot open keystore for https communication: " + e, e);
    }
  }
Example #21
0
  static {
    String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
    if (algorithm == null) {
      algorithm = "SunX509";
    }

    SSLContext serverContext;
    SSLContext clientContext;
    try {
      KeyStore ks = KeyStore.getInstance("JKS");
      ks.load(BogusKeyStore.asInputStream(), BogusKeyStore.getKeyStorePassword());

      // Set up key manager factory to use our key store
      KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
      kmf.init(ks, BogusKeyStore.getCertificatePassword());

      // Initialize the SSLContext to work with our key managers.
      serverContext = SSLContext.getInstance(PROTOCOL);
      serverContext.init(kmf.getKeyManagers(), null, null);
    } catch (Exception e) {
      throw new Error("Failed to initialize the server-side SSLContext", e);
    }

    try {
      clientContext = SSLContext.getInstance(PROTOCOL);
      clientContext.init(null, BogusTrustManagerFactory.getTrustManagers(), null);
    } catch (Exception e) {
      throw new Error("Failed to initialize the client-side SSLContext", e);
    }

    SERVER_CONTEXT = serverContext;
    CLIENT_CONTEXT = clientContext;
  }
Example #22
0
  protected void init(KeystoreConfig keystoreConfig, boolean acceptUnverifiedCertificates)
      throws KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {
    KeystoreManager keystoreMgr = KeystoreManager.getKeystoreManager();
    KeyStore trustStore = keystoreMgr.getKeyStore(keystoreConfig);
    KeyManagerFactory keyManagerFactory =
        getKeyManagerFactory(trustStore, keystoreConfig.getFilePassword());
    TrustManagerFactory trustManagerFactory = getTrustManagerFactory(trustStore);
    X509TrustManager defaultTrustManager =
        (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    X509TrustManager customTrustManager =
        keystoreMgr.getCustomTrustManager(
            defaultTrustManager, keystoreConfig,
            acceptUnverifiedCertificates, trustStore);

    sslContext = SSLContext.getInstance(getSecurityProtocol());

    sslContext.init(
        keyManagerFactory.getKeyManagers(),
        new TrustManager[] {customTrustManager},
        new SecureRandom());
    // XXX Should we use ALLOW_ALL_HOSTNAME_VERIFIER (least restrictive) or
    //     BROWSER_COMPATIBLE_HOSTNAME_VERIFIER (moderate restrictive) or
    //     STRICT_HOSTNAME_VERIFIER (most restrictive)???
    sslSocketFactory = new SSLSocketFactory(sslContext, getHostnameVerifier());
  }
Example #23
0
  /**
   * Used to get the base ssl context in which to create the server socket. This is basically just
   * so we can have a custom location for key stores.
   */
  public SSLContext getSSLContext(String keyStoreName, String password) throws IOException {
    try {
      // Check the key manager factory
      KeyManagerFactory kmf = KeyManagerFactory.getInstance(this.keyManagerType);

      File ksFile = new File(keyStoreName);
      if (!ksFile.exists() || !ksFile.isFile())
        throw new WinstoneException(
            SSL_RESOURCES.getString("HttpsListener.KeyStoreNotFound", ksFile.getPath()));
      InputStream in = new FileInputStream(ksFile);
      char[] passwordChars = password == null ? null : password.toCharArray();
      KeyStore ks = KeyStore.getInstance("JKS");
      ks.load(in, passwordChars);
      kmf.init(ks, passwordChars);
      Logger.log(Logger.FULL_DEBUG, SSL_RESOURCES, "HttpsListener.KeyCount", ks.size() + "");
      for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) {
        String alias = (String) e.nextElement();
        Logger.log(
            Logger.FULL_DEBUG,
            SSL_RESOURCES,
            "HttpsListener.KeyFound",
            new String[] {alias, ks.getCertificate(alias) + ""});
      }

      SSLContext context = SSLContext.getInstance("SSL");
      context.init(kmf.getKeyManagers(), null, null);
      Arrays.fill(passwordChars, 'x');
      return context;
    } catch (IOException err) {
      throw err;
    } catch (Throwable err) {
      throw new WinstoneException(
          SSL_RESOURCES.getString("HttpsListener.ErrorGettingContext"), err);
    }
  }
Example #24
0
  private static SSLContext getContext(Context con) throws Exception {
    if (ctx == null) {
      String type = KeyStore.getDefaultType();

      InputStream fis = getKeyStoreFileName(con);

      KeyStore ks = KeyStore.getInstance(type);
      ks.load(fis, KS_PASSWORD.toCharArray());

      KeyManagerFactory kmf =
          KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
      kmf.init(ks, KS_PASSWORD.toCharArray());

      TrustManagerFactory tmf =
          TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      tmf.init(ks);

      ctx = SSLContext.getInstance("TLSv1");
      ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    }

    SSLSocketFactory socketFactory = (SSLSocketFactory) ctx.getSocketFactory();
    HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);

    return ctx;
  }
Example #25
0
  private KeyManager[] prepareKeyManager(InputStream bksFile, String password) {
    try {
      if (bksFile == null || password == null) return null;

      KeyStore clientKeyStore = KeyStore.getInstance("BKS");
      clientKeyStore.load(bksFile, password.toCharArray());
      KeyManagerFactory keyManagerFactory =
          KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
      keyManagerFactory.init(clientKeyStore, password.toCharArray());
      return keyManagerFactory.getKeyManagers();

    } catch (KeyStoreException e) {
      e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
      e.printStackTrace();
    } catch (UnrecoverableKeyException e) {
      e.printStackTrace();
    } catch (CertificateException e) {
      e.printStackTrace();
    } catch (IOException e) {
      e.printStackTrace();
    } catch (Exception e) {
      e.printStackTrace();
    }
    return null;
  }
  public static SSLSocketFactory getSocketFactory(
      String caCrtFile, String crtFile, String keyFile, String password) throws Exception {

    char[] passwordCharArray = password == null ? new char[0] : password.toCharArray();

    Security.addProvider(new BouncyCastleProvider());
    CertificateFactory cf = CertificateFactory.getInstance("X.509");

    X509Certificate caCert =
        (X509Certificate)
            cf.generateCertificate(
                new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile))));

    X509Certificate cert =
        (X509Certificate)
            cf.generateCertificate(
                new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile))));

    File privateKeyFile = new File(keyFile);
    PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile));
    PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passwordCharArray);
    JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");

    Object object = pemParser.readObject();
    KeyPair kp;

    if (object instanceof PEMEncryptedKeyPair) {
      kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
    } else {
      kp = converter.getKeyPair((PEMKeyPair) object);
    }

    pemParser.close();

    KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    caKeyStore.load(null, null);
    caKeyStore.setCertificateEntry("ca-certificate", caCert);
    TrustManagerFactory trustManagerFactory =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(caKeyStore);

    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, null);
    keyStore.setCertificateEntry("certificate", cert);
    keyStore.setKeyEntry(
        "private-key",
        kp.getPrivate(),
        passwordCharArray,
        new java.security.cert.Certificate[] {cert});
    KeyManagerFactory keyManagerFactory =
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keyStore, passwordCharArray);

    SSLContext context = SSLContext.getInstance("TLSv1");
    context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

    return context.getSocketFactory();
  }
Example #27
0
 /** @return key managers loaded for this service. */
 public synchronized KeyManager[] getKeyManagers() throws GeneralSecurityException {
   if (mKeyStore == null) {
     throw new NullPointerException("null mKeyStore");
   }
   KeyManagerFactory factory =
       KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
   factory.init(mKeyStore, "".toCharArray());
   return factory.getKeyManagers();
 }
Example #28
0
 private SSLSocketFactory createSocketFactory(String domain) throws Exception {
   SSLSocketFactory factory;
   KeyManagerFactory keyManagerFactory = getKeyManagerFactory(keystore, KEYSTORE_PASSWORD);
   SSLContext sslContext = SSLContext.getInstance("TLS");
   KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
   keyManagers = wrapKeyManagers(keyManagers, domain);
   sslContext.init(keyManagers, getAllTrustingManager(), secureRandom);
   factory = sslContext.getSocketFactory();
   return factory;
 }
  private KeyManager[] createKeyManagers(KeyStore keystore)
      throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
    bombIfNull(keystore, "Keystore may not be null");

    LOG.trace("Initializing key manager");
    KeyManagerFactory kmfactory =
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmfactory.init(keystore, keystorePassword.toCharArray());
    return kmfactory.getKeyManagers();
  }
 private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password)
     throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
   if (keystore == null) {
     throw new IllegalArgumentException("Keystore may not be null");
   }
   KeyManagerFactory kmfactory =
       KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
   kmfactory.init(keystore, password != null ? password.toCharArray() : null);
   return kmfactory.getKeyManagers();
 }