private SSLSocketFactory newSslSocketFactory() {
try {
// Get an instance of the Bouncy Castle KeyStore format
KeyStore trusted = KeyStore.getInstance("BKS");
// Get the raw resource, which contains the keystore with
// your trusted certificates (root and any intermediate certs)
InputStream in =
context.getResources().openRawResource(tracker.springversion1.R.raw.mykeystore);
try {
// Initialize the keystore with the provided trusted
// certificates
// Also provide the password of the keystore
trusted.load(in, "mysecret".toCharArray());
} finally {
in.close();
}
// Pass the keystore to the SSLSocketFactory. The factory is
// responsible
// for the verification of the server certificate.
SSLSocketFactory sf = new SSLSocketFactory(trusted);
// Hostname verification from certificate
// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
// ALLOW_ALL_HOSTNAME_VERIFIER
return sf;
} catch (Exception e) {
throw new AssertionError(e);
}
}
@SuppressWarnings("deprecation")
public static void main(String[] args)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException,
KeyManagementException, UnrecoverableKeyException {
DefaultHttpClient httpclient = new DefaultHttpClient();
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream fis =
new FileInputStream("/home/gauravabbi/official/issues/cipherIssue/testHttpsKS");
try {
trustStore.load(fis, "password".toCharArray());
} finally {
try {
fis.close();
} catch (Exception e) {
System.err.println(e.getStackTrace());
}
}
SSLSocketFactory sslSocketFactory = new SSLSocketFactory(trustStore);
Scheme scheme = new Scheme("https", 443, sslSocketFactory);
httpclient.getConnectionManager().getSchemeRegistry().register(scheme);
HttpGet getCall = new HttpGet("https://10.11.20.98:52080/test");
HttpResponse response = httpclient.execute(getCall);
System.out.println(response);
} finally {
httpclient.getConnectionManager().shutdown();
}
}
/**
* Loads key store from storage, or creates new one if storage is missing key store or corrupted.
*/
private KeyStore load() {
KeyStore keyStore;
try {
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
} catch (KeyStoreException e) {
throw new IllegalStateException("Unable to get default instance of KeyStore", e);
}
try {
FileInputStream fis = mContext.openFileInput(KEYSTORE_FILENAME);
keyStore.load(fis, KEYSTORE_PASSWORD);
} catch (IOException e) {
LogUtils.v("Unable open keystore file", e);
keyStore = null;
} catch (GeneralSecurityException e) {
LogUtils.v("Unable open keystore file", e);
keyStore = null;
}
if (keyStore != null) {
// KeyStore loaded
return keyStore;
}
try {
keyStore = createKeyStore();
} catch (GeneralSecurityException e) {
throw new IllegalStateException("Unable to create identity KeyStore", e);
}
store(keyStore);
return keyStore;
}
public CertificateInstaller(Resource source, String host, int port, char[] passphrase)
throws IOException, KeyStoreException, GeneralSecurityException {
this.source = source;
this.host = host;
this.port = port;
this.passphrase = passphrase;
ks = null;
InputStream in = source.getInputStream();
try {
ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
} finally {
IOUtil.closeEL(in);
}
context = SSLContext.getInstance("TLS");
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
tm = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] {tm}, null);
checkCertificate();
if (tm.chain == null) throw new IOException("Could not obtain server certificate chain");
}
static KeyStore getKeyStore() throws Exception {
InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"));
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, password);
in.close();
return ks;
}
public static String writeKeyStore(
KeyStore keyStore,
OutputStreamFactory outputStreamFactory,
File file,
String password,
boolean generatedPassword)
throws IOException, GeneralSecurityException {
try (OutputStream fileOutputStream = outputStreamFactory.create(file)) {
keyStore.store(fileOutputStream, password.toCharArray());
} catch (IOException e) {
if (e.getMessage().toLowerCase().contains(ILLEGAL_KEY_SIZE)
&& !isUnlimitedStrengthCryptographyEnabled()) {
if (generatedPassword) {
file.delete();
String truncatedPassword = password.substring(0, 7);
try (OutputStream fileOutputStream = outputStreamFactory.create(file)) {
keyStore.store(fileOutputStream, truncatedPassword.toCharArray());
}
logTruncationWarning(file);
return truncatedPassword;
} else {
throw new GeneralSecurityException(
"Specified password for "
+ file
+ " too long to work without unlimited JCE policy installed."
+ System.lineSeparator()
+ "Please see "
+ JCE_URL);
}
} else {
throw e;
}
}
return password;
}
KeyStore.PrivateKeyEntry getKey()
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException,
UnrecoverableEntryException {
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
return (PrivateKeyEntry) keyStore.getEntry(alias, null);
}
// Makes a trust store, suitable for backing a TrustManager, out of a CA cert
// file.
public static KeyStore trustStore(final String caCertFile)
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
final KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
keyStore.setCertificateEntry("cacert", loadCertificate(caCertFile));
return keyStore;
}
/**
* @return
* @throws NoSuchAlgorithmException
* @throws KeyStoreException
* @throws UnrecoverableKeyException
* @throws IOException
* @throws CertificateException
*/
private KeyManager[] initKeyManagers()
throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, IOException,
CertificateException {
// Initialize trust manager factory and set trusted CA list using keystore
if (StringUtils.isEmpty(this.keyStorePath)) {
log.info("Unset [keyStorePath] parameter, disable local private and certificate.");
return null;
} else {
log.info(
String.format("Loading private key and certificate from store: [%s]", this.keyStorePath));
// Load key store
KeyStore keystore = KeyStore.getInstance("JKS");
InputStream in = Helper.getResourceAsStream(this.getClass(), this.keyStorePath);
if (in == null) {
throw new IOException(
String.format("Could not reading from : [%s]", this.trustCertsStorePath));
}
keystore.load(in, this.keyStorePassword);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(this.getKeyManagerAlgorithm());
kmf.init(keystore, this.keyStoreKeyPassword);
log.info(String.format("Initialized key store: [%s]", this.keyStorePath));
KeyManager[] keyManagers = kmf.getKeyManagers();
return keyManagers;
}
}
/**
* Loads the public certificate of the server in to a {@link TrustManager} so that the client
* trusts the server when it connects.
*
* @param certificateStoreFile the file to load the certificate from.
*/
public static TrustManager[] loadServerCertificates(String certificateStoreFile)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
try {
InputStream trustStoreIS = new FileInputStream(certificateStoreFile);
char[] trustStorePassphrase = "storepass".toCharArray();
KeyStore ksTrust = KeyStore.getInstance("JKS");
ksTrust.load(trustStoreIS, trustStorePassphrase);
// TrustManager decides which certificate authorities to use.
String defaultTrustManagerAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
LOG.info("Default trust manager algorithm is {}", defaultTrustManagerAlgorithm);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(defaultTrustManagerAlgorithm);
tmf.init(ksTrust);
TrustManager[] tm = tmf.getTrustManagers();
LOG.info("Loaded {} trust managers", tm.length);
return tm;
} catch (FileNotFoundException fnfe) {
// If they keystore doesn't exist, then return empty so we can try out what works with NO
// keystore
LOG.error("Unable to find store file {}", certificateStoreFile);
throw fnfe;
}
}
private static SSLSocketFactory getSocketFactory(Boolean d) {
// Enable debug mode to ignore all certificates
if (DEBUG) {
KeyStore trustStore;
try {
trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new DebugSSLSocketFactory(trustStore);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
return sf;
} catch (KeyStoreException e2) {
// TODO Auto-generated catch block
e2.printStackTrace();
} catch (NoSuchAlgorithmException e3) {
// TODO Auto-generated catch block
e3.printStackTrace();
} catch (CertificateException e3) {
// TODO Auto-generated catch block
e3.printStackTrace();
} catch (IOException e3) {
// TODO Auto-generated catch block
e3.printStackTrace();
} catch (KeyManagementException e2) {
// TODO Auto-generated catch block
e2.printStackTrace();
} catch (UnrecoverableKeyException e2) {
// TODO Auto-generated catch block
e2.printStackTrace();
}
}
return SSLSocketFactory.getSocketFactory();
}
/** Loads the system trust store. */
private static KeyStore loadSystemTrustStore()
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
KeyStore ks;
if (Build.VERSION.SDK_INT >= 14) {
ks = KeyStore.getInstance("AndroidCAStore");
ks.load(null, null);
} else {
ks = KeyStore.getInstance("BKS");
String path = System.getProperty("javax.net.ssl.trustStore");
if (path == null)
path =
System.getProperty("java.home")
+ File.separator
+ "etc"
+ File.separator
+ "security"
+ File.separator
+ "cacerts.bks";
ks.load(new FileInputStream(path), null);
}
return ks;
}
/**
* Returns true if the given keystore can be loaded using the given keystore type and password.
* Returns false otherwise.
*
* @param keystore the keystore to validate
* @param keystoreType the type of the keystore
* @param password the password to access the keystore
* @return true if valid; false otherwise
*/
public static boolean isStoreValid(
final URL keystore, final KeystoreType keystoreType, final char[] password) {
if (keystore == null) {
throw new IllegalArgumentException("keystore may not be null");
} else if (keystoreType == null) {
throw new IllegalArgumentException("keystore type may not be null");
} else if (password == null) {
throw new IllegalArgumentException("password may not be null");
}
BufferedInputStream bis = null;
final KeyStore ks;
try {
// load the keystore
bis = new BufferedInputStream(keystore.openStream());
ks = KeyStore.getInstance(keystoreType.name());
ks.load(bis, password);
return true;
} catch (Exception e) {
return false;
} finally {
if (bis != null) {
try {
bis.close();
} catch (final IOException ioe) {
logger.warn("Failed to close input stream", ioe);
}
}
}
}
static KeyStore getKeystore() throws Exception {
ClassLoader loader = SecureClientDriverTest.class.getClassLoader();
byte[] binaryContent = IOUtils.toByteArray(loader.getResourceAsStream("keystore.jks"));
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new ByteArrayInputStream(binaryContent), "password".toCharArray());
return keyStore;
}
/**
* HttpUrlConnection 方式,支持指定load-der.crt证书验证,此种方式Android官方建议
*
* @throws CertificateException
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public void initSSL()
throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException,
KeyManagementException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream in = getAssets().open("load-der.crt");
Certificate ca = cf.generateCertificate(in);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, null);
keystore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keystore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
URL url = new URL("https://trade3.guosen.com.cn/mtrade/check_version");
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
InputStream input = urlConnection.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(input, "UTF-8"));
StringBuffer result = new StringBuffer();
String line = "";
while ((line = reader.readLine()) != null) {
result.append(line);
}
Log.e("TTTT", result.toString());
}
/** Gets the initialized key managers. */
protected KeyManager[] getKeyManagers(String algorithm, String keyAlias) throws Exception {
KeyManager[] kms = null;
String keystorePass = getKeystorePassword();
KeyStore ks = getKeystore(keystorePass);
if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias));
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
kmf.init(ks, keystorePass.toCharArray());
kms = kmf.getKeyManagers();
if (keyAlias != null) {
// START SJSAS 6266949
/*
if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType)) {
keyAlias = keyAlias.toLowerCase();
}
*/
// END SJSAS 6266949
for (int i = 0; i < kms.length; i++) {
kms[i] = new JSSEKeyManager((X509KeyManager) kms[i], keyAlias);
}
}
return kms;
}
/**
* Load all X509 Certs from a key store File into a KeyStore Note that each call reinitializes the
* KeyStore
*
* @return success
* @since 0.8.2, moved from SSLEepGet in 0.9.9
*/
private static boolean loadCerts(File file, KeyStore ks) {
if (!file.exists()) return false;
InputStream fis = null;
try {
fis = new FileInputStream(file);
// "changeit" is the default password
ks.load(fis, DEFAULT_KEYSTORE_PASSWORD.toCharArray());
info("Certs loaded from " + file);
} catch (GeneralSecurityException gse) {
error("KeyStore load error, no default keys: " + file.getAbsolutePath(), gse);
try {
// not clear if null is allowed for password
ks.load(null, DEFAULT_KEYSTORE_PASSWORD.toCharArray());
} catch (Exception foo) {
}
return false;
} catch (IOException ioe) {
error("KeyStore load error, no default keys: " + file.getAbsolutePath(), ioe);
try {
ks.load(null, DEFAULT_KEYSTORE_PASSWORD.toCharArray());
} catch (Exception foo) {
}
return false;
} finally {
try {
if (fis != null) fis.close();
} catch (IOException foo) {
}
}
return true;
}
private static SSLContext sslContext(String keystoreFile, String password)
throws GeneralSecurityException, IOException {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream in = new FileInputStream(keystoreFile);
try {
keystore.load(in, password.toCharArray());
} finally {
Util.closeQuietly(in);
}
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, password.toCharArray());
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(
keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(),
new SecureRandom());
return sslContext;
}
@BeforeClass
public static void setUp() throws Exception {
KEY = MessageDigest.getInstance("SHA-256").digest(ALIAS.getBytes());
// Create a JKECS store containing a test secret key
KeyStore store = KeyStore.getInstance("JCEKS");
store.load(null, PASSWORD.toCharArray());
store.setEntry(
ALIAS,
new KeyStore.SecretKeyEntry(new SecretKeySpec(KEY, "AES")),
new KeyStore.PasswordProtection(PASSWORD.toCharArray()));
// Create the test directory
String dataDir = TEST_UTIL.getDataTestDir().toString();
new File(dataDir).mkdirs();
// Write the keystore file
storeFile = new File(dataDir, "keystore.jks");
FileOutputStream os = new FileOutputStream(storeFile);
try {
store.store(os, PASSWORD.toCharArray());
} finally {
os.close();
}
// Write the password file
Properties p = new Properties();
p.setProperty(ALIAS, PASSWORD);
passwordFile = new File(dataDir, "keystore.pw");
os = new FileOutputStream(passwordFile);
try {
p.store(os, "");
} finally {
os.close();
}
}
private static HttpClient getNewHttpClient() {
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new MySSLSocketFactory(trustStore);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
HttpConnectionParams.setConnectionTimeout(params, 10000);
HttpConnectionParams.setSoTimeout(params, 20000);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", sf, 443));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
return new DefaultHttpClient(ccm, params);
} catch (Exception e) {
return new DefaultHttpClient();
}
}
@Override
public int hashCode() {
int result = keyStore != null ? keyStore.hashCode() : 0;
result = 31 * result + (trustStore != null ? trustStore.hashCode() : 0);
result = 31 * result + (trustStoreProvider != null ? trustStoreProvider.hashCode() : 0);
result = 31 * result + (keyStoreProvider != null ? keyStoreProvider.hashCode() : 0);
result = 31 * result + (trustStoreType != null ? trustStoreType.hashCode() : 0);
result = 31 * result + (keyStoreType != null ? keyStoreType.hashCode() : 0);
result = 31 * result + (trustStorePass != null ? Arrays.hashCode(trustStorePass) : 0);
result = 31 * result + (keyStorePass != null ? Arrays.hashCode(keyStorePass) : 0);
result = 31 * result + (keyPass != null ? Arrays.hashCode(keyPass) : 0);
result = 31 * result + (trustStoreFile != null ? trustStoreFile.hashCode() : 0);
result = 31 * result + (keyStoreFile != null ? keyStoreFile.hashCode() : 0);
result = 31 * result + (trustStoreBytes != null ? Arrays.hashCode(trustStoreBytes) : 0);
result = 31 * result + (keyStoreBytes != null ? Arrays.hashCode(keyStoreBytes) : 0);
result =
31 * result
+ (trustManagerFactoryAlgorithm != null ? trustManagerFactoryAlgorithm.hashCode() : 0);
result =
31 * result
+ (keyManagerFactoryAlgorithm != null ? keyManagerFactoryAlgorithm.hashCode() : 0);
result =
31 * result
+ (trustManagerFactoryProvider != null ? trustManagerFactoryProvider.hashCode() : 0);
result =
31 * result
+ (keyManagerFactoryProvider != null ? keyManagerFactoryProvider.hashCode() : 0);
result = 31 * result + (securityProtocol != null ? securityProtocol.hashCode() : 0);
return result;
}
// public static final char[] KEY_STORE_PASSWORD = "******".toCharArray();
// public static final long VALIDITY_PERIOD = 365 * 24 * 60 * 60 * 1000;
// public static final char[] KEY_PASSWORD = "******".toCharArray();
// public static String ROOT_ALIAS = "root";
// public static String INTERMEDIATE_ALIAS = "intermediate";
// public static String END_ENTITY_ALIAS = "end";
// public static final String KEY_STORE_PATH = ConfigurationClass.JAVA_KEY_STORE_PATH;
// public static final String SIGNED_DATA_PATH = "d:\\pkcs7\\SIGNED_DATA.sign";
// public static final String SIGNED_ENCRYPTED_DATA_PATH = "d:\\pkcs7\\SIGNED_ENC_DATA.sign";
// public static final String PLAIN_TEXT_FILE_PATH = "d:\\pkcs7\\PlainText.txt";
// public static final String RESULT_DATA_FILE_PATH = "d:\\pkcs7\\ResultData.txt";
// public static final String DECRYPTED_DATA_FILE_PATH = "d:\\pkcs7\\DECRYPTED_DATA.txt";
public static KeyStore loadKeyStore() throws Exception {
KeyStore keyStore = KeyStore.getInstance("JKS");
InputStream is = new FileInputStream(new File(ConfigurationClass.JAVA_KEY_STORE_PATH));
keyStore.load(is, ConfigurationClass.KEY_STORE_PASSWORD.toCharArray());
is.close();
return keyStore;
}
/** {@inheritDoc} */
public void createKeyStore(char[] store_password) throws KeyStoreException, IOException {
try {
KeyStore store;
if (null == keystore_provider) {
store = KeyStore.getInstance(keystore_type);
} else {
store = KeyStore.getInstance(keystore_type, keystore_provider);
}
store.load(null, store_password);
saveKeyStore(store, store_password);
} catch (NoSuchProviderException failed) {
KeyStoreException failure =
new KeyStoreException("NoSuchProviderException during keystore processing");
failure.initCause(failed);
throw failure;
} catch (NoSuchAlgorithmException failed) {
KeyStoreException failure =
new KeyStoreException("NoSuchAlgorithmException during keystore processing");
failure.initCause(failed);
throw failure;
} catch (CertificateException failed) {
KeyStoreException failure =
new KeyStoreException("CertificateException during keystore processing");
failure.initCause(failed);
throw failure;
}
}
/**
* Gets a KeyStore containing the Certificate
*
* @param cert InputStream of the Certificate
* @return KeyStore
*/
public static KeyStore getKeystoreOfCA(InputStream cert) {
// Load CAs from an InputStream
InputStream caInput = null;
Certificate ca = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
caInput = new BufferedInputStream(cert);
ca = cf.generateCertificate(caInput);
} catch (CertificateException e1) {
e1.printStackTrace();
} finally {
try {
if (caInput != null) {
caInput.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = null;
try {
keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
} catch (Exception e) {
e.printStackTrace();
}
return keyStore;
}
static {
String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
if (algorithm == null) {
algorithm = "SunX509";
}
SSLContext serverContext;
SSLContext clientContext;
try {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(BogusKeyStore.asInputStream(), BogusKeyStore.getKeyStorePassword());
// Set up key manager factory to use our key store
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
kmf.init(ks, BogusKeyStore.getCertificatePassword());
// Initialize the SSLContext to work with our key managers.
serverContext = SSLContext.getInstance(PROTOCOL);
serverContext.init(kmf.getKeyManagers(), null, null);
} catch (Exception e) {
throw new Error("Failed to initialize the server-side SSLContext", e);
}
try {
clientContext = SSLContext.getInstance(PROTOCOL);
clientContext.init(null, BogusTrustManagerFactory.getTrustManagers(), null);
} catch (Exception e) {
throw new Error("Failed to initialize the client-side SSLContext", e);
}
SERVER_CONTEXT = serverContext;
CLIENT_CONTEXT = clientContext;
}
/** java.security.KeyStore#containsAlias(java.lang.String) */
public void test_containsAliasLjava_lang_String() throws Exception {
// Test for method boolean
// java.security.KeyStore.containsAlias(java.lang.String)
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert[] = new X509Certificate[2];
cert[0] = (X509Certificate) cf.generateCertificate(certArray);
cert[1] = (X509Certificate) cf.generateCertificate(certArray2);
KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());
try {
keyTest.containsAlias("alias1");
fail();
} catch (KeyStoreException expected) {
}
keyTest.load(null, null);
// alias 1
keyTest.setCertificateEntry("alias1", cert[0]);
// alias 2
keyTest.setCertificateEntry("alias2", cert[0]);
assertTrue("alias1 does not exist", keyTest.containsAlias("alias1"));
assertTrue("alias2 does not exist", keyTest.containsAlias("alias2"));
assertFalse("alias3 exists", keyTest.containsAlias("alias3"));
try {
keyTest.containsAlias(null);
fail();
} catch (NullPointerException expected) {
}
}
private KeyManager[] getKeyManagers(InputStream certificate, String passphrase)
throws IOException {
if (key_managers == null) {
KeyStore ks;
try {
ks = KeyStore.getInstance("PKCS12");
} catch (KeyStoreException e) {
throw new RuntimeException("Unable to create key store.");
}
char certphrase[] = passphrase.toCharArray();
try {
ks.load(certificate, certphrase);
} catch (GeneralSecurityException e) {
throw new RuntimeException("Bad certificate or unknown type.");
} finally {
closeQuietly(certificate);
}
KeyManagerFactory kmf;
try {
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, certphrase);
} catch (GeneralSecurityException e) {
throw new RuntimeException(e.getMessage());
}
key_managers = kmf.getKeyManagers();
}
return key_managers;
}
private KeyManager[] prepareKeyManager(InputStream bksFile, String password) {
try {
if (bksFile == null || password == null) return null;
KeyStore clientKeyStore = KeyStore.getInstance("BKS");
clientKeyStore.load(bksFile, password.toCharArray());
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(clientKeyStore, password.toCharArray());
return keyManagerFactory.getKeyManagers();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
private static SSLContext createBougusServerSslContext()
throws GeneralSecurityException, IOException {
// Create keystore
KeyStore ks = KeyStore.getInstance("JKS");
InputStream in = null;
try {
in = BogusSslContextFactory.class.getResourceAsStream(BOGUS_KEYSTORE);
ks.load(in, BOGUS_PW);
} finally {
if (in != null) {
try {
in.close();
} catch (IOException ignored) {
}
}
}
// Set up key manager factory to use our key store
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM);
kmf.init(ks, BOGUS_PW);
// Initialize the SSLContext to work with our key managers.
SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
sslContext.init(kmf.getKeyManagers(), BogusTrustManagerFactory.X509_MANAGERS, null);
return sslContext;
}
/**
* Returns the private key for the specified ID.
*
* @param id The ID of the requested private key.
* @param key_password The passphrase associated with the private key or {@code null} if the key
* has no passphrase.
* @return PrivateKey for the specified ID.
* @throws KeyStoreException When the wrong keystore has been provided.
* @throws IOException For errors related to processing the keystore.
*/
public PrivateKey getKey(ID id, char[] key_password) throws KeyStoreException, IOException {
String alias = id.toString();
try {
synchronized (keystore_manager) {
KeyStore store = keystore_manager.loadKeyStore(keystore_password);
if (!store.containsAlias(alias) || !store.isKeyEntry(alias)) {
return null;
}
return (PrivateKey) store.getKey(alias, key_password);
}
} catch (NoSuchAlgorithmException failed) {
Logging.logCheckedSevere(LOG, "Something failed\n", failed);
KeyStoreException failure = new KeyStoreException("Something Failed");
failure.initCause(failed);
throw failure;
} catch (UnrecoverableKeyException failed) {
Logging.logCheckedSevere(LOG, "Key passphrase failure\n", failed);
KeyStoreException failure = new KeyStoreException("Key passphrase failure");
failure.initCause(failed);
throw failure;
}
}