public static SSLContext createSSLContext( boolean clientMode, String keystore, String password, String trustStore, String trustPassword) throws Exception { // Create/initialize the SSLContext with key material char[] passphrase = password.toCharArray(); // First initialize the key and trust material. KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream(keystore), passphrase); SSLContext sslContext = SSLContext.getInstance("TLS"); if (clientMode) { // TrustManager's decide whether to allow connections. TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); sslContext.init(null, tmf.getTrustManagers(), null); } else { // KeyManager's decide which key material to use. KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, passphrase); if (trustStore != null) { KeyStore ts = KeyStore.getInstance("JKS"); ts.load(new FileInputStream(trustStore), trustPassword.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ts); System.out.println("Using the trust store for client auth"); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); } else sslContext.init(kmf.getKeyManagers(), null, null); } return sslContext; }
private SSLSocketFactory newSslSocketFactory() { try { // Get an instance of the Bouncy Castle KeyStore format KeyStore trusted = KeyStore.getInstance("BKS"); // Get the raw resource, which contains the keystore with // your trusted certificates (root and any intermediate certs) InputStream in = context.getResources().openRawResource(tracker.springversion1.R.raw.mykeystore); try { // Initialize the keystore with the provided trusted // certificates // Also provide the password of the keystore trusted.load(in, "mysecret".toCharArray()); } finally { in.close(); } // Pass the keystore to the SSLSocketFactory. The factory is // responsible // for the verification of the server certificate. SSLSocketFactory sf = new SSLSocketFactory(trusted); // Hostname verification from certificate // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506 sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); // ALLOW_ALL_HOSTNAME_VERIFIER return sf; } catch (Exception e) { throw new AssertionError(e); } }
static { String algorithm = JiveGlobals.getProperty("xmpp.socket.ssl.algorithm", "TLS"); String storeType = JiveGlobals.getProperty("xmpp.socket.ssl.storeType", "jks"); // Get the keystore location. The default location is security/keystore keyStoreLocation = JiveGlobals.getProperty( "xmpp.socket.ssl.keystore", "resources" + File.separator + "security" + File.separator + "keystore"); keyStoreLocation = JiveGlobals.getHomeDirectory() + File.separator + keyStoreLocation; // Get the keystore password. The default password is "changeit". keypass = JiveGlobals.getProperty("xmpp.socket.ssl.keypass", "changeit"); keypass = keypass.trim(); // Get the truststore location; default at security/truststore trustStoreLocation = JiveGlobals.getProperty( "xmpp.socket.ssl.truststore", "resources" + File.separator + "security" + File.separator + "truststore"); trustStoreLocation = JiveGlobals.getHomeDirectory() + File.separator + trustStoreLocation; // Get the truststore passwprd; default is "changeit". trustpass = JiveGlobals.getProperty("xmpp.socket.ssl.trustpass", "changeit"); trustpass = trustpass.trim(); try { keyStore = KeyStore.getInstance(storeType); keyStore.load(new FileInputStream(keyStoreLocation), keypass.toCharArray()); trustStore = KeyStore.getInstance(storeType); trustStore.load(new FileInputStream(trustStoreLocation), trustpass.toCharArray()); sslFactory = (SSLJiveServerSocketFactory) SSLJiveServerSocketFactory.getInstance(algorithm, keyStore, trustStore); } catch (Exception e) { Log.error( "SSLConfig startup problem.\n" + " storeType: [" + storeType + "]\n" + " keyStoreLocation: [" + keyStoreLocation + "]\n" + " keypass: [" + keypass + "]\n" + " trustStoreLocation: [" + trustStoreLocation + "]\n" + " trustpass: [" + trustpass + "]", e); keyStore = null; trustStore = null; sslFactory = null; } }
public final void afterPropertiesSet() throws GeneralSecurityException, IOException { if (StringUtils.hasLength(provider) && StringUtils.hasLength(type)) { keyStore = KeyStore.getInstance(type, provider); } else if (StringUtils.hasLength(type)) { keyStore = KeyStore.getInstance(type); } else { keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); } InputStream is = null; try { if (location != null && location.exists()) { is = location.getInputStream(); if (logger.isInfoEnabled()) { logger.info("Loading key store from " + location); } } else if (logger.isWarnEnabled()) { logger.warn("Creating empty key store"); } keyStore.load(is, password); } finally { if (is != null) { is.close(); } } }
/** {@inheritDoc} */ public void createKeyStore(char[] store_password) throws KeyStoreException, IOException { try { KeyStore store; if (null == keystore_provider) { store = KeyStore.getInstance(keystore_type); } else { store = KeyStore.getInstance(keystore_type, keystore_provider); } store.load(null, store_password); saveKeyStore(store, store_password); } catch (NoSuchProviderException failed) { KeyStoreException failure = new KeyStoreException("NoSuchProviderException during keystore processing"); failure.initCause(failed); throw failure; } catch (NoSuchAlgorithmException failed) { KeyStoreException failure = new KeyStoreException("NoSuchAlgorithmException during keystore processing"); failure.initCause(failed); throw failure; } catch (CertificateException failed) { KeyStoreException failure = new KeyStoreException("CertificateException during keystore processing"); failure.initCause(failed); throw failure; } }
private SSLContext createSSLContext(final SSLContextService service) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException { SSLContextBuilder builder = SSLContexts.custom(); final String trustFilename = service.getTrustStoreFile(); if (trustFilename != null) { final KeyStore truststore = KeyStore.getInstance(service.getTrustStoreType()); try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) { truststore.load(in, service.getTrustStorePassword().toCharArray()); } builder = builder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy()); } final String keyFilename = service.getKeyStoreFile(); if (keyFilename != null) { final KeyStore keystore = KeyStore.getInstance(service.getKeyStoreType()); try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) { keystore.load(in, service.getKeyStorePassword().toCharArray()); } builder = builder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray()); } SSLContext sslContext = builder.build(); return sslContext; }
public static void createPublicCert( String targetKeystoreFile, String keyName, String rootKeystorePath, char[] rootKeystorePassword, char[] truststorePassword) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { KeyStore signerKeystore = KeyStore.getInstance(keystoreType); char[] signerPasswordArray = rootKeystorePassword; FileInputStream rootKeystoreInputStream = null; try { rootKeystoreInputStream = new FileInputStream(rootKeystorePath); signerKeystore.load(rootKeystoreInputStream, signerPasswordArray); } finally { if (rootKeystoreInputStream != null) { rootKeystoreInputStream.close(); } } Certificate rootCert = findCert(signerKeystore); KeyStore keystore = KeyStore.getInstance(keystoreType); keystore.load(null, null); keystore.setCertificateEntry(keyName + "Cert", rootCert); FileOutputStream targetKeystoreOutputStream = null; try { targetKeystoreOutputStream = new FileOutputStream(targetKeystoreFile); keystore.store(targetKeystoreOutputStream, truststorePassword); } finally { if (targetKeystoreOutputStream != null) { targetKeystoreOutputStream.close(); } } }
public void init(Properties properties) throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); String keyStorePassword = properties.getProperty("keyStorePassword"); if (keyStorePassword == null) { keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword"); } String keyStore = properties.getProperty("keyStore"); if (keyStore == null) { keyStore = System.getProperty("javax.net.ssl.keyStore"); } if (keyStore == null || keyStorePassword == null) { throw new RuntimeException("SSL is enabled but keyStore[Password] properties aren't set!"); } String keyManagerAlgorithm = getProperty(properties, "keyManagerAlgorithm", "SunX509"); String trustManagerAlgorithm = getProperty(properties, "trustManagerAlgorithm", "SunX509"); String protocol = getProperty(properties, "protocol", "TLS"); final char[] passPhrase = keyStorePassword.toCharArray(); final String keyStoreFile = keyStore; ks.load(new FileInputStream(keyStoreFile), passPhrase); ts.load(new FileInputStream(keyStoreFile), passPhrase); KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgorithm); kmf.init(ks, passPhrase); TrustManagerFactory tmf = TrustManagerFactory.getInstance(trustManagerAlgorithm); tmf.init(ts); sslContext = SSLContext.getInstance(protocol); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); }
/** * Returns SSLContext with TESTED_SECURITY_PROTOCOL protocol and sets up keys. * * @return - SSLContext with a protocol specified by TESTED_SECURITY_PROTOCOL. */ public static SSLContext getContext() { try { java.security.Security.setProperty("jdk.tls.disabledAlgorithms", ""); java.security.Security.setProperty("jdk.certpath.disabledAlgorithms", ""); KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); char[] passphrase = PASSWD.toCharArray(); try (FileInputStream keyFileStream = new FileInputStream(KEY_FILE_NAME)) { ks.load(keyFileStream, passphrase); } try (FileInputStream trustFileStream = new FileInputStream(TRUST_FILE_NAME)) { ts.load(trustFileStream, passphrase); } KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, passphrase); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ts); SSLContext sslCtx = SSLContext.getInstance(TESTED_SECURITY_PROTOCOL); sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return sslCtx; } catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | KeyManagementException ex) { throw new Error("Unexpected exception", ex); } }
/** Loads the system trust store. */ private static KeyStore loadSystemTrustStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { KeyStore ks; if (Build.VERSION.SDK_INT >= 14) { ks = KeyStore.getInstance("AndroidCAStore"); ks.load(null, null); } else { ks = KeyStore.getInstance("BKS"); String path = System.getProperty("javax.net.ssl.trustStore"); if (path == null) path = System.getProperty("java.home") + File.separator + "etc" + File.separator + "security" + File.separator + "cacerts.bks"; ks.load(new FileInputStream(path), null); } return ks; }
/** connection with SSL */ public void sslConnection() { String keyStoreLocation = properties.getProperty(IbmMqConstants.SSL_KEYSTORE_LOCATION); String keyStoreType = properties.getProperty(IbmMqConstants.SSL_KEYSTORE_TYPE); String keyStorePassword = properties.getProperty(IbmMqConstants.SSL_KEYSTORE_PASSWORD); String trustStoreLocation = properties.getProperty(IbmMqConstants.SSL_TRUSTSTORE_LOCATION); String trustStoreType = properties.getProperty(IbmMqConstants.SSL_TRUSTSTORE_TYPE); String sslVersion = properties.getProperty(IbmMqConstants.SSL_VERSION); String sslFipsRequired = properties.getProperty(IbmMqConstants.SSL_FIPS); String sslCipherSuite = properties.getProperty(IbmMqConstants.SSL_CIPHERSUITE); boolean sslFips = Boolean.parseBoolean(sslFipsRequired); try { char[] keyPassphrase = keyStorePassword.toCharArray(); KeyStore ks = KeyStore.getInstance(keyStoreType); ks.load(new FileInputStream(keyStoreLocation), keyPassphrase); KeyStore trustStore = KeyStore.getInstance(trustStoreType); trustStore.load(new FileInputStream(trustStoreLocation), null); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); keyManagerFactory.init(ks, keyPassphrase); SSLContext sslContext = SSLContext.getInstance(sslVersion); sslContext.init( keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); mqProperties.put(MQConstants.SSL_SOCKET_FACTORY_PROPERTY, sslContext); mqProperties.put(MQConstants.SSL_FIPS_REQUIRED_PROPERTY, sslFips); mqProperties.put(MQConstants.SSL_CIPHER_SUITE_PROPERTY, sslCipherSuite); } catch (Exception ex) { handleException(ex.getMessage()); } }
private static KeyStore loadKeyStore() throws GeneralSecurityException { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); boolean isKeyStoreInitialized = false; InputStream in = null; try { in = new FileInputStream(LC.mailboxd_keystore.value()); try { keyStore.load(in, LC.mailboxd_keystore_password.value().toCharArray()); isKeyStoreInitialized = true; } catch (CertificateException x) { ZimbraLog.security.warn("failed to load certificates", x); } catch (IOException x) { ZimbraLog.security.warn("failed to read keystore file", x); } } catch (FileNotFoundException x) { ZimbraLog.security.info("keystore not present"); } finally { if (in != null) try { in.close(); } catch (IOException x) { ZimbraLog.security.warn("keystore file can't be closed after reading", x); } } if (!isKeyStoreInitialized) { try { in = new FileInputStream(LC.mailboxd_keystore_base.value()); try { keyStore.load(in, LC.mailboxd_keystore_base_password.value().toCharArray()); isKeyStoreInitialized = true; } catch (CertificateException x) { ZimbraLog.security.warn("failed to load backup certificates", x); } catch (IOException x) { ZimbraLog.security.warn("failed to read backup keystore file", x); } } catch (FileNotFoundException x) { ZimbraLog.security.warn("backup keystore not found"); } finally { if (in != null) try { in.close(); } catch (IOException x) { ZimbraLog.security.warn("backup keystore file can't be closed after reading", x); } } } if (!isKeyStoreInitialized) { keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { keyStore.load(null, new char[0]); } catch (IOException x) { throw new KeyStoreException(x); } } return keyStore; }
public static SSLSocketFactory getSocketFactory( String caCrtFile, String crtFile, String keyFile, String password) throws Exception { char[] passwordCharArray = password == null ? new char[0] : password.toCharArray(); Security.addProvider(new BouncyCastleProvider()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate caCert = (X509Certificate) cf.generateCertificate( new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile)))); X509Certificate cert = (X509Certificate) cf.generateCertificate( new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile)))); File privateKeyFile = new File(keyFile); PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile)); PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passwordCharArray); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); Object object = pemParser.readObject(); KeyPair kp; if (object instanceof PEMEncryptedKeyPair) { kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); } else { kp = converter.getKeyPair((PEMKeyPair) object); } pemParser.close(); KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); caKeyStore.load(null, null); caKeyStore.setCertificateEntry("ca-certificate", caCert); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(caKeyStore); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry("certificate", cert); keyStore.setKeyEntry( "private-key", kp.getPrivate(), passwordCharArray, new java.security.cert.Certificate[] {cert}); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, passwordCharArray); SSLContext context = SSLContext.getInstance("TLSv1"); context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); return context.getSocketFactory(); }
private KeyStore createKeyStore(@Nullable String path) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException { String keyStoreType = KeyStore.getDefaultType(); char[] defaultPassword = "******".toCharArray(); if (path != null) { // If the user provided path, only try to load the keystore at that path. KeyStore keyStore = KeyStore.getInstance(keyStoreType); FileInputStream is = new FileInputStream(path); keyStore.load(is, defaultPassword); return keyStore; } try { // Check if we are on Android. Class version = Class.forName("android.os.Build$VERSION"); // Build.VERSION_CODES.ICE_CREAM_SANDWICH is 14. if (version.getDeclaredField("SDK_INT").getInt(version) >= 14) { // After ICS, Android provided this nice method for loading the keystore, // so we don't have to specify the location explicitly. KeyStore keystore = KeyStore.getInstance("AndroidCAStore"); keystore.load(null, null); return keystore; } else { keyStoreType = "BKS"; path = System.getProperty("java.home") + "/etc/security/cacerts.bks".replace('/', File.separatorChar); } } catch (ClassNotFoundException e) { // NOP. android.os.Build is not present, so we are not on Android. Fall through. } catch (NoSuchFieldException e) { throw new RuntimeException(e); // Should never happen. } catch (IllegalAccessException e) { throw new RuntimeException(e); // Should never happen. } if (path == null) { path = System.getProperty("javax.net.ssl.trustStore"); } if (path == null) { // Try this default system location for Linux/Windows/OSX. path = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar); } try { KeyStore keyStore = KeyStore.getInstance(keyStoreType); FileInputStream is = new FileInputStream(path); keyStore.load(is, defaultPassword); return keyStore; } catch (FileNotFoundException e) { // If we failed to find a system trust store, load our own fallback trust store. This can fail // on Android // but we should never reach it there. KeyStore keyStore = KeyStore.getInstance("JKS"); InputStream is = getClass().getResourceAsStream("cacerts"); keyStore.load(is, defaultPassword); return keyStore; } }
public static void main(String[] args) throws Exception { if (args.length < 1) { System.err.println("usage: java PKCS12Import {pkcs12file} [newjksfile]"); System.exit(1); } File fileIn = new File(args[0]); File fileOut; if (args.length > 1) { fileOut = new File(args[1]); } else { fileOut = new File("newstore.jks"); } if (!fileIn.canRead()) { System.err.println("Unable to access input keystore: " + fileIn.getPath()); System.exit(2); } if (fileOut.exists() && !fileOut.canWrite()) { System.err.println("Output file is not writable: " + fileOut.getPath()); System.exit(2); } KeyStore kspkcs12 = KeyStore.getInstance("pkcs12"); KeyStore ksjks = KeyStore.getInstance("jks"); LineNumberReader in = new LineNumberReader(new InputStreamReader(System.in)); System.out.print("Enter input keystore passphrase: "); char[] inphrase = in.readLine().toCharArray(); System.out.print("Enter output keystore passphrase: "); char[] outphrase = in.readLine().toCharArray(); kspkcs12.load(new FileInputStream(fileIn), inphrase); ksjks.load((fileOut.exists()) ? new FileInputStream(fileOut) : null, outphrase); Enumeration eAliases = kspkcs12.aliases(); int n = 0; while (eAliases.hasMoreElements()) { String strAlias = (String) eAliases.nextElement(); System.err.println("Alias " + n++ + ": " + strAlias); if (kspkcs12.isKeyEntry(strAlias)) { System.err.println("Adding key for alias " + strAlias); Key key = kspkcs12.getKey(strAlias, inphrase); Certificate[] chain = kspkcs12.getCertificateChain(strAlias); ksjks.setKeyEntry(strAlias, key, outphrase, chain); } } OutputStream out = new FileOutputStream(fileOut); ksjks.store(out, outphrase); out.close(); }
public void configureService( String address, String pksFilename, String pksPassword, String trustPksFilename, String trustPksPassword) throws Exception { if (pksFilename != null && pksPassword != null && trustPksFilename != null && trustPksPassword != null) { System.setProperty("javax.net.ssl.keyStore", pksFilename); System.setProperty("javax.net.ssl.keyStorePassword", pksPassword); System.setProperty("javax.net.ssl.trustStore", trustPksFilename); System.setProperty("javax.net.ssl.trustStorePassword", trustPksPassword); } URL wsdlUrl = new URL(address + "?wsdl"); IoTaService service = new IoTaService(wsdlUrl); port = service.getPort(IoTaServicePortType.class); // turn off chunked transfer encoding Client client = ClientProxy.getClient(port); HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); httpClientPolicy.setAllowChunking(false); httpConduit.setClient(httpClientPolicy); if (pksFilename != null) { log.debug("Authenticating with certificate in file: " + pksFilename); if (!wsdlUrl.getProtocol().equalsIgnoreCase("https")) { throw new Exception("Authentication method requires the use of HTTPS"); } KeyStore keyStore = KeyStore.getInstance(pksFilename.endsWith(".p12") ? "PKCS12" : "JKS"); keyStore.load(new FileInputStream(new File(pksFilename)), pksPassword.toCharArray()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keyStore, pksPassword.toCharArray()); KeyStore trustStore = KeyStore.getInstance(trustPksFilename.endsWith(".p12") ? "PKCS12" : "JKS"); trustStore.load( new FileInputStream(new File(trustPksFilename)), trustPksPassword.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); trustManagerFactory.init(trustStore); TLSClientParameters tlscp = new TLSClientParameters(); tlscp.setSecureRandom(new SecureRandom()); tlscp.setKeyManagers(keyManagerFactory.getKeyManagers()); tlscp.setTrustManagers(trustManagerFactory.getTrustManagers()); httpConduit.setTlsClientParameters(tlscp); } }
/** * Retrieves the keystore from the encoded data. * * @param type "PKCS12" or "JKS" * @param password to lock the keystore * @return the loaded and unlocked keystore. * @throws CertificateException * @throws IOException * @throws NoSuchAlgorithmException * @throws NoSuchProviderException * @throws KeyStoreException */ public static java.security.KeyStore getKeyStore( byte[] keystoreData, String type, String password) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException, NoSuchProviderException { java.security.KeyStore ks = type.equalsIgnoreCase("JKS") ? java.security.KeyStore.getInstance("JKS") : java.security.KeyStore.getInstance(type, "BC"); ByteArrayInputStream bais = new ByteArrayInputStream(Base64.decode(keystoreData)); ks.load(bais, password.toCharArray()); return ks; }
public static javax.net.SocketFactory getSSLFactory( java.lang.String s, java.lang.String s1, java.lang.StringBuffer stringbuffer) { javax.net.ssl.SSLSocketFactory sslsocketfactory = null; try { if (!(new File(s)).exists()) { throw new Exception("certificate not found"); } java.security.KeyStore keystore; if (s.endsWith(".pfx")) { keystore = java.security.KeyStore.getInstance("PKCS12"); } else { keystore = java.security.KeyStore.getInstance("JKS"); } java.io.FileInputStream fileinputstream = new FileInputStream(s); char ac[] = s1.toCharArray(); char ac1[] = s1.toCharArray(); keystore.load(fileinputstream, ac); java.util.Enumeration enumeration = keystore.aliases(); while (enumeration.hasMoreElements()) { java.lang.String s2 = (java.lang.String) enumeration.nextElement(); certificateDescription = certificateDescription + " (" + s2; java.security.cert.Certificate acertificate[] = keystore.getCertificateChain(s2); if (acertificate != null) { int i = 0; while (i < acertificate.length) { java.security.cert.X509Certificate x509certificate = (java.security.cert.X509Certificate) acertificate[i]; certificateDescription = certificateDescription + " (cert " + x509certificate.getSubjectDN() + ", " + x509certificate.getSigAlgName() + ")"; i++; } } } stringbuffer.append("certs: " + certificateDescription + "\n"); com.sun.net.ssl.KeyManagerFactory keymanagerfactory = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509"); keymanagerfactory.init(keystore, ac1); com.sun.net.ssl.KeyManager akeymanager[] = keymanagerfactory.getKeyManagers(); com.sun.net.ssl.SSLContext sslcontext = com.sun.net.ssl.SSLContext.getInstance("SSL"); sslcontext.init(akeymanager, null, randomGenerator); sslsocketfactory = sslcontext.getSocketFactory(); } catch (java.lang.Throwable throwable) { throwable.printStackTrace(); stringbuffer.append("error: " + throwable.toString()); } return sslsocketfactory; }
/* * In case of self signed certificates on Server. Two things needs to be taken care * 1)Authenticate to the HTTPS server using a private key. * 2)Validate the identity of the HTTPS server against a list of trusted certificates * * Ref - http://developer.android.com/reference/org/apache/http/conn/ssl/SSLSocketFactory.html */ private static SSLContext createEasySSLContext() throws IOException { try { // Client should authenticate itself with the valid certificate to Server. InputStream clientStream = VolleySampleApplication.getContext() .getResources() .openRawResource(R.raw.production_test_client); char[] password = "******".toCharArray(); KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(clientStream, password); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, password); // Client should also add the CA certificate obtained from server and create TrustManager from // it for the client to validate the // identity of the server. KeyStore trustStore = KeyStore.getInstance("BKS"); InputStream instream = null; instream = VolleySampleApplication.getContext() .getResources() .openRawResource(R.raw.production_test_ca); try { trustStore.load(instream, "XXXXXXXX".toCharArray()); } catch (Exception e) { e.printStackTrace(); } finally { try { instream.close(); } catch (Exception ignore) { } } String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(trustStore); // Create an SSLContext that uses our TrustManager & Keystore SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), null); return context; } catch (Exception e) { e.printStackTrace(); throw new IOException(e.getMessage()); } }
private DockerCertificates(final Builder builder) throws DockerCertificateException { if ((builder.caCertPath == null) || (builder.clientCertPath == null) || (builder.clientKeyPath == null)) { throw new DockerCertificateException( "caCertPath, clientCertPath, and clientKeyPath must all be specified"); } try { final CertificateFactory cf = CertificateFactory.getInstance("X.509"); final Certificate caCert = cf.generateCertificate(Files.newInputStream(builder.caCertPath)); final Certificate clientCert = cf.generateCertificate(Files.newInputStream(builder.clientCertPath)); final PEMKeyPair clientKeyPair = (PEMKeyPair) new PEMParser( Files.newBufferedReader(builder.clientKeyPath, Charset.defaultCharset())) .readObject(); final PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(clientKeyPair.getPrivateKeyInfo().getEncoded()); final KeyFactory kf = KeyFactory.getInstance("RSA"); final PrivateKey clientKey = kf.generatePrivate(spec); final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); trustStore.setEntry("ca", new KeyStore.TrustedCertificateEntry(caCert), null); final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry("client", clientCert); keyStore.setKeyEntry("key", clientKey, KEY_STORE_PASSWORD, new Certificate[] {clientCert}); this.sslContext = SSLContexts.custom() .loadTrustMaterial(trustStore) .loadKeyMaterial(keyStore, KEY_STORE_PASSWORD) .useTLS() .build(); } catch (CertificateException | IOException | NoSuchAlgorithmException | InvalidKeySpecException | KeyStoreException | UnrecoverableKeyException | KeyManagementException e) { throw new DockerCertificateException(e); } }
/** Default constructor. */ public URIKeyStoreManager(String type, String provider, URI location) throws NoSuchProviderException, KeyStoreException { if (null == type) { type = DEFAULT_KEYSTORE_TYPE; provider = null; } // special case for forcing bc provider for jdk < 1.5 since jdk 1.4.x // jsse pkcs12 is readonly. if ("pkcs12".equalsIgnoreCase(type)) { if ("BC".equals(provider)) { provider = null; } boolean hasJDK15 = System.getProperty("java.specification.version", "0.0").compareTo("1.5") >= 0; provider = hasJDK15 ? null : "BC"; } if (!location.isAbsolute()) { throw new IllegalArgumentException("location must be an absolute URI"); } if ("file".equalsIgnoreCase(location.getScheme())) { File asFile = new File(location); if (asFile.exists() && !asFile.isFile()) { throw new IllegalArgumentException("location must refer to a file"); } } if (LOG.isEnabledFor(Level.INFO)) { LOG.info("pse location = " + location); } keystore_type = type; keystore_provider = provider; keystore_location = location; // check if we can get an instance. if (null == keystore_provider) { KeyStore.getInstance(keystore_type); } else { KeyStore.getInstance(keystore_type, keystore_provider); } }
private SSLSocketFactory createSocketFactory() { // Load CAs from an InputStream // (could be from a resource or ByteArrayInputStream or ...) try { // Create a KeyStore containing our trusted CAs String keyStoreType = "BKS"; KeyStore keyStore = KeyStore.getInstance(keyStoreType); // keyStore.load(ksInput, "recsports".toCharArray()); // Create a KeyManager String kmfAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmfAlgorithm); kmf.init(keyStore, "recsports".toCharArray()); // Create a TrustManager that trusts the CAs in our KeyStore String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); // ksInput.close(); return new CipherExtendedSSLSocketFactory(kmf, tmf); } catch (Exception e) { Log.e(LOG_TAG, e.getMessage()); return null; } }
private static SSLContext createBougusServerSslContext() throws GeneralSecurityException, IOException { // Create keystore KeyStore ks = KeyStore.getInstance("JKS"); InputStream in = null; try { in = BogusSslContextFactory.class.getResourceAsStream(BOGUS_KEYSTORE); ks.load(in, BOGUS_PW); } finally { if (in != null) { try { in.close(); } catch (IOException ignored) { } } } // Set up key manager factory to use our key store KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM); kmf.init(ks, BOGUS_PW); // Initialize the SSLContext to work with our key managers. SSLContext sslContext = SSLContext.getInstance(PROTOCOL); sslContext.init(kmf.getKeyManagers(), BogusTrustManagerFactory.X509_MANAGERS, null); return sslContext; }
/** * Loads key store from storage, or creates new one if storage is missing key store or corrupted. */ private KeyStore load() { KeyStore keyStore; try { keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); } catch (KeyStoreException e) { throw new IllegalStateException("Unable to get default instance of KeyStore", e); } try { FileInputStream fis = mContext.openFileInput(KEYSTORE_FILENAME); keyStore.load(fis, KEYSTORE_PASSWORD); } catch (IOException e) { LogUtils.v("Unable open keystore file", e); keyStore = null; } catch (GeneralSecurityException e) { LogUtils.v("Unable open keystore file", e); keyStore = null; } if (keyStore != null) { // KeyStore loaded return keyStore; } try { keyStore = createKeyStore(); } catch (GeneralSecurityException e) { throw new IllegalStateException("Unable to create identity KeyStore", e); } store(keyStore); return keyStore; }
private KeyManager[] getKeyManagers(InputStream certificate, String passphrase) throws IOException { if (key_managers == null) { KeyStore ks; try { ks = KeyStore.getInstance("PKCS12"); } catch (KeyStoreException e) { throw new RuntimeException("Unable to create key store."); } char certphrase[] = passphrase.toCharArray(); try { ks.load(certificate, certphrase); } catch (GeneralSecurityException e) { throw new RuntimeException("Bad certificate or unknown type."); } finally { closeQuietly(certificate); } KeyManagerFactory kmf; try { kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, certphrase); } catch (GeneralSecurityException e) { throw new RuntimeException(e.getMessage()); } key_managers = kmf.getKeyManagers(); } return key_managers; }
static { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; } SSLContext serverContext; SSLContext clientContext; try { KeyStore ks = KeyStore.getInstance("JKS"); ks.load(BogusKeyStore.asInputStream(), BogusKeyStore.getKeyStorePassword()); // Set up key manager factory to use our key store KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ks, BogusKeyStore.getCertificatePassword()); // Initialize the SSLContext to work with our key managers. serverContext = SSLContext.getInstance(PROTOCOL); serverContext.init(kmf.getKeyManagers(), null, null); } catch (Exception e) { throw new Error("Failed to initialize the server-side SSLContext", e); } try { clientContext = SSLContext.getInstance(PROTOCOL); clientContext.init(null, BogusTrustManagerFactory.getTrustManagers(), null); } catch (Exception e) { throw new Error("Failed to initialize the client-side SSLContext", e); } SERVER_CONTEXT = serverContext; CLIENT_CONTEXT = clientContext; }
static KeyStore getKeyStore() throws Exception { InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks")); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(in, password); in.close(); return ks; }
KeyStore.PrivateKeyEntry getKey() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableEntryException { KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); return (PrivateKeyEntry) keyStore.getEntry(alias, null); }
/** {@inheritDoc} */ public boolean isInitialized(char[] store_password) { try { KeyStore store; if (null == keystore_provider) { store = KeyStore.getInstance(keystore_type); } else { store = KeyStore.getInstance(keystore_type, keystore_provider); } store.load(keystore_location.toURL().openStream(), store_password); return true; } catch (Exception failed) { return false; } }
public CertificateInstaller(Resource source, String host, int port, char[] passphrase) throws IOException, KeyStoreException, GeneralSecurityException { this.source = source; this.host = host; this.port = port; this.passphrase = passphrase; ks = null; InputStream in = source.getInputStream(); try { ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(in, passphrase); } finally { IOUtil.closeEL(in); } context = SSLContext.getInstance("TLS"); tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; tm = new SavingTrustManager(defaultTrustManager); context.init(null, new TrustManager[] {tm}, null); checkCertificate(); if (tm.chain == null) throw new IOException("Could not obtain server certificate chain"); }