public static SSLContext createSSLContext( boolean clientMode, String keystore, String password, String trustStore, String trustPassword) throws Exception { // Create/initialize the SSLContext with key material char[] passphrase = password.toCharArray(); // First initialize the key and trust material. KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream(keystore), passphrase); SSLContext sslContext = SSLContext.getInstance("TLS"); if (clientMode) { // TrustManager's decide whether to allow connections. TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); sslContext.init(null, tmf.getTrustManagers(), null); } else { // KeyManager's decide which key material to use. KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, passphrase); if (trustStore != null) { KeyStore ts = KeyStore.getInstance("JKS"); ts.load(new FileInputStream(trustStore), trustPassword.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ts); System.out.println("Using the trust store for client auth"); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); } else sslContext.init(kmf.getKeyManagers(), null, null); } return sslContext; }
public static void main(String[] args) throws Exception { Properties properties = new Properties(); FileInputStream propFile = new FileInputStream("store.properties"); properties.load(propFile); final String id = properties.getProperty("ID"); final String placeForFiles = properties.getProperty("FilePlace"); int servicePort = Integer.parseInt(properties.getProperty("ServicePort")); int tcpPort = Integer.parseInt(properties.getProperty("TCPPort")); String ksName = properties.getProperty("KeyStore"); KeyStore ks = KeyStore.getInstance(properties.getProperty("KeyStoreType")); char[] password = properties.getProperty("Password").toCharArray(); char[] passwordForKey = properties.getProperty("PasswordForKey").toCharArray(); ks.load(new FileInputStream(ksName), password); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, passwordForKey); SSLContext context = SSLContext.getInstance("TLS"); context.init(kmf.getKeyManagers(), null, null); SSLServerSocketFactory ssf = context.getServerSocketFactory(); SSLServerSocket serverSocket = (SSLServerSocket) ssf.createServerSocket(tcpPort); ServiceThread serviceThread = new ServiceThread(servicePort, id); serviceThread.start(); while (!serverSocket.isClosed()) { ClientThread client = new ClientThread(placeForFiles); SSLSocket socket = (SSLSocket) serverSocket.accept(); socket.startHandshake(); client.setSocket(socket); client.start(); } }
/** connection with SSL */ public void sslConnection() { String keyStoreLocation = properties.getProperty(IbmMqConstants.SSL_KEYSTORE_LOCATION); String keyStoreType = properties.getProperty(IbmMqConstants.SSL_KEYSTORE_TYPE); String keyStorePassword = properties.getProperty(IbmMqConstants.SSL_KEYSTORE_PASSWORD); String trustStoreLocation = properties.getProperty(IbmMqConstants.SSL_TRUSTSTORE_LOCATION); String trustStoreType = properties.getProperty(IbmMqConstants.SSL_TRUSTSTORE_TYPE); String sslVersion = properties.getProperty(IbmMqConstants.SSL_VERSION); String sslFipsRequired = properties.getProperty(IbmMqConstants.SSL_FIPS); String sslCipherSuite = properties.getProperty(IbmMqConstants.SSL_CIPHERSUITE); boolean sslFips = Boolean.parseBoolean(sslFipsRequired); try { char[] keyPassphrase = keyStorePassword.toCharArray(); KeyStore ks = KeyStore.getInstance(keyStoreType); ks.load(new FileInputStream(keyStoreLocation), keyPassphrase); KeyStore trustStore = KeyStore.getInstance(trustStoreType); trustStore.load(new FileInputStream(trustStoreLocation), null); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); keyManagerFactory.init(ks, keyPassphrase); SSLContext sslContext = SSLContext.getInstance(sslVersion); sslContext.init( keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); mqProperties.put(MQConstants.SSL_SOCKET_FACTORY_PROPERTY, sslContext); mqProperties.put(MQConstants.SSL_FIPS_REQUIRED_PROPERTY, sslFips); mqProperties.put(MQConstants.SSL_CIPHER_SUITE_PROPERTY, sslCipherSuite); } catch (Exception ex) { handleException(ex.getMessage()); } }
private static SSLContext getContext( KeyManagerFactory kmf, TrustManagerFactory tmf, KeyStore ks) { try { KeyManager[] kms = kmf.getKeyManagers(); for (int i = 0; i < kms.length; i++) { // cast is safe since we used KEYMANAGER_ALGORITHM=SunX509 // above BasicX509KeyManager wrapper = new BasicX509KeyManager((X509KeyManager) kms[i], CERT_ALIAS); kms[i] = wrapper; } TrustManager[] tms = tmf.getTrustManagers(); for (int i = 0; i < tms.length; i++) { // safe cast since we used PKIX, SunJSSE above BasicX509TrustManager wrapper = new BasicX509TrustManager((X509TrustManager) tms[i]); tms[i] = wrapper; } SSLContext ctx = SSLContext.getInstance(SSL_PROTOCOL); log.debug("KMF returned " + kms.length + " KeyManagers"); log.debug("TMF returned " + tms.length + " TrustManagers"); ctx.init(kms, tms, null); return ctx; } catch (NoSuchAlgorithmException ex) { throw new RuntimeException("failed to find SSLContext for " + SSL_PROTOCOL, ex); } catch (KeyManagementException ex) { throw new RuntimeException("failed to init SSLContext", ex); } }
/** Gets the initialized key managers. */ protected KeyManager[] getKeyManagers( String keystoreType, String keystoreProvider, String algorithm, String keyAlias) throws Exception { KeyManager[] kms = null; String keystorePass = getKeystorePassword(); KeyStore ks = getKeystore(keystoreType, keystoreProvider, keystorePass); if (keyAlias != null && !ks.isKeyEntry(keyAlias)) { throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias)); } KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); String keyPass = endpoint.getKeyPass(); if (keyPass == null) { keyPass = keystorePass; } kmf.init(ks, keyPass.toCharArray()); kms = kmf.getKeyManagers(); if (keyAlias != null) { String alias = keyAlias; if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType)) { alias = alias.toLowerCase(Locale.ENGLISH); } for (int i = 0; i < kms.length; i++) { kms[i] = new JSSEKeyManager((X509KeyManager) kms[i], alias); } } return kms; }
private static KeyManager[] getKeyMgrs( VertxInternal vertx, final String ksPath, final String ksPassword) throws Exception { KeyManagerFactory fact = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks = loadStore(vertx, ksPath, ksPassword); fact.init(ks, ksPassword != null ? ksPassword.toCharArray() : null); return fact.getKeyManagers(); }
MyX509KeyManager(File keyStore, char[] password) throws Exception { // create a "default" JSSE X509KeyManager. KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream(keyStore), password); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509", "SunJSSE"); kmf.init(ks, password); KeyManager kms[] = kmf.getKeyManagers(); /* * Iterate over the returned keymanagers, look * for an instance of X509KeyManager. If found, * use that as our "default" key manager. */ for (int i = 0; i < kms.length; i++) { if (kms[i] instanceof X509KeyManager) { pkixKeyManager = (X509KeyManager) kms[i]; return; } } /* * Find some other way to initialize, or else we have to fail the * constructor. */ throw new Exception("Couldn't initialize"); }
/** * Creates the key managers to be used by the factory from the associated key store and password. * * @return the newly created array of key managers * @throws ClientSslContextFactoryException if an exception is detected in loading the key store */ private KeyManager[] createKeyManagers() throws ClientSslContextFactoryException { final KeyManagerFactory factory; try { factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); factory.init(this.keyStore, this.keyStorePassword.toCharArray()); } catch (NoSuchAlgorithmException e) { throw new ClientSslContextFactoryException( String.format( "Failed to create the key store because the algorithm %s is not supported. ", KeyManagerFactory.getDefaultAlgorithm()), e); } catch (UnrecoverableKeyException e) { throw new ClientSslContextFactoryException( "Unrecoverable Key Exception initializing key manager factory; this is probably fatal", e); } catch (KeyStoreException e) { throw new ClientSslContextFactoryException( "KeyStore exception initializing key manager factory; this is probably fatal", e); } KeyManager[] managers = factory.getKeyManagers(); LOGGER.debug("Key managers are initialized. Total {} managers. ", managers.length); return managers; }
/** Creates a new TlsSocketFactory */ public TlsSocketFactory(TlsContext tls_context) throws java.security.KeyStoreException, java.security.KeyManagementException, java.security.UnrecoverableKeyException, java.security.NoSuchAlgorithmException { KeyStore ks = tls_context.getKeyStore(); // get key managers KeyManagerFactory key_manager_factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); key_manager_factory.init(ks, TlsContext.DEFAULT_PASSWORD); KeyManager[] key_managers = key_manager_factory.getKeyManagers(); TrustManager[] trust_managers; // get trust managers if (tls_context.isTrustAll()) { X509TrustManager trust_all = new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } public void checkClientTrusted(X509Certificate[] certs, String auth_type) {} public void checkServerTrusted(X509Certificate[] certs, String auth_type) {} }; trust_managers = new TrustManager[] {trust_all}; } else { TrustManagerFactory trust_manager_factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trust_manager_factory.init(ks); trust_managers = trust_manager_factory.getTrustManagers(); } // install only the trust managers SSLContext sc = SSLContext.getInstance("SSL"); sc.init(key_managers, trust_managers, null /*new java.security.SecureRandom()*/); // get the socket factory ssl_factory = sc.getSocketFactory(); }
/** * @return * @throws NoSuchAlgorithmException * @throws KeyStoreException * @throws UnrecoverableKeyException * @throws IOException * @throws CertificateException */ private KeyManager[] initKeyManagers() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, IOException, CertificateException { // Initialize trust manager factory and set trusted CA list using keystore if (StringUtils.isEmpty(this.keyStorePath)) { log.info("Unset [keyStorePath] parameter, disable local private and certificate."); return null; } else { log.info( String.format("Loading private key and certificate from store: [%s]", this.keyStorePath)); // Load key store KeyStore keystore = KeyStore.getInstance("JKS"); InputStream in = Helper.getResourceAsStream(this.getClass(), this.keyStorePath); if (in == null) { throw new IOException( String.format("Could not reading from : [%s]", this.trustCertsStorePath)); } keystore.load(in, this.keyStorePassword); KeyManagerFactory kmf = KeyManagerFactory.getInstance(this.getKeyManagerAlgorithm()); kmf.init(keystore, this.keyStoreKeyPassword); log.info(String.format("Initialized key store: [%s]", this.keyStorePath)); KeyManager[] keyManagers = kmf.getKeyManagers(); return keyManagers; } }
private static SSLContext createBougusServerSslContext() throws GeneralSecurityException, IOException { // Create keystore KeyStore ks = KeyStore.getInstance("JKS"); InputStream in = null; try { in = BogusSslContextFactory.class.getResourceAsStream(BOGUS_KEYSTORE); ks.load(in, BOGUS_PW); } finally { if (in != null) { try { in.close(); } catch (IOException ignored) { } } } // Set up key manager factory to use our key store KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM); kmf.init(ks, BOGUS_PW); // Initialize the SSLContext to work with our key managers. SSLContext sslContext = SSLContext.getInstance(PROTOCOL); sslContext.init(kmf.getKeyManagers(), BogusTrustManagerFactory.X509_MANAGERS, null); return sslContext; }
/** Gets the initialized key managers. */ protected KeyManager[] getKeyManagers(String algorithm, String keyAlias) throws Exception { KeyManager[] kms = null; String keystorePass = getKeystorePassword(); KeyStore ks = getKeystore(keystorePass); if (keyAlias != null && !ks.isKeyEntry(keyAlias)) { throw new IOException(sm.getString("jsse.alias_no_key_entry", keyAlias)); } KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ks, keystorePass.toCharArray()); kms = kmf.getKeyManagers(); if (keyAlias != null) { // START SJSAS 6266949 /* if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType)) { keyAlias = keyAlias.toLowerCase(); } */ // END SJSAS 6266949 for (int i = 0; i < kms.length; i++) { kms[i] = new JSSEKeyManager((X509KeyManager) kms[i], keyAlias); } } return kms; }
private static SSLContext createSSLContext( final String algorithm, final KeyStore keystore, final String keystorePassword, final KeyStore truststore, final SecureRandom random, final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException { String algo = algorithm != null ? algorithm : TLS; KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keystore, keystorePassword != null ? keystorePassword.toCharArray() : null); KeyManager[] keymanagers = kmfactory.getKeyManagers(); TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmfactory.init(truststore); TrustManager[] trustmanagers = tmfactory.getTrustManagers(); if (trustmanagers != null && trustStrategy != null) { for (int i = 0; i < trustmanagers.length; i++) { TrustManager tm = trustmanagers[i]; if (tm instanceof X509TrustManager) { trustmanagers[i] = new TrustManagerDecorator((X509TrustManager) tm, trustStrategy); } } } SSLContext sslcontext = SSLContext.getInstance(algo); sslcontext.init(keymanagers, trustmanagers, random); return sslcontext; }
public TLSServer(KeyStore keyStore, String password, String protocol, int port) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keyStore, password.toCharArray()); KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); trustManagerFactory.init(keyStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); sslContext = SSLContext.getInstance(protocol); sslContext.init(keyManagers, trustManagers, null); cipherSuites = sslContext.getServerSocketFactory().getSupportedCipherSuites(); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Provider: " + sslContext.getProvider()); LOGGER.debug( "Supported cipher suites (" + sslContext.getServerSocketFactory().getSupportedCipherSuites().length + ")"); for (String c : sslContext.getServerSocketFactory().getSupportedCipherSuites()) { LOGGER.debug(" " + c); } } this.port = port; LOGGER.info("SSL Server successfully initialized!"); }
/** * Returns SSLContext with TESTED_SECURITY_PROTOCOL protocol and sets up keys. * * @return - SSLContext with a protocol specified by TESTED_SECURITY_PROTOCOL. */ public static SSLContext getContext() { try { java.security.Security.setProperty("jdk.tls.disabledAlgorithms", ""); java.security.Security.setProperty("jdk.certpath.disabledAlgorithms", ""); KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); char[] passphrase = PASSWD.toCharArray(); try (FileInputStream keyFileStream = new FileInputStream(KEY_FILE_NAME)) { ks.load(keyFileStream, passphrase); } try (FileInputStream trustFileStream = new FileInputStream(TRUST_FILE_NAME)) { ts.load(trustFileStream, passphrase); } KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, passphrase); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ts); SSLContext sslCtx = SSLContext.getInstance(TESTED_SECURITY_PROTOCOL); sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); return sslCtx; } catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | KeyManagementException ex) { throw new Error("Unexpected exception", ex); } }
private static SSLContext sslContext(String keystoreFile, String password) throws GeneralSecurityException, IOException { KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream in = new FileInputStream(keystoreFile); try { keystore.load(in, password.toCharArray()); } finally { Util.closeQuietly(in); } KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keystore, password.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keystore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init( keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom()); return sslContext; }
public void init(Properties properties) throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); String keyStorePassword = properties.getProperty("keyStorePassword"); if (keyStorePassword == null) { keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword"); } String keyStore = properties.getProperty("keyStore"); if (keyStore == null) { keyStore = System.getProperty("javax.net.ssl.keyStore"); } if (keyStore == null || keyStorePassword == null) { throw new RuntimeException("SSL is enabled but keyStore[Password] properties aren't set!"); } String keyManagerAlgorithm = getProperty(properties, "keyManagerAlgorithm", "SunX509"); String trustManagerAlgorithm = getProperty(properties, "trustManagerAlgorithm", "SunX509"); String protocol = getProperty(properties, "protocol", "TLS"); final char[] passPhrase = keyStorePassword.toCharArray(); final String keyStoreFile = keyStore; ks.load(new FileInputStream(keyStoreFile), passPhrase); ts.load(new FileInputStream(keyStoreFile), passPhrase); KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgorithm); kmf.init(ks, passPhrase); TrustManagerFactory tmf = TrustManagerFactory.getInstance(trustManagerAlgorithm); tmf.init(ts); sslContext = SSLContext.getInstance(protocol); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); }
/** Loads a keystore from a base64-encoded String. Returns the KeyManager[] for the result. */ private KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception { String algorithm = KeyManagerFactory.getDefaultAlgorithm(); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(algorithm); keyManagerFactory.init(keyStore, PASSWORD.toCharArray()); return keyManagerFactory.getKeyManagers(); }
private KeyManager[] getKeyManagers(InputStream certificate, String passphrase) throws IOException { if (key_managers == null) { KeyStore ks; try { ks = KeyStore.getInstance("PKCS12"); } catch (KeyStoreException e) { throw new RuntimeException("Unable to create key store."); } char certphrase[] = passphrase.toCharArray(); try { ks.load(certificate, certphrase); } catch (GeneralSecurityException e) { throw new RuntimeException("Bad certificate or unknown type."); } finally { closeQuietly(certificate); } KeyManagerFactory kmf; try { kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, certphrase); } catch (GeneralSecurityException e) { throw new RuntimeException(e.getMessage()); } key_managers = kmf.getKeyManagers(); } return key_managers; }
// ========================================================================================================= // HTTPS handling private HttpServer createHttpsServer( InetSocketAddress pSocketAddress, JolokiaServerConfig pConfig) { // initialise the HTTPS server try { HttpsServer server = HttpsServer.create(pSocketAddress, pConfig.getBacklog()); SSLContext sslContext = SSLContext.getInstance(pConfig.getSecureSocketProtocol()); // initialise the keystore KeyStore ks = getKeyStore(pConfig); // setup the key manager factory KeyManagerFactory kmf = getKeyManagerFactory(pConfig); kmf.init(ks, pConfig.getKeystorePassword()); // setup the trust manager factory TrustManagerFactory tmf = getTrustManagerFactory(pConfig); tmf.init(ks); // setup the HTTPS context and parameters sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); // Update the config to filter out bad protocols or ciphers pConfig.updateHTTPSSettingsFromContext(sslContext); server.setHttpsConfigurator(new JolokiaHttpsConfigurator(sslContext, pConfig)); return server; } catch (GeneralSecurityException e) { throw new IllegalStateException("Cannot use keystore for https communication: " + e, e); } catch (IOException e) { throw new IllegalStateException("Cannot open keystore for https communication: " + e, e); } }
static { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; } SSLContext serverContext; SSLContext clientContext; try { KeyStore ks = KeyStore.getInstance("JKS"); ks.load(BogusKeyStore.asInputStream(), BogusKeyStore.getKeyStorePassword()); // Set up key manager factory to use our key store KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ks, BogusKeyStore.getCertificatePassword()); // Initialize the SSLContext to work with our key managers. serverContext = SSLContext.getInstance(PROTOCOL); serverContext.init(kmf.getKeyManagers(), null, null); } catch (Exception e) { throw new Error("Failed to initialize the server-side SSLContext", e); } try { clientContext = SSLContext.getInstance(PROTOCOL); clientContext.init(null, BogusTrustManagerFactory.getTrustManagers(), null); } catch (Exception e) { throw new Error("Failed to initialize the client-side SSLContext", e); } SERVER_CONTEXT = serverContext; CLIENT_CONTEXT = clientContext; }
protected void init(KeystoreConfig keystoreConfig, boolean acceptUnverifiedCertificates) throws KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException { KeystoreManager keystoreMgr = KeystoreManager.getKeystoreManager(); KeyStore trustStore = keystoreMgr.getKeyStore(keystoreConfig); KeyManagerFactory keyManagerFactory = getKeyManagerFactory(trustStore, keystoreConfig.getFilePassword()); TrustManagerFactory trustManagerFactory = getTrustManagerFactory(trustStore); X509TrustManager defaultTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0]; X509TrustManager customTrustManager = keystoreMgr.getCustomTrustManager( defaultTrustManager, keystoreConfig, acceptUnverifiedCertificates, trustStore); sslContext = SSLContext.getInstance(getSecurityProtocol()); sslContext.init( keyManagerFactory.getKeyManagers(), new TrustManager[] {customTrustManager}, new SecureRandom()); // XXX Should we use ALLOW_ALL_HOSTNAME_VERIFIER (least restrictive) or // BROWSER_COMPATIBLE_HOSTNAME_VERIFIER (moderate restrictive) or // STRICT_HOSTNAME_VERIFIER (most restrictive)??? sslSocketFactory = new SSLSocketFactory(sslContext, getHostnameVerifier()); }
/** * Used to get the base ssl context in which to create the server socket. This is basically just * so we can have a custom location for key stores. */ public SSLContext getSSLContext(String keyStoreName, String password) throws IOException { try { // Check the key manager factory KeyManagerFactory kmf = KeyManagerFactory.getInstance(this.keyManagerType); File ksFile = new File(keyStoreName); if (!ksFile.exists() || !ksFile.isFile()) throw new WinstoneException( SSL_RESOURCES.getString("HttpsListener.KeyStoreNotFound", ksFile.getPath())); InputStream in = new FileInputStream(ksFile); char[] passwordChars = password == null ? null : password.toCharArray(); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(in, passwordChars); kmf.init(ks, passwordChars); Logger.log(Logger.FULL_DEBUG, SSL_RESOURCES, "HttpsListener.KeyCount", ks.size() + ""); for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) { String alias = (String) e.nextElement(); Logger.log( Logger.FULL_DEBUG, SSL_RESOURCES, "HttpsListener.KeyFound", new String[] {alias, ks.getCertificate(alias) + ""}); } SSLContext context = SSLContext.getInstance("SSL"); context.init(kmf.getKeyManagers(), null, null); Arrays.fill(passwordChars, 'x'); return context; } catch (IOException err) { throw err; } catch (Throwable err) { throw new WinstoneException( SSL_RESOURCES.getString("HttpsListener.ErrorGettingContext"), err); } }
private static SSLContext getContext(Context con) throws Exception { if (ctx == null) { String type = KeyStore.getDefaultType(); InputStream fis = getKeyStoreFileName(con); KeyStore ks = KeyStore.getInstance(type); ks.load(fis, KS_PASSWORD.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, KS_PASSWORD.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); ctx = SSLContext.getInstance("TLSv1"); ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); } SSLSocketFactory socketFactory = (SSLSocketFactory) ctx.getSocketFactory(); HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory); return ctx; }
private KeyManager[] prepareKeyManager(InputStream bksFile, String password) { try { if (bksFile == null || password == null) return null; KeyStore clientKeyStore = KeyStore.getInstance("BKS"); clientKeyStore.load(bksFile, password.toCharArray()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(clientKeyStore, password.toCharArray()); return keyManagerFactory.getKeyManagers(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (UnrecoverableKeyException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (Exception e) { e.printStackTrace(); } return null; }
public static SSLSocketFactory getSocketFactory( String caCrtFile, String crtFile, String keyFile, String password) throws Exception { char[] passwordCharArray = password == null ? new char[0] : password.toCharArray(); Security.addProvider(new BouncyCastleProvider()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate caCert = (X509Certificate) cf.generateCertificate( new ByteArrayInputStream(Files.readAllBytes(Paths.get(caCrtFile)))); X509Certificate cert = (X509Certificate) cf.generateCertificate( new ByteArrayInputStream(Files.readAllBytes(Paths.get(crtFile)))); File privateKeyFile = new File(keyFile); PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile)); PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passwordCharArray); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); Object object = pemParser.readObject(); KeyPair kp; if (object instanceof PEMEncryptedKeyPair) { kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); } else { kp = converter.getKeyPair((PEMKeyPair) object); } pemParser.close(); KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); caKeyStore.load(null, null); caKeyStore.setCertificateEntry("ca-certificate", caCert); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(caKeyStore); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry("certificate", cert); keyStore.setKeyEntry( "private-key", kp.getPrivate(), passwordCharArray, new java.security.cert.Certificate[] {cert}); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, passwordCharArray); SSLContext context = SSLContext.getInstance("TLSv1"); context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); return context.getSocketFactory(); }
/** @return key managers loaded for this service. */ public synchronized KeyManager[] getKeyManagers() throws GeneralSecurityException { if (mKeyStore == null) { throw new NullPointerException("null mKeyStore"); } KeyManagerFactory factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); factory.init(mKeyStore, "".toCharArray()); return factory.getKeyManagers(); }
private SSLSocketFactory createSocketFactory(String domain) throws Exception { SSLSocketFactory factory; KeyManagerFactory keyManagerFactory = getKeyManagerFactory(keystore, KEYSTORE_PASSWORD); SSLContext sslContext = SSLContext.getInstance("TLS"); KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); keyManagers = wrapKeyManagers(keyManagers, domain); sslContext.init(keyManagers, getAllTrustingManager(), secureRandom); factory = sslContext.getSocketFactory(); return factory; }
private KeyManager[] createKeyManagers(KeyStore keystore) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { bombIfNull(keystore, "Keystore may not be null"); LOG.trace("Initializing key manager"); KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keystore, keystorePassword.toCharArray()); return kmfactory.getKeyManagers(); }
private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { if (keystore == null) { throw new IllegalArgumentException("Keystore may not be null"); } KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keystore, password != null ? password.toCharArray() : null); return kmfactory.getKeyManagers(); }