javax.net.ssl.X509ExtendedTrustManager Java Examples

The following examples show how to use javax.net.ssl.X509ExtendedTrustManager. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SSLContextImpl.java    From openjsse with GNU General Public License v2.0 6 votes vote down vote up
private X509TrustManager chooseTrustManager(TrustManager[] tm)
        throws KeyManagementException {
    // We only use the first instance of X509TrustManager passed to us.
    for (int i = 0; tm != null && i < tm.length; i++) {
        if (tm[i] instanceof X509TrustManager) {
            if (OpenJSSE.isFIPS() &&
                    !(tm[i] instanceof X509TrustManagerImpl)) {
                throw new KeyManagementException
                    ("FIPS mode: only OpenJSSE TrustManagers may be used");
            }

            if (tm[i] instanceof X509ExtendedTrustManager) {
                return (X509TrustManager)tm[i];
            } else {
                return new AbstractTrustManagerWrapper(
                                    (X509TrustManager)tm[i]);
            }
        }
    }

    // nothing found, return a dummy X509TrustManager.
    return DummyX509TrustManager.INSTANCE;
}
 
Example #2
Source File: InsecureExtendedTrustManager.java    From browserup-proxy with Apache License 2.0 6 votes vote down vote up
/**
 * Returns the JDK's default X509ExtendedTrustManager, or a no-op trust manager if the default cannot be found.
 */
private static X509ExtendedTrustManager getDefaultExtendedTrustManager() {
    TrustManagerFactory trustManagerFactory;
    try {
        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        // initialize the TrustManagerFactory with the default KeyStore
        trustManagerFactory.init((KeyStore) null);
    } catch (NoSuchAlgorithmException | KeyStoreException e) {
        log.debug("Unable to initialize default TrustManagerFactory. Using no-op X509ExtendedTrustManager.", e);
        return NOOP_EXTENDED_TRUST_MANAGER;
    }

    // find the X509ExtendedTrustManager in the list of registered trust managers
    for (TrustManager tm : trustManagerFactory.getTrustManagers()) {
        if (tm instanceof X509ExtendedTrustManager) {
            return (X509ExtendedTrustManager) tm;
        }
    }

    // no default X509ExtendedTrustManager found, so return a no-op
    log.debug("No default X509ExtendedTrustManager found. Using no-op.");
    return NOOP_EXTENDED_TRUST_MANAGER;
}
 
Example #3
Source File: ExtensibleTrustManagerImpl.java    From smarthome with Eclipse Public License 2.0 6 votes vote down vote up
private X509ExtendedTrustManager getLinkedTrustMananger(X509Certificate[] chain, SSLEngine sslEngine) {
    if (sslEngine != null) {
        X509ExtendedTrustManager trustManager = null;
        String peer = null;
        if (sslEngine.getPeerHost() != null) {
            peer = sslEngine.getPeerHost() + ":" + sslEngine.getPeerPort();
            trustManager = linkedTrustManager.getOrDefault(peer, EMPTY_QUEUE).peek();
        }

        if (trustManager != null) {
            logger.trace("Found trustManager by sslEngine peer/host: {}", peer);
            return trustManager;
        } else {
            logger.trace("Did NOT find trustManager by sslEngine peer/host: {}", peer);
        }
    }
    return getLinkedTrustMananger(chain);
}
 
Example #4
Source File: SimpleTrustManagerFactory.java    From netty-4.1.22 with Apache License 2.0 6 votes vote down vote up
@Override
protected TrustManager[] engineGetTrustManagers() {
    TrustManager[] trustManagers = this.trustManagers;
    if (trustManagers == null) {
        trustManagers = parent.engineGetTrustManagers();
        if (PlatformDependent.javaVersion() >= 7) {
            for (int i = 0; i < trustManagers.length; i++) {
                final TrustManager tm = trustManagers[i];
                if (tm instanceof X509TrustManager && !(tm instanceof X509ExtendedTrustManager)) {
                    trustManagers[i] = new X509TrustManagerWrapper((X509TrustManager) tm);
                }
            }
        }
        this.trustManagers = trustManagers;
    }
    return trustManagers.clone();
}
 
Example #5
Source File: ClientX509ExtendedTrustManager.java    From light-4j with Apache License 2.0 6 votes vote down vote up
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
	try {
		EndpointIdentificationAlgorithm.setup(engine, identityAlg);
		
		if (trustManager instanceof X509ExtendedTrustManager) {
			((X509ExtendedTrustManager)trustManager).checkServerTrusted(chain, authType, engine);
		}else {
			trustManager.checkServerTrusted(chain, authType);
			checkIdentity(engine, chain[0]);
		}
		
		doCustomServerIdentityCheck(chain[0]);
	} catch (Throwable t) {
		SSLUtils.handleTrustValidationErrors(t);
	}
}
 
Example #6
Source File: ClientX509ExtendedTrustManager.java    From light-4j with Apache License 2.0 6 votes vote down vote up
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
	try {
		EndpointIdentificationAlgorithm.setup(engine, identityAlg);
		
		if (trustManager instanceof X509ExtendedTrustManager) {
			((X509ExtendedTrustManager)trustManager).checkClientTrusted(chain, authType, engine);
		}else {
			trustManager.checkClientTrusted(chain, authType);
			checkIdentity(engine, chain[0]);
		}
		
	} catch (Throwable t) {
		SSLUtils.handleTrustValidationErrors(t);
	}
}
 
Example #7
Source File: TrustManagerExtTest.java    From servicecomb-java-chassis with Apache License 2.0 6 votes vote down vote up
@SuppressWarnings("unused")
@Test
public void testConstructor() {
  String keyStoreName = custom.getFullPath(option.getKeyStore());
  char[] keyStoreValue = custom.decode(option.getKeyStoreValue().toCharArray());
  String trustStoreName = custom.getFullPath(option.getTrustStore());
  char[] trustStoreValue =
      custom.decode(option.getTrustStoreValue().toCharArray());
  KeyStore trustStore =
      KeyStoreUtil.createKeyStore(trustStoreName,
          option.getTrustStoreType(),
          trustStoreValue);
  TrustManager[] trustManager = KeyStoreUtil.createTrustManagers(trustStore);

  TrustManagerExt trustManagerExt = new TrustManagerExt((X509ExtendedTrustManager) trustManager[0],
      option, custom);
  Assert.assertEquals(3, trustManagerExt.getAcceptedIssuers()[0].getVersion());
  Assert.assertNotNull(trustManagerExt);
}
 
Example #8
Source File: ExtensibleTrustManagerImpl.java    From openhab-core with Eclipse Public License 2.0 6 votes vote down vote up
private X509ExtendedTrustManager getLinkedTrustMananger(X509Certificate[] chain, SSLEngine sslEngine) {
    if (sslEngine != null) {
        X509ExtendedTrustManager trustManager = null;
        String peer = null;
        if (sslEngine.getPeerHost() != null) {
            peer = sslEngine.getPeerHost() + ":" + sslEngine.getPeerPort();
            trustManager = linkedTrustManager.getOrDefault(peer, EMPTY_QUEUE).peek();
        }

        if (trustManager != null) {
            logger.trace("Found trustManager by sslEngine peer/host: {}", peer);
            return trustManager;
        } else {
            logger.trace("Did NOT find trustManager by sslEngine peer/host: {}", peer);
        }
    }
    return getLinkedTrustMananger(chain);
}
 
Example #9
Source File: ClientX509ExtendedTrustManager.java    From light-4j with Apache License 2.0 6 votes vote down vote up
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
	try {
		EndpointIdentificationAlgorithm.setup(socket, identityAlg);
		
		if (trustManager instanceof X509ExtendedTrustManager) {
			((X509ExtendedTrustManager)trustManager).checkServerTrusted(chain, authType, socket);
		}else {
			trustManager.checkServerTrusted(chain, authType);
			checkIdentity(socket, chain[0]);
		}			
		
		doCustomServerIdentityCheck(chain[0]);
	} catch (Throwable t) {
		SSLUtils.handleTrustValidationErrors(t);
	}		
}
 
Example #10
Source File: ClientX509ExtendedTrustManager.java    From light-4j with Apache License 2.0 6 votes vote down vote up
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
	try {
		EndpointIdentificationAlgorithm.setup(socket, identityAlg);
		
		if (trustManager instanceof X509ExtendedTrustManager) {
			((X509ExtendedTrustManager)trustManager).checkClientTrusted(chain, authType, socket);
		}else {
			trustManager.checkClientTrusted(chain, authType);
			checkIdentity(socket, chain[0]);
		}
		
	} catch (Throwable t) {
		SSLUtils.handleTrustValidationErrors(t);
	}
}
 
Example #11
Source File: ExtensibleTrustManagerImpl.java    From smarthome with Eclipse Public License 2.0 5 votes vote down vote up
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
        throws CertificateException {
    X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain);
    if (linkedTrustManager == null) {
        logger.trace("No specific trust manager found, falling back to default");
        defaultTrustManager.checkServerTrusted(chain, authType, socket);
    } else {
        linkedTrustManager.checkServerTrusted(chain, authType, socket);
    }
}
 
Example #12
Source File: ExtensibleTrustManagerImpl.java    From openhab-core with Eclipse Public License 2.0 5 votes vote down vote up
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
        throws CertificateException {
    X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain, sslEngine);
    if (linkedTrustManager == null) {
        logger.trace("No specific trust manager found, falling back to default");
        defaultTrustManager.checkServerTrusted(chain, authType, sslEngine);
    } else {
        linkedTrustManager.checkServerTrusted(chain, authType, sslEngine);
    }
}
 
Example #13
Source File: ExtensibleTrustManagerImpl.java    From smarthome with Eclipse Public License 2.0 5 votes vote down vote up
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
        throws CertificateException {
    X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain, sslEngine);
    if (linkedTrustManager == null) {
        logger.trace("No specific trust manager found, falling back to default");
        defaultTrustManager.checkClientTrusted(chain, authType, sslEngine);
    } else {
        linkedTrustManager.checkClientTrusted(chain, authType, sslEngine);
    }
}
 
Example #14
Source File: ExtensibleTrustManagerImpl.java    From smarthome with Eclipse Public License 2.0 5 votes vote down vote up
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
        throws CertificateException {
    X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain);
    if (linkedTrustManager == null) {
        logger.trace("No specific trust manager found, falling back to default");
        defaultTrustManager.checkClientTrusted(chain, authType, socket);
    } else {
        linkedTrustManager.checkClientTrusted(chain, authType, socket);
    }
}
 
Example #15
Source File: TrustManagerProxyTest.java    From athenz with Apache License 2.0 5 votes vote down vote up
@Test
public void testTrustManagerProxyCheckClientTrusted(@Mocked X509ExtendedTrustManager mockedTrustManager) throws CertificateException {
    new Expectations() {{
        mockedTrustManager.checkClientTrusted((X509Certificate[]) any, "cert"); times = 1;
    }};

    TrustManagerProxy trustManagerProxy = new TrustManagerProxy(new TrustManager[]{mockedTrustManager});
    trustManagerProxy.checkClientTrusted(null, "cert");
}
 
Example #16
Source File: TrustManagerProxyTest.java    From athenz with Apache License 2.0 5 votes vote down vote up
@Test
public void testTrustManagerProxyCheckServerTrusted(@Mocked X509ExtendedTrustManager mockedTrustManager) throws CertificateException {
    new Expectations() {{
        mockedTrustManager.checkServerTrusted((X509Certificate[]) any, "cert"); times = 1;
    }};

    TrustManagerProxy trustManagerProxy = new TrustManagerProxy(new TrustManager[]{mockedTrustManager});

    trustManagerProxy.checkServerTrusted(null, "cert");
}
 
Example #17
Source File: TrustManagerProxyTest.java    From athenz with Apache License 2.0 5 votes vote down vote up
@Test
public void testTrustManagerProxyGetAcceptedIssuers(@Mocked X509ExtendedTrustManager mockedTrustManager) {
    new Expectations() {{
        mockedTrustManager.getAcceptedIssuers(); times = 1; result = null;
    }};

    TrustManagerProxy trustManagerProxy = new TrustManagerProxy(new TrustManager[]{mockedTrustManager});
    assertNull(trustManagerProxy.getAcceptedIssuers());
}
 
Example #18
Source File: TestSSLContext.java    From j2objc with Apache License 2.0 5 votes vote down vote up
private TestSSLContext(KeyStore clientKeyStore,
                       char[] clientStorePassword,
                       KeyStore serverKeyStore,
                       char[] serverStorePassword,
                       KeyManager[] clientKeyManagers,
                       KeyManager[] serverKeyManagers,
                       X509ExtendedTrustManager clientTrustManager,
                       X509ExtendedTrustManager serverTrustManager,
                       SSLContext clientContext,
                       SSLContext serverContext,
                       SSLServerSocket serverSocket,
                       InetAddress host,
                       int port) {
    this.clientKeyStore = clientKeyStore;
    this.clientStorePassword = clientStorePassword;
    this.serverKeyStore = serverKeyStore;
    this.serverStorePassword = serverStorePassword;
    this.clientKeyManagers = clientKeyManagers;
    this.serverKeyManagers = serverKeyManagers;
    this.clientTrustManager = clientTrustManager;
    this.serverTrustManager = serverTrustManager;
    this.clientContext = clientContext;
    this.serverContext = serverContext;
    this.serverSocket = serverSocket;
    this.host = host;
    this.port = port;
}
 
Example #19
Source File: ExtensibleTrustManagerImpl.java    From openhab-core with Eclipse Public License 2.0 5 votes vote down vote up
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
        throws CertificateException {
    X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain);
    if (linkedTrustManager == null) {
        logger.trace("No specific trust manager found, falling back to default");
        defaultTrustManager.checkClientTrusted(chain, authType, socket);
    } else {
        linkedTrustManager.checkClientTrusted(chain, authType, socket);
    }
}
 
Example #20
Source File: ExtensibleTrustManagerImpl.java    From openhab-core with Eclipse Public License 2.0 5 votes vote down vote up
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
        throws CertificateException {
    X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain, sslEngine);
    if (linkedTrustManager == null) {
        logger.trace("No specific trust manager found, falling back to default");
        defaultTrustManager.checkClientTrusted(chain, authType, sslEngine);
    } else {
        linkedTrustManager.checkClientTrusted(chain, authType, sslEngine);
    }
}
 
Example #21
Source File: ExtensibleTrustManagerImpl.java    From openhab-core with Eclipse Public License 2.0 5 votes vote down vote up
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
        throws CertificateException {
    X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain);
    if (linkedTrustManager == null) {
        logger.trace("No specific trust manager found, falling back to default");
        defaultTrustManager.checkServerTrusted(chain, authType, socket);
    } else {
        linkedTrustManager.checkServerTrusted(chain, authType, socket);
    }
}
 
Example #22
Source File: PeerAuthorizerTrustManager.java    From vespa with Apache License 2.0 5 votes vote down vote up
public PeerAuthorizerTrustManager(AuthorizedPeers authorizedPeers,
                                  AuthorizationMode mode,
                                  HostnameVerification hostnameVerification,
                                  X509ExtendedTrustManager defaultTrustManager) {
    this.authorizer = new PeerAuthorizer(authorizedPeers);
    this.mode = mode;
    this.hostnameVerification = hostnameVerification;
    this.defaultTrustManager = defaultTrustManager;
}
 
Example #23
Source File: ExtensibleTrustManagerImpl.java    From smarthome with Eclipse Public License 2.0 5 votes vote down vote up
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
        throws CertificateException {
    X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain, sslEngine);
    if (linkedTrustManager == null) {
        logger.trace("No specific trust manager found, falling back to default");
        defaultTrustManager.checkServerTrusted(chain, authType, sslEngine);
    } else {
        linkedTrustManager.checkServerTrusted(chain, authType, sslEngine);
    }
}
 
Example #24
Source File: TrustManagerUtils.java    From vespa with Apache License 2.0 5 votes vote down vote up
public static X509ExtendedTrustManager createDefaultX509TrustManager(KeyStore truststore) {
    try {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(truststore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        return Arrays.stream(trustManagers)
                .filter(manager -> manager instanceof X509ExtendedTrustManager)
                .map(X509ExtendedTrustManager.class::cast)
                .findFirst()
                .orElseThrow(() -> new RuntimeException("No X509ExtendedTrustManager in " + com.yahoo.vespa.jdk8compat.List.of(trustManagers)));
    } catch (GeneralSecurityException e) {
        throw new RuntimeException(e);
    }
}
 
Example #25
Source File: SFTrustManager.java    From snowflake-jdbc with Apache License 2.0 5 votes vote down vote up
/**
 * Constructor with the cache file. If not specified, the default cachefile
 * is used.
 *
 * @param ocspMode  OCSP mode
 * @param cacheFile cache file.
 */
SFTrustManager(OCSPMode ocspMode, File cacheFile)
{
  this.ocspMode = ocspMode;
  this.trustManager = getTrustManager(
      KeyManagerFactory.getDefaultAlgorithm());

  this.exTrustManager = (X509ExtendedTrustManager) getTrustManager(
      KeyManagerFactory.getDefaultAlgorithm());

  checkNewOCSPEndpointAvailability();

  if (ssdManager.getSSDSupportStatus())
  {
    readDirectives();
  }

  if (cacheFile != null)
  {
    fileCacheManager.overrideCacheFile(cacheFile);
  }
  if (!WAS_CACHE_READ.getAndSet(true))
  {
    // read cache file once
    JsonNode res = fileCacheManager.readCacheFile();
    readJsonStoreCache(res);
  }
}
 
Example #26
Source File: ExtensibleTrustManagerImpl.java    From smarthome with Eclipse Public License 2.0 5 votes vote down vote up
@Override
@Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
public void addTlsCertificateProvider(TlsCertificateProvider tlsCertificateProvider) {
    X509ExtendedTrustManager trustManager = new TlsCertificateTrustManagerAdapter(tlsCertificateProvider)
            .getTrustManager();
    mappingFromTlsCertificateProvider.put(tlsCertificateProvider, trustManager);
    addLinkedTrustManager(tlsCertificateProvider.getHostName(), trustManager);
}
 
Example #27
Source File: ExtensibleTrustManagerImpl.java    From openhab-core with Eclipse Public License 2.0 5 votes vote down vote up
@Override
@Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
public void addTlsCertificateProvider(TlsCertificateProvider tlsCertificateProvider) {
    X509ExtendedTrustManager trustManager = new TlsCertificateTrustManagerAdapter(tlsCertificateProvider)
            .getTrustManager();
    mappingFromTlsCertificateProvider.put(tlsCertificateProvider, trustManager);
    addLinkedTrustManager(tlsCertificateProvider.getHostName(), trustManager);
}
 
Example #28
Source File: HtmlUnitSSLConnectionSocketFactory.java    From htmlunit with Apache License 2.0 5 votes vote down vote up
/**
 * Factory method that builds a new SSLConnectionSocketFactory.
 * @param options the current WebClientOptions
 * @return the SSLConnectionSocketFactory
 */
public static SSLConnectionSocketFactory buildSSLSocketFactory(final WebClientOptions options) {
    try {
        final String[] sslClientProtocols = options.getSSLClientProtocols();
        final String[] sslClientCipherSuites = options.getSSLClientCipherSuites();

        final boolean useInsecureSSL = options.isUseInsecureSSL();

        if (!useInsecureSSL) {
            final KeyStore keyStore = options.getSSLClientCertificateStore();
            final KeyStore trustStore = options.getSSLTrustStore();

            return new HtmlUnitSSLConnectionSocketFactory(keyStore,
                    keyStore == null ? null : options.getSSLClientCertificatePassword(),
                    trustStore, useInsecureSSL,
                    sslClientProtocols, sslClientCipherSuites);
        }

        // we need insecure SSL + SOCKS awareness
        String protocol = options.getSSLInsecureProtocol();
        if (protocol == null) {
            protocol = "SSL";
        }
        final SSLContext sslContext = SSLContext.getInstance(protocol);
        sslContext.init(getKeyManagers(options), new X509ExtendedTrustManager[] {new InsecureTrustManager()}, null);

        return new HtmlUnitSSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE,
                                        useInsecureSSL, sslClientProtocols, sslClientCipherSuites);
    }
    catch (final GeneralSecurityException e) {
        throw new RuntimeException(e);
    }
}
 
Example #29
Source File: TestTrustManager.java    From j2objc with Apache License 2.0 5 votes vote down vote up
public static TrustManager wrap(TrustManager trustManager) {
    if (trustManager instanceof X509ExtendedTrustManager) {
        return new TestTrustManager((X509ExtendedTrustManager) trustManager);
    } else if (trustManager instanceof X509TrustManager) {
        return new TestTrustManager((X509TrustManager) trustManager);
    }
    return trustManager;
}
 
Example #30
Source File: SSLDefinitions.java    From wildfly-core with GNU Lesser General Public License v2.1 5 votes vote down vote up
private static X509ExtendedTrustManager getX509TrustManager(TrustManager trustManager) throws StartException {
    if (trustManager == null) {
        return null;
    }
    if (trustManager instanceof X509ExtendedTrustManager) {
        X509ExtendedTrustManager x509TrustManager = (X509ExtendedTrustManager) trustManager;
        if (x509TrustManager instanceof DelegatingTrustManager && IS_FIPS.getAsBoolean()) {
            ROOT_LOGGER.trace("FIPS enabled on JVM, unwrapping TrustManager");
            x509TrustManager = ((DelegatingTrustManager)x509TrustManager).delegating.get();
        }
        return x509TrustManager;
    }
    throw ROOT_LOGGER.invalidTypeInjected(X509ExtendedTrustManager.class.getSimpleName());
}