javax.net.ssl.CertPathTrustManagerParameters Java Examples
The following examples show how to use
javax.net.ssl.CertPathTrustManagerParameters.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TrustManagerFactoryImpl.java From openjsse with GNU General Public License v2.0 | 6 votes |
|
@Override
X509TrustManager getInstance(ManagerFactoryParameters spec)
throws InvalidAlgorithmParameterException {
if (spec instanceof CertPathTrustManagerParameters == false) {
throw new InvalidAlgorithmParameterException
("Parameters must be CertPathTrustManagerParameters");
}
CertPathParameters params =
((CertPathTrustManagerParameters)spec).getParameters();
if (params instanceof PKIXBuilderParameters == false) {
throw new InvalidAlgorithmParameterException
("Encapsulated parameters must be PKIXBuilderParameters");
}
PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params;
return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams);
}
Example #2
| Source File: TrustManagerFactoryFactory.java From ditto with Eclipse Public License 2.0 | 6 votes |
|
private TrustManagerFactory createTrustManagerFactory(@Nullable final String trustedCertificates)
throws NoSuchAlgorithmException, CertificateException, KeyStoreException,
InvalidAlgorithmParameterException {
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(PKIX);
if (trustedCertificates != null) {
final KeyStore keystore = keyStoreFactory.newKeystore();
final Collection<? extends Certificate> caCerts;
final byte[] caCertsPem = trustedCertificates.getBytes(StandardCharsets.US_ASCII);
caCerts = X509_CERTIFICATE_FACTORY.generateCertificates(new ByteArrayInputStream(caCertsPem));
long cnt = 0;
for (final Certificate caCert : caCerts) {
keystore.setCertificateEntry("ca-" + cnt++, caCert);
}
trustManagerFactory.init(keystore);
} else {
// standard CAs; add revocation check
final PKIXRevocationChecker revocationChecker =
(PKIXRevocationChecker) CertPathBuilder.getInstance(PKIX).getRevocationChecker();
final PKIXBuilderParameters parameters =
new PKIXBuilderParameters(DEFAULT_CA_KEYSTORE, new X509CertSelector());
parameters.addCertPathChecker(revocationChecker);
trustManagerFactory.init(new CertPathTrustManagerParameters(parameters));
}
return trustManagerFactory;
}
Example #3
| Source File: SSLUtils.java From ssltest with Apache License 2.0 | 5 votes |
|
/**
* Gets an array of TrustManagers for the specified trust store
* and optional CRL file.
*
* @param trustStoreFilename
* @param trustStorePassword
* @param trustStoreType
* @param trustStoreProvider
* @param trustStoreAlgorithm
* @param maxCertificatePathLength
* @param crlFilename
*
* @return An array of TrustManagers
*
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchProviderException
* @throws NoSuchAlgorithmException
* @throws CertificateException
* @throws InvalidAlgorithmParameterException
* @throws CRLException
*/
protected static TrustManager[] getTrustManagers(String trustStoreFilename,
String trustStorePassword,
String trustStoreType,
String trustStoreProvider,
String trustStoreAlgorithm,
Integer maxCertificatePathLength,
String crlFilename)
throws IOException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, InvalidAlgorithmParameterException, CRLException
{
KeyStore trustStore = getStore(trustStoreFilename,
trustStorePassword,
trustStoreType,
trustStoreProvider);
if(null == trustStoreAlgorithm)
trustStoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(trustStoreAlgorithm);
if (null == crlFilename)
{
tmf.init(trustStore);
}
else
{
CertPathParameters params =
getParameters(trustStoreAlgorithm,
crlFilename,
maxCertificatePathLength,
trustStore);
ManagerFactoryParameters mfp =
new CertPathTrustManagerParameters(params);
tmf.init(mfp);
}
return tmf.getTrustManagers();
}
Example #4
| Source File: AbstractTrustStore.java From qpid-broker-j with Apache License 2.0 | 5 votes |
|
protected TrustManager[] getTrustManagers(KeyStore ts)
{
try
{
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(new CertPathTrustManagerParameters(getParameters(ts)));
return tmf.getTrustManagers();
}
catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e)
{
throw new IllegalConfigurationException("Cannot create trust manager factory for truststore '" +
getName() + "' :" + e, e);
}
}
Example #5
| Source File: SSLSupport.java From activemq-artemis with Apache License 2.0 | 5 votes |
|
private TrustManagerFactory loadTrustManagerFactory() throws Exception {
if (trustManagerFactoryPlugin != null) {
return AccessController.doPrivileged((PrivilegedAction<TrustManagerFactory>) () -> ((TrustManagerFactoryPlugin) ClassloadingUtil.newInstanceFromClassLoader(SSLSupport.class, trustManagerFactoryPlugin)).getTrustManagerFactory());
} else if (trustAll) {
//This is useful for testing but not should be used outside of that purpose
return InsecureTrustManagerFactory.INSTANCE;
} else if (truststorePath == null && (truststoreProvider == null || !"PKCS11".equals(truststoreProvider.toUpperCase()))) {
return null;
} else {
TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = SSLSupport.loadKeystore(truststoreProvider, truststorePath, truststorePassword);
boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable"));
boolean initialized = false;
if ((ocsp || crlPath != null) && TrustManagerFactory.getDefaultAlgorithm().equalsIgnoreCase("PKIX")) {
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
if (crlPath != null) {
pkixParams.setRevocationEnabled(true);
Collection<? extends CRL> crlList = loadCRL();
if (crlList != null) {
pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
}
}
trustMgrFactory.init(new CertPathTrustManagerParameters(pkixParams));
initialized = true;
}
if (!initialized) {
trustMgrFactory.init(trustStore);
}
return trustMgrFactory;
}
}
Example #6
| Source File: TLSParameterJaxBUtils.java From cxf with Apache License 2.0 | 5 votes |
|
public static TrustManager[] getTrustManagers(TrustManagersType tmc, boolean enableRevocation)
throws GeneralSecurityException,
IOException {
final KeyStore keyStore =
tmc.isSetKeyStore()
? getKeyStore(tmc.getKeyStore(), true)
: (tmc.isSetCertStore()
? getKeyStore(tmc.getCertStore())
: null);
String alg = tmc.isSetFactoryAlgorithm()
? tmc.getFactoryAlgorithm()
: TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory fac =
tmc.isSetProvider()
? TrustManagerFactory.getInstance(alg, tmc.getProvider())
: TrustManagerFactory.getInstance(alg);
if (enableRevocation) {
PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
param.setRevocationEnabled(true);
fac.init(new CertPathTrustManagerParameters(param));
} else {
fac.init(keyStore);
}
return fac.getTrustManagers();
}
Example #7
| Source File: TrustManagerTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testOSCPOverride() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = TrustManagerTest.class.getResource("client-trust.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL url = SOAPService.WSDL_LOCATION;
SOAPService service = new SOAPService(url, SOAPService.SERVICE);
assertNotNull("Service is null", service);
final Greeter port = service.getHttpsPort();
assertNotNull("Port is null", port);
updateAddressPort(port, PORT2);
// Enable Async
if (async) {
((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
}
// Read truststore
KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore =
ClassLoaderUtils.getResourceAsStream("keys/cxfca.jks", TrustManagerTest.class)) {
ts.load(trustStore, "password".toCharArray());
}
try {
Security.setProperty("ocsp.enable", "true");
PKIXBuilderParameters param = new PKIXBuilderParameters(ts, new X509CertSelector());
param.setRevocationEnabled(true);
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(new CertPathTrustManagerParameters(param));
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(tmf.getTrustManagers());
tlsParams.setDisableCNCheck(true);
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
try {
port.greetMe("Kitty");
fail("Failure expected on an invalid OCSP responder URL");
} catch (Exception ex) {
// expected
}
} finally {
Security.setProperty("ocsp.enable", "false");
}
((java.io.Closeable)port).close();
bus.shutdown(true);
}
