org.apache.http.ssl.PrivateKeyStrategy Java Examples
The following examples show how to use
org.apache.http.ssl.PrivateKeyStrategy.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SSLSessionStrategyFactory.java From apiman with Apache License 2.0 | 6 votes |
|
private static SSLContextBuilder loadKeyMaterial(SSLContextBuilder builder, File file, char[] ksp,
char[] kp, PrivateKeyStrategy privateKeyStrategy) throws NoSuchAlgorithmException,
KeyStoreException, UnrecoverableKeyException, CertificateException, IOException {
Args.notNull(file, "Keystore file"); //$NON-NLS-1$
final KeyStore identityStore = KeyStore.getInstance(KeyStore.getDefaultType());
final FileInputStream instream = new FileInputStream(file);
try {
identityStore.load(instream, ksp);
} finally {
instream.close();
}
return builder.loadKeyMaterial(identityStore, kp, privateKeyStrategy);
}
Example #2
| Source File: SettingsBasedSSLConfigurator.java From deprecated-security-advanced-modules with Apache License 2.0 | 4 votes |
|
private void configureWithSettings() throws SSLConfigException, NoSuchAlgorithmException, KeyStoreException {
this.enabled = getSettingAsBoolean(ENABLE_SSL, false);
if (!this.enabled) {
return;
}
this.enableSslClientAuth = getSettingAsBoolean(ENABLE_SSL_CLIENT_AUTH, false);
if (settings.get(settingsKeyPrefix + PEMTRUSTEDCAS_FILEPATH, null) != null
|| settings.get(settingsKeyPrefix + PEMTRUSTEDCAS_CONTENT, null) != null) {
initFromPem();
} else {
initFromKeyStore();
}
if (effectiveTruststore != null) {
sslContextBuilder.loadTrustMaterial(effectiveTruststore, null);
}
if (enableSslClientAuth) {
if (effectiveKeystore != null) {
try {
sslContextBuilder.loadKeyMaterial(effectiveKeystore, effectiveKeyPassword,
new PrivateKeyStrategy() {
@Override
public String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket) {
if (aliases == null || aliases.isEmpty()) {
return effectiveKeyAlias;
}
if (effectiveKeyAlias == null || effectiveKeyAlias.isEmpty()) {
return aliases.keySet().iterator().next();
}
return effectiveKeyAlias;
}
});
} catch (UnrecoverableKeyException e) {
throw new RuntimeException(e);
}
}
}
}
Example #3
| Source File: HttpClient.java From deprecated-security-advanced-modules with Apache License 2.0 | 4 votes |
|
private final HttpAsyncClientBuilder asyncClientBuilder(HttpAsyncClientBuilder httpClientBuilder)
throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException {
// basic auth
// pki auth
if (ssl) {
final SSLContextBuilder sslContextBuilder = SSLContexts.custom();
if (log.isTraceEnabled()) {
log.trace("Configure HTTP client with SSL");
}
if (trustStore != null) {
sslContextBuilder.loadTrustMaterial(trustStore, null);
}
if (keystore != null) {
sslContextBuilder.loadKeyMaterial(keystore, keyPassword, new PrivateKeyStrategy() {
@Override
public String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket) {
if(aliases == null || aliases.isEmpty()) {
return keystoreAlias;
}
if(keystoreAlias == null || keystoreAlias.isEmpty()) {
return aliases.keySet().iterator().next();
}
return keystoreAlias; }
});
}
final HostnameVerifier hnv = verifyHostnames?new DefaultHostnameVerifier():NoopHostnameVerifier.INSTANCE;
final SSLContext sslContext = sslContextBuilder.build();
httpClientBuilder.setSSLStrategy(new SSLIOSessionStrategy(
sslContext,
supportedProtocols,
supportedCipherSuites,
hnv
));
}
if (basicCredentials != null) {
httpClientBuilder.setDefaultHeaders(Lists.newArrayList(new BasicHeader(HttpHeaders.AUTHORIZATION, "Basic " + basicCredentials)));
}
// TODO: set a timeout until we have a proper way to deal with back pressure
int timeout = 5;
RequestConfig config = RequestConfig.custom()
.setConnectTimeout(timeout * 1000)
.setConnectionRequestTimeout(timeout * 1000)
.setSocketTimeout(timeout * 1000).build();
httpClientBuilder.setDefaultRequestConfig(config);
return httpClientBuilder;
}
Example #4
| Source File: KeySetRetrieverTest.java From deprecated-security-advanced-modules with Apache License 2.0 | 4 votes |
|
@Test
public void clientCertTest() throws Exception {
try (MockIpdServer sslMockIdpServer = new MockIpdServer(TestJwk.Jwks.ALL, SocketUtils.findAvailableTcpPort(),
true) {
@Override
protected void handleDiscoverRequest(HttpRequest request, HttpResponse response, HttpContext context)
throws HttpException, IOException {
MockIpdServer.SSLTestHttpServerConnection connection = (MockIpdServer.SSLTestHttpServerConnection) ((HttpCoreContext) context)
.getConnection();
X509Certificate peerCert = (X509Certificate) connection.getPeerCertificates()[0];
try {
String sha256Fingerprint = Hashing.sha256().hashBytes(peerCert.getEncoded()).toString();
Assert.assertEquals("04b2b8baea7a0a893f0223d95b72081e9a1e154a0f9b1b4e75998085972b1b68",
sha256Fingerprint);
} catch (CertificateEncodingException e) {
throw new RuntimeException(e);
}
super.handleDiscoverRequest(request, response, context);
}
}) {
SSLContextBuilder sslContextBuilder = SSLContexts.custom();
KeyStore trustStore = KeyStore.getInstance("JKS");
InputStream trustStream = new FileInputStream(
FileHelper.getAbsoluteFilePathFromClassPath("jwt/truststore.jks").toFile());
trustStore.load(trustStream, "changeit".toCharArray());
KeyStore keyStore = KeyStore.getInstance("JKS");
InputStream keyStream = new FileInputStream(
FileHelper.getAbsoluteFilePathFromClassPath("jwt/spock-keystore.jks").toFile());
keyStore.load(keyStream, "changeit".toCharArray());
sslContextBuilder.loadTrustMaterial(trustStore, null);
sslContextBuilder.loadKeyMaterial(keyStore, "changeit".toCharArray(), new PrivateKeyStrategy() {
@Override
public String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket) {
return "spock";
}
});
SettingsBasedSSLConfigurator.SSLConfig sslConfig = new SettingsBasedSSLConfigurator.SSLConfig(
sslContextBuilder.build(), new String[] { "TLSv1.2", "TLSv1.1" }, null, null, false, false, false,
trustStore, null, keyStore, null, null);
KeySetRetriever keySetRetriever = new KeySetRetriever(sslMockIdpServer.getDiscoverUri(), sslConfig, false);
keySetRetriever.get();
}
}
Example #5
| Source File: SettingsBasedSSLConfiguratorTest.java From deprecated-security-advanced-modules with Apache License 2.0 | 4 votes |
|
private SSLContext createSSLContext(String trustStorePath, String keyStorePath, String password) {
try {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = KeyStore.getInstance("JKS");
InputStream trustStream = new FileInputStream(
FileHelper.getAbsoluteFilePathFromClassPath(trustStorePath).toFile());
trustStore.load(trustStream, password.toCharArray());
tmf.init(trustStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance("JKS");
Path path = FileHelper.getAbsoluteFilePathFromClassPath(keyStorePath);
if (path == null) {
throw new RuntimeException("Could not find " + keyStorePath);
}
InputStream keyStream = new FileInputStream(path.toFile());
keyStore.load(keyStream, password.toCharArray());
kmf.init(keyStore, password.toCharArray());
SSLContextBuilder sslContextBuilder = SSLContexts.custom();
sslContextBuilder.loadTrustMaterial(trustStore, null);
sslContextBuilder.loadKeyMaterial(keyStore, password.toCharArray(), new PrivateKeyStrategy() {
@Override
public String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket) {
return "node1";
}
});
return sslContextBuilder.build();
} catch (GeneralSecurityException | IOException e) {
throw new RuntimeException(e);
}
}
Example #6
| Source File: HttpClientFactory.java From hsac-fitnesse-fixtures with Apache License 2.0 | 4 votes |
|
public PrivateKeyStrategy getPrivateKeyStrategy() {
return keyStrategy;
}
Example #7
| Source File: HttpClientFactory.java From hsac-fitnesse-fixtures with Apache License 2.0 | 4 votes |
|
public void setPrivateKeyStrategy(PrivateKeyStrategy keyStrategy) {
this.keyStrategy = keyStrategy;
}
Example #8
| Source File: SSLSessionStrategyFactory.java From apiman with Apache License 2.0 | 4 votes |
|
/**
* Build an {@link SSLSessionStrategy}.
*
* @param trustStore the trust store
* @param trustStorePassword the truststore password (if any)
* @param keyStore the keystore
* @param keyStorePassword the keystore password (if any)
* @param keyAliases the key aliases that are candidates for use (if any)
* @param keyPassword the key password (if any)
* @param allowedProtocols the allowed transport protocols.
* <strong><em>Avoid specifying insecure protocols</em></strong>
* @param allowedCiphers allowed crypto ciphersuites, <tt>null</tt> to use system defaults
* @param trustSelfSigned true if self signed certificates can be trusted.
* <strong><em>Use with caution</em></strong>
* @param allowAnyHostname true if any hostname can be connected to (i.e. does not need to match
* certificate hostname). <strong><em>Do not use in production</em></strong>
* @return the connection socket factory
* @throws NoSuchAlgorithmException if the selected algorithm is not available on the system
* @throws KeyStoreException if there was a problem with the keystore
* @throws CertificateException if there was a problem with the certificate
* @throws IOException if the truststore could not be found or was invalid
* @throws KeyManagementException if there is a problem with keys
* @throws UnrecoverableKeyException if the key cannot be recovered
*/
public static SSLSessionStrategy build(String trustStore,
String trustStorePassword,
String keyStore,
String keyStorePassword,
String[] keyAliases,
String keyPassword,
String[] allowedProtocols,
String[] allowedCiphers,
boolean allowAnyHostname,
boolean trustSelfSigned)
throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException,
KeyManagementException, UnrecoverableKeyException {
Args.notNull(allowedProtocols, "Allowed protocols"); //$NON-NLS-1$
Args.notNull(allowedCiphers, "Allowed ciphers"); //$NON-NLS-1$
TrustStrategy trustStrategy = trustSelfSigned ? SELF_SIGNED : null;
HostnameVerifier hostnameVerifier = allowAnyHostname ? ALLOW_ANY :
SSLConnectionSocketFactory.getDefaultHostnameVerifier();
PrivateKeyStrategy privateKeyStrategy = keyAliases == null ? null : new SelectByAlias(keyAliases);
boolean clientAuth = keyStore == null ? false : true;
SSLContextBuilder builder = SSLContexts.custom();
if (trustStore != null) {
loadTrustMaterial(builder,
new File(trustStore),
trustStorePassword.toCharArray(),
trustStrategy);
}
if (keyStore != null) {
char[] ksp = keyStorePassword == null ? null : keyStorePassword.toCharArray();
char[] kp = keyPassword == null ? null : keyPassword.toCharArray();
loadKeyMaterial(builder, new File(keyStore), ksp, kp, privateKeyStrategy);
}
SSLContext sslContext = builder.build();
return new SSLSessionStrategy(hostnameVerifier, new CipherSelectingSSLSocketFactory(
sslContext.getSocketFactory(), allowedCiphers, allowedProtocols, clientAuth));
}
