Java Code Examples for io.netty.handler.ssl.util.InsecureTrustManagerFactory#INSTANCE

The following examples show how to use io.netty.handler.ssl.util.InsecureTrustManagerFactory#INSTANCE . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TransportSupport.java    From qpid-jms with Apache License 2.0 6 votes vote down vote up
private static TrustManagerFactory loadTrustManagerFactory(TransportOptions options) throws Exception {
    if (options.isTrustAll()) {
        return InsecureTrustManagerFactory.INSTANCE;
    }

    if (options.getTrustStoreLocation() == null) {
        return null;
    }

    TrustManagerFactory fact = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

    String storeLocation = options.getTrustStoreLocation();
    String storePassword = options.getTrustStorePassword();
    String storeType = options.getTrustStoreType();

    LOG.trace("Attempt to load TrustStore from location {} of type {}", storeLocation, storeType);

    KeyStore trustStore = loadStore(storeLocation, storePassword, storeType);
    fact.init(trustStore);

    return fact;
}
 
Example 2
Source File: ElasticsearchIntegrationTest.java    From openshift-elasticsearch-plugin with Apache License 2.0 6 votes vote down vote up
protected final OkHttpClient getHttpClient() throws Exception {
    File ksFile = new File(keyStore);
    KeyStore trusted = KeyStore.getInstance("JKS");
    FileInputStream in = new FileInputStream(ksFile);
    trusted.load(in, password.toCharArray());
    in.close();
    SSLContext sslContext = SSLContext.getInstance("TLS");
    TrustManagerFactory trustManagerFactory = InsecureTrustManagerFactory.INSTANCE;
    X509TrustManager trustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
    OkHttpClient client = new okhttp3.OkHttpClient.Builder()
            .sslSocketFactory(sslContext.getSocketFactory(), trustManager)
            .readTimeout(1, TimeUnit.MINUTES)
            .writeTimeout(1, TimeUnit.MINUTES)
            .build();
    return client;
}
 
Example 3
Source File: RequestRunner.java    From openshift-elasticsearch-plugin with Apache License 2.0 6 votes vote down vote up
protected final OkHttpClient getHttpClient() throws Exception {
    File ksFile = new File(keyStore);
    KeyStore trusted = KeyStore.getInstance("JKS");
    FileInputStream in = new FileInputStream(ksFile);
    trusted.load(in, password.toCharArray());
    in.close();
    SSLContext sslContext = SSLContext.getInstance("TLS");
    TrustManagerFactory trustManagerFactory = InsecureTrustManagerFactory.INSTANCE;
    X509TrustManager trustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
    OkHttpClient client = new okhttp3.OkHttpClient.Builder()
            .sslSocketFactory(sslContext.getSocketFactory(), trustManager)
            .readTimeout(1, TimeUnit.MINUTES)
            .writeTimeout(1, TimeUnit.MINUTES)
            .build();
    return client;
}
 
Example 4
Source File: AwaitCloseChannelPoolMap.java    From aws-sdk-java-v2 with Apache License 2.0 6 votes vote down vote up
private TrustManagerFactory getTrustManager() {
    Validate.isTrue(configuration.tlsTrustManagersProvider() == null || !configuration.trustAllCertificates(),
                    "A TlsTrustManagerProvider can't be provided if TrustAllCertificates is also set");

    if (configuration.tlsTrustManagersProvider() != null) {
        return StaticTrustManagerFactory.create(configuration.tlsTrustManagersProvider().trustManagers());
    }

    if (configuration.trustAllCertificates()) {
        log.warn(() -> "SSL Certificate verification is disabled. This is not a safe setting and should only be "
                       + "used for testing.");
        return InsecureTrustManagerFactory.INSTANCE;
    }

    return null;
}
 
Example 5
Source File: SSLEngineFactoryImpl.java    From dremio-oss with Apache License 2.0 6 votes vote down vote up
private TrustManagerFactory newTrustManagerFactory() throws GeneralSecurityException, IOException {
  final KeyStore trustStore;
  if (sslConfig.getTrustStorePath() == SSLConfig.UNSPECIFIED) {
    // uses JDK default
    // see https://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#X509TrustManager
    trustStore = null;
  } else {
    trustStore = KeyStore.getInstance(sslConfig.getTrustStoreType());
    try (InputStream stream = new FileInputStream(sslConfig.getTrustStorePath())) {
      trustStore.load(stream, sslConfig.getTrustStorePassword().toCharArray());
    }
  }

  final TrustManagerFactory factory;
  if (sslConfig.disablePeerVerification()) {
    factory = InsecureTrustManagerFactory.INSTANCE;
  } else {
    factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  }

  factory.init(trustStore);
  return factory;
}
 
Example 6
Source File: SSLConfig.java    From Bats with Apache License 2.0 5 votes vote down vote up
public TrustManagerFactory initializeTrustManagerFactory() throws DrillException {
  TrustManagerFactory tmf;
  KeyStore ts = null;
  //Support Windows/MacOs system trust store
  try {
    String trustStoreType = getTrustStoreType();
    if ((isWindows || isMacOs) && useSystemTrustStore()) {
      // This is valid for MS-Windows and MacOs
      logger.debug("Initializing System truststore.");
      ts = KeyStore.getInstance(!trustStoreType.isEmpty() ? trustStoreType : KeyStore.getDefaultType());
      ts.load(null, null);
    } else if (!getTrustStorePath().isEmpty()) {
        // if truststore is not provided then we will use the default. Note that the default depends on
        // the TrustManagerFactory that in turn depends on the Security Provider.
        // Use null as the truststore which will result in the default truststore being picked up
        logger.debug("Initializing truststore {}.", getTrustStorePath());
        ts = KeyStore.getInstance(!trustStoreType.isEmpty() ? trustStoreType : KeyStore.getDefaultType());
        InputStream tsStream = new FileInputStream(getTrustStorePath());
        ts.load(tsStream, getTrustStorePassword().toCharArray());
    } else {
      logger.debug("Initializing default truststore.");
    }
    if (disableCertificateVerification()) {
      tmf = InsecureTrustManagerFactory.INSTANCE;
    } else {
      tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    }
    tmf.init(ts);
  } catch (Exception e) {
    // Catch any SSL initialization Exceptions here and abort.
    throw new DrillException(
        new StringBuilder()
            .append("Exception while initializing the truststore: [")
            .append(e.getMessage())
            .append("]. ")
            .toString(), e);
  }
  return tmf;
}
 
Example 7
Source File: SSLSupport.java    From activemq-artemis with Apache License 2.0 5 votes vote down vote up
private TrustManagerFactory loadTrustManagerFactory() throws Exception {
   if (trustManagerFactoryPlugin != null) {
      return AccessController.doPrivileged((PrivilegedAction<TrustManagerFactory>) () -> ((TrustManagerFactoryPlugin) ClassloadingUtil.newInstanceFromClassLoader(SSLSupport.class, trustManagerFactoryPlugin)).getTrustManagerFactory());
   } else if (trustAll) {
      //This is useful for testing but not should be used outside of that purpose
      return InsecureTrustManagerFactory.INSTANCE;
   } else if (truststorePath == null && (truststoreProvider == null || !"PKCS11".equals(truststoreProvider.toUpperCase()))) {
      return null;
   } else {
      TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      KeyStore trustStore = SSLSupport.loadKeystore(truststoreProvider, truststorePath, truststorePassword);
      boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable"));

      boolean initialized = false;
      if ((ocsp || crlPath != null) && TrustManagerFactory.getDefaultAlgorithm().equalsIgnoreCase("PKIX")) {
         PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
         if (crlPath != null) {
            pkixParams.setRevocationEnabled(true);
            Collection<? extends CRL> crlList = loadCRL();
            if (crlList != null) {
               pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
            }
         }
         trustMgrFactory.init(new CertPathTrustManagerParameters(pkixParams));
         initialized = true;
      }

      if (!initialized) {
         trustMgrFactory.init(trustStore);
      }
      return trustMgrFactory;
   }
}
 
Example 8
Source File: MqttClient.java    From lannister with Apache License 2.0 5 votes vote down vote up
public MqttClient(String uri, boolean useInsecureTrustManagerFactory) throws URISyntaxException {
	this.bootstrap = new Bootstrap();
	this.uri = new URI(uri);
	this.trustManagerFactory = useInsecureTrustManagerFactory ? InsecureTrustManagerFactory.INSTANCE : null;
	this.sharedObject = new SharedObject();
	this.options = new ConnectOptions();
	this.currentMessageId = 0;
}
 
Example 9
Source File: HttpClient.java    From lannister with Apache License 2.0 5 votes vote down vote up
public HttpClient(String uri, boolean useInsecureTrustManagerFactory)
		throws URISyntaxException, UnsupportedOperationException {
	trustManagerFactory = useInsecureTrustManagerFactory ? InsecureTrustManagerFactory.INSTANCE : null;

	bootstrap = new Bootstrap();

	httpRequest = new HttpRequest(new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, uri));

	if (!httpRequest().uriObject().getScheme().equalsIgnoreCase("http")
			&& !httpRequest().uriObject().getScheme().equalsIgnoreCase("https")) {
		String message = "HTTP(S) is supported only.";
		logger.error(message);
		throw new UnsupportedOperationException(message);
	}
}
 
Example 10
Source File: TrustManagerFactoryFactory.java    From ditto with Eclipse Public License 2.0 4 votes vote down vote up
public TrustManagerFactory newInsecureTrustManagerFactory() {
    return InsecureTrustManagerFactory.INSTANCE;
}
 
Example 11
Source File: ClientBuilderFactory.java    From curiostack with MIT License 4 votes vote down vote up
@Inject
public ClientBuilderFactory(
    MeterRegistry meterRegistry,
    Tracing tracing,
    Function<HttpClient, LoggingClient> loggingClient,
    Optional<SelfSignedCertificate> selfSignedCertificate,
    Optional<TrustManagerFactory> caTrustManager,
    ServerConfig serverConfig) {
  this.tracing = tracing;
  this.meterRegistry = meterRegistry;
  this.loggingClient = loggingClient;
  final TrustManagerFactory trustManagerFactory;
  if (serverConfig.isDisableClientCertificateVerification()) {
    logger.warn("Disabling client SSL verification. This should only happen on local!");
    trustManagerFactory = InsecureTrustManagerFactory.INSTANCE;
  } else if (caTrustManager.isPresent()) {
    trustManagerFactory = caTrustManager.get();
  } else {
    trustManagerFactory = null;
  }

  final Consumer<SslContextBuilder> clientCertificateCustomizer;
  if (selfSignedCertificate.isPresent()) {
    SelfSignedCertificate certificate = selfSignedCertificate.get();
    clientCertificateCustomizer =
        sslContext -> sslContext.keyManager(certificate.certificate(), certificate.privateKey());
  } else if (serverConfig.getTlsCertificatePath().isEmpty()
      || serverConfig.getTlsPrivateKeyPath().isEmpty()) {
    throw new IllegalStateException(
        "No TLS configuration provided, Curiostack does not support clients without TLS "
            + "certificates. Use gradle-curio-cluster-plugin to set up a namespace and TLS.");
  } else {
    String certPath =
        !serverConfig.getClientTlsCertificatePath().isEmpty()
            ? serverConfig.getClientTlsCertificatePath()
            : serverConfig.getTlsCertificatePath();
    String keyPath =
        !serverConfig.getClientTlsPrivateKeyPath().isEmpty()
            ? serverConfig.getClientTlsPrivateKeyPath()
            : serverConfig.getTlsPrivateKeyPath();
    clientCertificateCustomizer =
        sslContext ->
            SslContextKeyConverter.execute(
                ResourceUtil.openStream(certPath),
                ResourceUtil.openStream(keyPath),
                sslContext::keyManager);
  }

  final Consumer<SslContextBuilder> clientTlsCustomizer;
  if (trustManagerFactory != null) {
    clientTlsCustomizer =
        sslContext -> {
          clientCertificateCustomizer.accept(sslContext);
          sslContext.trustManager(trustManagerFactory);
        };
  } else {
    clientTlsCustomizer = clientCertificateCustomizer;
  }
  ClientFactoryBuilder factoryBuilder =
      ClientFactory.builder().tlsCustomizer(clientTlsCustomizer).meterRegistry(meterRegistry);
  if (serverConfig.getDisableEdns()) {
    factoryBuilder.addressResolverGroupFactory(
        eventLoopGroup ->
            new DnsAddressResolverGroup(
                new DnsNameResolverBuilder()
                    .channelType(EventLoopGroups.datagramChannelType(eventLoopGroup))
                    .nameServerProvider(DnsServerAddressStreamProviders.platformDefault())
                    .optResourceEnabled(false)));
  }
  clientFactory = factoryBuilder.build();
}
 
Example 12
Source File: SslContextFactory.java    From styx with Apache License 2.0 4 votes vote down vote up
private static TrustManagerFactory trustManagerFactory(TlsSettings tlsSettings) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
    return tlsSettings.trustAllCerts()
            ? InsecureTrustManagerFactory.INSTANCE
            : initializeTrustManager(tlsSettings);
}
 
Example 13
Source File: InsecureTrustOptions.java    From cava with Apache License 2.0 4 votes vote down vote up
@Override
public TrustManagerFactory getTrustManagerFactory(Vertx vertx) {
  return InsecureTrustManagerFactory.INSTANCE;
}
 
Example 14
Source File: JdkSslClientContextTest.java    From netty-4.1.22 with Apache License 2.0 4 votes vote down vote up
@Override
protected SslContext newServerContext(File crtFile, File keyFile, String pass) throws SSLException {
    return new JdkSslClientContext(crtFile, InsecureTrustManagerFactory.INSTANCE, crtFile, keyFile, pass,
            null, null, IdentityCipherSuiteFilter.INSTANCE, ApplicationProtocolConfig.DISABLED, 0, 0);
}
 
Example 15
Source File: TestTrustManagerFactoryPlugin.java    From activemq-artemis with Apache License 2.0 4 votes vote down vote up
@Override
public TrustManagerFactory getTrustManagerFactory() {
   triggered.set(true);
   return InsecureTrustManagerFactory.INSTANCE;
}
 
Example 16
Source File: OpenSslClientContextTest.java    From netty-4.1.22 with Apache License 2.0 4 votes vote down vote up
@Override
protected SslContext newServerContext(File crtFile, File keyFile, String pass) throws SSLException {
    return new OpenSslClientContext(crtFile, InsecureTrustManagerFactory.INSTANCE, crtFile, keyFile, pass,
            null, null, IdentityCipherSuiteFilter.INSTANCE, ApplicationProtocolConfig.DISABLED, 0, 0);
}
 
Example 17
Source File: InsecureTrustOptions.java    From incubator-tuweni with Apache License 2.0 4 votes vote down vote up
@Override
public TrustManagerFactory getTrustManagerFactory(Vertx vertx) {
  return InsecureTrustManagerFactory.INSTANCE;
}