javax.net.ssl.X509ExtendedTrustManager Java Examples
The following examples show how to use
javax.net.ssl.X509ExtendedTrustManager.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SSLContextImpl.java From openjsse with GNU General Public License v2.0 | 6 votes |
|
private X509TrustManager chooseTrustManager(TrustManager[] tm)
throws KeyManagementException {
// We only use the first instance of X509TrustManager passed to us.
for (int i = 0; tm != null && i < tm.length; i++) {
if (tm[i] instanceof X509TrustManager) {
if (OpenJSSE.isFIPS() &&
!(tm[i] instanceof X509TrustManagerImpl)) {
throw new KeyManagementException
("FIPS mode: only OpenJSSE TrustManagers may be used");
}
if (tm[i] instanceof X509ExtendedTrustManager) {
return (X509TrustManager)tm[i];
} else {
return new AbstractTrustManagerWrapper(
(X509TrustManager)tm[i]);
}
}
}
// nothing found, return a dummy X509TrustManager.
return DummyX509TrustManager.INSTANCE;
}
Example #2
| Source File: InsecureExtendedTrustManager.java From browserup-proxy with Apache License 2.0 | 6 votes |
|
/**
* Returns the JDK's default X509ExtendedTrustManager, or a no-op trust manager if the default cannot be found.
*/
private static X509ExtendedTrustManager getDefaultExtendedTrustManager() {
TrustManagerFactory trustManagerFactory;
try {
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
// initialize the TrustManagerFactory with the default KeyStore
trustManagerFactory.init((KeyStore) null);
} catch (NoSuchAlgorithmException | KeyStoreException e) {
log.debug("Unable to initialize default TrustManagerFactory. Using no-op X509ExtendedTrustManager.", e);
return NOOP_EXTENDED_TRUST_MANAGER;
}
// find the X509ExtendedTrustManager in the list of registered trust managers
for (TrustManager tm : trustManagerFactory.getTrustManagers()) {
if (tm instanceof X509ExtendedTrustManager) {
return (X509ExtendedTrustManager) tm;
}
}
// no default X509ExtendedTrustManager found, so return a no-op
log.debug("No default X509ExtendedTrustManager found. Using no-op.");
return NOOP_EXTENDED_TRUST_MANAGER;
}
Example #3
| Source File: ExtensibleTrustManagerImpl.java From smarthome with Eclipse Public License 2.0 | 6 votes |
|
private X509ExtendedTrustManager getLinkedTrustMananger(X509Certificate[] chain, SSLEngine sslEngine) {
if (sslEngine != null) {
X509ExtendedTrustManager trustManager = null;
String peer = null;
if (sslEngine.getPeerHost() != null) {
peer = sslEngine.getPeerHost() + ":" + sslEngine.getPeerPort();
trustManager = linkedTrustManager.getOrDefault(peer, EMPTY_QUEUE).peek();
}
if (trustManager != null) {
logger.trace("Found trustManager by sslEngine peer/host: {}", peer);
return trustManager;
} else {
logger.trace("Did NOT find trustManager by sslEngine peer/host: {}", peer);
}
}
return getLinkedTrustMananger(chain);
}
Example #4
| Source File: SimpleTrustManagerFactory.java From netty-4.1.22 with Apache License 2.0 | 6 votes |
|
@Override
protected TrustManager[] engineGetTrustManagers() {
TrustManager[] trustManagers = this.trustManagers;
if (trustManagers == null) {
trustManagers = parent.engineGetTrustManagers();
if (PlatformDependent.javaVersion() >= 7) {
for (int i = 0; i < trustManagers.length; i++) {
final TrustManager tm = trustManagers[i];
if (tm instanceof X509TrustManager && !(tm instanceof X509ExtendedTrustManager)) {
trustManagers[i] = new X509TrustManagerWrapper((X509TrustManager) tm);
}
}
}
this.trustManagers = trustManagers;
}
return trustManagers.clone();
}
Example #5
| Source File: ClientX509ExtendedTrustManager.java From light-4j with Apache License 2.0 | 6 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
try {
EndpointIdentificationAlgorithm.setup(engine, identityAlg);
if (trustManager instanceof X509ExtendedTrustManager) {
((X509ExtendedTrustManager)trustManager).checkServerTrusted(chain, authType, engine);
}else {
trustManager.checkServerTrusted(chain, authType);
checkIdentity(engine, chain[0]);
}
doCustomServerIdentityCheck(chain[0]);
} catch (Throwable t) {
SSLUtils.handleTrustValidationErrors(t);
}
}
Example #6
| Source File: ClientX509ExtendedTrustManager.java From light-4j with Apache License 2.0 | 6 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
try {
EndpointIdentificationAlgorithm.setup(engine, identityAlg);
if (trustManager instanceof X509ExtendedTrustManager) {
((X509ExtendedTrustManager)trustManager).checkClientTrusted(chain, authType, engine);
}else {
trustManager.checkClientTrusted(chain, authType);
checkIdentity(engine, chain[0]);
}
} catch (Throwable t) {
SSLUtils.handleTrustValidationErrors(t);
}
}
Example #7
| Source File: TrustManagerExtTest.java From servicecomb-java-chassis with Apache License 2.0 | 6 votes |
|
@SuppressWarnings("unused")
@Test
public void testConstructor() {
String keyStoreName = custom.getFullPath(option.getKeyStore());
char[] keyStoreValue = custom.decode(option.getKeyStoreValue().toCharArray());
String trustStoreName = custom.getFullPath(option.getTrustStore());
char[] trustStoreValue =
custom.decode(option.getTrustStoreValue().toCharArray());
KeyStore trustStore =
KeyStoreUtil.createKeyStore(trustStoreName,
option.getTrustStoreType(),
trustStoreValue);
TrustManager[] trustManager = KeyStoreUtil.createTrustManagers(trustStore);
TrustManagerExt trustManagerExt = new TrustManagerExt((X509ExtendedTrustManager) trustManager[0],
option, custom);
Assert.assertEquals(3, trustManagerExt.getAcceptedIssuers()[0].getVersion());
Assert.assertNotNull(trustManagerExt);
}
Example #8
| Source File: ExtensibleTrustManagerImpl.java From openhab-core with Eclipse Public License 2.0 | 6 votes |
|
private X509ExtendedTrustManager getLinkedTrustMananger(X509Certificate[] chain, SSLEngine sslEngine) {
if (sslEngine != null) {
X509ExtendedTrustManager trustManager = null;
String peer = null;
if (sslEngine.getPeerHost() != null) {
peer = sslEngine.getPeerHost() + ":" + sslEngine.getPeerPort();
trustManager = linkedTrustManager.getOrDefault(peer, EMPTY_QUEUE).peek();
}
if (trustManager != null) {
logger.trace("Found trustManager by sslEngine peer/host: {}", peer);
return trustManager;
} else {
logger.trace("Did NOT find trustManager by sslEngine peer/host: {}", peer);
}
}
return getLinkedTrustMananger(chain);
}
Example #9
| Source File: ClientX509ExtendedTrustManager.java From light-4j with Apache License 2.0 | 6 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
try {
EndpointIdentificationAlgorithm.setup(socket, identityAlg);
if (trustManager instanceof X509ExtendedTrustManager) {
((X509ExtendedTrustManager)trustManager).checkServerTrusted(chain, authType, socket);
}else {
trustManager.checkServerTrusted(chain, authType);
checkIdentity(socket, chain[0]);
}
doCustomServerIdentityCheck(chain[0]);
} catch (Throwable t) {
SSLUtils.handleTrustValidationErrors(t);
}
}
Example #10
| Source File: ClientX509ExtendedTrustManager.java From light-4j with Apache License 2.0 | 6 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
try {
EndpointIdentificationAlgorithm.setup(socket, identityAlg);
if (trustManager instanceof X509ExtendedTrustManager) {
((X509ExtendedTrustManager)trustManager).checkClientTrusted(chain, authType, socket);
}else {
trustManager.checkClientTrusted(chain, authType);
checkIdentity(socket, chain[0]);
}
} catch (Throwable t) {
SSLUtils.handleTrustValidationErrors(t);
}
}
Example #11
| Source File: ExtensibleTrustManagerImpl.java From smarthome with Eclipse Public License 2.0 | 5 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
throws CertificateException {
X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain);
if (linkedTrustManager == null) {
logger.trace("No specific trust manager found, falling back to default");
defaultTrustManager.checkServerTrusted(chain, authType, socket);
} else {
linkedTrustManager.checkServerTrusted(chain, authType, socket);
}
}
Example #12
| Source File: ExtensibleTrustManagerImpl.java From openhab-core with Eclipse Public License 2.0 | 5 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
throws CertificateException {
X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain, sslEngine);
if (linkedTrustManager == null) {
logger.trace("No specific trust manager found, falling back to default");
defaultTrustManager.checkServerTrusted(chain, authType, sslEngine);
} else {
linkedTrustManager.checkServerTrusted(chain, authType, sslEngine);
}
}
Example #13
| Source File: ExtensibleTrustManagerImpl.java From smarthome with Eclipse Public License 2.0 | 5 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
throws CertificateException {
X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain, sslEngine);
if (linkedTrustManager == null) {
logger.trace("No specific trust manager found, falling back to default");
defaultTrustManager.checkClientTrusted(chain, authType, sslEngine);
} else {
linkedTrustManager.checkClientTrusted(chain, authType, sslEngine);
}
}
Example #14
| Source File: ExtensibleTrustManagerImpl.java From smarthome with Eclipse Public License 2.0 | 5 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
throws CertificateException {
X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain);
if (linkedTrustManager == null) {
logger.trace("No specific trust manager found, falling back to default");
defaultTrustManager.checkClientTrusted(chain, authType, socket);
} else {
linkedTrustManager.checkClientTrusted(chain, authType, socket);
}
}
Example #15
| Source File: TrustManagerProxyTest.java From athenz with Apache License 2.0 | 5 votes |
|
@Test
public void testTrustManagerProxyCheckClientTrusted(@Mocked X509ExtendedTrustManager mockedTrustManager) throws CertificateException {
new Expectations() {{
mockedTrustManager.checkClientTrusted((X509Certificate[]) any, "cert"); times = 1;
}};
TrustManagerProxy trustManagerProxy = new TrustManagerProxy(new TrustManager[]{mockedTrustManager});
trustManagerProxy.checkClientTrusted(null, "cert");
}
Example #16
| Source File: TrustManagerProxyTest.java From athenz with Apache License 2.0 | 5 votes |
|
@Test
public void testTrustManagerProxyCheckServerTrusted(@Mocked X509ExtendedTrustManager mockedTrustManager) throws CertificateException {
new Expectations() {{
mockedTrustManager.checkServerTrusted((X509Certificate[]) any, "cert"); times = 1;
}};
TrustManagerProxy trustManagerProxy = new TrustManagerProxy(new TrustManager[]{mockedTrustManager});
trustManagerProxy.checkServerTrusted(null, "cert");
}
Example #17
| Source File: TrustManagerProxyTest.java From athenz with Apache License 2.0 | 5 votes |
|
@Test
public void testTrustManagerProxyGetAcceptedIssuers(@Mocked X509ExtendedTrustManager mockedTrustManager) {
new Expectations() {{
mockedTrustManager.getAcceptedIssuers(); times = 1; result = null;
}};
TrustManagerProxy trustManagerProxy = new TrustManagerProxy(new TrustManager[]{mockedTrustManager});
assertNull(trustManagerProxy.getAcceptedIssuers());
}
Example #18
| Source File: TestSSLContext.java From j2objc with Apache License 2.0 | 5 votes |
|
private TestSSLContext(KeyStore clientKeyStore,
char[] clientStorePassword,
KeyStore serverKeyStore,
char[] serverStorePassword,
KeyManager[] clientKeyManagers,
KeyManager[] serverKeyManagers,
X509ExtendedTrustManager clientTrustManager,
X509ExtendedTrustManager serverTrustManager,
SSLContext clientContext,
SSLContext serverContext,
SSLServerSocket serverSocket,
InetAddress host,
int port) {
this.clientKeyStore = clientKeyStore;
this.clientStorePassword = clientStorePassword;
this.serverKeyStore = serverKeyStore;
this.serverStorePassword = serverStorePassword;
this.clientKeyManagers = clientKeyManagers;
this.serverKeyManagers = serverKeyManagers;
this.clientTrustManager = clientTrustManager;
this.serverTrustManager = serverTrustManager;
this.clientContext = clientContext;
this.serverContext = serverContext;
this.serverSocket = serverSocket;
this.host = host;
this.port = port;
}
Example #19
| Source File: ExtensibleTrustManagerImpl.java From openhab-core with Eclipse Public License 2.0 | 5 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
throws CertificateException {
X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain);
if (linkedTrustManager == null) {
logger.trace("No specific trust manager found, falling back to default");
defaultTrustManager.checkClientTrusted(chain, authType, socket);
} else {
linkedTrustManager.checkClientTrusted(chain, authType, socket);
}
}
Example #20
| Source File: ExtensibleTrustManagerImpl.java From openhab-core with Eclipse Public License 2.0 | 5 votes |
|
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
throws CertificateException {
X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain, sslEngine);
if (linkedTrustManager == null) {
logger.trace("No specific trust manager found, falling back to default");
defaultTrustManager.checkClientTrusted(chain, authType, sslEngine);
} else {
linkedTrustManager.checkClientTrusted(chain, authType, sslEngine);
}
}
Example #21
| Source File: ExtensibleTrustManagerImpl.java From openhab-core with Eclipse Public License 2.0 | 5 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
throws CertificateException {
X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain);
if (linkedTrustManager == null) {
logger.trace("No specific trust manager found, falling back to default");
defaultTrustManager.checkServerTrusted(chain, authType, socket);
} else {
linkedTrustManager.checkServerTrusted(chain, authType, socket);
}
}
Example #22
| Source File: PeerAuthorizerTrustManager.java From vespa with Apache License 2.0 | 5 votes |
|
public PeerAuthorizerTrustManager(AuthorizedPeers authorizedPeers,
AuthorizationMode mode,
HostnameVerification hostnameVerification,
X509ExtendedTrustManager defaultTrustManager) {
this.authorizer = new PeerAuthorizer(authorizedPeers);
this.mode = mode;
this.hostnameVerification = hostnameVerification;
this.defaultTrustManager = defaultTrustManager;
}
Example #23
| Source File: ExtensibleTrustManagerImpl.java From smarthome with Eclipse Public License 2.0 | 5 votes |
|
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine)
throws CertificateException {
X509ExtendedTrustManager linkedTrustManager = getLinkedTrustMananger(chain, sslEngine);
if (linkedTrustManager == null) {
logger.trace("No specific trust manager found, falling back to default");
defaultTrustManager.checkServerTrusted(chain, authType, sslEngine);
} else {
linkedTrustManager.checkServerTrusted(chain, authType, sslEngine);
}
}
Example #24
| Source File: TrustManagerUtils.java From vespa with Apache License 2.0 | 5 votes |
|
public static X509ExtendedTrustManager createDefaultX509TrustManager(KeyStore truststore) {
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(truststore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
return Arrays.stream(trustManagers)
.filter(manager -> manager instanceof X509ExtendedTrustManager)
.map(X509ExtendedTrustManager.class::cast)
.findFirst()
.orElseThrow(() -> new RuntimeException("No X509ExtendedTrustManager in " + com.yahoo.vespa.jdk8compat.List.of(trustManagers)));
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
}
}
Example #25
| Source File: SFTrustManager.java From snowflake-jdbc with Apache License 2.0 | 5 votes |
|
/**
* Constructor with the cache file. If not specified, the default cachefile
* is used.
*
* @param ocspMode OCSP mode
* @param cacheFile cache file.
*/
SFTrustManager(OCSPMode ocspMode, File cacheFile)
{
this.ocspMode = ocspMode;
this.trustManager = getTrustManager(
KeyManagerFactory.getDefaultAlgorithm());
this.exTrustManager = (X509ExtendedTrustManager) getTrustManager(
KeyManagerFactory.getDefaultAlgorithm());
checkNewOCSPEndpointAvailability();
if (ssdManager.getSSDSupportStatus())
{
readDirectives();
}
if (cacheFile != null)
{
fileCacheManager.overrideCacheFile(cacheFile);
}
if (!WAS_CACHE_READ.getAndSet(true))
{
// read cache file once
JsonNode res = fileCacheManager.readCacheFile();
readJsonStoreCache(res);
}
}
Example #26
| Source File: ExtensibleTrustManagerImpl.java From smarthome with Eclipse Public License 2.0 | 5 votes |
|
@Override
@Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
public void addTlsCertificateProvider(TlsCertificateProvider tlsCertificateProvider) {
X509ExtendedTrustManager trustManager = new TlsCertificateTrustManagerAdapter(tlsCertificateProvider)
.getTrustManager();
mappingFromTlsCertificateProvider.put(tlsCertificateProvider, trustManager);
addLinkedTrustManager(tlsCertificateProvider.getHostName(), trustManager);
}
Example #27
| Source File: ExtensibleTrustManagerImpl.java From openhab-core with Eclipse Public License 2.0 | 5 votes |
|
@Override
@Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
public void addTlsCertificateProvider(TlsCertificateProvider tlsCertificateProvider) {
X509ExtendedTrustManager trustManager = new TlsCertificateTrustManagerAdapter(tlsCertificateProvider)
.getTrustManager();
mappingFromTlsCertificateProvider.put(tlsCertificateProvider, trustManager);
addLinkedTrustManager(tlsCertificateProvider.getHostName(), trustManager);
}
Example #28
| Source File: HtmlUnitSSLConnectionSocketFactory.java From htmlunit with Apache License 2.0 | 5 votes |
|
/**
* Factory method that builds a new SSLConnectionSocketFactory.
* @param options the current WebClientOptions
* @return the SSLConnectionSocketFactory
*/
public static SSLConnectionSocketFactory buildSSLSocketFactory(final WebClientOptions options) {
try {
final String[] sslClientProtocols = options.getSSLClientProtocols();
final String[] sslClientCipherSuites = options.getSSLClientCipherSuites();
final boolean useInsecureSSL = options.isUseInsecureSSL();
if (!useInsecureSSL) {
final KeyStore keyStore = options.getSSLClientCertificateStore();
final KeyStore trustStore = options.getSSLTrustStore();
return new HtmlUnitSSLConnectionSocketFactory(keyStore,
keyStore == null ? null : options.getSSLClientCertificatePassword(),
trustStore, useInsecureSSL,
sslClientProtocols, sslClientCipherSuites);
}
// we need insecure SSL + SOCKS awareness
String protocol = options.getSSLInsecureProtocol();
if (protocol == null) {
protocol = "SSL";
}
final SSLContext sslContext = SSLContext.getInstance(protocol);
sslContext.init(getKeyManagers(options), new X509ExtendedTrustManager[] {new InsecureTrustManager()}, null);
return new HtmlUnitSSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE,
useInsecureSSL, sslClientProtocols, sslClientCipherSuites);
}
catch (final GeneralSecurityException e) {
throw new RuntimeException(e);
}
}
Example #29
| Source File: TestTrustManager.java From j2objc with Apache License 2.0 | 5 votes |
|
public static TrustManager wrap(TrustManager trustManager) {
if (trustManager instanceof X509ExtendedTrustManager) {
return new TestTrustManager((X509ExtendedTrustManager) trustManager);
} else if (trustManager instanceof X509TrustManager) {
return new TestTrustManager((X509TrustManager) trustManager);
}
return trustManager;
}
Example #30
| Source File: SSLDefinitions.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
private static X509ExtendedTrustManager getX509TrustManager(TrustManager trustManager) throws StartException {
if (trustManager == null) {
return null;
}
if (trustManager instanceof X509ExtendedTrustManager) {
X509ExtendedTrustManager x509TrustManager = (X509ExtendedTrustManager) trustManager;
if (x509TrustManager instanceof DelegatingTrustManager && IS_FIPS.getAsBoolean()) {
ROOT_LOGGER.trace("FIPS enabled on JVM, unwrapping TrustManager");
x509TrustManager = ((DelegatingTrustManager)x509TrustManager).delegating.get();
}
return x509TrustManager;
}
throw ROOT_LOGGER.invalidTypeInjected(X509ExtendedTrustManager.class.getSimpleName());
}
