Example #1
Source File: From webdsl with Apache License 2.0 | 7 votes |
protected static void setAcceptAllVerifier(HttpsURLConnection connection) throws NoSuchAlgorithmException, KeyManagementException { // Create the socket factory. // Reusing the same socket factory allows sockets to be // reused, supporting persistent connections. if( null == sslSocketFactory) { SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, ALL_TRUSTING_TRUST_MANAGER, new; sslSocketFactory = sc.getSocketFactory(); } connection.setSSLSocketFactory(sslSocketFactory); // Since we may be using a cert with a different name, we need to ignore // the hostname as well. connection.setHostnameVerifier(ALL_TRUSTING_HOSTNAME_VERIFIER); }
Example #2
Source File: From openjdk-jdk9 with GNU General Public License v2.0 | 7 votes |
private static void initialize(String[] args) throws Exception {
keystore = args[0];
hostname = args[1];
String password = "changeit";
String keyFilename =
System.getProperty("test.src", ".") + "/" + keystore;
String trustFilename =
System.getProperty("test.src", ".") + "/" + keystore;
System.setProperty("", keyFilename);
System.setProperty("", password);
System.setProperty("", trustFilename);
System.setProperty("", password);
context = SSLContext.getDefault();
Example #3
Source File: From hsac-fitnesse-fixtures with Apache License 2.0 | 7 votes |
protected SSLContext generateSSLContext() {
SSLContextBuilder contextBuilder = SSLContexts.custom();
try {
if (getTrustStoreFile() != null) {
contextBuilder.loadTrustMaterial(getTrustStoreFile(), getTrustStorePassword(), getTrustStrategy());
if (getKeyStoreFile() != null) {
contextBuilder.loadKeyMaterial(getKeyStoreFile(), getKeyStorePassword(), getKeyPassword(), getPrivateKeyStrategy());
} catch (GeneralSecurityException | IOException e) {
throw new RuntimeException("Unable to configure SSL", e);
Example #4
Source File: From vespa with Apache License 2.0 | 6 votes |
AthenzCredentials updateCredentials(SignedIdentityDocument document, SSLContext sslContext) {
KeyPair newKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA);
Pkcs10Csr csr = csrGenerator.generateInstanceCsr(
try (ZtsClient ztsClient = new DefaultZtsClient(ztsEndpoint, sslContext)) {
InstanceIdentity instanceIdentity =
X509Certificate certificate = instanceIdentity.certificate();
writeCredentialsToDisk(newKeyPair.getPrivate(), certificate, document);
return new AthenzCredentials(certificate, newKeyPair, document);
Example #5
Source File: From yet-another-docker-plugin with MIT License | 6 votes |
@SuppressFBWarnings(value = "REC_CATCH_EXCEPTION", justification = "docker-java uses runtime exceptions")
public SSLContext getSSLContext() throws KeyManagementException, UnrecoverableKeyException,
NoSuchAlgorithmException, KeyStoreException {
try {
Security.addProvider(new BouncyCastleProvider());
SslConfigurator sslConfig = SslConfigurator.newInstance(true);
// add keystore
sslConfig.keyStore(createKeyStore(keypem, certpem));
sslConfig.keyStorePassword("docker"); // ??
if (isNotBlank(capem)) {
return sslConfig.createSSLContext();
} catch (Exception e) {
throw new DockerClientException(e.getMessage(), e);
Example #6
Source File: From Bats with Apache License 2.0 | 6 votes |
@Override public SSLContext initJDKSSLContext() throws DrillException { final SSLContext sslCtx; if (!userSslEnabled) { return null; } TrustManagerFactory tmf; try { tmf = initializeTrustManagerFactory(); sslCtx = SSLContext.getInstance(protocol); sslCtx.init(null, tmf.getTrustManagers(), null); } catch (Exception e) { // Catch any SSL initialization Exceptions here and abort. throw new DrillException(new StringBuilder() .append("SSL is enabled but cannot be initialized due to the following exception: ") .append("[ ") .append(e.getMessage()) .append("]. ") .toString()); } this.jdkSSlContext = sslCtx; return sslCtx; }
Example #7
Source File: From flashback with BSD 2-Clause "Simplified" License | 6 votes |
public Future execute(ChannelMediator channelMediator, InetSocketAddress remoteAddress) {
//dynamically create SSLEngine based on CN and SANs
LOG.debug("Starting client to proxy connection handshaking");
try {
//TODO: if connect request only contains ip address, we need get either CA
//TODO: or SANS from server response
KeyStore keyStore = _certificateKeyStoreFactory.create(remoteAddress.getHostName(), new ArrayList<>());
SSLContext sslContext = SSLContextGenerator.createClientContext(keyStore, _certificateAuthority.getPassPhrase());
return channelMediator.handshakeWithClient(sslContext.createSSLEngine());
} catch (NoSuchAlgorithmException | KeyStoreException | IOException | CertificateException | OperatorCreationException
| NoSuchProviderException | InvalidKeyException | SignatureException | KeyManagementException | UnrecoverableKeyException e) {
throw new RuntimeException("Failed to create server identity certificate", e);
Example #8
Source File: From mt-flume with Apache License 2.0 | 6 votes |
private SSLContext createServerSSLContext() { try { KeyStore ks = KeyStore.getInstance(keystoreType); ks.load(new FileInputStream(keystore), keystorePassword.toCharArray()); // Set up key manager factory to use our key store KeyManagerFactory kmf = KeyManagerFactory.getInstance(getAlgorithm()); kmf.init(ks, keystorePassword.toCharArray()); SSLContext serverContext = SSLContext.getInstance("TLS"); serverContext.init(kmf.getKeyManagers(), null, null); return serverContext; } catch (Exception e) { throw new Error("Failed to initialize the server-side SSLContext", e); } }
Example #9
Source File: From cloudstack with Apache License 2.0 | 6 votes |
public static SSLContext initManagementSSLContext(final CAService caService) throws GeneralSecurityException, IOException { if (caService == null) { throw new CloudRuntimeException("CAService is not available to load/get management server keystore"); } final KeyStore ks = caService.getManagementKeyStore(); char[] passphrase = caService.getKeyStorePassphrase(); final TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ks); final TrustManager[] tms = tmf.getTrustManagers(); final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, passphrase); final SSLContext sslContext = SSLUtils.getSSLContext(); sslContext.init(kmf.getKeyManagers(), tms, new SecureRandom()); return sslContext; }
Example #10
Source File: From simplewebserver with Apache License 2.0 | 6 votes |
* Constructor for a secure ChannelIO variant.
public SslReadWriteSelectorHandler(SocketChannel sc, SelectionKey selectionKey,
SSLContext sslContext) throws IOException {
sslEngine = sslContext.createSSLEngine();
initialHSStatus = HandshakeStatus.NEED_UNWRAP;
initialHSComplete = false;
int netBBSize = sslEngine.getSession().getPacketBufferSize();
inNetBB = ByteBuffer.allocate(netBBSize);
outNetBB = ByteBuffer.allocate(netBBSize);
int appBBSize = sslEngine.getSession().getApplicationBufferSize();
requestBB = ByteBuffer.allocate(appBBSize);
while (!doHandshake(selectionKey)) {
Example #11
Source File: From datakernel with Apache License 2.0 | 6 votes |
static SSLContext createSslContext() throws Exception { SSLContext instance = SSLContext.getInstance("TLSv1.2"); KeyStore keyStore = KeyStore.getInstance("JKS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); try (InputStream input = new FileInputStream(new File(KEYSTORE_PATH))) { keyStore.load(input, KEYSTORE_PASS.toCharArray()); } kmf.init(keyStore, KEY_PASS.toCharArray()); KeyStore trustStore = KeyStore.getInstance("JKS"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); try (InputStream input = new FileInputStream(new File(TRUSTSTORE_PATH))) { trustStore.load(input, TRUSTSTORE_PASS.toCharArray()); } tmf.init(trustStore); instance.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); return instance; }
Example #12
Source File: From nexus-public with Eclipse Public License 1.0 | 6 votes |
@Override public SSLContext getSSLContext() { SSLContext _sslcontext = this.sslcontext; // local variable allows concurrent removeTrustCertificate if (_sslcontext == null) { try { // the trusted key store may have asychronously changed when NXRM is clustered, reload the managed store used // for fallback so the context doesn't use stale key store this.managedTrustManager = getManagedTrustManager(keyStoreManager); _sslcontext = SSLContext.getInstance(SSLConnectionSocketFactory.TLS); _sslcontext.init(keyManagers, trustManagers, DEFAULT_RANDOM); this.sslcontext = _sslcontext; } catch (Exception e) { log.debug("Could not create SSL context", e); Throwables.throwIfUnchecked(e); throw new RuntimeException(e); } } return _sslcontext; }
Example #13
Source File: From Pixiv-Illustration-Collection-Backend with Apache License 2.0 | 6 votes |
@Bean @Primary @Autowired public HttpClient httpClientWithOutProxy(TrustManager[] trustAllCertificates, ExecutorService httpclientExecutorService) throws NoSuchAlgorithmException, KeyManagementException { SSLParameters sslParams = new SSLParameters(); sslParams.setEndpointIdentificationAlgorithm(""); SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCertificates, new SecureRandom()); return HttpClient.newBuilder() .version(HttpClient.Version.HTTP_1_1) // .sslParameters(sslParams) // .sslContext(sc) .connectTimeout(Duration.ofSeconds(30)) // .proxy(ProxySelector.of(new InetSocketAddress("", 8888))) .executor(httpclientExecutorService) .followRedirects(HttpClient.Redirect.NEVER) .build(); }
Example #14
Source File: From nifi-registry with Apache License 2.0 | 6 votes |
private static Client createClientFromConfig(NiFiRegistryClientConfig registryClientConfig) {
final ClientConfig clientConfig = new ClientConfig();
final ClientBuilder clientBuilder = ClientBuilder.newBuilder().withConfig(clientConfig);
final SSLContext sslContext = registryClientConfig.getSslContext();
if (sslContext != null) {
final HostnameVerifier hostnameVerifier = registryClientConfig.getHostnameVerifier();
if (hostnameVerifier != null) {
Example #15
Source File: From grpc-java with Apache License 2.0 | 6 votes |
/** * Creates an SSLSocketFactory which contains {@code certChainFile} as its only root certificate. */ public static SSLSocketFactory newSslSocketFactoryForCa(Provider provider, File certChainFile) throws Exception { KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); CertificateFactory cf = CertificateFactory.getInstance("X.509"); BufferedInputStream in = new BufferedInputStream(new FileInputStream(certChainFile)); try { X509Certificate cert = (X509Certificate) cf.generateCertificate(in); X500Principal principal = cert.getSubjectX500Principal(); ks.setCertificateEntry(principal.getName("RFC2253"), cert); } finally { in.close(); } // Set up trust manager factory to use our key store. TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(ks); SSLContext context = SSLContext.getInstance("TLS", provider); context.init(null, trustManagerFactory.getTrustManagers(), null); return context.getSocketFactory(); }
Example #16
Source File: From openAGV with Apache License 2.0 | 6 votes |
/** * Creates an instance of {@link SSLContext} for the server. * * @return The ssl context. * @throws IllegalStateException If the creation of the ssl context fails. */ public SSLContext createServerContext() throws IllegalStateException { SSLContext context = null; try { KeyStore ks = KeyStore.getInstance(sslParameterSet.getKeystoreType()); ks.load(new FileInputStream(sslParameterSet.getKeystoreFile()), sslParameterSet.getKeystorePassword().toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEY_TRUST_MANAGEMENT_ALGORITHM); kmf.init(ks, sslParameterSet.getKeystorePassword().toCharArray()); context = SSLContext.getInstance(SSL_CONTEXT_PROTOCOL); context.init(kmf.getKeyManagers(), null, null); } catch (NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException | KeyManagementException | UnrecoverableKeyException ex) { throw new IllegalStateException("Error creating the server's ssl context", ex); } return context; }
Example #17
Source File: From Burp-Hunter with GNU General Public License v3.0 | 6 votes |
public String notifyHunter(byte[] content) throws IOException {
try {
String request = new String(content);
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, (certificate, authType) -> true).build();
HttpClient httpclient = HttpClients.custom().setSSLContext(sslContext).setSSLHostnameVerifier(new NoopHostnameVerifier()).build();
HttpPost httpPost = new HttpPost("https://api"+hunterDomain.substring(hunterDomain.indexOf("."))+"/api/record_injection");
String json = "{\"request\": \""+request.replace("\\", "\\\\").replace("\"", "\\\"").replace("\r\n", "\\n")+"\", \"owner_correlation_key\": \""+hunterKey+"\", \"injection_key\": \""+injectKey+"\"}";
StringEntity entity = new StringEntity(json);
HttpResponse response = httpclient.execute(httpPost);
String responseString = new BasicResponseHandler().handleResponse(response);
return responseString;
} catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException ex) {
Logger.getLogger(HunterRequest.class.getName()).log(Level.SEVERE, null, ex);
return "Error Notifying Probe Server!";
Example #18
Source File: From deprecated-security-advanced-modules with Apache License 2.0 | 6 votes |
public SSLConfig(SSLContext sslContext, String[] supportedProtocols, String[] supportedCipherSuites,
HostnameVerifier hostnameVerifier, boolean hostnameVerificationEnabled, boolean trustAll,
boolean startTlsEnabled, KeyStore effectiveTruststore, List<String> effectiveTruststoreAliases,
KeyStore effectiveKeystore, char[] effectiveKeyPassword, String effectiveKeyAlias) {
this.sslContext = sslContext;
this.supportedProtocols = supportedProtocols;
this.supportedCipherSuites = supportedCipherSuites;
this.hostnameVerifier = hostnameVerifier;
this.hostnameVerificationEnabled = hostnameVerificationEnabled;
this.trustAll = trustAll;
this.startTlsEnabled = startTlsEnabled;
this.effectiveTruststore = effectiveTruststore;
this.effectiveTruststoreAliases = effectiveTruststoreAliases;
this.effectiveKeystore = effectiveKeystore;
this.effectiveKeyPassword = effectiveKeyPassword;
this.effectiveKeyAlias = effectiveKeyAlias;
if (log.isDebugEnabled()) {
log.debug("Created SSLConfig: " + this);
Example #19
Source File: From grpc-nebula-java with Apache License 2.0 | 6 votes |
/** * Creates an SSLSocketFactory which contains {@code certChainFile} as its only root certificate. * * @deprecated Not for public use */ @Deprecated public static SSLSocketFactory newSslSocketFactoryForCa(Provider provider, File certChainFile) throws Exception { KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) cf.generateCertificate( new BufferedInputStream(new FileInputStream(certChainFile))); X500Principal principal = cert.getSubjectX500Principal(); ks.setCertificateEntry(principal.getName("RFC2253"), cert); // Set up trust manager factory to use our key store. TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(ks); SSLContext context = SSLContext.getInstance("TLS", provider); context.init(null, trustManagerFactory.getTrustManagers(), null); return context.getSocketFactory(); }
Example #20
Source File: From grpc-nebula-java with Apache License 2.0 | 6 votes |
* Returns the ciphers preferred to use during tests. They may be chosen because they are widely
* available or because they are fast. There is no requirement that they provide confidentiality
* or integrity.
* @deprecated Not for public use
public static List<String> preferredTestCiphers() {
String[] ciphers;
try {
ciphers = SSLContext.getDefault().getDefaultSSLParameters().getCipherSuites();
} catch (NoSuchAlgorithmException ex) {
throw new RuntimeException(ex);
List<String> ciphersMinusGcm = new ArrayList<>();
for (String cipher : ciphers) {
// The GCM implementation in Java is _very_ slow (~1 MB/s)
if (cipher.contains("_GCM_")) {
return Collections.unmodifiableList(ciphersMinusGcm);
Example #21
Source File: From qpid-jms with Apache License 2.0 | 6 votes |
public void testCreateSslEngineFromJksStoreWithExplicitDisabledCiphersJDK() throws Exception {
// Discover the default enabled ciphers
TransportOptions options = createJksSslOptions();
SSLEngine directEngine = createSSLEngineDirectly(options);
String[] ciphers = directEngine.getEnabledCipherSuites();
assertTrue("There were no initial ciphers to choose from!", ciphers.length > 0);
// Pull out one to disable specifically
String[] disabledCipher = new String[] { ciphers[ciphers.length - 1] };
String[] trimmedCiphers = Arrays.copyOf(ciphers, ciphers.length - 1);
SSLContext context = TransportSupport.createJdkSslContext(options);
SSLEngine engine = TransportSupport.createJdkSslEngine(null, context, options);
// verify the option took effect
assertArrayEquals("Enabled ciphers not as expected", trimmedCiphers, engine.getEnabledCipherSuites());
Example #22
Source File: From bce-sdk-java with Apache License 2.0 | 6 votes |
/** * get SSLSocketFactory * @param caKeystore * @param clientKeystore * @param keystorePassword * * @return */ public static SSLSocketFactory getFactory(KeyStore caKeystore, KeyStore clientKeystore, String keystorePassword) { try { TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(caKeystore); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(clientKeystore, keystorePassword.toCharArray()); SSLContext context = SSLContext.getInstance(TLS_V_1_2); KeyManager[] kms = kmf.getKeyManagers(); context.init(kms, tmf.getTrustManagers(), null); return context.getSocketFactory(); } catch (Exception e) { e.printStackTrace(); } return null; }
Example #23
Source File: From ranger with Apache License 2.0 | 6 votes |
public DefaultSchemaRegistryClient(Map<String, ?> conf) {
configuration = new Configuration(conf);
login = SecurityUtils.initializeSecurityContext(conf);
ClientConfig config = createClientConfig(conf);
final boolean SSLEnabled = SecurityUtils.isHttpsConnection(conf);
ClientBuilder clientBuilder = JerseyClientBuilder.newBuilder()
.property(ClientProperties.FOLLOW_REDIRECTS, Boolean.TRUE);
if (SSLEnabled) {
SSLContext ctx;
try {
ctx = SecurityUtils.createSSLContext(conf, SSL_ALGORITHM);
} catch (Exception e) {
throw new RuntimeException(e);
client =;
// get list of urls and create given or default UrlSelector.
urlSelector = createUrlSelector();
urlWithTargets = new ConcurrentHashMap<>();
Example #24
Source File: From log4j2-elasticsearch with Apache License 2.0 | 5 votes |
@Override public void applyTo(HttpClientFactory.Builder builder) { if ( == null) { BouncyCastleProvider()); } try ( FileInputStream clientCert = new FileInputStream(new File(clientCertPath)); FileInputStream key = new FileInputStream(new File(keyPath)); FileInputStream certificateAuthoritiies = new FileInputStream(new File(caPath)) ) { KeyStore keyStore = PemReader.loadKeyStore(clientCert, key, Optional.ofNullable(keyPassphrase)); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keyPassphrase.toCharArray()); KeyStore trustStore = PemReader.loadTrustStore(certificateAuthoritiies); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); // TODO: add support for hostname verification modes builder.withSslSocketFactory(new SSLConnectionSocketFactory(sslContext)); builder.withHttpsIOSessionStrategy(new SSLIOSessionStrategy(sslContext, new NoopHostnameVerifier())); } catch (IOException | GeneralSecurityException e) { throw new ConfigurationException(configExceptionMessage, e); } }
Example #25
Source File: From mts with GNU General Public License v3.0 | 5 votes |
* Open a SSL Socket. This method is based on class SSLSocketChannel we got
* from some LGPL library.
* @param localSocketAddress
* @param remoteSocketAddress
* @param handler
* @param context
* @throws Exception
public void openTLS(SocketAddress localSocketAddress, SocketAddress remoteSocketAddress, IOHandler handler, SSLContext context) throws Exception
// create an engine based on an already initialized context. This context
// contains the certificates.
SSLEngine engine = context.createSSLEngine();
// create, connect (TCP only, no exchange yet).
SSLSocketChannel channel = new SSLSocketChannel(, engine);
// wakeup the selector (it will leave the .select() method then block
// on the synchronized(selectorLock){]} instruction. If we don't do this,
// the .register method is blocking until select() leaves, which can
// take some time if there is no network traffic.
SocketChannel adapteeChannel = ((SocketChannel)channel.getAdapteeChannel());
// call the init() method of the handler to give him the channel and
// selectionKey he will use for later calls to outputReadey and inputReady.
// NB for SSL: we do not give the handler the same channel we register into
// the selector because we can only register sun's channels
// into the selector.
handler.onIorInit(adapteeChannel.register(selector, SelectionKey.OP_READ, handler), channel);
Example #26
Source File: From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
static SSLClient init(String host, int port, String cipherSuiteFilter, String sniHostName) throws NoSuchAlgorithmException, IOException { SSLContext sslContext = SSLContext.getDefault(); SSLSocketFactory ssf = (SSLSocketFactory) sslContext.getSocketFactory(); SSLSocket socket = (SSLSocket) ssf.createSocket(host, port); SSLParameters params = new SSLParameters(); if (cipherSuiteFilter != null) { String[] cipherSuites = UnboundSSLUtils.filterStringArray( ssf.getSupportedCipherSuites(), cipherSuiteFilter); System.out.println("Client: enabled cipher suites: " + Arrays.toString(cipherSuites)); params.setCipherSuites(cipherSuites); } if (sniHostName != null) { System.out.println("Client: set SNI hostname: " + sniHostName); SNIHostName serverName = new SNIHostName(sniHostName); List<SNIServerName> serverNames = new ArrayList<>(); serverNames.add(serverName); params.setServerNames(serverNames); } socket.setSSLParameters(params); return new SSLClient(socket); }
Example #27
Source File: From open-rmbt with Apache License 2.0 | 5 votes |
* @param executor
* @param socket
public QoSService(ExecutorService executor, ServerSocket socket, SSLContext sslContext) {
this.executor = executor;
this.socket = socket;
this.sslContext = sslContext; = "[QoSService " + socket.getInetAddress() + ":" + socket.getLocalPort() +"]: ";
Example #28
Source File: From AndroidUtilCode with Apache License 2.0 | 5 votes |
DefaultSSLSocketFactory() { try { SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, DEFAULT_TRUST_MANAGERS, new SecureRandom()); mFactory = sslContext.getSocketFactory(); } catch (GeneralSecurityException e) { throw new AssertionError(); } }
Example #29
Source File: From entando-components with GNU Lesser General Public License v3.0 | 5 votes |
protected InitialLdapContext getDirContext() throws NamingException, CommunicationException, ConnectException { InitialLdapContext dirCtx = null; try { if (this.isTlsSecurityConnection()) { dirCtx = new InitialLdapContext(this.getParams(true), null); StartTlsResponse tls = (StartTlsResponse) dirCtx.extendedOperation(new StartTlsRequest()); if (this.isTlsFreeSecurityConnection()) { // Set the (our) HostVerifier tls.setHostnameVerifier(new MyTLSHostnameVerifier()); SSLSocketFactory sslsf = null; try { TrustManager[] tm = new TrustManager[]{new MyX509TrustManager()}; SSLContext sslC = SSLContext.getInstance("TLSv1.2"); sslC.init(null, tm, null); sslsf = sslC.getSocketFactory(); } catch (NoSuchAlgorithmException nSAE) { logger.error("error Hier: {}", nSAE.getMessage(), nSAE); } catch (KeyManagementException kME) { logger.error("error Hier: {}", kME.getMessage(), kME); } tls.negotiate(sslsf); } else { tls.negotiate(); } if (null != this.getSecurityPrincipal() && null != this.getSecurityCredentials()) { dirCtx.addToEnvironment(Context.SECURITY_PRINCIPAL, this.getSecurityPrincipal()); dirCtx.addToEnvironment(Context.SECURITY_CREDENTIALS, this.getSecurityCredentials()); dirCtx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple"); } } else { dirCtx = new InitialLdapContext(this.getParams(false), null); } } catch (IOException ex) { logger.error("error in getDirContext", ex); } catch (NamingException e) { throw e; } return dirCtx; }
Example #30
Source File: From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
static SSLClient init(int port, String ciphersuite) throws NoSuchAlgorithmException, IOException { SSLContext context = SSLContext.getDefault(); SSLSocketFactory ssf = (SSLSocketFactory) context.getSocketFactory(); SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", port); if (ciphersuite != null) { System.out.println("Client: enable cipher suite: " + ciphersuite); socket.setEnabledCipherSuites(new String[] { ciphersuite }); } return new SSLClient(socket); }