private static Subject createOpsSubject() { File pemFile = new File(System.getProperty("user.home") + "/.ssl/cadcproxy.pem"); return SSLUtil.createSubject(pemFile); }
public static void initSSL(File pemFile) { try { X509CertificateChain chain = readPemCertificateAndKey(pemFile); SSLSocketFactory sf = getSocketFactory(chain); HttpsURLConnection.setDefaultSSLSocketFactory(sf); } catch (InvalidKeySpecException ex) { throw new RuntimeException("failed to read RSA private key from " + pemFile, ex); } catch (NoSuchAlgorithmException ex) { throw new RuntimeException("BUG: failed to create empty KeyStore", ex); } catch (FileNotFoundException ex) { throw new RuntimeException("failed to find certificate and/or key file " + pemFile, ex); } catch (IOException ex) { throw new RuntimeException("failed to read certificate file " + pemFile, ex); } catch (CertificateException ex) { throw new RuntimeException("failed to load certificate from file " + pemFile, ex); } }
private static KeyStore getKeyStore(File certFile, File keyFile) { try { PrivateKey pk = readPrivateKey(keyFile); Certificate[] chain = readCertificateChain(certFile); return getKeyStore(chain, pk); } catch (InvalidKeySpecException ex) { throw new RuntimeException("failed to read RSA private key from " + keyFile, ex); } catch (NoSuchAlgorithmException ex) { throw new RuntimeException("BUG: failed to create empty KeyStore", ex); } catch (FileNotFoundException ex) { throw new RuntimeException("failed to find certificate and/or key file " + certFile + "," + keyFile, ex); } catch (IOException ex) { throw new RuntimeException("failed to read certificate file " + certFile, ex); } catch (CertificateException ex) { throw new RuntimeException("failed to load certificate from file " + certFile, ex); } }
static SSLSocketFactory getSocketFactory(KeyStore keyStore, KeyStore trustStore) { KeyManagerFactory kmf = getKeyManagerFactory(keyStore); TrustManagerFactory tmf = getTrustManagerFactory(trustStore); SSLContext ctx = getContext(kmf, tmf, keyStore); SSLSocketFactory sf = ctx.getSocketFactory(); return sf; }
/** * Initialise the default SSL socket factory so that all HTTPS * connections use the provided key store to authenticate (when the * server requies client authentication). * * @param certFile * proxy certificate * @param keyFile * private key file in DER format * @return configured SSL socket factory */ public static SSLSocketFactory getSocketFactory(File certFile, File keyFile) { KeyStore ks = getKeyStore(certFile, keyFile); KeyStore ts = null; return getSocketFactory(ks, ts); }
byte[] key = getPrivateKey(data); RSAPrivateCrtKeySpec spec = parseKeySpec(key); PrivateKey pk = kf.generatePrivate(spec); byte[] certificates = getCertificates(data); X509Certificate[] chain = readCertificateChain(certificates);
/** * @param sslConn */ protected void initHTTPS(HttpsURLConnection sslConn) { if (sslSocketFactory == null) // lazy init { log.debug("initHTTPS: lazy init"); AccessControlContext ac = AccessController.getContext(); Subject s = Subject.getSubject(ac); this.sslSocketFactory = SSLUtil.getSocketFactory(s); } if (sslSocketFactory != null) { log.debug("setting SSLSocketFactory on " + sslConn.getClass().getName()); sslConn.setSSLSocketFactory(sslSocketFactory); } }
.readCertificateChain(SSLUtil .getCertificates(certBuf)); return certs;
public static Subject createSubject(File certFile, File keyFile) { try { PrivateKey pk = readPrivateKey(keyFile); X509Certificate[] chain = readCertificateChain(certFile); return AuthenticationUtil.getSubject(chain, pk); } catch (InvalidKeySpecException ex) { throw new RuntimeException("failed to read RSA private key from " + keyFile, ex); } catch (NoSuchAlgorithmException ex) { throw new RuntimeException("BUG: failed to create empty KeyStore", ex); } catch (FileNotFoundException ex) { throw new RuntimeException("failed to find certificate and/or key file " + certFile + "," + keyFile, ex); } catch (IOException ex) { throw new RuntimeException("failed to read certificate file " + certFile, ex); } catch (CertificateException ex) { throw new RuntimeException("failed to load certificate from file " + certFile, ex); } }
/** * Convenience method to parse a PEM encoded file and return the * corresponding X509 Certificate chain. * * @param pemFile * @return certificate chain * @throws InvalidKeySpecException * @throws NoSuchAlgorithmException * @throws IOException * @throws CertificateException */ public static X509CertificateChain readPemCertificateAndKey(File pemFile) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException, CertificateException { byte[] data = FileUtil.readFile(pemFile); return readPemCertificateAndKey(data); }
@SuppressWarnings("unchecked") public static X509Certificate[] readCertificateChain(File certFile) throws CertificateException, IOException { try { X509Certificate[] chain = readCertificateChain(FileUtil.readFile(certFile)); log.debug("X509 certificate is valid"); return chain; } catch (CertificateException ex) { throw new RuntimeException("certificate from file " + certFile + " is not valid", ex); } }
/** * Open a HttpsURLConnection with a SocketFactory created based on * user credentials. * * @param url * @return UTLConnection returns an open https connection to URL * @throws IOException */ protected HttpsURLConnection openConnection(final URL url) throws IOException { if (!url.getProtocol().equals("https")) { throw new IllegalArgumentException("Wrong protocol: " + url.getProtocol() + ". GMS works on https only"); } if (sf == null) { // lazy initialization of socket factory AccessControlContext ac = AccessController.getContext(); Subject subject = Subject.getSubject(ac); sf = SSLUtil.getSocketFactory(subject); } HttpsURLConnection con = (HttpsURLConnection) url .openConnection(); if (sf != null) con.setSSLSocketFactory(sf); return con; }
public static SSLSocketFactory getSocketFactory(X509CertificateChain chain) { KeyStore ts = null; KeyStore ks = null; if (chain != null) ks = getKeyStore(chain.getChain(), chain.getPrivateKey()); return getSocketFactory(ks, ts); }
public static Subject createSubject(File certKeyFile) { try { X509CertificateChain certKey = readPemCertificateAndKey(certKeyFile); return AuthenticationUtil.getSubject(certKey); } catch (InvalidKeySpecException ex) { throw new RuntimeException("failed to read RSA private key from " + certKeyFile, ex); } catch (NoSuchAlgorithmException ex) { throw new RuntimeException("BUG: failed to create empty KeyStore", ex); } catch (IOException ex) { throw new RuntimeException("failed to read certificate file " + certKeyFile, ex); } catch (CertificateException ex) { throw new RuntimeException("failed to load certificate from file " + certKeyFile, ex); } }
try chain = readPemCertificateAndKey(pemFile); return getSocketFactory(chain);
private static Subject initSubjectByPem(String fnPem, boolean nullOnNotFound) { File certKeyFile = loadFile(fnPem, nullOnNotFound); if (nullOnNotFound && certKeyFile == null) return null; return SSLUtil.createSubject(certKeyFile); }
private SSLSocketFactory getSSLSocketFactory() { AccessControlContext ac = AccessController.getContext(); Subject s = Subject.getSubject(ac); // no real Subject: can only use the one from setSSLSocketFactory if (s == null || s.getPrincipals().isEmpty()) { return sslSocketFactory; } // lazy init if (this.mySocketFactory == null) { log.debug("getSSLSocketFactory: " + s); this.mySocketFactory = SSLUtil.getSocketFactory(s); this.subjectHashCode = s.hashCode(); } else { int c = s.hashCode(); if (c != subjectHashCode) throw new IllegalStateException("Illegal use of " + this.getClass().getSimpleName() + ": subject change not supported for internal SSLSocketFactory"); } return this.mySocketFactory; }
return SSLUtil.readPemCertificateAndKey(certificate);
private static Subject initSubjectByCertKey(String fnCert, String fnKey, boolean nullOnNotFound) { File certFile = loadFile(fnCert, nullOnNotFound); File keyFile = loadFile(fnKey, nullOnNotFound); if (nullOnNotFound && certFile == null && keyFile == null) return null; return SSLUtil.createSubject(certFile, keyFile); }
/** * Create an SSLSocketfactory from the credentials in the specified * Subject. This method extracts a X509CertificateChain from the * public credentials and uses the certificate chain and private key * found there to set up a KeyStore for the SSLSocketFactory. * * @param s * @return an SSLSocketFactory, or null if no X509CertificateChain can * be found */ public static SSLSocketFactory getSocketFactory(Subject s) { X509CertificateChain chain = null; if (s != null) { Set<X509CertificateChain> certs = s.getPublicCredentials(X509CertificateChain.class); for (X509CertificateChain cc : certs) { if (cc.getKey() != null) { chain = cc; break; } } } if (chain == null) return null; return getSocketFactory(chain); }