/** * @param host the host * @param port the port * * @return array with all server-side certificates obtained from direct socket connection */ @PublicAtsApi public static Certificate[] getSecurityCertificates( String host, String port ) { return SslUtils.getCertificatesFromSocket(host, port); }
/** * Trust-all SSL context. * Optionally specify certificate file to create the keystore from. * * It will use the default protocol: TLS * * @param certFileName * @param certPassword * @return */ public static SSLContext getSSLContext( String certFileName, String certPassword ) { return getSSLContext(certFileName, certPassword, DEFAULT_PROTOCOL); }
/** * Loads a public-private key pair * * @param keystoreFile * @param keystorePassword * @param publicKeyAlias * @return */ public static KeyPair loadKeyPair( String keystoreFile, String keystorePassword, String publicKeyAlias ) { KeyStore keystore = loadKeystore(keystoreFile, keystorePassword); PublicKey publicKey = loadPublicKey(keystore, publicKeyAlias); PrivateKey privateKey = loadPrivateKey(keystore, keystorePassword, publicKeyAlias); return new KeyPair(publicKey, privateKey); }
/** * Trust-all SSL context. * * @return trust all hostnames and certificates {@link SSLContext} instance */ public static SSLContext getTrustAllSSLContext() { trustAllHostnames(); trustAllHttpsCertificates(); return trustAllSSlContext; }
sslContextBuilder.loadKeyMaterial(SslUtils.loadKeystore(keyStoreFile, keyStorePassword), keyStorePassword.toCharArray()); KeyStore trustStore = SslUtils.loadKeystore(trustStoreFile, trustStorePassword); } else if (!StringUtils.isNullOrEmpty(trustedServerSSLCerfiticateFile)) { final X509Certificate trustedServerCertificate = SslUtils.convertFileToX509Certificate(new File(this.trustedServerSSLCerfiticateFile));
log.info("Not all custom properties starting as DbConnection.KEY_STORE_XXX are set. We will try to prepare a default secure connection to Oracle DB"); try { Certificate[] certs = SslUtils.getCertificatesFromSocket(host, String.valueOf(port)); dataSource.setConnectionProperties(SslUtils.createKeyStore(certs[0], this.host, this.db, "", "", "")); } catch (Exception e) {
private byte[] getPrivateKeyContent() throws Exception { try { KeyStore keyStore = SslUtils.loadKeystore(keyStoreFile, keyStorePassword); PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, null); if (privateKey == null) { throw new Exception("The alias '" + keyAlias + "' does not point to an existing key-related entry"); } StringWriter stringWriter = new StringWriter(); PEMWriter pemWriter = new PEMWriter(stringWriter); pemWriter.writeObject(privateKey); pemWriter.close(); byte[] privateKeyPEM = stringWriter.toString().getBytes(); return privateKeyPEM; } catch (Exception e) { throw new Exception("Could not get private key content", e); } }
/** * Set the trusted server-side certificate for SSL. If no trusted certificate is set * and SSL is used, all server-side certificates will be trusted. * * @param trustedServerSSLCertificateFile PEM file containing a server SSL certificate * @throws HttpException */ @PublicAtsApi public void setTrustedServerSSLCertificate( File trustedServerSSLCertificateFile ) throws HttpException { try { trustedServerCertificates = new X509Certificate[]{ SslUtils.convertFileToX509Certificate(trustedServerSSLCertificateFile) }; } catch (Exception e) { throw new HttpException("Unable to set trusted server certificate from '" + trustedServerSSLCertificateFile.getAbsolutePath() + "'", e); } invalidateInternalClient(); }
/** * Set the default X509 Trust Manager to an instance of a dummy class that trust all certificates, * even the self-signed ones. * * It will use the default protocol: TLS */ public static void trustAllHttpsCertificates() { trustAllHttpsCertificates(DEFAULT_PROTOCOL); }
/** * Create keystore file * * @param cert the needed certificate for creating the keystore * @param keyStoreFullPath the full path where the keystore file will be located * @param keyStoreType the type of the keystore file * @param keyStorePassword the the password for the keystore * * TIP: if the keystoreFullPath, keyStoreType, keyStorePassword are empty we will set the default * * @return Properties object with the keyStore location, type and password */ @PublicAtsApi public static Properties createKeyStoreFile( Certificate cert, String fullKeyStorePath, String keyStorePassword, String keyStoreType ) { return SslUtils.createKeyStore(cert, null, null, fullKeyStorePath, keyStorePassword, keyStoreType); } }
ksKeys.load(null); if (certFileName != null && certPassword != null) { createKeyStoreFromPemKey(certFileName, certPassword, ksKeys);
protocol = "http"; } else { SslUtils.trustAllHttpsCertificates(); SslUtils.trustAllHostnames();
KeyStore trustStore = SslUtils.loadKeystore(trustStoreFile, trustStorePassword); trustStore.load(null); trustStore.setCertificateEntry("cert", SslUtils.convertFileToX509Certificate(new File(this.trustedServerSSLCerfiticateFile))); addPublicKeyToHostKeyRepostitory(trustStore.getCertificate("cert").getPublicKey(), hostKeyRepository);
KeyStore trustStore = SslUtils.loadKeystore(truststoreFile, truststorePassword); List<Certificate> certificates = new ArrayList<Certificate>();
trustedServerCertificates[i++] = SslUtils.convertFileToX509Certificate(file); } catch (Exception e) { throw new HttpException("Unable to set trusted server certificate from '"
clientSSLKeyStore = SslUtils.loadKeystore(clientSSLCertificateP12File.getAbsolutePath(), password); fis = new FileInputStream(clientSSLCertificateP12File);
SSLContext sslContext = SslUtils.getSSLContext(clientConfigurator.getCertificateFileName(), clientConfigurator.getCertificateFilePassword(), supportedProtocols[0]);