private static SSLContext sslContext(String keystoreFile, String password) throws GeneralSecurityException, IOException { KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); try (InputStream in = new FileInputStream(keystoreFile)) { keystore.load(in, password.toCharArray()); } KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keystore, password.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keystore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init( keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom()); return sslContext; } }
static KeyManagerFactory buildKeyManagerFactory(KeyStore ks, String keyAlgorithm, char[] keyPasswordChars, KeyManagerFactory kmf) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { // Set up key manager factory to use our key store if (kmf == null) { kmf = KeyManagerFactory.getInstance(keyAlgorithm); } kmf.init(ks, keyPasswordChars); return kmf; }
public KeyManagerFactory getKeyMgrFactory() throws Exception { KeyManagerFactory fact = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); fact.init(store, password != null ? password.toCharArray(): null); return fact; }
private SSLSocketFactory getSocketFactory() throws GeneralSecurityException, IOException { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); KeyStore keyStore = KeyStore.getInstance("PKCS12"); InputStream keyInput = new FileInputStream(pathToPkcs12File); keyStore.load(keyInput, password.toCharArray()); keyInput.close(); keyManagerFactory.init(keyStore, password.toCharArray()); SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom()); return context.getSocketFactory(); }
private static KeyManager[] prepareKeyManager(InputStream bksFile, String password) { try { if (bksFile == null || password == null) return null; KeyStore clientKeyStore = KeyStore.getInstance("BKS"); clientKeyStore.load(bksFile, password.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(clientKeyStore, password.toCharArray()); return kmf.getKeyManagers(); } catch (Exception e) { OkLogger.printStackTrace(e); } return null; }
SSLContext sslContext = SSLContext.getInstance ( "TLS" ); KeyStore ks = KeyStore.getInstance ( "JKS" ); FileInputStream fis = new FileInputStream ( "lig.keystore" ); ks.load ( fis, password ); KeyManagerFactory kmf = KeyManagerFactory.getInstance ( "SunX509" ); kmf.init ( ks, password ); TrustManagerFactory tmf = TrustManagerFactory.getInstance ( "SunX509" ); tmf.init ( ks ); sslContext.init ( kmf.getKeyManagers (), tmf.getTrustManagers (), null ); httpsServer.setHttpsConfigurator ( new HttpsConfigurator( sslContext ) SSLContext c = SSLContext.getDefault (); SSLEngine engine = c.createSSLEngine (); params.setNeedClientAuth ( false );
private KeyManager[] getKeyManagers(SSLConfig sslConfig) throws Exception { FileInputStream keyStoreStream = null; KeyManagerFactory keyManagerFactory = null; try { if (StringUtils.isNotBlank(sslConfig.getKeystore())) { KeyStore clientKeys = KeyStore.getInstance(sslConfig.getKeystoreType()); keyStoreStream = new FileInputStream(sslConfig.getKeystore()); clientKeys.load(keyStoreStream, sslConfig.getKeystorePassword().toCharArray()); keyManagerFactory = KeyManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(clientKeys, sslConfig.getKeystorePassword().toCharArray()); } } finally { if (keyStoreStream != null) { keyStoreStream.close(); } } return keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null; }
char[] tsPwd = config.getTlsConfig().getTrustStorePassword().toCharArray(); tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType()); try (FileInputStream fileInputStream = new FileInputStream(tsLocation)) { ts.load(fileInputStream, tsPwd); tmf.init(ts); kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); try (FileInputStream fileInputStream = new FileInputStream(ksLocation)) { ks.load(fileInputStream, ksPwd); kmf.init(ks, ksPwd); if (log.isInfoEnabled()) { logKeyStore(ks, ksLocation, ksPwd);
public SSLContextFactory(final NiFiProperties properties) throws NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, KeyStoreException, UnrecoverableKeyException { keystore = properties.getProperty(NiFiProperties.SECURITY_KEYSTORE); keystorePass = getPass(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD)); keystoreType = properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE); truststore = properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE); truststorePass = getPass(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD)); truststoreType = properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE); // prepare the keystore final KeyStore keyStore = KeyStoreUtils.getKeyStore(keystoreType); final FileInputStream keyStoreStream = new FileInputStream(keystore); try { keyStore.load(keyStoreStream, keystorePass); } finally { FileUtils.closeQuietly(keyStoreStream); } final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keystorePass); // prepare the truststore final KeyStore trustStore = KeyStoreUtils.getTrustStore(truststoreType); final FileInputStream trustStoreStream = new FileInputStream(truststore); try { trustStore.load(trustStoreStream, truststorePass); } finally { FileUtils.closeQuietly(trustStoreStream); } final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); keyManagers = keyManagerFactory.getKeyManagers(); trustManagers = trustManagerFactory.getTrustManagers(); }
serverKeyStore.load(new FileInputStream("resource/server.jks"), passphrase.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(serverKeyStore); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(serverKeyStore, keyphrase.toCharArray());
KeyStore store = KeyStore.getInstance("BKS"); InputStream truststore = mainActivity.getResources().openRawResource(R.raw.trust); store.load(truststore, "PASSWORD".toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); tmf.init(store); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), new SecureRandom()); Socket socket = context.getSocketFactory().createSocket(ip, port);
private void upgradeToTls(Socket socket) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException { KeyStore keyStore = keyStoreProvider.getKeyStore(); String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm); keyManagerFactory.init(keyStore, keyStoreProvider.getPassword()); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), null, null); SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket( socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true); sslSocket.setUseClientMode(false); sslSocket.startHandshake(); input = Okio.buffer(Okio.source(sslSocket.getInputStream())); output = Okio.buffer(Okio.sink(sslSocket.getOutputStream())); }
NoSuchAlgorithmException, KeyStoreException { final SSLContext context = SSLContext.getInstance("TLS"); final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory .getDefaultAlgorithm()); keyManagerFactory.init(keystore, keystorePassword.toCharArray()); context.init(keyManagerFactory.getKeyManagers(), new TrustManager[] { new X509TrustManager() { @Override }, new SecureRandom());
public static KeyManager[] initKeyStore(File tlsKeyFile, File tlsCertFile, String tlsKeyPassword) throws IOException, GeneralSecurityException { final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, null); final Collection<? extends Certificate> certChain = loadCertificates(tlsCertFile.toPath()); final PrivateKey privateKey = loadPrivateKey(tlsKeyFile, tlsKeyPassword); final char[] password = Strings.nullToEmpty(tlsKeyPassword).toCharArray(); ks.setKeyEntry("key", privateKey, password, certChain.toArray(new Certificate[certChain.size()])); if (LOG.isDebugEnabled()) { LOG.debug("Private key file: {}", tlsKeyFile); LOG.debug("Certificate file: {}", tlsCertFile); LOG.debug("Aliases: {}", join(ks.aliases())); } final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password); return kmf.getKeyManagers(); }
public void initializeGateway() { Monitor monitor = loadMonitor(); ApiMain apiMain = new ApiMain(monitor); try (InputStream stream = ApiMain.class.getClassLoader().getResourceAsStream("demo-selfsigned-keystore.jks")) { if (stream == null) { throw new IllegalArgumentException("Demo keystore was not found"); } // initialise the keystore char[] password = "password".toCharArray(); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(stream, password); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keyStore, password); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); trustManagerFactory.init(keyStore); apiMain.initializeHttps(trustManagerFactory, keyManagerFactory, keyStore); apiMain.start(); } catch (Exception e) { errorCallback.accept(e); } }
for (Certificate certificate : certificates) { String certificateAlias = Integer.toString(index++); keyStore.setCertificateEntry(certificateAlias, certificate); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, password); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
/** * Creates an SSLSocketFactory for HTTPS. Pass a KeyStore resource with your * certificate and passphrase */ public static SSLServerSocketFactory makeSSLSocketFactory(String keyAndTrustStoreClasspathPath, char[] passphrase) throws IOException { try { KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream keystoreStream = NanoHTTPD.class.getResourceAsStream(keyAndTrustStoreClasspathPath); if (keystoreStream == null) { throw new IOException("Unable to load keystore from classpath: " + keyAndTrustStoreClasspathPath); } keystore.load(keystoreStream, passphrase); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keystore, passphrase); return makeSSLSocketFactory(keystore, keyManagerFactory); } catch (Exception e) { throw new IOException(e.getMessage()); } }
SSLContext ctx = sslContextProvider == null ? SSLContext.getInstance(PROTOCOL) : SSLContext.getInstance(PROTOCOL, sslContextProvider); ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers(), null);
public synchronized SSLContext sslContext() { if (sslContext == null || ConfigurationProperties.rebuildKeyStore()) { try { // key manager KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(loadOrCreateKeyStore(), ConfigurationProperties.javaKeyStorePassword().toCharArray()); // ssl context sslContext = getSSLContextInstance(); sslContext.init(keyManagerFactory.getKeyManagers(), InsecureTrustManagerFactory.INSTANCE.getTrustManagers(), null); } catch (Exception e) { throw new RuntimeException("Failed to initialize the SSLContext", e); } } return sslContext; }
private static KeyManager[] createKeyManagers() throws GeneralSecurityException, IOException { KeyStore ks = KeyStore.getInstance("JKS"); try (InputStream keyStoreStream = TestUtils.class.getClassLoader().getResourceAsStream("ssltest-cacerts.jks")) { char[] keyStorePassword = "changeit".toCharArray(); ks.load(keyStoreStream, keyStorePassword); } assert (ks.size() > 0); // Set up key manager factory to use our key store char[] certificatePassword = "changeit".toCharArray(); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, certificatePassword); // Initialize the SSLContext to work with our key managers. return kmf.getKeyManagers(); }