private static Registry<ConnectionSocketFactory> getSslFactoryRegistry(String certPath) throws IOException { try { KeyStore keyStore = KeyStoreUtil.createDockerKeyStore(certPath); SSLContext sslContext = SSLContexts.custom() .setProtocol(SSLConnectionSocketFactory.TLS) .loadKeyMaterial(keyStore, "docker".toCharArray()) .loadTrustMaterial(keyStore, null) .build(); String tlsVerify = System.getenv("DOCKER_TLS_VERIFY"); SSLConnectionSocketFactory sslsf = tlsVerify != null && !tlsVerify.equals("0") && !tlsVerify.equals("false") ? new SSLConnectionSocketFactory(sslContext) : new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); return RegistryBuilder.<ConnectionSocketFactory> create().register("https", sslsf).build(); } catch (GeneralSecurityException e) { // this isn't ideal but the net effect is the same throw new IOException(e); } } }
private SSLContext buildSslContext() throws SSLInitializationException { final SSLContext sslContext; try { final SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); sslContextBuilder.setProtocol(configuration.getProtocol()); final String configuredProvider = configuration.getProvider(); if (configuredProvider != null) { sslContextBuilder.setProvider(configuredProvider); } loadKeyMaterial(sslContextBuilder); loadTrustMaterial(sslContextBuilder); sslContext = sslContextBuilder.build(); } catch (Exception e) { throw new SSLInitializationException(e.getMessage(), e); } return sslContext; }
private SSLContext createSSLContext(final SSLContextService service) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException { SSLContextBuilder builder = SSLContexts.custom(); final String trustFilename = service.getTrustStoreFile(); if (trustFilename != null) { final KeyStore truststore = KeyStoreUtils.getTrustStore(service.getTrustStoreType()); try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) { truststore.load(in, service.getTrustStorePassword().toCharArray()); } builder = builder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy()); } final String keyFilename = service.getKeyStoreFile(); if (keyFilename != null) { final KeyStore keystore = KeyStoreUtils.getKeyStore(service.getKeyStoreType()); try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) { keystore.load(in, service.getKeyStorePassword().toCharArray()); } builder = builder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray()); final String alias = keystore.aliases().nextElement(); final Certificate cert = keystore.getCertificate(alias); if (cert instanceof X509Certificate) { principal = ((X509Certificate) cert).getSubjectDN(); } } builder = builder.setProtocol(service.getSslAlgorithm()); final SSLContext sslContext = builder.build(); return sslContext; }
public CloseableHttpClient build() throws Exception { HttpClientBuilder builder = HttpClients.custom(); builder.useSystemProperties(); builder .setDefaultSocketConfig(SocketConfig.custom() .setTcpNoDelay(true) .setSoKeepAlive(true) .build() ) .setKeepAliveStrategy(DefaultConnectionKeepAliveStrategy.INSTANCE); HostnameVerifier hostnameVerifier = sslVerificationMode.verifier(); TrustStrategy trustStrategy = sslVerificationMode.trustStrategy(); KeyStore trustStore = agentTruststore(); SSLContextBuilder sslContextBuilder = SSLContextBuilder.create() .setProtocol(systemEnvironment.get(SystemEnvironment.GO_SSL_TRANSPORT_PROTOCOL_TO_BE_USED_BY_AGENT)); if (trustStore != null || trustStrategy != null) { sslContextBuilder.loadTrustMaterial(trustStore, trustStrategy); } sslContextBuilder.loadKeyMaterial(agentKeystore(), keystorePassword().toCharArray()); SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build(), hostnameVerifier); builder.setSSLSocketFactory(sslConnectionSocketFactory); return builder.build(); }
private static SSLContext initialize(final Resource trustStoreFile, final String trustStorePassword, final String trustStoreType) throws Exception { val casTrustStore = KeyStore.getInstance(trustStoreType); val trustStorePasswordCharArray = trustStorePassword.toCharArray(); try (val casStream = trustStoreFile.getInputStream()) { casTrustStore.load(casStream, trustStorePasswordCharArray); } val defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); val customKeyManager = getKeyManager(ALG_NAME_PKIX, casTrustStore, trustStorePasswordCharArray); val jvmKeyManager = getKeyManager(defaultAlgorithm, null, null); val defaultTrustAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); val customTrustManager = getTrustManager(ALG_NAME_PKIX, casTrustStore); val jvmTrustManagers = getTrustManager(defaultTrustAlgorithm, null); final KeyManager[] keyManagers = { new CompositeX509KeyManager(CollectionUtils.wrapList(jvmKeyManager, customKeyManager)) }; val allManagers = new ArrayList<X509TrustManager>(customTrustManager); allManagers.addAll(jvmTrustManagers); val trustManagers = new TrustManager[]{new CompositeX509TrustManager(allManagers)}; val sslContext = SSLContexts.custom().setProtocol("SSL").build(); sslContext.init(keyManagers, trustManagers, null); return sslContext; }
private SSLContext createSSLContext(final SSLContextService service) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException { SSLContextBuilder builder = SSLContexts.custom(); final String trustFilename = service.getTrustStoreFile(); if (trustFilename != null) { final KeyStore truststore = KeyStoreUtils.getTrustStore(service.getTrustStoreType()); try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) { truststore.load(in, service.getTrustStorePassword().toCharArray()); } builder = builder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy()); } final String keyFilename = service.getKeyStoreFile(); if (keyFilename != null) { final KeyStore keystore = KeyStoreUtils.getKeyStore(service.getKeyStoreType()); try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) { keystore.load(in, service.getKeyStorePassword().toCharArray()); } builder = builder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray()); final String alias = keystore.aliases().nextElement(); final Certificate cert = keystore.getCertificate(alias); if (cert instanceof X509Certificate) { principal = ((X509Certificate) cert).getSubjectDN(); } } builder = builder.setProtocol(service.getSslAlgorithm()); final SSLContext sslContext = builder.build(); return sslContext; }
private RegistryBuilder<ConnectionSocketFactory> setConnectionManagerSchemeHttps( final RegistryBuilder<ConnectionSocketFactory> socketFactoryRegistryBuilder) { try { SSLContextBuilder sslContextBuilder = SSLContextBuilder.create(); sslContextBuilder.setProtocol(sslProtocol); final KeyStore sslTrustStore = getSSLTrustStore(); if (sslTrustStore != null) { LOG.debug("Set the SSL trust store as trust materials"); sslContextBuilder.loadTrustMaterial(sslTrustStore, getTrustStrategy()); } final KeyStore sslKeystore = getSSLKeyStore(); if (sslKeystore != null) { LOG.debug("Set the SSL keystore as key materials"); final char[] password = sslKeystorePassword != null ? sslKeystorePassword.toCharArray() : null; sslContextBuilder.loadKeyMaterial(sslKeystore, password); if (loadKeyStoreAsTrustMaterial) { LOG.debug("Set the SSL keystore as trust materials"); sslContextBuilder.loadTrustMaterial(sslKeystore, getTrustStrategy()); } } SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build(), getSupportedSSLProtocols(), getSupportedSSLCipherSuites(), getHostnameVerifier()); return socketFactoryRegistryBuilder.register("https", sslConnectionSocketFactory); } catch (final Exception e) { throw new DSSException("Unable to configure the SSLContext/SSLConnectionSocketFactory", e); } }
if ("https".equals(host.getSchemeName())) { final SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); sslContextBuilder.setProtocol("SSL"); if (config.isDisableSSLVerification()) { sslContextBuilder.loadTrustMaterial(null, new TrustStrategy() {
try { SSLContextBuilder builder = SSLContexts.custom() .setProtocol(algorithm); // will default to TLS if null if (trustStore == null && config.isSslTrustAll()) { builder = builder.loadTrustMaterial(new TrustAllStrategy());