private KeyStore newEmptyKeyStore(char[] password) throws GeneralSecurityException { try { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream in = null; // By convention, 'null' creates an empty key store. keyStore.load(in, password); return keyStore; } catch (IOException e) { throw new AssertionError(e); } }
private static SSLContext sslContext(String keystoreFile, String password) throws GeneralSecurityException, IOException { KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); try (InputStream in = new FileInputStream(keystoreFile)) { keystore.load(in, password.toCharArray()); } KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keystore, password.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keystore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init( keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom()); return sslContext; } }
protected org.apache.http.conn.ssl.SSLSocketFactory createAdditionalCertsSSLSocketFactory() { try { final KeyStore ks = KeyStore.getInstance("BKS"); // the bks file we generated above final InputStream in = context.getResources().openRawResource( R.raw.mystore); try { // don't forget to put the password used above in strings.xml/mystore_password ks.load(in, context.getString( R.string.mystore_password ).toCharArray()); } finally { in.close(); } return new AdditionalKeyStoresSSLSocketFactory(ks); } catch( Exception e ) { throw new RuntimeException(e); } }
private static KeyStore loadKeyStore(String type, File path, String password, @Nullable String provider) throws Exception { KeyStore keyStore; if (provider == null) { keyStore = KeyStore.getInstance(type); } else { try { keyStore = KeyStore.getInstance(type, provider); } catch (KeyStoreException ignore) { log.warn("Keystore of type: {} is not supported for provider: {}. Trying out other providers...", type, provider); keyStore = KeyStore.getInstance(type); } } try (InputStream inputStream = new FileInputStream(path)) { keyStore.load(inputStream, password.toCharArray()); } return keyStore; } }
KeyStore readKeyStore() { KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); // get user password and file input stream char[] password = getPassword(); java.io.FileInputStream fis = null; try { fis = new java.io.FileInputStream("keyStoreName"); ks.load(fis, password); } finally { if (fis != null) { fis.close(); } } return ks; }
private SSLSocketFactory getSocketFactory() throws GeneralSecurityException, IOException { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); KeyStore keyStore = KeyStore.getInstance("PKCS12"); InputStream keyInput = new FileInputStream(pathToPkcs12File); keyStore.load(keyInput, password.toCharArray()); keyInput.close(); keyManagerFactory.init(keyStore, password.toCharArray()); SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom()); return context.getSocketFactory(); }
private SSLServerSocket getSSLSocket() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException{ KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(mContext.getAssets().open(KEYSTORE_FILE), KEYSTORE_PASS.toCharArray()); KeyManagerFactory keyMan = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyMan.init(keyStore, KEYSTORE_PASS.toCharArray()); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyMan.getKeyManagers(), null, null); SSLServerSocketFactory sslFactory = sslContext.getServerSocketFactory(); return (SSLServerSocket) sslFactory.createServerSocket(mPort, BACKLOG, mAddress); }
static TrustManagerFactory buildTrustManagerFactory( X509Certificate[] certCollection, TrustManagerFactory trustManagerFactory) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException { final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); int i = 1; for (X509Certificate cert: certCollection) { String alias = Integer.toString(i); ks.setCertificateEntry(alias, cert); i++; } // Set up trust manager factory to use our key store. if (trustManagerFactory == null) { trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); } trustManagerFactory.init(ks); return trustManagerFactory; }
KeyStore ks = KeyStore.getInstance("JKS"); InputStream ksIs = new FileInputStream("..."); try { ks.load(ksIs, "password".toCharArray()); } finally { if (ksIs != null) { ksIs.close(); } } KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory .getDefaultAlgorithm()); kmf.init(ks, "keypassword".toCharArray());
private static KeyStore loadTrustStore(File trustStorePath, Optional<String> trustStorePassword) throws IOException, GeneralSecurityException { KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { // attempt to read the trust store as a PEM file List<X509Certificate> certificateChain = PemReader.readCertificateChain(trustStorePath); if (!certificateChain.isEmpty()) { trustStore.load(null, null); for (X509Certificate certificate : certificateChain) { X500Principal principal = certificate.getSubjectX500Principal(); trustStore.setCertificateEntry(principal.getName(), certificate); } return trustStore; } } catch (IOException | GeneralSecurityException ignored) { } try (InputStream in = new FileInputStream(trustStorePath)) { trustStore.load(in, trustStorePassword.map(String::toCharArray).orElse(null)); } return trustStore; }
private Optional<SSLContext> getSslContext() { if (sslEnabled) { try { KeyStore ks = KeyStore.getInstance(keystoreType); ks.load(new FileInputStream(keystore), keystorePassword.toCharArray()); // can be set with "ssl.KeyManagerFactory.algorithm" String algorithm = KeyManagerFactory.getDefaultAlgorithm(); // Set up key manager factory to use our key store KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ks, keystorePassword.toCharArray()); SSLContext serverContext = SSLContext.getInstance("TLS"); serverContext.init(kmf.getKeyManagers(), null, null); return Optional.of(serverContext); } catch (Exception e) { throw new Error("Failed to initialize the server-side SSLContext", e); } } else { return Optional.empty(); } }
private static KeyStore newEmptyKeyStore(String keyStoreType) throws GeneralSecurityException { if (keyStoreType == null) { keyStoreType = KeyStore.getDefaultType(); } try { KeyStore keyStore = KeyStore.getInstance(keyStoreType); InputStream in = null; // By convention, 'null' creates an empty key store. keyStore.load(in, password); return keyStore; } catch (IOException e) { throw new AssertionError(e); } } }
keyStore = KeyStore.getInstance("JKS"); char[] password = "password".toCharArray(); try { keyStore.load(null, password); } catch (IOException e) { throw new IllegalStateException("Specification says this should not happen as we are not doing I/O", e); sslContext = SSLContext.getInstance("TLS"); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("Java runtime specification requires support for TLS algorithm", e);
public static KeyStore loadTrustStore(File certificateChainFile) throws IOException, GeneralSecurityException { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); List<X509Certificate> certificateChain = readCertificateChain(certificateChainFile); for (X509Certificate certificate : certificateChain) { X500Principal principal = certificate.getSubjectX500Principal(); keyStore.setCertificateEntry(principal.getName("RFC2253"), certificate); } return keyStore; }
InputStream is = new FileInputStream("cacert.crt"); // You could get a resource as a stream instead. CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate caCert = (X509Certificate)cf.generateCertificate(is); TrustManagerFactory tmf = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null); // You don't need the KeyStore instance to come from a file. ks.setCertificateEntry("caCert", caCert); tmf.init(ks); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, tmf.getTrustManagers(), null);
private static KeyManager[] initKeyManagers(String keystore, char[] keystorePassword, char[] keyManagerPassword) throws Exception { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream(keystore), keystorePassword); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keyStore, keyManagerPassword); return keyManagerFactory.getKeyManagers(); }
private static KeyStore loadTrustStore(File trustStorePath, Optional<String> trustStorePassword) throws IOException, GeneralSecurityException { KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { // attempt to read the trust store as a PEM file List<X509Certificate> certificateChain = PemReader.readCertificateChain(trustStorePath); if (!certificateChain.isEmpty()) { trustStore.load(null, null); for (X509Certificate certificate : certificateChain) { X500Principal principal = certificate.getSubjectX500Principal(); trustStore.setCertificateEntry(principal.getName(), certificate); } return trustStore; } } catch (IOException | GeneralSecurityException ignored) { } try (InputStream in = new FileInputStream(trustStorePath)) { trustStore.load(in, trustStorePassword.map(String::toCharArray).orElse(null)); } return trustStore; }
/** * Creates an SSL context from test key store with disabled trust manager. * * @return Initialized context. * @throws GeneralSecurityException In case if context could not be initialized. * @throws IOException If keystore cannot be accessed. */ public static SSLContext sslContext() throws GeneralSecurityException, IOException { SSLContext ctx = SSLContext.getInstance("TLS"); char[] storePass = keyStorePassword().toCharArray(); KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance("SunX509"); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream(U.resolveIgnitePath(GridTestProperties.getProperty("ssl.keystore.path"))), storePass); keyMgrFactory.init(keyStore, storePass); ctx.init(keyMgrFactory.getKeyManagers(), new TrustManager[]{GridSslBasicContextFactory.getDisabledTrustManager()}, null); return ctx; }
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(trustStore, trustStorePassword); trustStore.close();
private static HttpsServer addSSLContext(HttpsServer server) { log("Adding SSL context to server; key=" + StanfordCoreNLPServer.key); try (InputStream is = IOUtils.getInputStreamFromURLOrClasspathOrFileSystem(key)) { KeyStore ks = KeyStore.getInstance("JKS"); if (StanfordCoreNLPServer.key != null && IOUtils.existsInClasspathOrFileSystem(StanfordCoreNLPServer.key)) { ks.load(is, "corenlp".toCharArray()); } else { throw new IllegalArgumentException("Could not find SSL keystore at " + StanfordCoreNLPServer.key); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(kmf.getKeyManagers(), null, null);