private static String getAlgorithm() { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { return DEFAULT_ALGORITHM; } return algorithm; }
/** * Returns the default key manager factory algorithm name. * <p> * The default algorithm name is specified by the security property: * {@code 'ssl.KeyManagerFactory.algorithm'}. * * @return the default algorithm name. */ public static final String getDefaultAlgorithm() { String algorithm = Security.getProperty(PROPERTY_NAME); return (algorithm != null ? algorithm : DEFAULT_PROPERTY); }
/** * Returns the default algorithm name for the {@code TrustManagerFactory}. The * default algorithm name is specified by the security property * {@code 'ssl.TrustManagerFactory.algorithm'}. * * @return the default algorithm name. */ public static final String getDefaultAlgorithm() { String algorithm = Security.getProperty(PROPERTY_NAME); return (algorithm != null ? algorithm : DEFAULT_PROPERTY); }
/** * Returns the security property {@value #LEGACY_ALGORITHMS_SECURITY_KEY}. * Ignores security exceptions. * * @return the value of the security property, or null if not set * or not accessible */ public static String getLegacyAlgorithmsSilently() { String defaultLegacyAlgorithms = null; try { defaultLegacyAlgorithms = Security.getProperty(LEGACY_ALGORITHMS_SECURITY_KEY); } catch (SecurityException e) { // ignore } return defaultLegacyAlgorithms; }
/** * Returns the default {@code CertPathValidator} type from the <i>Security * Properties</i>. * * @return the default {@code CertPathValidator} type from the <i>Security * Properties</i>, or the string {@code "PKIX"} if it cannot be * determined. */ public static final String getDefaultType() { String defaultType = Security.getProperty(PROPERTY_NAME); return (defaultType != null ? defaultType : DEFAULT_PROPERTY); } }
/** * Returns the default {@code CertStore} type from the <i>Security * Properties</i>. * * @return the default {@code CertStore} type from the <i>Security * Properties</i>, or the string {@code "LDAP"} if it cannot be * determined. */ public static final String getDefaultType() { String defaultType = Security.getProperty(PROPERTY_NAME); return (defaultType == null ? DEFAULT_PROPERTY : defaultType); } }
/** * Returns the default {@code CertPathBuilder} type from the <i>Security * Properties</i>. * * @return the default {@code CertPathBuilder} type from the <i>Security * Properties</i>, or the string "{@code PKIX}" if it cannot be * determined. */ public static final String getDefaultType() { String defaultType = Security.getProperty(PROPERTY_NAME); return (defaultType != null ? defaultType : DEFAULT_PROPERTY); } }
/** * Returns the default type for {@code KeyStore} instances. * * <p>The default is specified in the {@code 'keystore.type'} property in the * file named {@code java.security} properties file. If this property * is not set, {@code "jks"} will be used. * * @return the default type for {@code KeyStore} instances */ public static final String getDefaultType() { String dt = Security.getProperty(PROPERTY_NAME); return (dt == null ? DEFAULT_KEYSTORE_TYPE : dt); }
/** * Build a {@link KeyManagerFactory} based upon a key file, key file password, and a certificate chain. * @param certChainFile a X.509 certificate chain file in PEM format * @param keyFile a PKCS#8 private key file in PEM format * @param keyPassword the password of the {@code keyFile}. * {@code null} if it's not password-protected. * @param kmf The existing {@link KeyManagerFactory} that will be used if not {@code null} * @return A {@link KeyManagerFactory} based upon a key file, key file password, and a certificate chain. * @deprecated will be removed. */ @Deprecated protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; } return buildKeyManagerFactory(certChainFile, algorithm, keyFile, keyPassword, kmf); }
private String getAlgorithm() { String algorithm = Security.getProperty( "ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; } return algorithm; }
/** * Returns the system's scope. * * @return the system's scope. */ public static IdentityScope getSystemScope() { /* * Test shows that the implementation class name is read from security property * "system.scope", and the class is only loaded from boot classpath. No default * implementation as fallback, i.e., return null if fails to init an instance. */ if (systemScope == null) { String className = Security.getProperty("system.scope"); if(className != null){ try { systemScope = (IdentityScope) Class.forName(className).newInstance(); } catch (Exception e) { e.printStackTrace(); } } } return systemScope; }
/** * Build a {@link KeyManagerFactory} based upon a key file, key file password, and a certificate chain. * @param certChainFile a X.509 certificate chain file in PEM format * @param keyFile a PKCS#8 private key file in PEM format * @param keyPassword the password of the {@code keyFile}. * {@code null} if it's not password-protected. * @param kmf The existing {@link KeyManagerFactory} that will be used if not {@code null} * @return A {@link KeyManagerFactory} based upon a key file, key file password, and a certificate chain. * @deprecated will be removed. */ @Deprecated protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; } return buildKeyManagerFactory(certChainFile, algorithm, keyFile, keyPassword, kmf); }
private static KeyManagerFactory buildKmf(KeyConfig privateKeyConfig) throws IOException, GeneralSecurityException { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; } byte[] passwordBytes = new byte[64]; RANDOM.nextBytes(passwordBytes); char[] password = Base64.getEncoder().encodeToString(passwordBytes).toCharArray(); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, null); ks.setKeyEntry("key", privateKeyConfig.privateKey().orElseThrow(() -> new RuntimeException("Private key not available")), password, privateKeyConfig.certChain().toArray(new Certificate[0])); KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ks, password); return kmf; }
/** * Build a {@link KeyManagerFactory} based upon a key file, key file password, and a certificate * chain. * * @param certChainFile a X.509 certificate chain file in PEM format * @param keyFile a PKCS#8 private key file in PEM format * @param keyPassword the password of the {@code keyFile}. * {@code null} if it's not password-protected. * @param kmf The existing {@link KeyManagerFactory} that will be used if not {@code null} * @return A {@link KeyManagerFactory} based upon a key file, key file password, and a certificate * chain. */ protected static KeyManagerFactory buildKeyManagerFactory(final File certChainFile, final File keyFile, final String keyPassword) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; } return buildKeyManagerFactory(certChainFile, algorithm, keyFile, keyPassword); }
/** * Loops through the login.config.url.1,login.config.url.2 properties looking for the * login configuration. If it is not set, it will be set to the last available * login.config.url.X property. * */ private void configureJaasUsingLoop() throws IOException { String loginConfigUrl = convertLoginConfigToUrl(); boolean alreadySet = false; int n = 1; final String prefix = "login.config.url."; String existing; while ((existing = Security.getProperty(prefix + n)) != null) { alreadySet = existing.equals(loginConfigUrl); if (alreadySet) { break; } n++; } if (!alreadySet) { String key = prefix + n; log.debug("Setting security property [" + key + "] to: " + loginConfigUrl); Security.setProperty(key, loginConfigUrl); } }
/** * Register the provider for this TransformService * * @see javax.xml.crypto.dsig.TransformService */ public static synchronized void registerDsigProvider() { // the xml signature classes will try to find a special TransformerService, // which is ofcourse unknown to JCE before ... final String dsigProvider = "POIXmlDsigProvider"; if (Security.getProperty(dsigProvider) == null) { Provider p = new Provider(dsigProvider, 1.0, dsigProvider){ static final long serialVersionUID = 1L; }; p.put("TransformService." + TRANSFORM_URI, RelationshipTransformService.class.getName()); p.put("TransformService." + TRANSFORM_URI + " MechanismType", "DOM"); Security.addProvider(p); } }
static char[] getPasswordFromCallBack(KeyStore.ProtectionParameter protParam) throws UnrecoverableEntryException { if (protParam == null) { return null; } if (!(protParam instanceof KeyStore.CallbackHandlerProtection)) { throw new UnrecoverableEntryException("Incorrect ProtectionParameter"); } String clName = Security.getProperty("auth.login.defaultCallbackHandler"); if (clName == null) { throw new UnrecoverableEntryException("Default CallbackHandler was not defined"); } try { Class<?> cl = Class.forName(clName); CallbackHandler cbHand = (CallbackHandler) cl.newInstance(); PasswordCallback[] pwCb = { new PasswordCallback("password: ", true) }; cbHand.handle(pwCb); return pwCb[0].getPassword(); } catch (Exception e) { throw new UnrecoverableEntryException(e.toString()); } } }
@Test(timeout = 5000) public void testCRLDisabled() throws Exception { x509Util.getDefaultSSLContext(); Assert.assertFalse(Boolean.valueOf(System.getProperty("com.sun.net.ssl.checkRevocation"))); Assert.assertFalse(Boolean.valueOf(System.getProperty("com.sun.security.enableCRLDP"))); Assert.assertFalse(Boolean.valueOf(Security.getProperty("ocsp.enable"))); }
@Test(timeout = 5000) public void testCRLEnabled() throws Exception { System.setProperty(x509Util.getSslCrlEnabledProperty(), "true"); x509Util.getDefaultSSLContext(); Assert.assertTrue(Boolean.valueOf(System.getProperty("com.sun.net.ssl.checkRevocation"))); Assert.assertTrue(Boolean.valueOf(System.getProperty("com.sun.security.enableCRLDP"))); Assert.assertFalse(Boolean.valueOf(Security.getProperty("ocsp.enable"))); }
@Test(timeout = 5000) public void testOCSPEnabled() throws Exception { System.setProperty(x509Util.getSslOcspEnabledProperty(), "true"); x509Util.getDefaultSSLContext(); Assert.assertTrue(Boolean.valueOf(System.getProperty("com.sun.net.ssl.checkRevocation"))); Assert.assertTrue(Boolean.valueOf(System.getProperty("com.sun.security.enableCRLDP"))); Assert.assertTrue(Boolean.valueOf(Security.getProperty("ocsp.enable"))); }