public static SSLContext createContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final boolean trustAll) throws Exception { return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null); }
private static KeyManager[] loadKeyManagers(final String keyStoreProvider, final String keystorePath, final String keystorePassword) throws Exception { KeyManagerFactory factory = loadKeyManagerFactory(keyStoreProvider, keystorePath, keystorePassword); if (factory == null) { return null; } return factory.getKeyManagers(); }
private static TrustManager[] loadTrustManager(final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final boolean trustAll, final String crlPath) throws Exception { TrustManagerFactory trustManagerFactory = loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, crlPath); if (trustManagerFactory == null) { return null; } return trustManagerFactory.getTrustManagers(); }
public static SslContext createNettyContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final String sslProvider) throws Exception { KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keystorePassword.toCharArray()); return SslContextBuilder.forServer(keyManagerFactory).sslProvider(SslProvider.valueOf(sslProvider)).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, false, null)).build(); }
engine.setEnabledCipherSuites(SSLSupport.parseCommaSeparatedListIntoArray(enabledCipherSuites)); } catch (IllegalArgumentException e) { ActiveMQClientLogger.LOGGER.invalidCipherSuite(SSLSupport.parseArrayIntoCommandSeparatedList(engine.getSupportedCipherSuites())); throw e; engine.setEnabledProtocols(SSLSupport.parseCommaSeparatedListIntoArray(enabledProtocols)); } catch (IllegalArgumentException e) { ActiveMQClientLogger.LOGGER.invalidProtocol(SSLSupport.parseArrayIntoCommandSeparatedList(engine.getSupportedProtocols())); throw e;
public static SSLContext createContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final boolean trustAll, final String crlPath) throws Exception { SSLContext context = SSLContext.getInstance("TLS"); KeyManager[] keyManagers = SSLSupport.loadKeyManagers(keystoreProvider, keystorePath, keystorePassword); TrustManager[] trustManagers = SSLSupport.loadTrustManager(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, crlPath); context.init(keyManagers, trustManagers, new SecureRandom()); return context; }
} else { TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore trustStore = SSLSupport.loadKeystore(trustStoreProvider, trustStorePath, trustStorePassword); boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable")); if (crlPath != null) { pkixParams.setRevocationEnabled(true); Collection<? extends CRL> crlList = loadCRL(crlPath); if (crlList != null) { pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
private static Collection<? extends CRL> loadCRL(String crlPath) throws Exception { if (crlPath == null) { return null; } URL resource = SSLSupport.validateStoreURL(crlPath); try (InputStream is = resource.openStream()) { return CertificateFactory.getInstance("X.509").generateCRLs(is); } }
private static KeyManagerFactory loadKeyManagerFactory(final String keyStoreProvider, final String keystorePath, final String keystorePassword) throws Exception { if (keystorePath == null && (keyStoreProvider == null || !"PKCS11".equals(keyStoreProvider.toUpperCase()))) { return null; } else { KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks = SSLSupport.loadKeystore(keyStoreProvider, keystorePath, keystorePassword); kmf.init(ks, keystorePassword == null ? null : keystorePassword.toCharArray()); return kmf; } }
private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc, String realKeyStoreProvider, String realKeyStorePath, String realKeyStorePassword, String realTrustStoreProvider, String realTrustStorePath, String realTrustStorePassword) throws Exception { SslContext context = SSLSupport.createNettyClientContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, sslProvider, trustAll); Subject subject = null; if (kerb5Config != null) { LoginContext loginContext = new LoginContext(kerb5Config); loginContext.login(); subject = loginContext.getSubject(); verifyHost = true; } SSLEngine engine = Subject.doAs(subject, new PrivilegedExceptionAction<SSLEngine>() { @Override public SSLEngine run() { if (verifyHost) { return context.newEngine(alloc, sniHost != null ? sniHost : host, port); } else { return context.newEngine(alloc); } } }); return engine; }
private static URL validateStoreURL(final String storePath) throws Exception { assert storePath != null; // First see if this is a URL try { return new URL(storePath); } catch (MalformedURLException e) { File file = new File(storePath); if (file.exists() == true && file.isFile()) { return file.toURI().toURL(); } else { URL url = findResource(storePath); if (url != null) { return url; } } } throw new Exception("Failed to find a store at " + storePath); }
public static SSLContext createContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final String crlPath) throws Exception { return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, false, crlPath); }
public static SslContext createNettyClientContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final String sslProvider, final boolean trustAll ) throws Exception { KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keystorePassword == null ? null : keystorePassword.toCharArray()); return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null)).build(); }
private static KeyStore loadKeystore(final String keystoreProvider, final String keystorePath, final String keystorePassword) throws Exception { KeyStore ks = KeyStore.getInstance(keystoreProvider); InputStream in = null; try { if (keystorePath != null) { URL keystoreURL = SSLSupport.validateStoreURL(keystorePath); in = keystoreURL.openStream(); } ks.load(in, keystorePassword == null ? null : keystorePassword.toCharArray()); } finally { if (in != null) { try { in.close(); } catch (IOException ignored) { } } } return ks; }
context = SSLContext.getDefault(); } else { context = SSLSupport.createContext(realKeyStoreProvider, realKeyStorePath, realKeyStorePassword, realTrustStoreProvider, realTrustStorePath, realTrustStorePassword, trustAll, crlPath);
public static SSLContext createContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final boolean trustAll) throws Exception { return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null); }
public static SSLContext createContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final String crlPath) throws Exception { return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, false, crlPath); }
public static SSLContext createContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final boolean trustAll) throws Exception { return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null); }
public static SSLContext createContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final String crlPath) throws Exception { return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, false, crlPath); }
public static SSLContext createContext(final String keystoreProvider, final String keystorePath, final String keystorePassword, final String trustStoreProvider, final String trustStorePath, final String trustStorePassword, final boolean trustAll) throws Exception { return SSLSupport.createContext(keystoreProvider, keystorePath, keystorePassword, trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null); }