javax.net.ssl.CertPathTrustManagerParameters源码实例Demo

类javax.net.ssl.CertPathTrustManagerParameters源码实例Demo

下面列出了javax.net.ssl.CertPathTrustManagerParameters 类实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。

源代码1 项目: openjsse   文件: TrustManagerFactoryImpl.java
@Override
X509TrustManager getInstance(ManagerFactoryParameters spec)
        throws InvalidAlgorithmParameterException {
    if (spec instanceof CertPathTrustManagerParameters == false) {
        throw new InvalidAlgorithmParameterException
            ("Parameters must be CertPathTrustManagerParameters");
    }
    CertPathParameters params =
        ((CertPathTrustManagerParameters)spec).getParameters();
    if (params instanceof PKIXBuilderParameters == false) {
        throw new InvalidAlgorithmParameterException
            ("Encapsulated parameters must be PKIXBuilderParameters");
    }
    PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params;
    return new X509TrustManagerImpl(Validator.TYPE_PKIX, pkixParams);
}
 
源代码2 项目: ditto   文件: TrustManagerFactoryFactory.java
private TrustManagerFactory createTrustManagerFactory(@Nullable final String trustedCertificates)
        throws NoSuchAlgorithmException, CertificateException, KeyStoreException,
        InvalidAlgorithmParameterException {
    final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(PKIX);
    if (trustedCertificates != null) {
        final KeyStore keystore = keyStoreFactory.newKeystore();
        final Collection<? extends Certificate> caCerts;
        final byte[] caCertsPem = trustedCertificates.getBytes(StandardCharsets.US_ASCII);
        caCerts = X509_CERTIFICATE_FACTORY.generateCertificates(new ByteArrayInputStream(caCertsPem));
        long cnt = 0;
        for (final Certificate caCert : caCerts) {
            keystore.setCertificateEntry("ca-" + cnt++, caCert);
        }
        trustManagerFactory.init(keystore);
    } else {
        // standard CAs; add revocation check
        final PKIXRevocationChecker revocationChecker =
                (PKIXRevocationChecker) CertPathBuilder.getInstance(PKIX).getRevocationChecker();
        final PKIXBuilderParameters parameters =
                new PKIXBuilderParameters(DEFAULT_CA_KEYSTORE, new X509CertSelector());
        parameters.addCertPathChecker(revocationChecker);
        trustManagerFactory.init(new CertPathTrustManagerParameters(parameters));
    }
    return trustManagerFactory;
}
 
源代码3 项目: ssltest   文件: SSLUtils.java
/**
 * Gets an array of TrustManagers for the specified trust store
 * and optional CRL file.
 *
 * @param trustStoreFilename
 * @param trustStorePassword
 * @param trustStoreType
 * @param trustStoreProvider
 * @param trustStoreAlgorithm
 * @param maxCertificatePathLength
 * @param crlFilename
 *
 * @return An array of TrustManagers
 *
 * @throws IOException
 * @throws KeyStoreException
 * @throws NoSuchProviderException
 * @throws NoSuchAlgorithmException
 * @throws CertificateException
 * @throws InvalidAlgorithmParameterException
 * @throws CRLException
 */
protected static TrustManager[] getTrustManagers(String trustStoreFilename,
                                                 String trustStorePassword,
                                                 String trustStoreType,
                                                 String trustStoreProvider,
                                                 String trustStoreAlgorithm,
                                                 Integer maxCertificatePathLength,
                                                 String crlFilename)
    throws IOException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, InvalidAlgorithmParameterException, CRLException
{
    KeyStore trustStore = getStore(trustStoreFilename,
                                   trustStorePassword,
                                   trustStoreType,
                                   trustStoreProvider);

    if(null == trustStoreAlgorithm)
        trustStoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm();

    TrustManagerFactory tmf =
            TrustManagerFactory.getInstance(trustStoreAlgorithm);
    if (null == crlFilename)
    {
        tmf.init(trustStore);
    }
    else
    {
        CertPathParameters params =
            getParameters(trustStoreAlgorithm,
                          crlFilename,
                          maxCertificatePathLength,
                          trustStore);

        ManagerFactoryParameters mfp =
            new CertPathTrustManagerParameters(params);

        tmf.init(mfp);
    }

    return tmf.getTrustManagers();
}
 
源代码4 项目: qpid-broker-j   文件: AbstractTrustStore.java
protected TrustManager[] getTrustManagers(KeyStore ts)
{
    try
    {
        final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(new CertPathTrustManagerParameters(getParameters(ts)));
        return tmf.getTrustManagers();
    }
    catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e)
    {
        throw new IllegalConfigurationException("Cannot create trust manager factory for truststore '" +
                getName() + "' :" + e, e);
    }
}
 
源代码5 项目: activemq-artemis   文件: SSLSupport.java
private TrustManagerFactory loadTrustManagerFactory() throws Exception {
   if (trustManagerFactoryPlugin != null) {
      return AccessController.doPrivileged((PrivilegedAction<TrustManagerFactory>) () -> ((TrustManagerFactoryPlugin) ClassloadingUtil.newInstanceFromClassLoader(SSLSupport.class, trustManagerFactoryPlugin)).getTrustManagerFactory());
   } else if (trustAll) {
      //This is useful for testing but not should be used outside of that purpose
      return InsecureTrustManagerFactory.INSTANCE;
   } else if (truststorePath == null && (truststoreProvider == null || !"PKCS11".equals(truststoreProvider.toUpperCase()))) {
      return null;
   } else {
      TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      KeyStore trustStore = SSLSupport.loadKeystore(truststoreProvider, truststorePath, truststorePassword);
      boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable"));

      boolean initialized = false;
      if ((ocsp || crlPath != null) && TrustManagerFactory.getDefaultAlgorithm().equalsIgnoreCase("PKIX")) {
         PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
         if (crlPath != null) {
            pkixParams.setRevocationEnabled(true);
            Collection<? extends CRL> crlList = loadCRL();
            if (crlList != null) {
               pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
            }
         }
         trustMgrFactory.init(new CertPathTrustManagerParameters(pkixParams));
         initialized = true;
      }

      if (!initialized) {
         trustMgrFactory.init(trustStore);
      }
      return trustMgrFactory;
   }
}
 
源代码6 项目: cxf   文件: TLSParameterJaxBUtils.java
public static TrustManager[] getTrustManagers(TrustManagersType tmc, boolean enableRevocation)
    throws GeneralSecurityException,
           IOException {

    final KeyStore keyStore =
        tmc.isSetKeyStore()
            ? getKeyStore(tmc.getKeyStore(), true)
            : (tmc.isSetCertStore()
                ? getKeyStore(tmc.getCertStore())
                : null);

    String alg = tmc.isSetFactoryAlgorithm()
                 ? tmc.getFactoryAlgorithm()
                 : TrustManagerFactory.getDefaultAlgorithm();

    TrustManagerFactory fac =
                 tmc.isSetProvider()
                 ? TrustManagerFactory.getInstance(alg, tmc.getProvider())
                 : TrustManagerFactory.getInstance(alg);

    if (enableRevocation) {
        PKIXBuilderParameters param = new PKIXBuilderParameters(keyStore, new X509CertSelector());
        param.setRevocationEnabled(true);

        fac.init(new CertPathTrustManagerParameters(param));
    } else {
        fac.init(keyStore);
    }

    return fac.getTrustManagers();
}
 
源代码7 项目: cxf   文件: TrustManagerTest.java
@org.junit.Test
public void testOSCPOverride() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = TrustManagerTest.class.getResource("client-trust.xml");

    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);

    URL url = SOAPService.WSDL_LOCATION;
    SOAPService service = new SOAPService(url, SOAPService.SERVICE);
    assertNotNull("Service is null", service);
    final Greeter port = service.getHttpsPort();
    assertNotNull("Port is null", port);

    updateAddressPort(port, PORT2);

    // Enable Async
    if (async) {
        ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
    }

    // Read truststore
    KeyStore ts = KeyStore.getInstance("JKS");
    try (InputStream trustStore =
        ClassLoaderUtils.getResourceAsStream("keys/cxfca.jks", TrustManagerTest.class)) {
        ts.load(trustStore, "password".toCharArray());
    }

    try {
        Security.setProperty("ocsp.enable", "true");

        PKIXBuilderParameters param = new PKIXBuilderParameters(ts, new X509CertSelector());
        param.setRevocationEnabled(true);

        TrustManagerFactory tmf  =
            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(new CertPathTrustManagerParameters(param));

        TLSClientParameters tlsParams = new TLSClientParameters();
        tlsParams.setTrustManagers(tmf.getTrustManagers());
        tlsParams.setDisableCNCheck(true);

        Client client = ClientProxy.getClient(port);
        HTTPConduit http = (HTTPConduit) client.getConduit();
        http.setTlsClientParameters(tlsParams);

        try {
            port.greetMe("Kitty");
            fail("Failure expected on an invalid OCSP responder URL");
        } catch (Exception ex) {
            // expected
        }

    } finally {
        Security.setProperty("ocsp.enable", "false");
    }

    ((java.io.Closeable)port).close();
    bus.shutdown(true);
}