下面列出了怎么用javax.net.ssl.X509ExtendedKeyManager的API类实例代码及写法,或者点击链接到github查看源代码。
protected static KeyManager[] getUser1KeyManagers() throws Exception {
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
kmf.init(getKeyStore(CLIENT_JKS), JKS_PASS.toCharArray());
KeyManager[] managers = kmf.getKeyManagers();
KeyManager manager;
for (int i=0; i < managers.length; i++) {
manager = managers[i];
if (manager instanceof X509ExtendedKeyManager) {
managers[i] = new TrackingExtendedKeyManager((X509ExtendedKeyManager)manager);
} else if (manager instanceof X509KeyManager) {
managers[i] = new TrackingKeyManager((X509KeyManager)manager);
}
}
return managers;
}
@Test
public void testCancelledPasswordOnSetCertificate() throws Exception {
assertNull(ApplicationKeyManagerFactory.getKeyStore());
ApplicationKeyManagerFactory instance = ApplicationKeyManagerFactory.getInstance();
KeyManager[] keyManagers = instance.getKeyManagers();
assertEquals(1, keyManagers.length);
assertTrue("", keyManagers[0] instanceof X509ExtendedKeyManager);
X509ExtendedKeyManager keyManager = (X509ExtendedKeyManager) keyManagers[0];
// verify that no certs are installed
assertNull(keyManager.getCertificateChain(ALIAS));
assertNull(keyManager.getClientAliases("RSA", null));
passwordProvider.cancelNextEntry();
ApplicationKeyManagerFactory.setKeyStore(keystoreFile.getAbsolutePath(), false);
// verify that no certs are installed
assertEquals(null, ApplicationKeyManagerFactory.getKeyStore());
assertNull(keyManager.getCertificateChain(ALIAS));
assertNull(keyManager.getClientAliases("RSA", null));
}
private static KeyManager[] getAliasedKeyManagers(KeyManager[] managers, String alias) {
///CLOVER:OFF
if (managers != null) {
///CLOVER:ON
if (alias != null) {
for (int idx = 0; idx < managers.length; idx++) {
///CLOVER:OFF
if (managers[idx] instanceof X509ExtendedKeyManager) {
managers[idx] = new ClientAliasedX509ExtendedKeyManager((X509ExtendedKeyManager) managers[idx], alias);
}
///CLOVER:ON
}
}
}
return managers;
}
private static X509ExtendedKeyManager getX509KeyManager(KeyManager keyManager) throws StartException {
if (keyManager == null) {
return null;
}
if (keyManager instanceof X509ExtendedKeyManager) {
X509ExtendedKeyManager x509KeyManager = (X509ExtendedKeyManager) keyManager;
if (x509KeyManager instanceof DelegatingKeyManager && IS_FIPS.getAsBoolean()) {
ROOT_LOGGER.trace("FIPS enabled on JVM, unwrapping KeyManager");
// If FIPS is enabled unwrap the KeyManager
x509KeyManager = ((DelegatingKeyManager) x509KeyManager).delegating.get();
}
return x509KeyManager;
}
throw ROOT_LOGGER.invalidTypeInjected(X509ExtendedKeyManager.class.getSimpleName());
}
CustomAliasKeyManagerFactory(KeyManagerFactory delegate, String alias) {
super(new KeyManagerFactorySpi() {
@Override
protected void engineInit(KeyStore ks, char[] password)
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
delegate.init(ks, password);
}
@Override
protected void engineInit(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException {
delegate.init(spec);
}
@Override
protected KeyManager[] engineGetKeyManagers() {
final KeyManager[] keyManagers = delegate.getKeyManagers().clone();
for (int i = 0; i < keyManagers.length; i++) {
if (keyManagers[i] instanceof X509ExtendedKeyManager) {
final X509ExtendedKeyManager keyManager = (X509ExtendedKeyManager) keyManagers[i];
keyManagers[i] = new CustomAliasX509ExtendedKeyManager(keyManager, alias);
}
}
return keyManagers;
}
}, delegate.getProvider(), delegate.getAlgorithm());
}
@Test
public void testGetServerAliasesReturnsGivenAliasOnly() {
String wrapperAlias = "wrapperAlias";
String[] delegateAliases = new String[] { "a", "b", wrapperAlias};
X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
when(mock.getServerAliases(any(String.class), any(Principal[].class))).thenReturn(delegateAliases);
X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
assertArrayEquals("Expected array containing only the wrapper alias", new String[] { wrapperAlias }, wrapper.getServerAliases("", new Principal[0]));
}
private X509ExtendedKeyManager chooseKeyManager(KeyManager[] kms)
throws KeyManagementException {
for (int i = 0; kms != null && i < kms.length; i++) {
KeyManager km = kms[i];
if (!(km instanceof X509KeyManager)) {
continue;
}
if (OpenJSSE.isFIPS()) {
// In FIPS mode, require that one of OpenJSSE's own keymanagers
// is used. Otherwise, we cannot be sure that only keys from
// the FIPS token are used.
if ((km instanceof X509KeyManagerImpl)
|| (km instanceof SunX509KeyManagerImpl)) {
return (X509ExtendedKeyManager)km;
} else {
// throw exception, we don't want to silently use the
// dummy keymanager without telling the user.
throw new KeyManagementException
("FIPS mode: only OpenJSSE KeyManagers may be used");
}
}
if (km instanceof X509ExtendedKeyManager) {
return (X509ExtendedKeyManager)km;
}
if (SSLLogger.isOn && SSLLogger.isOn("ssl,sslctx")) {
SSLLogger.warning(
"X509KeyManager passed to SSLContext.init(): need an " +
"X509ExtendedKeyManager for SSLEngine use");
}
return new AbstractKeyManagerWrapper((X509KeyManager)km);
}
// nothing found, return a dummy X509ExtendedKeyManager
return DummyX509KeyManager.INSTANCE;
}
private CipherTestUtils()
throws IOException, FileNotFoundException, KeyStoreException,
NoSuchAlgorithmException, CertificateException,
UnrecoverableKeyException, InvalidKeySpecException {
factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
SERVER_PRIVATE_KEY);
KeyStore serverTrustStore = createServerKeyStore(CA_PUBLIC_KEY,
CA_PRIVATE_KEY);
if (serverKeyStore != null) {
KeyManagerFactory keyFactory1
= KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory1.init(serverKeyStore, PASSWORD);
serverKeyManager = (X509ExtendedKeyManager) keyFactory1.
getKeyManagers()[0];
} else {
serverKeyManager = null;
}
serverTrustManager = serverTrustStore != null
? new AlwaysTrustManager(serverTrustStore) : null;
KeyStore clientKeyStore, clientTrustStore;
clientTrustStore = serverTrustStore;
clientKeyStore =
createServerKeyStore(CLIENT_PUBLIC_KEY,CLIENT_PRIVATE_KEY);
if (clientKeyStore != null) {
KeyManagerFactory keyFactory
= KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(clientKeyStore, PASSWORD);
clientKeyManager = (X509ExtendedKeyManager) keyFactory.
getKeyManagers()[0];
} else {
clientKeyManager = null;
}
clientTrustManager = (clientTrustStore != null)
? new AlwaysTrustManager(clientTrustStore) : null;
}
private CipherTestUtils()
throws IOException, FileNotFoundException, KeyStoreException,
NoSuchAlgorithmException, CertificateException,
UnrecoverableKeyException, InvalidKeySpecException {
factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
SERVER_PRIVATE_KEY);
KeyStore serverTrustStore = createServerKeyStore(CA_PUBLIC_KEY,
CA_PRIVATE_KEY);
if (serverKeyStore != null) {
KeyManagerFactory keyFactory1
= KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory1.init(serverKeyStore, PASSWORD);
serverKeyManager = (X509ExtendedKeyManager) keyFactory1.
getKeyManagers()[0];
} else {
serverKeyManager = null;
}
serverTrustManager = serverTrustStore != null
? new AlwaysTrustManager(serverTrustStore) : null;
KeyStore clientKeyStore, clientTrustStore;
clientTrustStore = serverTrustStore;
clientKeyStore =
createServerKeyStore(CLIENT_PUBLIC_KEY,CLIENT_PRIVATE_KEY);
if (clientKeyStore != null) {
KeyManagerFactory keyFactory
= KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(clientKeyStore, PASSWORD);
clientKeyManager = (X509ExtendedKeyManager) keyFactory.
getKeyManagers()[0];
} else {
clientKeyManager = null;
}
clientTrustManager = (clientTrustStore != null)
? new AlwaysTrustManager(clientTrustStore) : null;
}
public MyX509ExtendedKeyManager(
X509ExtendedKeyManager akm, String expectedAP, boolean doCheck) {
this.akm = akm;
this.expectedAP = expectedAP;
this.doCheck = doCheck;
}
private CipherTestUtils()
throws IOException, FileNotFoundException, KeyStoreException,
NoSuchAlgorithmException, CertificateException,
UnrecoverableKeyException, InvalidKeySpecException {
factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
SERVER_PRIVATE_KEY);
KeyStore serverTrustStore = createServerKeyStore(CA_PUBLIC_KEY,
CA_PRIVATE_KEY);
if (serverKeyStore != null) {
KeyManagerFactory keyFactory1
= KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory1.init(serverKeyStore, PASSWORD);
serverKeyManager = (X509ExtendedKeyManager) keyFactory1.
getKeyManagers()[0];
} else {
serverKeyManager = null;
}
serverTrustManager = serverTrustStore != null
? new AlwaysTrustManager(serverTrustStore) : null;
KeyStore clientKeyStore, clientTrustStore;
clientTrustStore = serverTrustStore;
clientKeyStore =
createServerKeyStore(CLIENT_PUBLIC_KEY,CLIENT_PRIVATE_KEY);
if (clientKeyStore != null) {
KeyManagerFactory keyFactory
= KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(clientKeyStore, PASSWORD);
clientKeyManager = (X509ExtendedKeyManager) keyFactory.
getKeyManagers()[0];
} else {
clientKeyManager = null;
}
clientTrustManager = (clientTrustStore != null)
? new AlwaysTrustManager(clientTrustStore) : null;
}
@Override
public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) {
if (delegate instanceof X509ExtendedKeyManager) {
return ((X509ExtendedKeyManager) delegate).chooseEngineServerAlias(keyType, issuers, engine);
} else if (fallback instanceof X509ExtendedKeyManager) {
return ((X509ExtendedKeyManager) fallback).chooseEngineServerAlias(keyType, issuers, engine);
} else {
return super.chooseEngineServerAlias(keyType, issuers, engine);
}
}
@Test
public void testChooseServerAliasReturnsGivenAlias() {
String wrapperAlias = "wrapperAlias";
String myDelegateAlias = "delegateAlias";
X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
when(mock.chooseServerAlias(any(String.class), any(Principal[].class), any(Socket.class))).thenReturn(myDelegateAlias);
X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
assertEquals("Expected wrapper alias", wrapperAlias, wrapper.chooseServerAlias("", new Principal[0], new Socket()));
}
@Override
public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) {
if (delegate instanceof X509ExtendedKeyManager) {
return ((X509ExtendedKeyManager) delegate).chooseEngineClientAlias(keyType, issuers, engine);
} else if (fallback instanceof X509ExtendedKeyManager) {
return ((X509ExtendedKeyManager) fallback).chooseEngineClientAlias(keyType, issuers, engine);
} else {
return super.chooseEngineClientAlias(keyType, issuers, engine);
}
}
private CipherTestUtils()
throws IOException, FileNotFoundException, KeyStoreException,
NoSuchAlgorithmException, CertificateException,
UnrecoverableKeyException, InvalidKeySpecException {
factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
SERVER_PRIVATE_KEY);
KeyStore serverTrustStore = createServerKeyStore(CA_PUBLIC_KEY,
CA_PRIVATE_KEY);
if (serverKeyStore != null) {
KeyManagerFactory keyFactory1
= KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory1.init(serverKeyStore, PASSWORD);
serverKeyManager = (X509ExtendedKeyManager) keyFactory1.
getKeyManagers()[0];
} else {
serverKeyManager = null;
}
serverTrustManager = serverTrustStore != null
? new AlwaysTrustManager(serverTrustStore) : null;
KeyStore clientKeyStore, clientTrustStore;
clientTrustStore = serverTrustStore;
clientKeyStore =
createServerKeyStore(CLIENT_PUBLIC_KEY,CLIENT_PRIVATE_KEY);
if (clientKeyStore != null) {
KeyManagerFactory keyFactory
= KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(clientKeyStore, PASSWORD);
clientKeyManager = (X509ExtendedKeyManager) keyFactory.
getKeyManagers()[0];
} else {
clientKeyManager = null;
}
clientTrustManager = (clientTrustStore != null)
? new AlwaysTrustManager(clientTrustStore) : null;
}
public QpidServerX509KeyManager(String alias, URL keyStoreUrl, String keyStoreType,
String keyStorePassword, String keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException
{
_alias = alias;
KeyStore ks = SSLUtil.getInitializedKeyStore(keyStoreUrl, keyStorePassword, keyStoreType);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName);
kmf.init(ks, keyStorePassword.toCharArray());
_delegate = (X509ExtendedKeyManager) kmf.getKeyManagers()[0];
}
private static KeyManager[] wrapKeyManagers(String alias, KeyManager[] origKeyManagers) {
KeyManager[] keyManagers = new KeyManager[origKeyManagers.length];
for (int i = 0; i < origKeyManagers.length; i++) {
KeyManager km = origKeyManagers[i];
if (km instanceof X509ExtendedKeyManager) {
km = new X509AliasKeyManager(alias, (X509ExtendedKeyManager) km);
}
keyManagers[i] = km;
}
return keyManagers;
}
private CipherTestUtils()
throws IOException, FileNotFoundException, KeyStoreException,
NoSuchAlgorithmException, CertificateException,
UnrecoverableKeyException, InvalidKeySpecException {
factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
SERVER_PRIVATE_KEY);
KeyStore serverTrustStore = createServerKeyStore(CA_PUBLIC_KEY,
CA_PRIVATE_KEY);
if (serverKeyStore != null) {
KeyManagerFactory keyFactory1
= KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory1.init(serverKeyStore, PASSWORD);
serverKeyManager = (X509ExtendedKeyManager) keyFactory1.
getKeyManagers()[0];
} else {
serverKeyManager = null;
}
serverTrustManager = serverTrustStore != null
? new AlwaysTrustManager(serverTrustStore) : null;
KeyStore clientKeyStore, clientTrustStore;
clientTrustStore = serverTrustStore;
clientKeyStore =
createServerKeyStore(CLIENT_PUBLIC_KEY,CLIENT_PRIVATE_KEY);
if (clientKeyStore != null) {
KeyManagerFactory keyFactory
= KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(clientKeyStore, PASSWORD);
clientKeyManager = (X509ExtendedKeyManager) keyFactory.
getKeyManagers()[0];
} else {
clientKeyManager = null;
}
clientTrustManager = (clientTrustStore != null)
? new AlwaysTrustManager(clientTrustStore) : null;
}
KeySelectingKeyManagerFactory(KeyManagerFactory factory, KeyConfiguration keyConfiguration) {
super(new KeyManagerFactorySpi() {
@Override
protected void engineInit(KeyStore keyStore, char[] chars)
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
factory.init(keyStore, chars);
}
@Override
protected void engineInit(ManagerFactoryParameters managerFactoryParameters)
throws InvalidAlgorithmParameterException {
factory.init(managerFactoryParameters);
}
@Override
protected KeyManager[] engineGetKeyManagers() {
KeyManager[] keyManagers = factory.getKeyManagers();
if (keyManagers.length == 1 && keyManagers[0] instanceof X509ExtendedKeyManager) {
return new KeyManager[] { new KeySelectingX509KeyManager(
(X509ExtendedKeyManager) keyManagers[0], keyConfiguration) };
}
return keyManagers;
}
}, factory.getProvider(), factory.getAlgorithm());
}
public MyX509ExtendedKeyManager(
X509ExtendedKeyManager akm, String expectedAP, boolean doCheck) {
this.akm = akm;
this.expectedAP = expectedAP;
this.doCheck = doCheck;
}
@Test
public void testChooseEngineServerAliasReturnsGivenAlias() {
String wrapperAlias = "wrapperAlias";
String myDelegateAlias = "delegateAlias";
X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
when(mock.chooseEngineServerAlias(any(String.class), any(Principal[].class), any(SSLEngine.class))).thenReturn(myDelegateAlias);
X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
assertEquals("Expected wrapper alias", wrapperAlias, wrapper.chooseEngineServerAlias("", new Principal[0], mock(SSLEngine.class)));
}
private CipherTestUtils()
throws IOException, FileNotFoundException, KeyStoreException,
NoSuchAlgorithmException, CertificateException,
UnrecoverableKeyException, InvalidKeySpecException {
factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY,
SERVER_PRIVATE_KEY);
KeyStore serverTrustStore = createServerKeyStore(CA_PUBLIC_KEY,
CA_PRIVATE_KEY);
if (serverKeyStore != null) {
KeyManagerFactory keyFactory1
= KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory1.init(serverKeyStore, PASSWORD);
serverKeyManager = (X509ExtendedKeyManager) keyFactory1.
getKeyManagers()[0];
} else {
serverKeyManager = null;
}
serverTrustManager = serverTrustStore != null
? new AlwaysTrustManager(serverTrustStore) : null;
KeyStore clientKeyStore, clientTrustStore;
clientTrustStore = serverTrustStore;
clientKeyStore =
createServerKeyStore(CLIENT_PUBLIC_KEY,CLIENT_PRIVATE_KEY);
if (clientKeyStore != null) {
KeyManagerFactory keyFactory
= KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(clientKeyStore, PASSWORD);
clientKeyManager = (X509ExtendedKeyManager) keyFactory.
getKeyManagers()[0];
} else {
clientKeyManager = null;
}
clientTrustManager = (clientTrustStore != null)
? new AlwaysTrustManager(clientTrustStore) : null;
}
private X509ExtendedKeyManager updateAndGetThreadLocalManager() {
synchronized (monitor) {
X509ExtendedKeyManager currentManager = this.currentManager;
threadLocalManager.put(Thread.currentThread(), currentManager);
return currentManager;
}
}
private X509ExtendedKeyManager getThreadLocalManager() {
synchronized (monitor) {
X509ExtendedKeyManager manager = threadLocalManager.get(Thread.currentThread());
if (manager == null) {
throw new IllegalStateException("Methods to retrieve valid aliases has not been called previously from this thread");
}
return manager;
}
}
@Test
public void testChooseClientAliasReturnsGivenAlias() {
String wrapperAlias = "wrapperAlias";
String myDelegateAlias = "delegateAlias";
X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
when(mock.chooseClientAlias(any(String[].class), any(Principal[].class), any(Socket.class))).thenReturn(myDelegateAlias);
X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
assertEquals("Expected wrapper alias", wrapperAlias, wrapper.chooseClientAlias(new String[0], new Principal[0], new Socket()));
}
@Test
public void testGetClientAliasesReturnsGivenAliasOnly() {
String wrapperAlias = "wrapperAlias";
String[] delegateAliases = new String[] { "a", "b", wrapperAlias};
X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
when(mock.getClientAliases(any(String.class), any(Principal[].class))).thenReturn(delegateAliases);
X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
assertArrayEquals("Expected array containing only the wrapper alias", new String[] { wrapperAlias }, wrapper.getClientAliases("", new Principal[0]));
}
@Test
public void testNullAliasCausesIAE() {
try {
new X509AliasKeyManager(null, mock(X509ExtendedKeyManager.class));
fail("Expected an exception to be thrown");
} catch (IllegalArgumentException iae) {
// expected
}
}
@Test
public void testGetCertificateChainDelegates() {
String wrapperAlias = "wrapperAlias";
X509Certificate[] certs = new X509Certificate[7];
X509ExtendedKeyManager mock = mock(X509ExtendedKeyManager.class);
when(mock.getCertificateChain(any(String.class))).thenReturn(certs);
X509ExtendedKeyManager wrapper = new X509AliasKeyManager(wrapperAlias, mock);
assertSame("Different object returned", certs, wrapper.getCertificateChain(wrapperAlias));
}
public X509AliasKeyManager(String alias, X509ExtendedKeyManager delegate) throws IllegalArgumentException {
if (alias == null) {
throw new IllegalArgumentException("The given key alias must not be null.");
}
this.alias = alias;
this.delegate = delegate;
}
@Test
public void testKeyManagerProxyGeClientAliases(@Mocked X509ExtendedKeyManager mockedKeyManager) {
new Expectations() {{
mockedKeyManager.getClientAliases("cert", (Principal[]) any); times = 1;
}};
KeyManagerProxy keyManagerProxy = new KeyManagerProxy(new KeyManager[]{mockedKeyManager});
keyManagerProxy.getClientAliases("cert", null);
}