Java Code Examples for java.security.KeyStore#Builder
The following examples show how to use
java.security.KeyStore#Builder .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DavGatewaySSLProtocolSocketFactory.java From davmail with GNU General Public License v2.0 | 4 votes |
|
private SSLContext createSSLContext() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyManagementException, KeyStoreException {
// PKCS11 client certificate settings
String pkcs11Library = Settings.getProperty("davmail.ssl.pkcs11Library");
String clientKeystoreType = Settings.getProperty("davmail.ssl.clientKeystoreType");
// set default keystore type
if (clientKeystoreType == null || clientKeystoreType.length() == 0) {
clientKeystoreType = "PKCS11";
}
if (pkcs11Library != null && pkcs11Library.length() > 0 && "PKCS11".equals(clientKeystoreType)) {
StringBuilder pkcs11Buffer = new StringBuilder();
pkcs11Buffer.append("name=DavMail\n");
pkcs11Buffer.append("library=").append(pkcs11Library).append('\n');
String pkcs11Config = Settings.getProperty("davmail.ssl.pkcs11Config");
if (pkcs11Config != null && pkcs11Config.length() > 0) {
pkcs11Buffer.append(pkcs11Config).append('\n');
}
SunPKCS11ProviderHandler.registerProvider(pkcs11Buffer.toString());
}
String algorithm = KeyManagerFactory.getDefaultAlgorithm();
if ("SunX509".equals(algorithm)) {
algorithm = "NewSunX509";
} else if ("IbmX509".equals(algorithm)) {
algorithm = "NewIbmX509";
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(algorithm);
ArrayList<KeyStore.Builder> keyStoreBuilders = new ArrayList<>();
// PKCS11 (smartcard) keystore with password callback
KeyStore.Builder scBuilder = KeyStore.Builder.newInstance("PKCS11", null, getProtectionParameter(null));
keyStoreBuilders.add(scBuilder);
String clientKeystoreFile = Settings.getProperty("davmail.ssl.clientKeystoreFile");
String clientKeystorePass = Settings.getProperty("davmail.ssl.clientKeystorePass");
if (clientKeystoreFile != null && clientKeystoreFile.length() > 0
&& ("PKCS12".equals(clientKeystoreType) || "JKS".equals(clientKeystoreType))) {
// PKCS12 file based keystore
KeyStore.Builder fsBuilder = KeyStore.Builder.newInstance(clientKeystoreType, null,
new File(clientKeystoreFile), getProtectionParameter(clientKeystorePass));
keyStoreBuilders.add(fsBuilder);
}
// Enable native Windows SmartCard access through MSCAPI (no PKCS11 config required)
if ("MSCAPI".equals(clientKeystoreType)) {
try {
Provider provider = (Provider) Class.forName("sun.security.mscapi.SunMSCAPI").newInstance();
KeyStore keyStore = KeyStore.getInstance("Windows-MY", provider);
keyStore.load(null, null);
keyStoreBuilders.add(KeyStore.Builder.newInstance(keyStore, new KeyStore.PasswordProtection(null)));
} catch (Exception e) {
// ignore
}
}
ManagerFactoryParameters keyStoreBuilderParameters = new KeyStoreBuilderParameters(keyStoreBuilders);
keyManagerFactory.init(keyStoreBuilderParameters);
// Get a list of key managers
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
// Walk through the key managers and replace all X509 Key Managers with
// a specialized wrapped DavMail X509 Key Manager
for (int i = 0; i < keyManagers.length; i++) {
KeyManager keyManager = keyManagers[i];
if (keyManager instanceof X509KeyManager) {
keyManagers[i] = new DavMailX509KeyManager((X509KeyManager) keyManager);
}
}
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagers, new TrustManager[]{new DavGatewayX509TrustManager()}, null);
return context;
}
Example 2
| Source File: ClientCertificateTest.java From davmail with GNU General Public License v2.0 | 4 votes |
|
private SSLContext createSSLContext() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyManagementException, KeyStoreException, IOException, CertificateException, InstantiationException, ClassNotFoundException, IllegalAccessException {
// PKCS11 client certificate settings
String pkcs11Library = Settings.getProperty("davmail.ssl.pkcs11Library");
String clientKeystoreType = Settings.getProperty("davmail.ssl.clientKeystoreType");
// set default keystore type
if (clientKeystoreType == null || clientKeystoreType.length() == 0) {
clientKeystoreType = "PKCS11";
}
if (pkcs11Library != null && pkcs11Library.length() > 0 && "PKCS11".equals(clientKeystoreType)) {
StringBuilder pkcs11Buffer = new StringBuilder();
pkcs11Buffer.append("name=DavMail\n");
pkcs11Buffer.append("library=").append(pkcs11Library).append('\n');
String pkcs11Config = Settings.getProperty("davmail.ssl.pkcs11Config");
if (pkcs11Config != null && pkcs11Config.length() > 0) {
pkcs11Buffer.append(pkcs11Config).append('\n');
}
SunPKCS11ProviderHandler.registerProvider(pkcs11Buffer.toString());
}
String algorithm = KeyManagerFactory.getDefaultAlgorithm();
if ("SunX509".equals(algorithm)) {
algorithm = "NewSunX509";
} else if ("IbmX509".equals(algorithm)) {
algorithm = "NewIbmX509";
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(algorithm);
ArrayList<KeyStore.Builder> keyStoreBuilders = new ArrayList<>();
// PKCS11 (smartcard) keystore with password callback
KeyStore.Builder scBuilder = KeyStore.Builder.newInstance("PKCS11", null, getProtectionParameter(null));
System.out.println(scBuilder);
//keyStoreBuilders.add(scBuilder);
String clientKeystoreFile = Settings.getProperty("davmail.ssl.clientKeystoreFile");
String clientKeystorePass = Settings.getProperty("davmail.ssl.clientKeystorePass");
if (clientKeystoreFile != null && clientKeystoreFile.length() > 0
&& ("PKCS12".equals(clientKeystoreType) || "JKS".equals(clientKeystoreType))) {
// PKCS12 file based keystore
KeyStore.Builder fsBuilder = KeyStore.Builder.newInstance(clientKeystoreType, null,
new File(clientKeystoreFile), getProtectionParameter(clientKeystorePass));
keyStoreBuilders.add(fsBuilder);
}
System.setProperty("javax.net.debug", "ssl,handshake");
//try {
//Provider sunMSCAPI = new sun.security.mscapi.SunMSCAPI();
Provider sunMSCAPI = (Provider) Class.forName("sun.security.mscapi.SunMSCAPI").newInstance();
//Security.insertProviderAt(sunMSCAPI, 1);
KeyStore keyStore = KeyStore.getInstance("Windows-MY", sunMSCAPI);
keyStore.load(null, null);
keyStoreBuilders.add(KeyStore.Builder.newInstance(keyStore, new KeyStore.PasswordProtection(null)));
/*} catch (IOException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
}*/
ManagerFactoryParameters keyStoreBuilderParameters = new KeyStoreBuilderParameters(keyStoreBuilders);
keyManagerFactory.init(keyStoreBuilderParameters);
//keyManagerFactory.init(keyStore, null);
// Get a list of key managers
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
// Walk through the key managers and replace all X509 Key Managers with
// a specialized wrapped DavMail X509 Key Manager
for (int i = 0; i < keyManagers.length; i++) {
KeyManager keyManager = keyManagers[i];
if (keyManager instanceof X509KeyManager) {
keyManagers[i] = new DavMailX509KeyManager((X509KeyManager) keyManager);
}
}
//keyManagers = new KeyManager[]{new DavMailX509KeyManager(new X509KeyManagerImpl())}
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagers, new TrustManager[]{new DavGatewayX509TrustManager()}, null);
return context;
}
