Java Code Examples for io.netty.handler.ssl.util.InsecureTrustManagerFactory#INSTANCE
The following examples show how to use
io.netty.handler.ssl.util.InsecureTrustManagerFactory#INSTANCE .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TransportSupport.java From qpid-jms with Apache License 2.0 | 6 votes |
|
private static TrustManagerFactory loadTrustManagerFactory(TransportOptions options) throws Exception {
if (options.isTrustAll()) {
return InsecureTrustManagerFactory.INSTANCE;
}
if (options.getTrustStoreLocation() == null) {
return null;
}
TrustManagerFactory fact = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
String storeLocation = options.getTrustStoreLocation();
String storePassword = options.getTrustStorePassword();
String storeType = options.getTrustStoreType();
LOG.trace("Attempt to load TrustStore from location {} of type {}", storeLocation, storeType);
KeyStore trustStore = loadStore(storeLocation, storePassword, storeType);
fact.init(trustStore);
return fact;
}
Example 2
| Source File: ElasticsearchIntegrationTest.java From openshift-elasticsearch-plugin with Apache License 2.0 | 6 votes |
|
protected final OkHttpClient getHttpClient() throws Exception {
File ksFile = new File(keyStore);
KeyStore trusted = KeyStore.getInstance("JKS");
FileInputStream in = new FileInputStream(ksFile);
trusted.load(in, password.toCharArray());
in.close();
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = InsecureTrustManagerFactory.INSTANCE;
X509TrustManager trustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
OkHttpClient client = new okhttp3.OkHttpClient.Builder()
.sslSocketFactory(sslContext.getSocketFactory(), trustManager)
.readTimeout(1, TimeUnit.MINUTES)
.writeTimeout(1, TimeUnit.MINUTES)
.build();
return client;
}
Example 3
| Source File: RequestRunner.java From openshift-elasticsearch-plugin with Apache License 2.0 | 6 votes |
|
protected final OkHttpClient getHttpClient() throws Exception {
File ksFile = new File(keyStore);
KeyStore trusted = KeyStore.getInstance("JKS");
FileInputStream in = new FileInputStream(ksFile);
trusted.load(in, password.toCharArray());
in.close();
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = InsecureTrustManagerFactory.INSTANCE;
X509TrustManager trustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
OkHttpClient client = new okhttp3.OkHttpClient.Builder()
.sslSocketFactory(sslContext.getSocketFactory(), trustManager)
.readTimeout(1, TimeUnit.MINUTES)
.writeTimeout(1, TimeUnit.MINUTES)
.build();
return client;
}
Example 4
| Source File: AwaitCloseChannelPoolMap.java From aws-sdk-java-v2 with Apache License 2.0 | 6 votes |
|
private TrustManagerFactory getTrustManager() {
Validate.isTrue(configuration.tlsTrustManagersProvider() == null || !configuration.trustAllCertificates(),
"A TlsTrustManagerProvider can't be provided if TrustAllCertificates is also set");
if (configuration.tlsTrustManagersProvider() != null) {
return StaticTrustManagerFactory.create(configuration.tlsTrustManagersProvider().trustManagers());
}
if (configuration.trustAllCertificates()) {
log.warn(() -> "SSL Certificate verification is disabled. This is not a safe setting and should only be "
+ "used for testing.");
return InsecureTrustManagerFactory.INSTANCE;
}
return null;
}
Example 5
| Source File: SSLEngineFactoryImpl.java From dremio-oss with Apache License 2.0 | 6 votes |
|
private TrustManagerFactory newTrustManagerFactory() throws GeneralSecurityException, IOException {
final KeyStore trustStore;
if (sslConfig.getTrustStorePath() == SSLConfig.UNSPECIFIED) {
// uses JDK default
// see https://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#X509TrustManager
trustStore = null;
} else {
trustStore = KeyStore.getInstance(sslConfig.getTrustStoreType());
try (InputStream stream = new FileInputStream(sslConfig.getTrustStorePath())) {
trustStore.load(stream, sslConfig.getTrustStorePassword().toCharArray());
}
}
final TrustManagerFactory factory;
if (sslConfig.disablePeerVerification()) {
factory = InsecureTrustManagerFactory.INSTANCE;
} else {
factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
}
factory.init(trustStore);
return factory;
}
Example 6
| Source File: SSLConfig.java From Bats with Apache License 2.0 | 5 votes |
|
public TrustManagerFactory initializeTrustManagerFactory() throws DrillException {
TrustManagerFactory tmf;
KeyStore ts = null;
//Support Windows/MacOs system trust store
try {
String trustStoreType = getTrustStoreType();
if ((isWindows || isMacOs) && useSystemTrustStore()) {
// This is valid for MS-Windows and MacOs
logger.debug("Initializing System truststore.");
ts = KeyStore.getInstance(!trustStoreType.isEmpty() ? trustStoreType : KeyStore.getDefaultType());
ts.load(null, null);
} else if (!getTrustStorePath().isEmpty()) {
// if truststore is not provided then we will use the default. Note that the default depends on
// the TrustManagerFactory that in turn depends on the Security Provider.
// Use null as the truststore which will result in the default truststore being picked up
logger.debug("Initializing truststore {}.", getTrustStorePath());
ts = KeyStore.getInstance(!trustStoreType.isEmpty() ? trustStoreType : KeyStore.getDefaultType());
InputStream tsStream = new FileInputStream(getTrustStorePath());
ts.load(tsStream, getTrustStorePassword().toCharArray());
} else {
logger.debug("Initializing default truststore.");
}
if (disableCertificateVerification()) {
tmf = InsecureTrustManagerFactory.INSTANCE;
} else {
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
}
tmf.init(ts);
} catch (Exception e) {
// Catch any SSL initialization Exceptions here and abort.
throw new DrillException(
new StringBuilder()
.append("Exception while initializing the truststore: [")
.append(e.getMessage())
.append("]. ")
.toString(), e);
}
return tmf;
}
Example 7
| Source File: SSLSupport.java From activemq-artemis with Apache License 2.0 | 5 votes |
|
private TrustManagerFactory loadTrustManagerFactory() throws Exception {
if (trustManagerFactoryPlugin != null) {
return AccessController.doPrivileged((PrivilegedAction<TrustManagerFactory>) () -> ((TrustManagerFactoryPlugin) ClassloadingUtil.newInstanceFromClassLoader(SSLSupport.class, trustManagerFactoryPlugin)).getTrustManagerFactory());
} else if (trustAll) {
//This is useful for testing but not should be used outside of that purpose
return InsecureTrustManagerFactory.INSTANCE;
} else if (truststorePath == null && (truststoreProvider == null || !"PKCS11".equals(truststoreProvider.toUpperCase()))) {
return null;
} else {
TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = SSLSupport.loadKeystore(truststoreProvider, truststorePath, truststorePassword);
boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable"));
boolean initialized = false;
if ((ocsp || crlPath != null) && TrustManagerFactory.getDefaultAlgorithm().equalsIgnoreCase("PKIX")) {
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
if (crlPath != null) {
pkixParams.setRevocationEnabled(true);
Collection<? extends CRL> crlList = loadCRL();
if (crlList != null) {
pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
}
}
trustMgrFactory.init(new CertPathTrustManagerParameters(pkixParams));
initialized = true;
}
if (!initialized) {
trustMgrFactory.init(trustStore);
}
return trustMgrFactory;
}
}
Example 8
| Source File: MqttClient.java From lannister with Apache License 2.0 | 5 votes |
|
public MqttClient(String uri, boolean useInsecureTrustManagerFactory) throws URISyntaxException {
this.bootstrap = new Bootstrap();
this.uri = new URI(uri);
this.trustManagerFactory = useInsecureTrustManagerFactory ? InsecureTrustManagerFactory.INSTANCE : null;
this.sharedObject = new SharedObject();
this.options = new ConnectOptions();
this.currentMessageId = 0;
}
Example 9
| Source File: HttpClient.java From lannister with Apache License 2.0 | 5 votes |
|
public HttpClient(String uri, boolean useInsecureTrustManagerFactory)
throws URISyntaxException, UnsupportedOperationException {
trustManagerFactory = useInsecureTrustManagerFactory ? InsecureTrustManagerFactory.INSTANCE : null;
bootstrap = new Bootstrap();
httpRequest = new HttpRequest(new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, uri));
if (!httpRequest().uriObject().getScheme().equalsIgnoreCase("http")
&& !httpRequest().uriObject().getScheme().equalsIgnoreCase("https")) {
String message = "HTTP(S) is supported only.";
logger.error(message);
throw new UnsupportedOperationException(message);
}
}
Example 10
| Source File: TrustManagerFactoryFactory.java From ditto with Eclipse Public License 2.0 | 4 votes |
|
public TrustManagerFactory newInsecureTrustManagerFactory() {
return InsecureTrustManagerFactory.INSTANCE;
}
Example 11
| Source File: ClientBuilderFactory.java From curiostack with MIT License | 4 votes |
|
@Inject
public ClientBuilderFactory(
MeterRegistry meterRegistry,
Tracing tracing,
Function<HttpClient, LoggingClient> loggingClient,
Optional<SelfSignedCertificate> selfSignedCertificate,
Optional<TrustManagerFactory> caTrustManager,
ServerConfig serverConfig) {
this.tracing = tracing;
this.meterRegistry = meterRegistry;
this.loggingClient = loggingClient;
final TrustManagerFactory trustManagerFactory;
if (serverConfig.isDisableClientCertificateVerification()) {
logger.warn("Disabling client SSL verification. This should only happen on local!");
trustManagerFactory = InsecureTrustManagerFactory.INSTANCE;
} else if (caTrustManager.isPresent()) {
trustManagerFactory = caTrustManager.get();
} else {
trustManagerFactory = null;
}
final Consumer<SslContextBuilder> clientCertificateCustomizer;
if (selfSignedCertificate.isPresent()) {
SelfSignedCertificate certificate = selfSignedCertificate.get();
clientCertificateCustomizer =
sslContext -> sslContext.keyManager(certificate.certificate(), certificate.privateKey());
} else if (serverConfig.getTlsCertificatePath().isEmpty()
|| serverConfig.getTlsPrivateKeyPath().isEmpty()) {
throw new IllegalStateException(
"No TLS configuration provided, Curiostack does not support clients without TLS "
+ "certificates. Use gradle-curio-cluster-plugin to set up a namespace and TLS.");
} else {
String certPath =
!serverConfig.getClientTlsCertificatePath().isEmpty()
? serverConfig.getClientTlsCertificatePath()
: serverConfig.getTlsCertificatePath();
String keyPath =
!serverConfig.getClientTlsPrivateKeyPath().isEmpty()
? serverConfig.getClientTlsPrivateKeyPath()
: serverConfig.getTlsPrivateKeyPath();
clientCertificateCustomizer =
sslContext ->
SslContextKeyConverter.execute(
ResourceUtil.openStream(certPath),
ResourceUtil.openStream(keyPath),
sslContext::keyManager);
}
final Consumer<SslContextBuilder> clientTlsCustomizer;
if (trustManagerFactory != null) {
clientTlsCustomizer =
sslContext -> {
clientCertificateCustomizer.accept(sslContext);
sslContext.trustManager(trustManagerFactory);
};
} else {
clientTlsCustomizer = clientCertificateCustomizer;
}
ClientFactoryBuilder factoryBuilder =
ClientFactory.builder().tlsCustomizer(clientTlsCustomizer).meterRegistry(meterRegistry);
if (serverConfig.getDisableEdns()) {
factoryBuilder.addressResolverGroupFactory(
eventLoopGroup ->
new DnsAddressResolverGroup(
new DnsNameResolverBuilder()
.channelType(EventLoopGroups.datagramChannelType(eventLoopGroup))
.nameServerProvider(DnsServerAddressStreamProviders.platformDefault())
.optResourceEnabled(false)));
}
clientFactory = factoryBuilder.build();
}
Example 12
| Source File: SslContextFactory.java From styx with Apache License 2.0 | 4 votes |
|
private static TrustManagerFactory trustManagerFactory(TlsSettings tlsSettings) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
return tlsSettings.trustAllCerts()
? InsecureTrustManagerFactory.INSTANCE
: initializeTrustManager(tlsSettings);
}
Example 13
| Source File: InsecureTrustOptions.java From cava with Apache License 2.0 | 4 votes |
|
@Override
public TrustManagerFactory getTrustManagerFactory(Vertx vertx) {
return InsecureTrustManagerFactory.INSTANCE;
}
Example 14
| Source File: JdkSslClientContextTest.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
@Override
protected SslContext newServerContext(File crtFile, File keyFile, String pass) throws SSLException {
return new JdkSslClientContext(crtFile, InsecureTrustManagerFactory.INSTANCE, crtFile, keyFile, pass,
null, null, IdentityCipherSuiteFilter.INSTANCE, ApplicationProtocolConfig.DISABLED, 0, 0);
}
Example 15
| Source File: TestTrustManagerFactoryPlugin.java From activemq-artemis with Apache License 2.0 | 4 votes |
|
@Override
public TrustManagerFactory getTrustManagerFactory() {
triggered.set(true);
return InsecureTrustManagerFactory.INSTANCE;
}
Example 16
| Source File: OpenSslClientContextTest.java From netty-4.1.22 with Apache License 2.0 | 4 votes |
|
@Override
protected SslContext newServerContext(File crtFile, File keyFile, String pass) throws SSLException {
return new OpenSslClientContext(crtFile, InsecureTrustManagerFactory.INSTANCE, crtFile, keyFile, pass,
null, null, IdentityCipherSuiteFilter.INSTANCE, ApplicationProtocolConfig.DISABLED, 0, 0);
}
Example 17
| Source File: InsecureTrustOptions.java From incubator-tuweni with Apache License 2.0 | 4 votes |
|
@Override
public TrustManagerFactory getTrustManagerFactory(Vertx vertx) {
return InsecureTrustManagerFactory.INSTANCE;
}
