javax.net.ssl.X509KeyManager Java Examples
The following examples show how to use
javax.net.ssl.X509KeyManager.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SSLUtils.java From cxf with Apache License 2.0 | 6 votes |
|
public static KeyManager[] configureKeyManagersWithCertAlias(TLSParameterBase tlsParameters,
KeyManager[] keyManagers)
throws GeneralSecurityException {
if (tlsParameters.getCertAlias() == null || keyManagers == null) {
return keyManagers;
}
KeyManager[] copiedKeyManagers = Arrays.copyOf(keyManagers, keyManagers.length);
for (int idx = 0; idx < copiedKeyManagers.length; idx++) {
if (copiedKeyManagers[idx] instanceof X509KeyManager
&& !(copiedKeyManagers[idx] instanceof AliasedX509ExtendedKeyManager)) {
try {
copiedKeyManagers[idx] = new AliasedX509ExtendedKeyManager(tlsParameters.getCertAlias(),
(X509KeyManager)copiedKeyManagers[idx]);
} catch (Exception e) {
throw new GeneralSecurityException(e);
}
}
}
return copiedKeyManagers;
}
Example #2
| Source File: SSLSocketFactoryFactory.java From PADListener with GNU General Public License v2.0 | 6 votes |
|
private X509KeyManager loadKeyMaterial(SiteData hostData) throws GeneralSecurityException, IOException {
X509Certificate[] certs = null;
String certEntry = hostData.tcpAddress != null ? hostData.tcpAddress + "_" + hostData.destPort : hostData.name;
Certificate[] chain = keystoreCert.getCertificateChain(certEntry);
if (chain != null) {
certs = cast(chain);
} else {
throw new GeneralSecurityException(
"Internal error: certificate chain for " + hostData.name
+ " not found!");
}
PrivateKey pk = (PrivateKey) keystoreCert.getKey(certEntry, passwordCerts);
if (pk == null) {
throw new GeneralSecurityException(
"Internal error: private key for " + hostData.name + " not found!");
}
_logger.finest("loading keys for " + certEntry);
return new HostKeyManager(hostData, pk, certs);
}
Example #3
| Source File: LocalRepoKeyStore.java From fdroidclient with GNU General Public License v3.0 | 6 votes |
|
private void addToStore(String alias, KeyPair kp, Certificate cert) throws KeyStoreException,
NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
Certificate[] chain = {
cert,
};
keyStore.setKeyEntry(alias, kp.getPrivate(),
"".toCharArray(), chain);
keyStore.store(new FileOutputStream(keyStoreFile), "".toCharArray());
/*
* After adding an entry to the keystore we need to create a fresh
* KeyManager by reinitializing the KeyManagerFactory with the new key
* store content and then rewrapping the default KeyManager with our own
*/
KeyManagerFactory keyManagerFactory = KeyManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "".toCharArray());
KeyManager defaultKeyManager = keyManagerFactory.getKeyManagers()[0];
KeyManager wrappedKeyManager = new KerplappKeyManager((X509KeyManager) defaultKeyManager);
keyManagers = new KeyManager[]{
wrappedKeyManager,
};
}
Example #4
| Source File: SSLKeyManager.java From PADListener with GNU General Public License v2.0 | 6 votes |
|
public synchronized String[] getServerAliases(String keyType, Principal[] issuers) {
if (_preferredKeyManager != null)
return _preferredKeyManager.getServerAliases(keyType, issuers);
List<String> allAliases = new ArrayList<String>();
Iterator<String> it = _managers.keySet().iterator();
while (it.hasNext()) {
String source = it.next();
X509KeyManager km = _managers.get(source);
String[] aliases = km.getServerAliases(keyType, issuers);
if (aliases != null) {
for (int i=0; i<aliases.length; i++) {
allAliases.add(source + SEP + aliases[i]);
}
}
}
return allAliases.toArray(new String[0]);
}
Example #5
| Source File: CompositeX509KeyManager.java From elexis-3-core with Eclipse Public License 1.0 | 6 votes |
|
public void addKeyStore(KeyStore keyStore, String keystorePass){
synchronized (keyManagers) {
try {
KeyManagerFactory factory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
factory.init(keyStore, keystorePass.toCharArray());
KeyManager[] managers = factory.getKeyManagers();
List<X509KeyManager> typedManagers = new ArrayList<>();
for (KeyManager keyManager : managers) {
if (keyManager instanceof X509KeyManager) {
typedManagers.add((X509KeyManager) keyManager);
}
}
keyManagers.put(keyStore, typedManagers);
} catch (NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e) {
LoggerFactory.getLogger(getClass()).error("Could not add trust store", e);
}
}
}
Example #6
| Source File: SslContextFactory.java From IoTgo_Android_App with MIT License | 6 votes |
|
protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
{
KeyManager[] managers = null;
if (keyStore != null)
{
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm);
keyManagerFactory.init(keyStore,_keyManagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keyManagerPassword.toString().toCharArray());
managers = keyManagerFactory.getKeyManagers();
if (_certAlias != null)
{
for (int idx = 0; idx < managers.length; idx++)
{
if (managers[idx] instanceof X509KeyManager)
{
managers[idx] = new AliasedX509ExtendedKeyManager(_certAlias,(X509KeyManager)managers[idx]);
}
}
}
}
return managers;
}
Example #7
| Source File: KeyStoreManagerImplTest.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
/**
* Tests recreating the key pair will update the KeyManager.
*/
@Test
public void testReKeyPairGeneration() throws Exception {
// create the key pair
keyStoreManager.generateAndStoreKeyPair("Original Key", "dev", "codeSoft", "AnyTown", "state", "US");
KeyManager[] originalKeyManagers = keyStoreManager.getKeyManagers();
keyStoreManager.generateAndStoreKeyPair("New Key", "dev", "codeSoft", "AnyTown", "state", "US");
String expectedDN = "CN=New Key,OU=dev,O=codeSoft,L=AnyTown,ST=state,C=US";
assertThat(originalKeyManagers, notNullValue());
assertThat(originalKeyManagers, arrayWithSize(1));
assertThat(originalKeyManagers[0], instanceOf(X509KeyManager.class));
assertThat(((X509KeyManager) originalKeyManagers[0]).getCertificateChain(
PRIVATE_KEY_ALIAS)[0].getSubjectDN().getName(), equalTo(expectedDN));
KeyManager[] newKeyManagers = keyStoreManager.getKeyManagers();
assertThat(newKeyManagers, notNullValue());
assertThat(newKeyManagers, arrayWithSize(1));
assertThat(newKeyManagers[0], instanceOf(X509KeyManager.class));
assertThat(
((X509KeyManager) newKeyManagers[0]).getCertificateChain(PRIVATE_KEY_ALIAS)[0].getSubjectDN().getName(),
equalTo(expectedDN));
}
Example #8
| Source File: KeyStoreManagerImplTest.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
/**
* Verifies a KeyPair is generated and added to the keyManager.
*/
@Test
public void testKeyPairGeneration() throws Exception {
// create the key pair
keyStoreManager.generateAndStoreKeyPair("Joe Coder", "dev", "codeSoft", "AnyTown", "state", "US");
// verify the KeyManager[] only contains one key
KeyManager[] keyManagers = keyStoreManager.getKeyManagers();
assertThat(keyManagers, notNullValue());
assertThat(keyManagers, arrayWithSize(1));
assertThat(keyManagers[0], instanceOf(X509KeyManager.class));
assertThat(
((X509KeyManager) keyManagers[0]).getCertificateChain(PRIVATE_KEY_ALIAS)[0].getSubjectDN().getName(),
equalTo("CN=Joe Coder,OU=dev,O=codeSoft,L=AnyTown,ST=state,C=US"));
// verify the TrustManager[] does not have any certs, we have not trusted anyone yet.
TrustManager[] trustManagers = keyStoreManager.getTrustManagers();
assertThat(trustManagers, notNullValue());
assertThat(trustManagers, arrayWithSize(1));
assertThat(trustManagers[0], instanceOf(X509TrustManager.class));
assertThat(((X509TrustManager) trustManagers[0]).getAcceptedIssuers(), emptyArray());
}
Example #9
| Source File: TesterSupport.java From Tomcat8-Source-Read with MIT License | 6 votes |
|
protected static KeyManager[] getUser1KeyManagers() throws Exception {
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
kmf.init(getKeyStore(CLIENT_JKS), JKS_PASS.toCharArray());
KeyManager[] managers = kmf.getKeyManagers();
KeyManager manager;
for (int i=0; i < managers.length; i++) {
manager = managers[i];
if (manager instanceof X509ExtendedKeyManager) {
managers[i] = new TrackingExtendedKeyManager((X509ExtendedKeyManager)manager);
} else if (manager instanceof X509KeyManager) {
managers[i] = new TrackingKeyManager((X509KeyManager)manager);
}
}
return managers;
}
Example #10
| Source File: ClientCertificateHandlerTest.java From buck with Apache License 2.0 | 6 votes |
|
@Test
public void handlesCombinedKeyAndCert() throws IOException {
Files.write(
clientKeyPath, (SAMPLE_CLIENT_CERT + "\n" + SAMPLE_CLIENT_KEY).getBytes(Charsets.UTF_8));
String[] keyLines = SAMPLE_CLIENT_KEY.split("\n");
byte[] expectedPrivateKey =
Base64.getDecoder()
.decode(String.join("", Arrays.copyOfRange(keyLines, 1, keyLines.length - 1)));
String expectedPublic = "CN=Client, OU=Buck, O=\"Facebook, Inc.\", L=Seattle, ST=WA, C=US";
Optional<ClientCertificateHandler> handler =
ClientCertificateHandler.fromConfiguration(config_required);
X509KeyManager keyManager = handler.get().getHandshakeCertificates().keyManager();
String alias = keyManager.getClientAliases("RSA", null)[0];
PrivateKey privateKey = keyManager.getPrivateKey(alias);
String subjectName = keyManager.getCertificateChain(alias)[0].getSubjectDN().getName();
Assert.assertArrayEquals(expectedPrivateKey, privateKey.getEncoded());
Assert.assertEquals(expectedPublic, subjectName);
Assert.assertFalse(handler.get().getHostnameVerifier().isPresent());
}
Example #11
| Source File: ReloadableX509KeyManager.java From nexus-public with Eclipse Public License 1.0 | 6 votes |
|
/**
* Finds and replaces the X509KeyManager with a ReloadableX509KeyManager. If there is more then one, only the first
* one will be replaced.
*
* @param reloadableX509KeyManager an existing ReloadableX509KeyManager, or null if one does not exist.
* @param keyManagers an array of KeyManagers that is expected to contain a X509KeyManager.
* @return a newly create ReloadableX509KeyManager
* @throws NoSuchAlgorithmException
* thrown if a X509KeyManager cannot be found in the array.
* @throws IllegalStateException thrown if a ReloadableX509KeyManager is found in the array.
*/
public static ReloadableX509KeyManager replaceX509KeyManager(ReloadableX509KeyManager reloadableX509KeyManager,
final KeyManager[] keyManagers)
throws NoSuchAlgorithmException
{
for (int ii = 0; ii < keyManagers.length; ii++) {
if (ReloadableX509KeyManager.class.isInstance(keyManagers[ii])) {
throw new IllegalStateException(
"A ReloadableX509KeyManager has already been set for this KeyManager[]");
}
if (X509KeyManager.class.isInstance(keyManagers[ii])) {
if (reloadableX509KeyManager == null) {
reloadableX509KeyManager = new ReloadableX509KeyManager((X509KeyManager) keyManagers[ii]);
}
else {
reloadableX509KeyManager.setDelegateKeyManager((X509KeyManager) keyManagers[ii]);
}
keyManagers[ii] = reloadableX509KeyManager;
return reloadableX509KeyManager;
}
}
throw new NoSuchAlgorithmException("No X509KeyManager found in KeyManager[]");
}
Example #12
| Source File: HttpConduitConfigurationTest.java From cxf with Apache License 2.0 | 6 votes |
|
private void verifyConduit(HTTPConduit conduit) {
AuthorizationPolicy authp = conduit.getAuthorization();
assertNotNull(authp);
assertEquals("Betty", authp.getUserName());
assertEquals("password", authp.getPassword());
TLSClientParameters tlscps = conduit.getTlsClientParameters();
assertNotNull(tlscps);
assertTrue(tlscps.isDisableCNCheck());
assertEquals(3600000, tlscps.getSslCacheTimeout());
KeyManager[] kms = tlscps.getKeyManagers();
assertTrue(kms != null && kms.length == 1);
assertTrue(kms[0] instanceof X509KeyManager);
TrustManager[] tms = tlscps.getTrustManagers();
assertTrue(tms != null && tms.length == 1);
assertTrue(tms[0] instanceof X509TrustManager);
FiltersType csfs = tlscps.getCipherSuitesFilter();
assertNotNull(csfs);
assertEquals(1, csfs.getInclude().size());
assertEquals(1, csfs.getExclude().size());
HTTPClientPolicy clientPolicy = conduit.getClient();
assertEquals(10240, clientPolicy.getChunkLength());
}
Example #13
| Source File: TLSProtocolSocketFactory.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor.
*
* @param keyMgr manager used to retrieve client-cert authentication keys for a given host.
* @param trustMgr manager used to validate the X.509 credentials of a given host. May be null, in which case
* the JSSE default trust manager lookup mechanism is used.
* @param verifier the hostname verifier used to verify the SSL/TLS's peer's hostname. May be null, in which case
* no hostname verification is performed.
*
* @throws IllegalArgumentException thrown if the given key or trust manager can not be used to create the
* {@link SSLContext} used to create new sockets
*/
public TLSProtocolSocketFactory(X509KeyManager keyMgr, X509TrustManager trustMgr, HostnameVerifier verifier)
throws IllegalArgumentException {
keyManagers = new X509KeyManager[] { keyMgr };
// Note: There is a huge difference with SSLContext.init between:
// 1) passing a null for TrustManager[]
// 2) passing a TrustManager[] that contains 1 null member.
//
// The former causes the default trust manager set to be used. That's what we want
// if we TLS peer authN to happen (in the default way).
// The latter effectively disables trust processing entirely (but not in the way we'd probably want).
// So we need to make sure we don't do the latter.
if (trustMgr != null) {
trustManagers = new X509TrustManager[] { trustMgr };
} else {
trustManagers = null;
}
hostnameVerifier = verifier;
secureRandom = null;
init();
}
Example #14
| Source File: SslContextFactory.java From WebSocket-for-Android with Apache License 2.0 | 6 votes |
|
protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
{
KeyManager[] managers = null;
if (keyStore != null)
{
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm);
keyManagerFactory.init(keyStore,_keyManagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keyManagerPassword.toString().toCharArray());
managers = keyManagerFactory.getKeyManagers();
if (_certAlias != null)
{
for (int idx = 0; idx < managers.length; idx++)
{
if (managers[idx] instanceof X509KeyManager)
{
managers[idx] = new AliasedX509ExtendedKeyManager(_certAlias,(X509KeyManager)managers[idx]);
}
}
}
}
return managers;
}
Example #15
| Source File: SSLKeyManager.java From PADListener with GNU General Public License v2.0 | 6 votes |
|
public synchronized String[] getClientAliases(String keyType, Principal[] issuers) {
if (_preferredKeyManager != null)
return _preferredKeyManager.getClientAliases(keyType, issuers);
List<String> allAliases = new ArrayList<String>();
Iterator<String> it = _managers.keySet().iterator();
while (it.hasNext()) {
String source = it.next();
X509KeyManager km = _managers.get(source);
String[] aliases = km.getClientAliases(keyType, issuers);
if (aliases != null) {
for (int i=0; i<aliases.length; i++) {
allAliases.add(source + SEP + aliases[i]);
}
}
}
return allAliases.toArray(new String[0]);
}
Example #16
| Source File: SSLKeyManager.java From PADListener with GNU General Public License v2.0 | 5 votes |
|
public synchronized String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
if (_preferredKeyManager != null)
return _preferredKeyManager.chooseServerAlias(keyType, issuers, socket);
Iterator<String> it = _managers.keySet().iterator();
while (it.hasNext()) {
String source = it.next();
X509KeyManager km = _managers.get(source);
String alias = km.chooseServerAlias(keyType, issuers, socket);
if (alias != null) return source + SEP + alias;
}
return null;
}
Example #17
| Source File: SSLKeyManager.java From PADListener with GNU General Public License v2.0 | 5 votes |
|
public synchronized void addKeyStore(String description, KeyStore ks, char[] password) throws KeyStoreException, UnrecoverableKeyException {
try {
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, password);
KeyManager km = kmf.getKeyManagers()[0];
if (!(km instanceof X509KeyManager))
throw new KeyStoreException("KeyManager for " + description + "is not X509!");
_stores.put(description, ks);
_managers.put(description, (X509KeyManager) km);
} catch (NoSuchAlgorithmException nsae) {
_logger.severe("This should never happen! SunX509 algorithm not found: " + nsae.getMessage());
}
_changeSupport.firePropertyChange(KEY_PROPERTY, null, null);
}
Example #18
| Source File: CompositeX509KeyManager.java From elexis-3-core with Eclipse Public License 1.0 | 5 votes |
|
/**
* Chooses the first non-null client alias returned from the delegate {@link X509TrustManagers},
* or {@code null} if there are no matches.
*/
@Override
public @Nullable String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket){
for (List<X509KeyManager> keyManagers : keyManagers.values()) {
for (X509KeyManager x509KeyManager : keyManagers) {
String alias = x509KeyManager.chooseClientAlias(keyType, issuers, socket);
if (alias != null) {
return alias;
}
}
}
return null;
}
Example #19
| Source File: JSSESocketFactory.java From Tomcat7.0.67 with Apache License 2.0 | 5 votes |
|
/**
* Gets the initialized key managers.
*/
protected KeyManager[] getKeyManagers(String keystoreType,
String keystoreProvider,
String algorithm,
String keyAlias)
throws Exception {
KeyManager[] kms = null;
String keystorePass = getKeystorePassword();
KeyStore ks = getKeystore(keystoreType, keystoreProvider, keystorePass);
if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
throw new IOException(
sm.getString("jsse.alias_no_key_entry", keyAlias));
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
String keyPass = endpoint.getKeyPass();
if (keyPass == null) {
keyPass = keystorePass;
}
kmf.init(ks, keyPass.toCharArray());
kms = kmf.getKeyManagers();
if (keyAlias != null) {
String alias = keyAlias;
if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType)) {
alias = alias.toLowerCase(Locale.ENGLISH);
}
for(int i=0; i<kms.length; i++) {
kms[i] = new JSSEKeyManager((X509KeyManager)kms[i], alias);
}
}
return kms;
}
Example #20
| Source File: CompositeX509KeyManager.java From elexis-3-core with Eclipse Public License 1.0 | 5 votes |
|
/**
* Returns the first non-null private key associated with the given alias, or {@code null} if
* the alias can't be found.
*/
@Override
public @Nullable PrivateKey getPrivateKey(String alias){
for (List<X509KeyManager> keyManagers : keyManagers.values()) {
for (X509KeyManager x509KeyManager : keyManagers) {
PrivateKey privateKey = x509KeyManager.getPrivateKey(alias);
if (privateKey != null) {
return privateKey;
}
}
}
return null;
}
Example #21
| Source File: SSLStoreService.java From elexis-3-core with Eclipse Public License 1.0 | 5 votes |
|
@Activate
public void activate(){
SSLContext context;
try {
X509KeyManager jvmKeyManager = getJvmKeyManager();
X509TrustManager jvmTrustManager = getJvmTrustManager();
compositeKeyManager = new CompositeX509KeyManager();
KeyManager[] keyManagers = {
compositeKeyManager
};
compositeKeyManager.addKeyManager(jvmKeyManager);
compositeTrustManager = new CompositeX509TrustManager();
TrustManager[] trustManagers = {
compositeTrustManager
};
compositeTrustManager.addTrustManager(jvmTrustManager);
context = SSLContext.getInstance("SSL");
context.init(keyManagers, trustManagers, null);
SSLContext.setDefault(context);
} catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException
| KeyStoreException e) {
LoggerFactory.getLogger(getClass()).error("Could not initialize SSL context", e);
}
}
Example #22
| Source File: FileTrustStoreSslSocketFactory.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Override
public String[] getServerAliases(final String keyType, final Principal[] issuers) {
final List<String> aliases = new ArrayList<>();
for (final X509KeyManager keyManager : keyManagers) {
final List<String> list = Arrays.asList(keyManager.getServerAliases(keyType, issuers));
aliases.addAll(list);
}
return aliases.toArray(new String[] {});
}
Example #23
| Source File: CompositeX509KeyManager.java From elexis-3-core with Eclipse Public License 1.0 | 5 votes |
|
/**
* Get all matching aliases for authenticating the client side of a secure socket, or
* {@code null} if there are no matches.
*/
@Override
public @Nullable String[] getClientAliases(String keyType, Principal[] issuers){
List<String> ret = new ArrayList<>();
for (List<X509KeyManager> keyManagers : keyManagers.values()) {
for (X509KeyManager x509KeyManager : keyManagers) {
ret.addAll(Arrays.asList(x509KeyManager.getClientAliases(keyType, issuers)));
}
}
return ret.toArray(new String[ret.size()]);
}
Example #24
| Source File: X509KeyManagerX509CredentialAdapter.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Constructor.
*
* @param manager wrapped key manager
* @param alias alias used to reference the credential in the key manager
*/
public X509KeyManagerX509CredentialAdapter(X509KeyManager manager, String alias) {
if (manager == null) {
throw new IllegalArgumentException("Key manager may not be null");
}
keyManager = manager;
credentialAlias = DatatypeHelper.safeTrimOrNullString(alias);
if (credentialAlias == null) {
throw new IllegalArgumentException("Entity alias may not be null");
}
}
Example #25
| Source File: CompositeX509KeyManager.java From elexis-3-core with Eclipse Public License 1.0 | 5 votes |
|
/**
* Returns the first non-null certificate chain associated with the given alias, or {@code null}
* if the alias can't be found.
*/
@Override
public @Nullable X509Certificate[] getCertificateChain(String alias){
for (List<X509KeyManager> keyManagers : keyManagers.values()) {
for (X509KeyManager x509KeyManager : keyManagers) {
X509Certificate[] chain = x509KeyManager.getCertificateChain(alias);
if (chain != null && chain.length > 0) {
return chain;
}
}
}
return null;
}
Example #26
| Source File: FileTrustStoreSslSocketFactory.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Override
public String chooseClientAlias(final String[] keyType, final Principal[] issuers, final Socket socket) {
for (final X509KeyManager keyManager : keyManagers) {
final String alias = keyManager.chooseClientAlias(keyType, issuers, socket);
if (alias != null) {
return alias;
}
}
return null;
}
Example #27
| Source File: SSLUtil.java From scipio-erp with Apache License 2.0 | 5 votes |
|
public static KeyManager[] getKeyManagers(KeyStore ks, String password, String alias) throws GeneralSecurityException {
KeyManagerFactory factory = KeyManagerFactory.getInstance("SunX509");
factory.init(ks, password.toCharArray());
KeyManager[] keyManagers = factory.getKeyManagers();
if (alias != null) {
for (int i = 0; i < keyManagers.length; i++) {
if (keyManagers[i] instanceof X509KeyManager) {
keyManagers[i] = new AliasKeyManager((X509KeyManager)keyManagers[i], alias);
}
}
}
return keyManagers;
}
Example #28
| Source File: KeyStoreManagerImplTest.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
@Test
public void testEmptyPrincipalAttributes() throws Exception {
// create the key pair
keyStoreManager.generateAndStoreKeyPair(null, null, null, null, null, null);
// verify the KeyManager[] only contains one key
KeyManager[] keyManagers = keyStoreManager.getKeyManagers();
assertThat(keyManagers, notNullValue());
assertThat(keyManagers, arrayWithSize(1));
assertThat(keyManagers[0], instanceOf(X509KeyManager.class));
assertThat(
((X509KeyManager) keyManagers[0]).getCertificateChain(PRIVATE_KEY_ALIAS)[0].getSubjectDN().getName(),
equalTo(""));
}
Example #29
| Source File: JSSESocketFactory.java From tomcatsrc with Apache License 2.0 | 5 votes |
|
/**
* Gets the initialized key managers.
*/
protected KeyManager[] getKeyManagers(String keystoreType,
String keystoreProvider,
String algorithm,
String keyAlias)
throws Exception {
KeyManager[] kms = null;
String keystorePass = getKeystorePassword();
KeyStore ks = getKeystore(keystoreType, keystoreProvider, keystorePass);
if (keyAlias != null && !ks.isKeyEntry(keyAlias)) {
throw new IOException(
sm.getString("jsse.alias_no_key_entry", keyAlias));
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
String keyPass = endpoint.getKeyPass();
if (keyPass == null) {
keyPass = keystorePass;
}
kmf.init(ks, keyPass.toCharArray());
kms = kmf.getKeyManagers();
if (keyAlias != null) {
String alias = keyAlias;
if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType)) {
alias = alias.toLowerCase(Locale.ENGLISH);
}
for(int i=0; i<kms.length; i++) {
kms[i] = new JSSEKeyManager((X509KeyManager)kms[i], alias);
}
}
return kms;
}
Example #30
| Source File: OpenSSLContextSPI.java From wildfly-openssl with Apache License 2.0 | 5 votes |
|
private X509KeyManager chooseKeyManager(KeyManager[] tms) {
if(tms == null) {
return null;
}
for (KeyManager tm : tms) {
if (tm instanceof X509KeyManager) {
return (X509KeyManager) tm;
}
}
throw new IllegalStateException(Messages.MESSAGES.keyManagerIsMissing());
}
