Java Code Examples for java.security.Security#getProperty()
The following examples show how to use
java.security.Security#getProperty() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DefaultSSLServSocketFac.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
// reserve the security properties
String reservedSSFacProvider =
Security.getProperty("ssl.ServerSocketFactory.provider");
try {
Security.setProperty("ssl.ServerSocketFactory.provider", "oops");
ServerSocketFactory ssocketFactory =
SSLServerSocketFactory.getDefault();
SSLServerSocket sslServerSocket =
(SSLServerSocket)ssocketFactory.createServerSocket();
} catch (Exception e) {
if (!(e.getCause() instanceof ClassNotFoundException)) {
throw e;
}
// get the expected exception
} finally {
// restore the security properties
if (reservedSSFacProvider == null) {
reservedSSFacProvider = "";
}
Security.setProperty("ssl.ServerSocketFactory.provider",
reservedSSFacProvider);
}
}
Example 2
| Source File: RegistryImpl.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Initialize the registryFilter from the security properties or system property; if any
* @return an ObjectInputFilter, or null
*/
private static ObjectInputFilter initRegistryFilter() {
ObjectInputFilter filter = null;
String props = System.getProperty(REGISTRY_FILTER_PROPNAME);
if (props == null) {
props = Security.getProperty(REGISTRY_FILTER_PROPNAME);
}
if (props != null) {
filter = ObjectInputFilter.Config.createFilter2(props);
Log regLog = Log.getLog("sun.rmi.registry", "registry", -1);
if (regLog.isLoggable(Log.BRIEF)) {
regLog.log(Log.BRIEF, "registryFilter = " + filter);
}
}
return filter;
}
Example 3
| Source File: FailoverToCRL.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
public static void main(String args[]) throws Exception {
CertPath path = generateCertificatePath();
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore crls = generateCertificateStore();
PKIXParameters params = new PKIXParameters(anchors);
// add the CRL store
params.addCertStore(crls);
// Activate certificate revocation checking
params.setRevocationEnabled(true);
// Activate OCSP
Security.setProperty("ocsp.enable", "true");
System.setProperty("com.sun.security.enableCRLDP", "true");
// Ensure that the ocsp.responderURL property is not set.
if (Security.getProperty("ocsp.responderURL") != null) {
throw new
Exception("The ocsp.responderURL property must not be set");
}
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
try {
validator.validate(path, params);
} catch (CertPathValidatorException cpve) {
if (cpve.getReason() != BasicReason.REVOKED) {
throw new Exception(
"unexpected exception, should be a REVOKED CPVE", cpve);
}
}
}
Example 4
| Source File: DGCImpl.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
/**
* Initialize the dgcFilter from the security properties or system property; if any
* @return an ObjectInputFilter, or null
*/
private static ObjectInputFilter initDgcFilter() {
ObjectInputFilter filter = null;
String props = System.getProperty(DGC_FILTER_PROPNAME);
if (props == null) {
props = Security.getProperty(DGC_FILTER_PROPNAME);
}
if (props != null) {
filter = ObjectInputFilter.Config.createFilter(props);
if (dgcLog.isLoggable(Log.BRIEF)) {
dgcLog.log(Log.BRIEF, "dgcFilter = " + filter);
}
}
return filter;
}
Example 5
| Source File: JdkSslContext.java From netty4.0.27Learn with Apache License 2.0 | 5 votes |
|
/**
* Build a {@link KeyManagerFactory} based upon a key file, key file password, and a certificate chain.
* @param certChainFile a X.509 certificate chain file in PEM format
* @param keyFile a PKCS#8 private key file in PEM format
* @param keyPassword the password of the {@code keyFile}.
* {@code null} if it's not password-protected.
* @param kmf The existing {@link KeyManagerFactory} that will be used if not {@code null}
* @return A {@link KeyManagerFactory} based upon a key file, key file password, and a certificate chain.
*/
protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile, File keyFile, String keyPassword,
KeyManagerFactory kmf)
throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException,
CertificateException, KeyException, IOException {
String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
if (algorithm == null) {
algorithm = "SunX509";
}
return buildKeyManagerFactory(certChainFile, algorithm, keyFile, keyPassword, kmf);
}
Example 6
| Source File: SecurityConfig.java From Tomcat7.0.67 with Apache License 2.0 | 5 votes |
|
/**
* Set the proper security property
* @param properties the package.* property.
*/
private final void setSecurityProperty(String properties, String packageList){
if (System.getSecurityManager() != null){
String definition = Security.getProperty(properties);
if( definition != null && definition.length() > 0 ){
if (packageList.length() > 0) {
definition = definition + ',' + packageList;
}
} else {
definition = packageList;
}
Security.setProperty(properties, definition);
}
}
Example 7
| Source File: FailoverToCRL.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
CertPath path = generateCertificatePath();
Set<TrustAnchor> anchors = generateTrustAnchors();
CertStore crls = generateCertificateStore();
PKIXParameters params = new PKIXParameters(anchors);
// add the CRL store
params.addCertStore(crls);
// Activate certificate revocation checking
params.setRevocationEnabled(true);
// Activate OCSP
Security.setProperty("ocsp.enable", "true");
System.setProperty("com.sun.security.enableCRLDP", "true");
// Ensure that the ocsp.responderURL property is not set.
if (Security.getProperty("ocsp.responderURL") != null) {
throw new
Exception("The ocsp.responderURL property must not be set");
}
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
try {
validator.validate(path, params);
} catch (CertPathValidatorException cpve) {
if (cpve.getReason() != BasicReason.REVOKED) {
throw new Exception(
"unexpected exception, should be a REVOKED CPVE", cpve);
}
}
}
Example 8
| Source File: GetBooleanSecurityPropertyAction.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Determines the boolean value of the security property whose name was
* specified in the constructor.
*
* @return the <code>Boolean</code> value of the security property.
*/
public Boolean run() {
boolean b = false;
try {
String value = Security.getProperty(theProp);
b = (value != null) && value.equalsIgnoreCase("true");
} catch (NullPointerException e) {}
return b;
}
Example 9
| Source File: IpcdServerTlsContext.java From arcusipcd with Apache License 2.0 | 5 votes |
|
public IpcdServerTlsContext(Boolean useTls, String keystoreFilePath, String keystoreFilePassword, String keyPassword) {
this.useTls = useTls;
if (useTls) {
SSLContext serverContext = null;
try {
String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm");
if (algorithm == null) { algorithm = "SunX509"; }
try {
KeyStore ks = KeyStore.getInstance("JKS");
//FileInputStream fin = new FileInputStream(keystoreFilePath);
ks.load(getKeyStoreInputStream(keystoreFilePath), keystoreFilePassword.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
kmf.init(ks, keyPassword.toCharArray());
serverContext = SSLContext.getInstance(PROTOCOL);
serverContext.init(kmf.getKeyManagers(), null, null);
} catch (Exception e) {
throw new Error("Failed to initialize the server-side SSLContext", e);
}
} catch (Exception ex) {
logger.error("Error initializing SslContextManager.", ex);
} finally {
_context = serverContext;
}
} else {
_context = null;
}
}
Example 10
| Source File: MerlinWithCRLDistributionPointsExtension.java From eet-client with MIT License | 5 votes |
|
private void configureSystemProperties() {
Init.init();
final boolean crlDownloadEnabled = Boolean.getBoolean("com.sun.security.enableCRLDP");
final boolean checkRevocationEnabled = Boolean.getBoolean("com.sun.net.ssl.checkRevocation");
final String value = Security.getProperty("com.sun.security.onlyCheckRevocationOfEECert");
final boolean onlyCheckRevocationOfEECert = (value != null) && value.equalsIgnoreCase("true");
if (!crlDownloadEnabled || !checkRevocationEnabled || !onlyCheckRevocationOfEECert) {
logger.info("System properties will be configured to enable certificate revocation checks.");
System.setProperty("com.sun.security.enableCRLDP", "true");
System.setProperty("com.sun.net.ssl.checkRevocation", "true");
Security.setProperty("com.sun.security.onlyCheckRevocationOfEECert", "true"); // verify only revocation of the last cert in path (the EET cert)
}
}
Example 11
| Source File: X509Certificate.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
public String run() {
return Security.getProperty(X509_PROVIDER);
}
Example 12
| Source File: LdapServer.java From MyVirtualDirectory with Apache License 2.0 | 4 votes |
|
/**
* loads the digital certificate either from a keystore file or from the admin entry in DIT
*/
public void loadKeyStore() throws Exception
{
if ( Strings.isEmpty( keystoreFile ) )
{
Provider provider = Security.getProvider( "SUN" );
LOG.debug( "provider = {}", provider );
CoreKeyStoreSpi coreKeyStoreSpi = new CoreKeyStoreSpi( getDirectoryService() );
keyStore = new KeyStore( coreKeyStoreSpi, provider, "JKS" )
{
};
try
{
keyStore.load( null, null );
}
catch ( Exception e )
{
// nothing really happens with this keystore
}
}
else
{
keyStore = KeyStore.getInstance( KeyStore.getDefaultType() );
try ( FileInputStream fis = new FileInputStream( keystoreFile ) )
{
keyStore.load( fis, null );
}
// Set up key manager factory to use our key store
String algorithm = Security.getProperty( "ssl.KeyManagerFactory.algorithm" );
if ( algorithm == null )
{
algorithm = KeyManagerFactory.getDefaultAlgorithm();
}
keyManagerFactory = KeyManagerFactory.getInstance( algorithm );
if ( Strings.isEmpty( certificatePassword ) )
{
keyManagerFactory.init( keyStore, null );
}
else
{
keyManagerFactory.init( keyStore, certificatePassword.toCharArray() );
}
}
}
Example 13
| Source File: XiProviderRegister.java From xipki with Apache License 2.0 | 4 votes |
|
public void regist() {
if (Security.getProperty(XiProvider.PROVIDER_NAME) == null) {
Security.addProvider(new XiProvider());
}
}
Example 14
| Source File: TomcatLoader.java From tomee with Apache License 2.0 | 4 votes |
|
public static void init() {
if (Security.getProperty("authconfigprovider.factory") == null) { // the API we use doesn't have the right default
Security.setProperty("authconfigprovider.factory", "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl");
}
}
Example 15
| Source File: CacheTest.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String args[]) throws Exception {
/*
* First check the ttl on negative lookups is in the <15 second
* range. If the ttl is <=0 it means we cache forever or always
* consult the name service. For ttl > 15 the test would take
* too long so we skip it (need to coordinate jtreg timeout
* with negative ttl)
*/
String ttlProp = "networkaddress.cache.negative.ttl";
int ttl = 0;
String policy = Security.getProperty(ttlProp);
if (policy != null) {
ttl = Integer.parseInt(policy);
}
if (ttl <= 0 || ttl > 15) {
System.err.println("Security property " + ttlProp + " needs to " +
" in 1-15 second range to execute this test");
return;
}
/*
* The following outlines how the test works :-
*
* 1. Do a lookup via InetAddress.getByName that it guaranteed
* to succeed. This forces at least one entry into the cache
* that will not expire.
*
* 2. Do a lookup via InetAddress.getByName that is guarnateed
* to fail. This results in a negative lookup cached for
* for a short period to time.
*
* 3. Wait for the cache entry to expire.
*
* 4. Do a lookup (which should consult the name service) and
* the lookup should succeed.
*/
// name service needs to resolve this.
SimpleNameService.put("theclub", "129.156.220.219");
// this lookup will succeed
InetAddress.getByName("theclub");
// lookup "luster" - this should throw UHE as name service
// doesn't know anything about this host.
try {
InetAddress.getByName("luster");
throw new RuntimeException("Test internal error " +
" - luster is bring resolved by name service");
} catch (UnknownHostException x) {
}
// name service now needs to know about luster
SimpleNameService.put("luster", "10.5.18.21");
// wait for the cache entry to expire and lookup should
// succeed.
Thread.currentThread().sleep(ttl*1000 + 1000);
InetAddress.getByName("luster");
}
Example 16
| Source File: AIACheck.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
X509Certificate aiaCert = loadCertificate("AIACert.pem");
X509Certificate rootCert = loadCertificate("RootCert.pem");
List<X509Certificate> list =
//Arrays.asList(new X509Certificate[] {aiaCert, rootCert});
Arrays.asList(new X509Certificate[] {aiaCert});
CertificateFactory cf = CertificateFactory.getInstance("X.509");
CertPath path = cf.generateCertPath(list);
TrustAnchor anchor = new TrustAnchor(rootCert, null);
Set<TrustAnchor> anchors = Collections.singleton(anchor);
PKIXParameters params = new PKIXParameters(anchors);
// Activate certificate revocation checking
params.setRevocationEnabled(true);
// Activate OCSP
Security.setProperty("ocsp.enable", "true");
// Ensure that the ocsp.responderURL property is not set.
if (Security.getProperty("ocsp.responderURL") != null) {
throw new
Exception("The ocsp.responderURL property must not be set");
}
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
try {
validator.validate(path, params);
throw new Exception("Successfully validated an invalid path");
} catch (CertPathValidatorException e ) {
if (! (e.getCause() instanceof SocketException)) {
throw e;
}
// Success - client located OCSP responder in AIA extension
// and attempted to connect.
System.out.println("Extracted the URL of the OCSP responder from " +
"the certificate's AuthorityInfoAccess extension.");
}
}
Example 17
| Source File: CacheTest.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
public static void main(String args[]) throws Exception {
/*
* First check the ttl on negative lookups is in the <15 second
* range. If the ttl is <=0 it means we cache forever or always
* consult the name service. For ttl > 15 the test would take
* too long so we skip it (need to coordinate jtreg timeout
* with negative ttl)
*/
String ttlProp = "networkaddress.cache.negative.ttl";
int ttl = 0;
String policy = Security.getProperty(ttlProp);
if (policy != null) {
ttl = Integer.parseInt(policy);
}
if (ttl <= 0 || ttl > 15) {
System.err.println("Security property " + ttlProp + " needs to " +
" in 1-15 second range to execute this test");
return;
}
/*
* The following outlines how the test works :-
*
* 1. Do a lookup via InetAddress.getByName that it guaranteed
* to succeed. This forces at least one entry into the cache
* that will not expire.
*
* 2. Do a lookup via InetAddress.getByName that is guarnateed
* to fail. This results in a negative lookup cached for
* for a short period to time.
*
* 3. Wait for the cache entry to expire.
*
* 4. Do a lookup (which should consult the name service) and
* the lookup should succeed.
*/
// name service needs to resolve this.
SimpleNameService.put("theclub", "129.156.220.219");
// this lookup will succeed
InetAddress.getByName("theclub");
// lookup "luster" - this should throw UHE as name service
// doesn't know anything about this host.
try {
InetAddress.getByName("luster");
throw new RuntimeException("Test internal error " +
" - luster is bring resolved by name service");
} catch (UnknownHostException x) {
}
// name service now needs to know about luster
SimpleNameService.put("luster", "10.5.18.21");
// wait for the cache entry to expire and lookup should
// succeed.
Thread.currentThread().sleep(ttl*1000 + 1000);
InetAddress.getByName("luster");
}
Example 18
| Source File: ProviderList.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
/**
* Return a new ProviderList parsed from the java.security Properties.
*/
private ProviderList() {
List<ProviderConfig> configList = new ArrayList<>();
String entry;
int i = 1;
while ((entry = Security.getProperty("security.provider." + i)) != null) {
entry = entry.trim();
if (entry.length() == 0) {
System.err.println("invalid entry for " +
"security.provider." + i);
break;
}
int k = entry.indexOf(' ');
ProviderConfig config;
if (k == -1) {
config = new ProviderConfig(entry);
} else {
String provName = entry.substring(0, k);
String argument = entry.substring(k + 1).trim();
config = new ProviderConfig(provName, argument);
}
// Get rid of duplicate providers.
if (configList.contains(config) == false) {
configList.add(config);
}
i++;
}
configs = configList.toArray(PC0);
// Load config entries for use when getInstance is called
entry = Security.getProperty("jdk.security.provider.preferred");
if (entry != null && (entry = entry.trim()).length() > 0) {
String[] entries = entry.split(",");
if (ProviderList.preferredPropList == null) {
ProviderList.preferredPropList = new PreferredList();
}
for (String e : entries) {
i = e.indexOf(':');
if (i < 0) {
if (debug != null) {
debug.println("invalid preferred entry skipped. " +
"Missing colon delimiter \"" + e + "\"");
}
continue;
}
ProviderList.preferredPropList.add(new PreferredEntry(
e.substring(0, i).trim(), e.substring(i + 1).trim()));
}
}
if (debug != null) {
debug.println("provider configuration: " + configList);
debug.println("config configuration: " +
ProviderList.preferredPropList);
}
}
Example 19
| Source File: AIACheck.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty(
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
X509Certificate aiaCert = loadCertificate("AIACert.pem");
X509Certificate rootCert = loadCertificate("RootCert.pem");
List<X509Certificate> list =
//Arrays.asList(new X509Certificate[] {aiaCert, rootCert});
Arrays.asList(new X509Certificate[] {aiaCert});
CertificateFactory cf = CertificateFactory.getInstance("X.509");
CertPath path = cf.generateCertPath(list);
TrustAnchor anchor = new TrustAnchor(rootCert, null);
Set<TrustAnchor> anchors = Collections.singleton(anchor);
PKIXParameters params = new PKIXParameters(anchors);
// Activate certificate revocation checking
params.setRevocationEnabled(true);
// Activate OCSP
Security.setProperty("ocsp.enable", "true");
// Ensure that the ocsp.responderURL property is not set.
if (Security.getProperty("ocsp.responderURL") != null) {
throw new
Exception("The ocsp.responderURL property must not be set");
}
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
try {
validator.validate(path, params);
throw new Exception("Successfully validated an invalid path");
} catch (CertPathValidatorException e ) {
if (! (e.getCause() instanceof SocketException)) {
throw e;
}
// Success - client located OCSP responder in AIA extension
// and attempted to connect.
System.out.println("Extracted the URL of the OCSP responder from " +
"the certificate's AuthorityInfoAccess extension.");
}
}
Example 20
| Source File: InetAddressCachePolicy.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
public String run() {
return Security.getProperty(cachePolicyProp);
}
