@Override protected final KeyManager[] engineGetKeyManagers() { List<X509ExtendedKeyManager> delegates = new ArrayList<>(); X509ExtendedKeyManager systemKeyManager = getSystemKeyManager(); if (systemKeyManager != null) { delegates.add(systemKeyManager); } FileWatchingX509ExtendedKeyManager containerKeyManager = getContainerKeyManager(); if (containerKeyManager != null) { delegates.add(containerKeyManager); } return new KeyManager[]{new DelegatingX509ExtendedKeyManager(delegates)}; }
public void implRun() throws SSLException { KeyExchangeAlgorithm kexalg = engine.session().suite.keyExchangeAlgorithm(); X509ExtendedKeyManager km = engine.contextImpl.keyManager; Principal[] issuers = null; // XXX use TrustedAuthorities extension. keyAlias = km.chooseEngineServerAlias(kexalg.name(), issuers, engine); if (keyAlias == null) throw new SSLException("no certificates available"); X509Certificate[] chain = km.getCertificateChain(keyAlias); engine.session().setLocalCertificates(chain); localCert = chain[0]; serverKey = km.getPrivateKey(keyAlias); if (kexalg == DH_DSS || kexalg == DH_RSA) dhPair = new KeyPair(localCert.getPublicKey(), km.getPrivateKey(keyAlias)); }
private static X509ExtendedKeyManager getX509KeyManager(KeyManager keyManager) throws StartException { if (keyManager == null) { return null; } if (keyManager instanceof X509ExtendedKeyManager) { X509ExtendedKeyManager x509KeyManager = (X509ExtendedKeyManager) keyManager; if (x509KeyManager instanceof DelegatingKeyManager && IS_FIPS.getAsBoolean()) { ROOT_LOGGER.trace("FIPS enabled on JVM, unwrapping KeyManager"); // If FIPS is enabled unwrap the KeyManager x509KeyManager = ((DelegatingKeyManager)x509KeyManager).delegating.get(); } return x509KeyManager; } throw ROOT_LOGGER.invalidTypeInjected(X509ExtendedKeyManager.class.getSimpleName()); }
private CipherTestUtils() throws IOException, FileNotFoundException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, InvalidKeySpecException { factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); KeyStore serverKeyStore = createServerKeyStore(SERVER_PUBLIC_KEY, SERVER_PRIVATE_KEY); KeyStore serverTrustStore = createServerKeyStore(CA_PUBLIC_KEY, CA_PRIVATE_KEY); if (serverKeyStore != null) { KeyManagerFactory keyFactory1 = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); keyFactory1.init(serverKeyStore, PASSWORD); serverKeyManager = (X509ExtendedKeyManager) keyFactory1. getKeyManagers()[0]; } else { serverKeyManager = null; } serverTrustManager = serverTrustStore != null ? new AlwaysTrustManager(serverTrustStore) : null; KeyStore clientKeyStore, clientTrustStore; clientTrustStore = serverTrustStore; clientKeyStore = createServerKeyStore(CLIENT_PUBLIC_KEY,CLIENT_PRIVATE_KEY); if (clientKeyStore != null) { KeyManagerFactory keyFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); keyFactory.init(clientKeyStore, PASSWORD); clientKeyManager = (X509ExtendedKeyManager) keyFactory. getKeyManagers()[0]; } else { clientKeyManager = null; } clientTrustManager = (clientTrustStore != null) ? new AlwaysTrustManager(clientTrustStore) : null; }
public MyX509ExtendedKeyManager( X509ExtendedKeyManager akm, String expectedAP, boolean doCheck) { this.akm = akm; this.expectedAP = expectedAP; this.doCheck = doCheck; }
@Override public String chooseClientAlias(final String[] strings, final Principal[] principals, final Socket socket) { return with(new Function<String>() { @Override public String apply(X509ExtendedKeyManager delegate) { return delegate.chooseClientAlias(strings, principals, socket); } }); }
@Override public String chooseEngineClientAlias(final String[] strings, final Principal[] principals, final SSLEngine sslEngine) { return with(new Function<String>() { @Override public String apply(X509ExtendedKeyManager delegate) { return delegate.chooseEngineClientAlias(strings, principals, sslEngine); } }); }
@Override public String chooseEngineServerAlias(final String s, final Principal[] principals, final SSLEngine sslEngine) { return with(new Function<String>() { @Override public String apply(X509ExtendedKeyManager delegate) { return delegate.chooseEngineServerAlias(s, principals, sslEngine); } }); }
@Override public String chooseServerAlias(final String s, final Principal[] principals, final Socket socket) { return with(new Function<String>() { @Override public String apply(X509ExtendedKeyManager delegate) { return delegate.chooseServerAlias(s, principals, socket); } }); }
@Override public X509Certificate[] getCertificateChain(final String s) { return with(new Function<X509Certificate[]>() { @Override public X509Certificate[] apply(X509ExtendedKeyManager delegate) { return delegate.getCertificateChain(s); } }); }
@Override public String[] getClientAliases(final String s, final Principal[] principals) { return collect(new Function<String[]>() { @Override public String[] apply(X509ExtendedKeyManager delegate) { return delegate.getClientAliases(s, principals); } }); }
@Override public PrivateKey getPrivateKey(final String s) { return with(new Function<PrivateKey>() { @Override public PrivateKey apply(X509ExtendedKeyManager delegate) { return delegate.getPrivateKey(s); } }); }
@Override public String[] getServerAliases(final String s, final Principal[] principals) { return collect(new Function<String[]>() { @Override public String[] apply(X509ExtendedKeyManager delegate) { return delegate.getServerAliases(s, principals); } }); }
private String[] collect(Function<String[]> function) { List<String> collected = new ArrayList<>(); for (X509ExtendedKeyManager delegate : this.delegates) { String[] candidate = function.apply(delegate); if (candidate != null) { Collections.addAll(collected, candidate); } } return collected.toArray(new String[collected.size()]); }
private <T> T with(Function<T> function) { for (X509ExtendedKeyManager delegate : this.delegates) { T candidate = function.apply(delegate); if (candidate != null) { return candidate; } } return null; }
private X509ExtendedKeyManager getKeyManager(KeyStore keyStore) { try { this.keyManagerFactory.init(keyStore, new char[0]); for (KeyManager keyManager : this.keyManagerFactory.getKeyManagers()) { if (keyManager instanceof X509ExtendedKeyManager) { return (X509ExtendedKeyManager) keyManager; } } throw new IllegalStateException("No X509ExtendedKeyManager available"); } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) { throw new UndeclaredThrowableException(e); } }
private X509ExtendedKeyManager getSystemKeyManager() { synchronized (MONITOR) { if (this.cachedSystemKeyManager == null) { for (KeyManager candidate : this.systemKeyManagerFactory.getKeyManagers()) { if (candidate instanceof X509ExtendedKeyManager) { this.logger.info("Adding System Key Manager"); this.cachedSystemKeyManager = (X509ExtendedKeyManager) candidate; break; } } } return this.cachedSystemKeyManager; } }
SerialNumberExtractor() throws GeneralSecurityException { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(null, null); KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); KeyManager keyManager = keyManagers[0]; this.keyManager = (X509ExtendedKeyManager) keyManager; }
@Override public String chooseServerAlias(X509KeyManager keyManager, String keyType) { if (keyManager instanceof X509ExtendedKeyManager) { X509ExtendedKeyManager ekm = (X509ExtendedKeyManager) keyManager; return ekm.chooseEngineServerAlias(keyType, null, this); } else { return keyManager.chooseServerAlias(keyType, null, null); } }
@Override public String chooseClientAlias( X509KeyManager keyManager, X500Principal[] issuers, String[] keyTypes) { if (keyManager instanceof X509ExtendedKeyManager) { X509ExtendedKeyManager ekm = (X509ExtendedKeyManager) keyManager; return ekm.chooseEngineClientAlias(keyTypes, issuers, this); } else { return keyManager.chooseClientAlias(keyTypes, issuers, null); } }
public void implRun() { X509ExtendedKeyManager km = engine.contextImpl.keyManager; if (km == null) return; keyAlias = km.chooseEngineClientAlias(keyTypes.toArray(new String[keyTypes.size()]), issuers.toArray(new X500Principal[issuers.size()]), engine); engine.session().setLocalCertificates(km.getCertificateChain(keyAlias)); privateKey = km.getPrivateKey(keyAlias); }
private static KeyManager[] getAliasedKeyManagers(KeyManager[] managers, String alias) { if (managers != null) { if (alias != null) { for (int idx = 0; idx < managers.length; idx++) { if (managers[idx] instanceof X509ExtendedKeyManager) { managers[idx] = new ClientAliasedX509ExtendedKeyManager((X509ExtendedKeyManager) managers[idx], alias); } } } } return managers; }
@Test public void testKeyManagerProxyGeClientAliases(@Mocked X509ExtendedKeyManager mockedKeyManager) throws CertificateException { new Expectations() {{ mockedKeyManager.getClientAliases("cert", (Principal[]) any); times = 1; }}; KeyManagerProxy keyManagerProxy = new KeyManagerProxy(new KeyManager[]{mockedKeyManager}); keyManagerProxy.getClientAliases("cert", null); }
@Test public void testKeyManagerProxyChooseClientAlias(@Mocked X509ExtendedKeyManager mockedKeyManager) throws CertificateException { new Expectations() {{ mockedKeyManager.chooseClientAlias((String[]) any, (Principal[]) any, (Socket) any); times = 1; }}; KeyManagerProxy keyManagerProxy = new KeyManagerProxy(new KeyManager[]{mockedKeyManager}); keyManagerProxy.chooseClientAlias(null, null, null); }
@Test public void testKeyManagerProxyGetServerAliases(@Mocked X509ExtendedKeyManager mockedKeyManager) throws CertificateException { new Expectations() {{ mockedKeyManager.getServerAliases("cert", (Principal[]) any); times = 1; }}; KeyManagerProxy keyManagerProxy = new KeyManagerProxy(new KeyManager[]{mockedKeyManager}); keyManagerProxy.getServerAliases("cert", null); }
@Test public void testKeyManagerProxyChooseServerAlias(@Mocked X509ExtendedKeyManager mockedKeyManager) throws CertificateException { new Expectations() {{ mockedKeyManager.chooseServerAlias("cert", (Principal[]) any, (Socket) any); times = 1; }}; KeyManagerProxy keyManagerProxy = new KeyManagerProxy(new KeyManager[]{mockedKeyManager}); keyManagerProxy.chooseServerAlias("cert", null, null); }
@Test public void testKeyManagerProxyGetCertificateChain(@Mocked X509ExtendedKeyManager mockedKeyManager) throws CertificateException { new Expectations() {{ mockedKeyManager.getCertificateChain("cert"); times = 1; }}; KeyManagerProxy keyManagerProxy = new KeyManagerProxy(new KeyManager[]{mockedKeyManager}); keyManagerProxy.getCertificateChain("cert"); }
@Test public void testKeyManagerProxyGetPrivateKey(@Mocked X509ExtendedKeyManager mockedKeyManager) throws CertificateException { new Expectations() {{ mockedKeyManager.getPrivateKey("cert"); times = 1; }}; KeyManagerProxy keyManagerProxy = new KeyManagerProxy(new KeyManager[]{mockedKeyManager}); keyManagerProxy.getPrivateKey("cert"); }
public AliasX509KeyManager(String alias,X509ExtendedKeyManager keyMgr,KeyStore ks) { this.keyMgr = keyMgr; this.alias = alias; this.chains = new HashMap<String,X509Certificate[]>(); try { Enumeration enumer = ks.aliases(); while (enumer.hasMoreElements()) { String certName = (String) enumer.nextElement(); X509Certificate cert = (X509Certificate) ks.getCertificate(certName); if (cert == null) { continue; } ArrayList<X509Certificate> chain = new ArrayList<X509Certificate>(); chain.add(cert); addSigners(cert,chain,ks); X509Certificate[] certChain = new X509Certificate[chain.size()]; for (int i=0;i<certChain.length;i++) { certChain[i] = chain.get(i); } this.chains.put(certName, certChain); } } catch (KeyStoreException e) { logger.error("Could not generate certificate chains",e); } }
public TremoloX509KeyManager(X509ExtendedKeyManager keyMgr,KeyStore ks) { this.keyMgr = keyMgr; this.chains = new HashMap<String,X509Certificate[]>(); try { Enumeration enumer = ks.aliases(); while (enumer.hasMoreElements()) { String certName = (String) enumer.nextElement(); X509Certificate cert = (X509Certificate) ks.getCertificate(certName); if (cert == null) { continue; } ArrayList<X509Certificate> chain = new ArrayList<X509Certificate>(); chain.add(cert); addSigners(cert,chain,ks); X509Certificate[] certChain = new X509Certificate[chain.size()]; for (int i=0;i<certChain.length;i++) { certChain[i] = chain.get(i); } this.chains.put(certName, certChain); } } catch (KeyStoreException e) { logger.error("Could not generate certificate chains",e); } }
/** * Get the key manager backed by the specified key store. * * @param keystorePath the path to the key store to load. * @return the initialised key manager. */ private X509ExtendedKeyManager getKeyManager(final String keystorePath) throws Exception { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(loadKeyStore(keystorePath), "Elytron".toCharArray()); for (KeyManager current : keyManagerFactory.getKeyManagers()) { if (current instanceof X509ExtendedKeyManager) { return (X509ExtendedKeyManager) current; } } throw new IllegalStateException("Unable to obtain X509ExtendedKeyManager."); }
@Override public String[] getClientAliases(String s, Principal[] principals) { X509ExtendedKeyManager km = keyManagerLocalRef.get(); if (km != null) { return km.getClientAliases(s, principals); } return null; }
@Override public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) { X509ExtendedKeyManager km = keyManagerLocalRef.get(); if (km != null) { return km.chooseClientAlias(strings, principals, socket); } return null; }
