private static SSLContext getPreferredSslContext() { try { final SSLContext sslcontext = SSLContext.getInstance("TLS"); // http://download.java.net/jdk9/docs/technotes/guides/security/jsse/JSSERefGuide.html sslcontext.init(null, null, null); return sslcontext; } catch (final NoSuchAlgorithmException | KeyManagementException ex) { throw new SSLInitializationException(ex.getMessage(), ex); } }
/** * @throws SSLInitializationException */ private static SchemeLayeredSocketFactory checkAndInit() throws SSLInitializationException { log.info("Setting up HTTPS TrustAll Socket Factory"); try { return new HC4TrustAllSSLSocketFactory(); } catch (GeneralSecurityException e) { log.warn("Failed to initialise HTTPS HC4TrustAllSSLSocketFactory", e); return SSLSocketFactory.getSocketFactory(); } }
/** * The default SSLContext implementation. * <p> * Creates a SSLContext with a TrustManager implementation for managing the specified <i>TrustStore</i> file. * The information to access the TrustStore file must be provided through the {@link SDKConfiguration} parameter. * These information include the path to the file, its password and the type. Currently, the only type supported * is the default type JKS. * </p> * * @param config SDK configuration containing SSL properties that will be used to create the context. * These properties comprehends the path to the TrustSore file and its password. * @return {@link SSLContext} */ private static SSLContext getDefaultContext(SDKConfiguration config) { try { File trustStore = new File(config.getTrustStoreFile()); SSLContext context = SSLContextBuilder.create() .loadTrustMaterial(trustStore, config.getTrustStorePassword().toCharArray()) .build(); return context; } catch (GeneralSecurityException | IOException e) { throw new SSLInitializationException(e.getMessage(), e); } }
/** * This SSLContext bypass any server validation which means that no verification is made to check * whether the response came from the real server or from a fake one. * <p> * <b>This implementation is only intent for testing purposes. * Do not use it in a production environment!</b> * </p> * @return {@link SSLContext} */ private static SSLContext getTrustAllContext() { try { SSLContext context = SSLContext.getInstance(SSLConnectionSocketFactory.TLS); context.init(null, new TrustManager[]{ new TrustAllX509TrustManager() }, new SecureRandom()); return context; } catch (GeneralSecurityException e) { throw new SSLInitializationException(e.getMessage(), e); } }
/** * Uses the current JVM SSL context. * <br> * The context can be configured/modified by setting the following properties: * <ul> * <li>javax.net.ssl.trustStore</li> * <li>javax.net.ssl.trustStorePassword</li> * <li>javax.net.ssl.trustStoreType</li> * </ul> * Below is an example that illustrates how these values can be configured programmatically: * <pre>{@code * System.setProperty("javax.net.ssl.trustStore", path_to_file); * System.setProperty("javax.net.ssl.trustStorePassword", password); * System.setProperty("javax.net.ssl.trustStoreType", type); * System.setProperty("https.protocol", "TLSv1.2"); * } * </pre> * * Be aware that once these values have been modified, the JVM will use them to verify * connections against any HTTPS (or other SSL connection). Thus, their modification can * cause issues when using the SDK within a application which also connects to others * SSL enabled services. * <br> * If a trust store location is not specified using this properties, * the SunJSSE implementation searches for and uses a keystore file in the * following locations (in order): * <ul> * <li>$JAVA_HOME/lib/security/jssecacerts</li> * <li>$JAVA_HOME/lib/security/cacerts</li> * </ul> * * @return {@link SSLContext} */ private static SSLContext getAvailableContext() { try { SSLContext context = SSLContext.getInstance(SSLConnectionSocketFactory.TLS); context.init(null, null, new SecureRandom()); return context; } catch (GeneralSecurityException e) { throw new SSLInitializationException(e.getMessage(), e); } }
