Java SSLContext.setDefault方法代码示例

import javax.net.ssl.SSLContext; //导入方法依赖的package包/类
/**
 * Method that bypasses every SSL certificate verification and accepts every
 * connection with any SSL protected device that ONOS has an interaction with.
 * Needs addressing for secutirty purposes.
 *
 * @throws NoSuchAlgorithmException if algorithm specified is not available
 * @throws KeyManagementException if unable to use the key
 */
//FIXME redo for security purposes.
protected static void enableSslCert() throws NoSuchAlgorithmException, KeyManagementException {
    SSLContext ctx = SSLContext.getInstance(TLS);
    ctx.init(new KeyManager[0], new TrustManager[]{new DefaultTrustManager()}, new SecureRandom());
    SSLContext.setDefault(ctx);
    HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> {
        //FIXME better way to do this.
        return true;
    });
}
 

import javax.net.ssl.SSLContext; //导入方法依赖的package包/类
/**
 * Sets the SSLContext of the TLSServer and TLSClient with the given keystore and truststore locations as
 * well as the password protecting the keystores/truststores.
 * 
 * @param keyStorePath The relative path and filename for the keystore
 * @param trustStorePath The relative path and filename for the truststore
 * @param keyStorePassword The password protecting the keystore
 */
public static void setSSLContext(
		String keyStorePath, 
		String trustStorePath,
		String keyStorePassword) {
    KeyStore keyStore = SecurityUtils.getKeyStore(keyStorePath, keyStorePassword);
    KeyStore trustStore = SecurityUtils.getKeyStore(trustStorePath, keyStorePassword);

	try {
		// Initialize a key manager factory with the keystore
	    KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
		keyFactory.init(keyStore, keyStorePassword.toCharArray());
	    KeyManager[] keyManagers = keyFactory.getKeyManagers();

	    // Initialize a trust manager factory with the truststore
	    TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());    
	    trustFactory.init(trustStore);
	    TrustManager[] trustManagers = trustFactory.getTrustManagers();

	    // Initialize an SSL context to use these managers and set as default
	    SSLContext sslContext = SSLContext.getInstance("TLS");
	    sslContext.init(keyManagers, trustManagers, null);
	    SSLContext.setDefault(sslContext); 
	} catch (NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException | 
			KeyManagementException e) {
		getLogger().error(e.getClass().getSimpleName() + " occurred while trying to initialize SSL context");
	}    
}
 

import javax.net.ssl.SSLContext; //导入方法依赖的package包/类
@PostConstruct
protected void init() throws Exception {
    if (this.taraProperties.getApplication().isDevelopment()) {
        StringBuilder sb = new StringBuilder();
        SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, new TrustManager[]{new InsecureTrustManager()}, new SecureRandom());
        SSLContext.setDefault(sslContext);
        sb.append(StringUtils.rightPad("<x> Using insecure trust manager configuration ", this.paddingSize, "-"));
        AsciiArtUtils.printAsciiArtWarning(this.log, "NB! DEVELOPMENT MODE ACTIVATED", sb.toString());
    }
}
 

import javax.net.ssl.SSLContext; //导入方法依赖的package包/类
public static void disableSSLValidation() {
    try {
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, new TrustManager[] { NULL_TRUST_MANAGER }, null);
        SSLContext.setDefault(context);
    } catch (KeyManagementException | NoSuchAlgorithmException e) {
        throw new IllegalStateException(e);
    }
}
 

import javax.net.ssl.SSLContext; //导入方法依赖的package包/类
/**
 * Получить экземпляр протокол безопасного сокета
 * 
 * @return экземпляр протокола безопасного сокета
 * @throws SystemException
 *             системное исключение -
 */
public static SSLContext getSSLContext() throws SystemException {
	try {
		SSLContext sslContext = SSLContext.getInstance("TLS");
		sslContext.init(new KeyManager[0], new TrustManager[] { new AllowingAllTrustManager() },
				new SecureRandom());
		SSLContext.setDefault(sslContext);
		return sslContext;
	} catch (NoSuchAlgorithmException nsae) {
		throw new SystemException(" Unable get instance TLS: " + nsae.getMessage() + nsae);
	} catch (KeyManagementException kme) {
		throw new SystemException(" Unable init SSL context: " + kme.getMessage() + kme);
	}
}
 

import javax.net.ssl.SSLContext; //导入方法依赖的package包/类
private CloseableHttpClient createHttpClient(boolean ignoreCert) {
    try {
        RequestConfig requestConfig = RequestConfig.custom()
                .setCookieSpec(CookieSpecs.STANDARD)
                .build();

        CloseableHttpClient client;

        if (ignoreCert) {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(new KeyManager[0], new TrustManager[]{new NoopTrustManager()}, new SecureRandom());
            SSLContext.setDefault(sslContext);

            SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(
                    sslContext, NoopHostnameVerifier.INSTANCE);
            client = HttpClients.custom()
                    .disableRedirectHandling()
                    .setDefaultRequestConfig(requestConfig)
                    .setSSLSocketFactory(sslSocketFactory)
                    .build();
        } else {
            client = HttpClientBuilder.create()
                    .disableRedirectHandling()
                    .setDefaultRequestConfig(requestConfig)
                    .build();
        }

        return client;
    } catch (Throwable ex) {
        throw new RuntimeException(String.format(
                "Failed to create http client (ignoreCert = %s)",
                ignoreCert), ex);
    }
}
 

import javax.net.ssl.SSLContext; //导入方法依赖的package包/类
private void initializeTrustStore() throws Exception {
    String trustStorePath = "/ssl/truststore";
    String trustPassword = "changeit";

    // load our key store as a stream and initialize a KeyStore
    try (InputStream trustStream = this.getClass().getResourceAsStream(trustStorePath)) {
        if (trustStream == null) {
            throw new FileNotFoundException("Resource [" + trustStorePath + "] not found in classpath");
        }
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());

        // load the stream to our store
        trustStore.load(trustStream, trustPassword.toCharArray());

        // initialize a trust manager factory with the trusted store
        TrustManagerFactory trustFactory =
                TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustFactory.init(trustStore);

        // get the trust managers from the factory
        TrustManager[] trustManagers = trustFactory.getTrustManagers();

        // initialize an ssl context to use these managers and set as default
        SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustManagers, null);
        SSLContext.setDefault(sslContext);
    }
}
 

import javax.net.ssl.SSLContext; //导入方法依赖的package包/类
@Override
    protected void createConnectionOptions(ClientOptions clientOptions) {
        // see the link for source of inspiration. NOTE: the TrustingTrustManager is never unset!
        // http://activemq.2283324.n4.nabble.com/Configure-activemq-client-to-trust-any-SSL-certificate-from-the-broker-without-verifying-it-td4733309.html
        if (clientOptions.getOption(ClientOptions.CON_SSL_TRUST_ALL).hasParsedValue()) {
            try {
                SSLContext ctx = SSLContext.getInstance("TLS");
                ctx.init(new KeyManager[0], new TrustManager[]{new TrustingTrustManager()}, null);
                SSLContext.setDefault(ctx);
            } catch (NoSuchAlgorithmException | KeyManagementException e) {
                throw new RuntimeException("Could not set up the all-trusting TrustManager", e);
            }
        }

        // Configure SSL options, which in case of activemq-client are set as Java properties
        // http://activemq.apache.org/how-do-i-use-ssl.html
        // https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores

        if (clientOptions.getOption(ClientOptions.CON_SSL_KEYSTORE_LOC).hasParsedValue()) {
            System.setProperty("javax.net.ssl.keyStore", relativize(clientOptions.getOption(ClientOptions.CON_SSL_KEYSTORE_LOC).getValue()));
        }
        if (clientOptions.getOption(ClientOptions.CON_SSL_KEYSTORE_PASS).hasParsedValue()) {
            System.setProperty("javax.net.ssl.keyStorePassword", clientOptions.getOption(ClientOptions.CON_SSL_KEYSTORE_PASS).getValue());
        }
//        System.setProperty("javax.net.ssl.keyStorePassword", "secureexample");
        if (clientOptions.getOption(ClientOptions.CON_SSL_TRUSTSTORE_LOC).hasParsedValue()) {
            System.setProperty("javax.net.ssl.trustStore", relativize(clientOptions.getOption(ClientOptions.CON_SSL_TRUSTSTORE_LOC).getValue()));
        }
        if (clientOptions.getOption(ClientOptions.CON_SSL_TRUSTSTORE_PASS).hasParsedValue()) {
            System.setProperty("javax.net.ssl.trustStorePassword", clientOptions.getOption(ClientOptions.CON_SSL_TRUSTSTORE_PASS).getValue());
        }
        if (clientOptions.getOption(ClientOptions.CON_SSL_STORE_TYPE).hasParsedValue()) {
            System.setProperty("javax.net.ssl.keyStoreType", clientOptions.getOption(ClientOptions.CON_SSL_STORE_TYPE).getValue());
            System.setProperty("javax.net.ssl.trustStoreType", clientOptions.getOption(ClientOptions.CON_SSL_STORE_TYPE).getValue());
        }

        super.createConnectionOptions(clientOptions);
    }
 

import javax.net.ssl.SSLContext; //导入方法依赖的package包/类
public static void enableAnySSL() {
    try {
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(new KeyManager[0], new TrustManager[]{new DefaultTrustManager()}, new SecureRandom());
        SSLContext.setDefault(ctx);
    } catch (Exception ex) {
        ex.printStackTrace();
    }
}
 

import javax.net.ssl.SSLContext; //导入方法依赖的package包/类
/**
 * Initialize this SocketCreator.
 * <p>
 * Caller must synchronize on the SocketCreator instance.
 */
@SuppressWarnings("hiding")
private void initialize() {
  try {
    // set p2p values...
    if (SecurableCommunicationChannel.CLUSTER
        .equals(sslConfig.getSecuredCommunicationChannel())) {
      if (this.sslConfig.isEnabled()) {
        System.setProperty("p2p.useSSL", "true");
        System.setProperty("p2p.oldIO", "true");
        System.setProperty("p2p.nodirectBuffers", "true");
      } else {
        System.setProperty("p2p.useSSL", "false");
      }
    }

    try {
      if (this.sslConfig.isEnabled() && sslContext == null) {
        sslContext = createAndConfigureSSLContext();
        SSLContext.setDefault(sslContext);
      }
    } catch (Exception e) {
      throw new GemFireConfigException("Error configuring GemFire ssl ", e);
    }

    // make sure TCPConduit picks up p2p properties...
    org.apache.geode.internal.tcp.TCPConduit.init();

    initializeClientSocketFactory();
    this.ready = true;
  } catch (VirtualMachineError err) {
    SystemFailure.initiateFailure(err);
    // If this ever returns, rethrow the error. We're poisoned
    // now, so don't let this thread continue.
    throw err;
  } catch (Error t) {
    // Whenever you catch Error or Throwable, you must also
    // catch VirtualMachineError (see above). However, there is
    // _still_ a possibility that you are dealing with a cascading
    // error condition, so you also need to check to see if the JVM
    // is still usable:
    SystemFailure.checkFailure();
    t.printStackTrace();
    throw t;
  } catch (RuntimeException re) {
    re.printStackTrace();
    throw re;
  }
}