本文整理汇总了Java中org.apache.cxf.configuration.jsse.TLSClientParameters.setKeyManagers方法的典型用法代码示例。如果您正苦于以下问题:Java TLSClientParameters.setKeyManagers方法的具体用法?Java TLSClientParameters.setKeyManagers怎么用?Java TLSClientParameters.setKeyManagers使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.apache.cxf.configuration.jsse.TLSClientParameters的用法示例。
在下文中一共展示了TLSClientParameters.setKeyManagers方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: setupTLS
import org.apache.cxf.configuration.jsse.TLSClientParameters; //导入方法依赖的package包/类
public static void setupTLS(Object port, Properties keyProperties, Properties trustProperties) throws FileNotFoundException, IOException,
GeneralSecurityException {
HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit();
TLSClientParameters tlsCP = new TLSClientParameters();
String keyPassword = keyProperties.getProperty("org.apache.ws.security.crypto.merlin.keystore.password");
KeyStore keyStore = KeyStore.getInstance(keyProperties.getProperty("org.apache.ws.security.crypto.merlin.keystore.type"));
String keyStoreLoc = keyProperties.getProperty("org.apache.ws.security.crypto.merlin.file");
keyStore.load(new FileInputStream(keyStoreLoc), keyPassword.toCharArray());
KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
tlsCP.setKeyManagers(myKeyManagers);
KeyStore trustStore = KeyStore.getInstance(trustProperties.getProperty("org.apache.ws.security.crypto.merlin.keystore.type"));
keyPassword = trustProperties.getProperty("org.apache.ws.security.crypto.merlin.keystore.password");
String trustStoreLoc = trustProperties.getProperty("org.apache.ws.security.crypto.merlin.file");
trustStore.load(new FileInputStream(trustStoreLoc), keyPassword.toCharArray());
TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
tlsCP.setTrustManagers(myTrustStoreKeyManagers);
httpConduit.setTlsClientParameters(tlsCP);
}
示例2: configureSSLOnTheClient
import org.apache.cxf.configuration.jsse.TLSClientParameters; //导入方法依赖的package包/类
public void configureSSLOnTheClient(Client client) {
//NOTE: The below order matters!
HTTPConduit httpConduit = (HTTPConduit)client.getConduit();
KeyStore keyStore = getInstanceOfKeyStore();
loadKeyStore(keyStore, config.getKeystorePath(), config.getKeystorePassword());
KeyManagerFactory keyFactory = getInstanceOfKeyManagerFactory(keyStore, config.getKeyManagerPassword());
loadKeyStore(keyStore, config.getTruststorePath(), config.getTruststorePassword());
TrustManagerFactory trustFactory = getInstanceOfTrustManagerFactory(keyStore);
FiltersType filter = new FiltersType();
filter.getInclude().add(".*_WITH_3DES_.*");
filter.getInclude().add(".*_WITH_DES_.*");
filter.getInclude().add(".*_WITH_NULL_.*");
filter.getExclude().add(".*_DH_anon_.*");
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);
tlsParams.setTrustManagers(trustFactory.getTrustManagers());
tlsParams.setKeyManagers(keyFactory.getKeyManagers());
tlsParams.setCipherSuitesFilter(filter);
httpConduit.setTlsClientParameters(tlsParams);
}
示例3: configureBean
import org.apache.cxf.configuration.jsse.TLSClientParameters; //导入方法依赖的package包/类
@Override
public void configureBean(String name, Object beanInstance) {
if (beanInstance instanceof HTTPConduit) {
HTTPConduit http = (HTTPConduit) beanInstance;
TLSClientParameters tls = new TLSClientParameters();
tls.setTrustManagers(trustManagers);
tls.setKeyManagers(keyManagers);
tls.setDisableCNCheck(true);
tls.setCipherSuitesFilter(getCipherSuites());
http.setTlsClientParameters(tls);
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(36000);
httpClientPolicy.setAllowChunking(false);
httpClientPolicy.setReceiveTimeout(120000);
http.setClient(httpClientPolicy);
} else {
parentConfigurer.configureBean(name, beanInstance);
}
}
示例4: setupTLS
import org.apache.cxf.configuration.jsse.TLSClientParameters; //导入方法依赖的package包/类
private static void setupTLS(Greeter port)
throws FileNotFoundException, IOException, GeneralSecurityException {
String keyStoreLoc = "src/main/config/clientKeystore.jks";
HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit();
TLSClientParameters tlsCP = new TLSClientParameters();
String keyPassword = "ckpass";
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(keyStoreLoc), "cspass".toCharArray());
KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
tlsCP.setKeyManagers(myKeyManagers);
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(keyStoreLoc), "cspass".toCharArray());
TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
tlsCP.setTrustManagers(myTrustStoreKeyManagers);
tlsCP.setDisableCNCheck(true);
httpConduit.setTlsClientParameters(tlsCP);
}
示例5: buildEnvironmentWebClient
import org.apache.cxf.configuration.jsse.TLSClientParameters; //导入方法依赖的package包/类
public static WebClient buildEnvironmentWebClient( final PeerInfo peerInfo, final String path,
final Object provider )
{
String effectiveUrl = String.format( ENVIRONMENT_URL_TEMPLATE, peerInfo.getIp(), peerInfo.getPublicSecurePort(),
path.startsWith( "/" ) ? path : "/" + path );
WebClient client = WebClient.create( effectiveUrl, Arrays.asList( provider ) );
client.type( MediaType.APPLICATION_JSON );
client.accept( MediaType.APPLICATION_JSON );
HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout( DEFAULT_CONNECTION_TIMEOUT );
httpClientPolicy.setReceiveTimeout( DEFAULT_RECEIVE_TIMEOUT );
httpClientPolicy.setMaxRetransmits( DEFAULT_MAX_RETRANSMITS );
httpConduit.setClient( httpClientPolicy );
KeyStoreTool keyStoreManager = new KeyStoreTool();
KeyStoreData keyStoreData = new KeyStoreData();
keyStoreData.setupKeyStorePx2();
keyStoreData.setAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
KeyStore keyStore = keyStoreManager.load( keyStoreData );
LOG.debug( String.format( "Getting key with alias: %s for url: %s", SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS,
effectiveUrl ) );
KeyStoreData trustStoreData = new KeyStoreData();
trustStoreData.setupTrustStorePx2();
KeyStore trustStore = keyStoreManager.load( trustStoreData );
SSLManager sslManager = new SSLManager( keyStore, keyStoreData, trustStore, trustStoreData );
TLSClientParameters tlsClientParameters = new TLSClientParameters();
tlsClientParameters.setDisableCNCheck( true );
tlsClientParameters.setTrustManagers( sslManager.getClientTrustManagers() );
tlsClientParameters.setKeyManagers( sslManager.getClientKeyManagers() );
tlsClientParameters.setCertAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
httpConduit.setTlsClientParameters( tlsClientParameters );
return client;
}
示例6: configureSSL
import org.apache.cxf.configuration.jsse.TLSClientParameters; //导入方法依赖的package包/类
private void configureSSL(GreetingService service) {
HTTPConduit conduit = (HTTPConduit) ClientProxy.getClient(service).getConduit();
TLSClientParameters params = new TLSClientParameters();
try {
params.setTrustManagers(trustManagers());
params.setKeyManagers(keyManagers());
params.setCipherSuitesFilter(cipherSuitesFilter());
conduit.setTlsClientParameters(params);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
示例7: configureSSL
import org.apache.cxf.configuration.jsse.TLSClientParameters; //导入方法依赖的package包/类
private void configureSSL(com.redhat.samples.switchyard.ws.PingService service) {
HTTPConduit conduit = (HTTPConduit) ClientProxy.getClient(service).getConduit();
TLSClientParameters params = new TLSClientParameters();
try {
params.setTrustManagers(trustManagers());
params.setKeyManagers(keyManagers());
params.setCipherSuitesFilter(cipherSuitesFilter());
conduit.setTlsClientParameters(params);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
示例8: buildPeerWebClient
import org.apache.cxf.configuration.jsse.TLSClientParameters; //导入方法依赖的package包/类
public static WebClient buildPeerWebClient( final PeerInfo peerInfo, final String path, final Object provider,
long connectTimeoutMs, long readTimeoutMs, int maxAttempts )
{
String effectiveUrl = String.format( PEER_URL_TEMPLATE, peerInfo.getIp(), peerInfo.getPublicSecurePort(),
path.startsWith( "/" ) ? path : "/" + path );
WebClient client;
if ( provider == null )
{
client = WebClient.create( effectiveUrl );
}
else
{
client = WebClient.create( effectiveUrl, Collections.singletonList( provider ) );
}
client.type( MediaType.APPLICATION_JSON );
client.accept( MediaType.APPLICATION_JSON );
HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout( connectTimeoutMs );
httpClientPolicy.setReceiveTimeout( readTimeoutMs );
httpClientPolicy.setMaxRetransmits( maxAttempts );
httpConduit.setClient( httpClientPolicy );
KeyStoreTool keyStoreManager = new KeyStoreTool();
KeyStoreData keyStoreData = new KeyStoreData();
keyStoreData.setupKeyStorePx2();
keyStoreData.setAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
KeyStore keyStore = keyStoreManager.load( keyStoreData );
LOG.debug( String.format( "Getting key with alias: %s for url: %s", SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS,
effectiveUrl ) );
KeyStoreData trustStoreData = new KeyStoreData();
trustStoreData.setupTrustStorePx2();
KeyStore trustStore = keyStoreManager.load( trustStoreData );
SSLManager sslManager = new SSLManager( keyStore, keyStoreData, trustStore, trustStoreData );
TLSClientParameters tlsClientParameters = new TLSClientParameters();
tlsClientParameters.setDisableCNCheck( true );
tlsClientParameters.setTrustManagers( sslManager.getClientTrustManagers() );
tlsClientParameters.setKeyManagers( sslManager.getClientKeyManagers() );
tlsClientParameters.setCertAlias( SecuritySettings.KEYSTORE_PX2_ROOT_ALIAS );
httpConduit.setTlsClientParameters( tlsClientParameters );
return client;
}
示例9: createTrustedWebClientWithAuth
import org.apache.cxf.configuration.jsse.TLSClientParameters; //导入方法依赖的package包/类
public static WebClient createTrustedWebClientWithAuth( String url, KeyStore keyStore, char[] keyStorePassword,
byte[] serverFingerprint ) throws HubManagerException
{
try
{
WebClient client = WebClient.create( url );
// A client certificate is not provided in SSL context if async connection is used.
// See details: #311 - Registration failure due to inability to find fingerprint.
Map<String, Object> requestContext = WebClient.getConfig( client ).getRequestContext();
requestContext.put( "use.async.http.conduit", Boolean.FALSE );
HTTPConduit httpConduit = ( HTTPConduit ) WebClient.getConfig( client ).getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout( SECONDS_15 );
httpClientPolicy.setReceiveTimeout( SECONDS_30 );
httpClientPolicy.setMaxRetransmits( DEFAULT_MAX_RETRANSMITS );
httpConduit.setClient( httpClientPolicy );
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );
keyManagerFactory.init( keyStore, keyStorePassword );
TLSClientParameters tlsClientParameters = new TLSClientParameters();
tlsClientParameters.setDisableCNCheck( true );
tlsClientParameters
.setTrustManagers( new TrustManager[] { new FingerprintTrustManager( serverFingerprint ) } );
tlsClientParameters.setKeyManagers( keyManagerFactory.getKeyManagers() );
httpConduit.setTlsClientParameters( tlsClientParameters );
return client;
}
catch ( Exception e )
{
throw new HubManagerException( e );
}
}
示例10: applyCertificates
import org.apache.cxf.configuration.jsse.TLSClientParameters; //导入方法依赖的package包/类
/**
* If a custom key or trust store is specified, perform required additional setup to CXF HTTP handling to use it
*
* @param http
* The HTTP conduit being used for communication
* @return The provided conduit
* @throws Exception
* If there is an error finding or applying key/trust store data
*/
protected HTTPConduit applyCertificates(HTTPConduit http) throws Exception {
StoreParameters trustStoreParams = StoreParameters.getTrustStoreParameters();
StoreParameters keyStoreParams = StoreParameters.getKeyStoreParameters();
// Only enable for debugging if you are working with a non exact match on the hostname in the SSL Certificate
// bad security practice for this to be true for production use
boolean disableCnCheck = false;
if (disableCnCheck || trustStoreParams.isCustomLocation() || keyStoreParams.isCustomLocation()) {
TLSClientParameters tlsClientParameters = new TLSClientParameters();
if (disableCnCheck) {
tlsClientParameters.setDisableCNCheck(true);
logger.warn("Disabling CN Host checking - not recommended for production operations!");
}
// Trust store setup
if (trustStoreParams.isCustomLocation()) {
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStoreParams.asKeyStore());
TrustManager[] tm = trustFactory.getTrustManagers();
tlsClientParameters.setTrustManagers(tm);
logger.info("Configuring CXF with explicit trust store");
}
// Key store setup
if (keyStoreParams.isCustomLocation()) {
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStoreParams.asKeyStore(), keyStoreParams.getStorePassword());
KeyManager[] km = keyFactory.getKeyManagers();
tlsClientParameters.setKeyManagers(km);
logger.info("Configuring CXF with explicit key store");
}
http.setTlsClientParameters(tlsClientParameters);
}
return http;
}