本文整理匯總了Java中javax.net.ssl.X509KeyManager類的典型用法代碼示例。如果您正苦於以下問題:Java X509KeyManager類的具體用法?Java X509KeyManager怎麽用?Java X509KeyManager使用的例子?那麽, 這裏精選的類代碼示例或許可以為您提供幫助。
X509KeyManager類屬於javax.net.ssl包,在下文中一共展示了X509KeyManager類的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。
示例1: testCardProvider
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
@Test
@Ignore
public void testCardProvider() throws GeneralSecurityException, CardException {
DelegatingProvider cp = DelegatingProvider.fromDelegate(CardDelegate.any(false, CONSOLE));
Assume.assumeNotNull(cp);
Security.insertProviderAt(cp, 0);
X509KeyManager km = cp.getKeyManager();
String alias = km.chooseClientAlias(new String[]{"RSA"}, null, null);
PrivateKey pk = km.getPrivateKey(alias);
Signature s = Signature.getInstance("SHA256withRSA");
s.initSign(pk);
s.update(HexUtils.hex2bin("311fe3feed16b9cd8df0f8b1517be5cb86048707df4889ba8dc37d4d68866d02"));
byte[] result = s.sign();
System.out.println(HexUtils.bin2hex(result));
}
示例2: addToStore
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
private void addToStore(String alias, KeyPair kp, Certificate cert) throws KeyStoreException,
NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
Certificate[] chain = {
cert,
};
keyStore.setKeyEntry(alias, kp.getPrivate(),
"".toCharArray(), chain);
keyStore.store(new FileOutputStream(keyStoreFile), "".toCharArray());
/*
* After adding an entry to the keystore we need to create a fresh
* KeyManager by reinitializing the KeyManagerFactory with the new key
* store content and then rewrapping the default KeyManager with our own
*/
KeyManagerFactory keyManagerFactory = KeyManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "".toCharArray());
KeyManager defaultKeyManager = keyManagerFactory.getKeyManagers()[0];
KeyManager wrappedKeyManager = new KerplappKeyManager((X509KeyManager) defaultKeyManager);
keyManagers = new KeyManager[] {
wrappedKeyManager,
};
}
示例3: wrap
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
public KeyManager[] wrap(KeyManager[] managers) {
if (managers==null) return null;
KeyManager[] result = new KeyManager[managers.length];
for (int i=0; i<result.length; i++) {
if (managers[i] instanceof X509KeyManager && getKeyAlias()!=null) {
String keyAlias = getKeyAlias();
// JKS keystores always convert the alias name to lower case
if ("jks".equalsIgnoreCase(getKeystoreType())) {
keyAlias = keyAlias.toLowerCase(Locale.ENGLISH);
}
result[i] = new NioX509KeyManager((X509KeyManager) managers[i], keyAlias);
} else {
result[i] = managers[i];
}
}
return result;
}
示例4: getTrustedSslContext
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
/**
* Gets the trusted ssl context.
*
* @param trustStoreFile the trust store file
* @param trustStorePassword the trust store password
* @param trustStoreType the trust store type
* @return the trusted ssl context
*/
private static SSLContext getTrustedSslContext(final File trustStoreFile, final String trustStorePassword,
final String trustStoreType) {
try {
if (!trustStoreFile.exists() || !trustStoreFile.canRead()) {
throw new FileNotFoundException("Truststore file cannot be located at "
+ trustStoreFile.getCanonicalPath());
}
final KeyStore casTrustStore = KeyStore.getInstance(trustStoreType);
final char[] trustStorePasswordCharArray = trustStorePassword.toCharArray();
try (final FileInputStream casStream = new FileInputStream(trustStoreFile)) {
casTrustStore.load(casStream, trustStorePasswordCharArray);
}
final String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
final X509KeyManager customKeyManager = getKeyManager("PKIX", casTrustStore, trustStorePasswordCharArray);
final X509KeyManager jvmKeyManager = getKeyManager(defaultAlgorithm, null, null);
final X509TrustManager customTrustManager = getTrustManager("PKIX", casTrustStore);
final X509TrustManager jvmTrustManager = getTrustManager(defaultAlgorithm, null);
final KeyManager[] keyManagers = {
new CompositeX509KeyManager(Arrays.asList(jvmKeyManager, customKeyManager))
};
final TrustManager[] trustManagers = {
new CompositeX509TrustManager(Arrays.asList(jvmTrustManager, customTrustManager))
};
final SSLContext context = SSLContexts.custom().useSSL().build();
context.init(keyManagers, trustManagers, null);
return context;
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
throw new RuntimeException(e);
}
}
示例5: TLSProtocolSocketFactory
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
/**
* Constructor.
*
* @param keyMgr manager used to retrieve client-cert authentication keys for a given host.
* @param trustMgr manager used to validate the X.509 credentials of a given host. May be null, in which case
* the JSSE default trust manager lookup mechanism is used.
* @param verifier the hostname verifier used to verify the SSL/TLS's peer's hostname. May be null, in which case
* no hostname verification is performed.
*
* @throws IllegalArgumentException thrown if the given key or trust manager can not be used to create the
* {@link SSLContext} used to create new sockets
*/
public TLSProtocolSocketFactory(X509KeyManager keyMgr, X509TrustManager trustMgr, HostnameVerifier verifier)
throws IllegalArgumentException {
keyManagers = new X509KeyManager[] { keyMgr };
// Note: There is a huge difference with SSLContext.init between:
// 1) passing a null for TrustManager[]
// 2) passing a TrustManager[] that contains 1 null member.
//
// The former causes the default trust manager set to be used. That's what we want
// if we TLS peer authN to happen (in the default way).
// The latter effectively disables trust processing entirely (but not in the way we'd probably want).
// So we need to make sure we don't do the latter.
if (trustMgr != null) {
trustManagers = new X509TrustManager[] { trustMgr };
} else {
trustManagers = null;
}
hostnameVerifier = verifier;
secureRandom = null;
init();
}
示例6: wrap
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
public KeyManager[] wrap(KeyManager[] managers) {
if (managers == null)
return null;
KeyManager[] result = new KeyManager[managers.length];
for (int i = 0; i < result.length; i++) {
if (managers[i] instanceof X509KeyManager && getKeyAlias() != null) {
String keyAlias = getKeyAlias();
// JKS keystores always convert the alias name to lower case
if ("jks".equalsIgnoreCase(getKeystoreType())) {
keyAlias = keyAlias.toLowerCase(Locale.ENGLISH);
}
result[i] = new NioX509KeyManager((X509KeyManager) managers[i], keyAlias);
} else {
result[i] = managers[i];
}
}
return result;
}
示例7: getKeyManagers
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception {
KeyManager[] managers = null;
if (keyStore != null) {
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(sslConfig.getKeyManagerFactoryAlgorithm());
keyManagerFactory.init(keyStore, sslConfig.getKeyManagerPassword() == null?
(sslConfig.getKeyStorePassword() == null?null:
sslConfig.getKeyStorePassword().toCharArray()):
sslConfig.getKeyManagerPassword().toCharArray());
managers = keyManagerFactory.getKeyManagers();
if (sslConfig.getCertAlias() != null) {
for (int idx = 0; idx < managers.length; idx++) {
if (managers[idx] instanceof X509KeyManager) {
managers[idx] = new AliasedX509ExtendedKeyManager(sslConfig.getCertAlias(),
(X509KeyManager)managers[idx]);
}
}
}
}
return managers;
}
示例8: chooseClientCertificate
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
void chooseClientCertificate(byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals)
throws SSLException, CertificateEncodingException {
Set<String> keyTypesSet = SSLUtils.getSupportedClientKeyTypes(keyTypeBytes);
String[] keyTypes = keyTypesSet.toArray(new String[keyTypesSet.size()]);
X500Principal[] issuers;
if (asn1DerEncodedPrincipals == null) {
issuers = null;
} else {
issuers = new X500Principal[asn1DerEncodedPrincipals.length];
for (int i = 0; i < asn1DerEncodedPrincipals.length; i++) {
issuers[i] = new X500Principal(asn1DerEncodedPrincipals[i]);
}
}
X509KeyManager keyManager = parameters.getX509KeyManager();
String alias = (keyManager != null)
? aliasChooser.chooseClientAlias(keyManager, issuers, keyTypes)
: null;
setCertificate(alias);
}
示例9: test_SSLContext_x509AndPskConfiguration_defaultProviderOnly
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
@Test
public void test_SSLContext_x509AndPskConfiguration_defaultProviderOnly() throws Exception {
// Test the scenario where an X509TrustManager and PSKKeyManager are provided.
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(new KeyManager[] {PSKKeyManagerProxy.getConscryptPSKKeyManager(
new PSKKeyManagerProxy())},
null, // Use default trust managers, one of which is an X.509 one.
null);
List<String> expectedCipherSuites =
new ArrayList<String>(StandardNames.CIPHER_SUITES_DEFAULT_PSK);
expectedCipherSuites.addAll(StandardNames.CIPHER_SUITES_DEFAULT);
assertEnabledCipherSuites(expectedCipherSuites, sslContext);
// Test the scenario where an X509KeyManager and PSKKeyManager are provided.
sslContext = SSLContext.getInstance("TLS");
// Just an arbitrary X509KeyManager -- it won't be invoked in this test.
X509KeyManager x509KeyManager = new RandomPrivateKeyX509ExtendedKeyManager(null);
sslContext.init(
new KeyManager[] {x509KeyManager,
PSKKeyManagerProxy.getConscryptPSKKeyManager(new PSKKeyManagerProxy())},
new TrustManager[0], null);
assertEnabledCipherSuites(expectedCipherSuites, sslContext);
}
示例10: test_ChooseClientAlias_KeyType
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
private void test_ChooseClientAlias_KeyType(String clientKeyType, String caKeyType,
String selectedKeyType, boolean succeeds) throws Exception {
TestKeyStore ca = new TestKeyStore.Builder().keyAlgorithms(caKeyType).build();
TestKeyStore client = new TestKeyStore.Builder()
.keyAlgorithms(clientKeyType)
.signer(ca.getPrivateKey(caKeyType, caKeyType))
.build();
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(client.keyStore, client.keyPassword);
String[] keyTypes = new String[] {selectedKeyType};
KeyManager[] managers = kmf.getKeyManagers();
for (KeyManager manager : managers) {
if (manager instanceof X509KeyManager) {
String alias = ((X509KeyManager) manager).chooseClientAlias(keyTypes, null, null);
if (succeeds) {
assertNotNull(alias);
} else {
assertNull(alias);
}
}
}
}
示例11: getKeyManagers
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
{
KeyManager[] managers = null;
if (keyStore != null)
{
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm);
keyManagerFactory.init(keyStore,_keyManagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keyManagerPassword.toString().toCharArray());
managers = keyManagerFactory.getKeyManagers();
if (_certAlias != null)
{
for (int idx = 0; idx < managers.length; idx++)
{
if (managers[idx] instanceof X509KeyManager)
{
managers[idx] = new AliasedX509ExtendedKeyManager(_certAlias,(X509KeyManager)managers[idx]);
}
}
}
}
return managers;
}
示例12: replaceX509KeyManager
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
/**
* Finds and replaces the X509KeyManager with a ReloadableX509KeyManager. If there is more then one, only the first
* one will be replaced.
*
* @param reloadableX509KeyManager an existing ReloadableX509KeyManager, or null if one does not exist.
* @param keyManagers an array of KeyManagers that is expected to contain a X509KeyManager.
* @return a newly create ReloadableX509KeyManager
* @throws NoSuchAlgorithmException
* thrown if a X509KeyManager cannot be found in the array.
* @throws IllegalStateException thrown if a ReloadableX509KeyManager is found in the array.
*/
public static ReloadableX509KeyManager replaceX509KeyManager(ReloadableX509KeyManager reloadableX509KeyManager,
final KeyManager[] keyManagers)
throws NoSuchAlgorithmException
{
for (int ii = 0; ii < keyManagers.length; ii++) {
if (ReloadableX509KeyManager.class.isInstance(keyManagers[ii])) {
throw new IllegalStateException(
"A ReloadableX509KeyManager has already been set for this KeyManager[]");
}
if (X509KeyManager.class.isInstance(keyManagers[ii])) {
if (reloadableX509KeyManager == null) {
reloadableX509KeyManager = new ReloadableX509KeyManager((X509KeyManager) keyManagers[ii]);
}
else {
reloadableX509KeyManager.setDelegateKeyManager((X509KeyManager) keyManagers[ii]);
}
keyManagers[ii] = reloadableX509KeyManager;
return reloadableX509KeyManager;
}
}
throw new NoSuchAlgorithmException("No X509KeyManager found in KeyManager[]");
}
示例13: testKeyPairGeneration
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
/**
* Verifies a KeyPair is generated and added to the keyManager.
*/
@Test
public void testKeyPairGeneration() throws Exception {
// create the key pair
keyStoreManager.generateAndStoreKeyPair("Joe Coder", "dev", "codeSoft", "AnyTown", "state", "US");
// verify the KeyManager[] only contains one key
KeyManager[] keyManagers = keyStoreManager.getKeyManagers();
assertThat(keyManagers, notNullValue());
assertThat(keyManagers, arrayWithSize(1));
assertThat(keyManagers[0], instanceOf(X509KeyManager.class));
assertThat(
((X509KeyManager) keyManagers[0]).getCertificateChain(PRIVATE_KEY_ALIAS)[0].getSubjectDN().getName(),
equalTo("CN=Joe Coder,OU=dev,O=codeSoft,L=AnyTown,ST=state,C=US"));
// verify the TrustManager[] does not have any certs, we have not trusted anyone yet.
TrustManager[] trustManagers = keyStoreManager.getTrustManagers();
assertThat(trustManagers, notNullValue());
assertThat(trustManagers, arrayWithSize(1));
assertThat(trustManagers[0], instanceOf(X509TrustManager.class));
assertThat(((X509TrustManager) trustManagers[0]).getAcceptedIssuers(), emptyArray());
}
示例14: testReKeyPairGeneration
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
/**
* Tests recreating the key pair will update the KeyManager.
*/
@Test
public void testReKeyPairGeneration() throws Exception {
// create the key pair
keyStoreManager.generateAndStoreKeyPair("Original Key", "dev", "codeSoft", "AnyTown", "state", "US");
KeyManager[] originalKeyManagers = keyStoreManager.getKeyManagers();
keyStoreManager.generateAndStoreKeyPair("New Key", "dev", "codeSoft", "AnyTown", "state", "US");
String expectedDN = "CN=New Key,OU=dev,O=codeSoft,L=AnyTown,ST=state,C=US";
assertThat(originalKeyManagers, notNullValue());
assertThat(originalKeyManagers, arrayWithSize(1));
assertThat(originalKeyManagers[0], instanceOf(X509KeyManager.class));
assertThat(((X509KeyManager) originalKeyManagers[0]).getCertificateChain(
PRIVATE_KEY_ALIAS)[0].getSubjectDN().getName(), equalTo(expectedDN));
KeyManager[] newKeyManagers = keyStoreManager.getKeyManagers();
assertThat(newKeyManagers, notNullValue());
assertThat(newKeyManagers, arrayWithSize(1));
assertThat(newKeyManagers[0], instanceOf(X509KeyManager.class));
assertThat(
((X509KeyManager) newKeyManagers[0]).getCertificateChain(PRIVATE_KEY_ALIAS)[0].getSubjectDN().getName(),
equalTo(expectedDN));
}
示例15: fixKeyManagers
import javax.net.ssl.X509KeyManager; //導入依賴的package包/類
/**
* If a keystore alias is defined, then override the key manager assigned
* to with an alias-sensitive wrapper that selects the proper key from your
* assigned key alias.
*/
private void fixKeyManagers() {
// If the key manager factory is null, do not continue
if (null == keyManagerFactory || null == keyManagerFactory.getKeyManagers()) {
return;
}
KeyManager[] defaultKeyManagers = keyManagerFactory.getKeyManagers();
KeyManager[] newKeyManagers = new KeyManager[defaultKeyManagers.length];
KeyManager mgr = null;
for (int i = 0; i < defaultKeyManagers.length; i++) {
mgr = defaultKeyManagers[i];
// If we're looking at an X509 Key manager, then wrap it in our
// alias-selective manager
if (mgr instanceof X509KeyManager) {
mgr = new AliasSensitiveX509KeyManager(this, (X509KeyManager) mgr);
}
newKeyManagers[i] = mgr;
}
keyManagers = newKeyManagers;
}