Examples of javax.net.ssl.SSLContext

• javax.net.ssl.SSLContext

  private SSLServerSocketFactory createAnonymousFactory(InetAddress hostAddr,
                                                        int port)
    throws IOException, GeneralSecurityException
  {
    SSLContext sslContext = SSLContext.getInstance(_sslContext);

    String []cipherSuites = _cipherSuites;

    /*
    if (cipherSuites == null) {
      cipherSuites = sslContext.createSSLEngine().getSupportedCipherSuites();
    }
    */

    String selfSignedName = _selfSignedName;

    if (selfSignedName == null
        || "".equals(selfSignedName)
        || "*".equals(selfSignedName)) {
      if (hostAddr != null)
        selfSignedName = hostAddr.getHostName();
      else {
        InetAddress addr = InetAddress.getLocalHost();

        selfSignedName = addr.getHostAddress();
      }
    }

    SelfSignedCert cert = createSelfSignedCert(selfSignedName, cipherSuites);

    if (cert == null)
      throw new ConfigException(L.l("Cannot generate anonymous certificate"));

    sslContext.init(cert.getKeyManagers(), null, null);

    // SSLEngine engine = sslContext.createSSLEngine();

    SSLServerSocketFactory factory = sslContext.getServerSocketFactory();

    return factory;
  }

            InputStream in = getCertificate();
            Exception except = null;
            if (in != null) {
                KeyStore ks = null;
                KeyManagerFactory kmf = null;
                SSLContext sslcontext = null;
                try {
                    ks = KeyStore.getInstance(KEYSTORE_TYPE);
                    ks.load(in, KEYSTORE_PASSWORD);
                    kmf = KeyManagerFactory.getInstance(KEYMANAGERFACTORY);
                    kmf.init(ks, KEY_PASSWORD);
                    sslcontext = SSLContext.getInstance(SSLCONTEXT_PROTOCOL);
                    sslcontext.init(kmf.getKeyManagers(), null, null);
                    SSLSocketFactory sslFactory = sslcontext.getSocketFactory();
                    hashHost.put(host, sslFactory);
                    log.info("KeyStore for SSL loaded OK and put host in map ("+host+")");
                    return sslFactory;
                } catch (NoSuchAlgorithmException e) {
                    except=e;

         KeyStore keyStore = KeyStore.getInstance("pkcs12");
         keyStore.load(null, null);
         keyStore.setKeyEntry("dummy alias", privateKey, null, (Certificate[]) certs.toArray(new Certificate[0]));
         kmf.init(keyStore, null);

         SSLContext sc = SSLContext.getInstance("TLS");
         sc.init(kmf.getKeyManagers(), trustManager, new SecureRandom());
         return sc;
      } catch (GeneralSecurityException e) {
         throw propagate(e);
      } catch (IOException e) {
         throw propagate(e);

     * Starts a client which will connect twice using SSL
     */
    private static void startClient(int port) throws Exception {
        address = InetAddress.getByName("localhost");

        SSLContext context = createSSLContext();
        factory = context.getSocketFactory();

        connectAndSend(port);

        // This one will throw a SocketTimeoutException if DIRMINA-650 is not fixed
        connectAndSend(port);

    }

    private static SSLContext createSSLContext() throws IOException, GeneralSecurityException {
        char[] passphrase = "password".toCharArray();

        SSLContext ctx = SSLContext.getInstance("TLS");
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM);
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM);

        KeyStore ks = KeyStore.getInstance("JKS");
        KeyStore ts = KeyStore.getInstance("JKS");

        ks.load(SslTest.class.getResourceAsStream("keystore.sslTest"), passphrase);
        ts.load(SslTest.class.getResourceAsStream("truststore.sslTest"), passphrase);

        kmf.init(ks, passphrase);
        tmf.init(ts);
        ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

        return ctx;
    }

     * @throws KeyIsLocked Occurs when the requested private key in the key
     *                     keystore cannot be used because it has not been
     *                     unlocked.
     */
    public SSLServerSocketFactory createSSLServerFactory(String provider, String protocol, String algorithm, String keyStore, String keyAlias, String trustStore, ClassLoader loader) throws KeystoreException {
        SSLContext sslContext = createSSLContext(provider, protocol, algorithm, keyStore, keyAlias, trustStore, loader);
        // OMG this hurts, but it causes ClassCastExceptions elsewhere unless done this way!
        try {
            Object result = sslContext.getClass().getMethod("getServerSocketFactory", new Class[0]).invoke(sslContext, new Object[0]);
            return (SSLServerSocketFactory) result;
        } catch (Exception e) {
            throw new KeystoreException("Unable to create SSL Server Factory", e);
        }
    }

                    }
                    if (tlsClientParameters == null) {
                        tlsClientParameters = new TLSClientParameters();
                    }

                    final SSLContext sslcontext = getSSLContext(tlsClientParameters);
                    reg.register(new AsyncScheme("https", 443, new SSLLayeringStrategy(sslcontext) {
                        @Override
                        protected void initializeEngine(SSLEngine engine) {
                            initializeSSLEngine(sslcontext, engine);
                        }

        String provider = tlsClientParameters.getJsseProvider();

        String protocol = tlsClientParameters.getSecureSocketProtocol() != null ? tlsClientParameters
            .getSecureSocketProtocol() : "TLS";

        SSLContext ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext
            .getInstance(protocol, provider);
        ctx.getClientSessionContext().setSessionTimeout(tlsClientParameters.getSslCacheTimeout());
        KeyManager[] keyManagers = tlsClientParameters.getKeyManagers();
        if (tlsClientParameters.getCertAlias() != null) {
            keyManagers = getKeyManagersWithCertAlias(tlsClientParameters, keyManagers);
        }
        ctx.init(keyManagers, tlsClientParameters.getTrustManagers(),
                 tlsClientParameters.getSecureRandom());

        sslContext = ctx;
        lastTlsHash = hash;
        sslState = null;

            String provider = tlsClientParameters.getJsseProvider();

            String protocol = tlsClientParameters.getSecureSocketProtocol() != null ? tlsClientParameters
                .getSecureSocketProtocol() : "TLS";

            SSLContext ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext
                .getInstance(protocol, provider);
            ctx.getClientSessionContext().setSessionTimeout(tlsClientParameters.getSslCacheTimeout());
            KeyManager[] keyManagers = tlsClientParameters.getKeyManagers();
            if (tlsClientParameters.getCertAlias() != null) {
                getKeyManagersWithCertAlias(tlsClientParameters, keyManagers);
            }
            ctx.init(keyManagers, tlsClientParameters.getTrustManagers(),
                     tlsClientParameters.getSecureRandom());

            // The "false" argument means opposite of exclude.
            String[] cipherSuites = SSLUtils.getCiphersuites(tlsClientParameters.getCipherSuites(), SSLUtils
                .getSupportedCipherSuites(ctx), tlsClientParameters.getCipherSuitesFilter(), LOG, false);
            // The SSLSocketFactoryWrapper enables certain cipher suites
            // from the policy.
            socketFactory = new SSLSocketFactoryWrapper(ctx.getSocketFactory(), cipherSuites,
                                                        tlsClientParameters.getSecureSocketProtocol());
        } else {
           // ssl socket factory already initialized, reuse it to benefit of keep alive
        }

                }
            }
        }

        try {
            SSLContext sslcontext = SSLContext.getInstance("TLS");
            sslcontext.init(keymanagers, trustManagers, null);
            return sslcontext;

        } catch (GeneralSecurityException gse) {
            log.error("Unable to create SSL context with the given configuration", gse);
            throw new AxisFault("Unable to create SSL context with the given configuration", gse);