Examples of org.apache.http.conn.ssl.SSLConnectionSocketFactory

org.apache.http.conn.ssl.SSLConnectionSocketFactory
Layered socket factory for TLS/SSL connections.
SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.
SSLSocketFactory will enable server authentication when supplied with a {@link java.security.KeyStore trust-store} file containing one or several trusted certificates. The clientsecure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.
Use JDK keytool utility to import a trusted certificate and generate a trust-store file:
```
 keytool -import -alias "my server cert" -file server.crt -keystore my.truststore 
```
In special cases the standard trust verification process can be bypassed by using a custom {@link org.apache.http.conn.ssl.TrustStrategy}. This interface is primarily intended for allowing self-signed certificates to be accepted as trusted without having to add them to the trust-store file.
SSLSocketFactory will enable client authentication when supplied with a {@link java.security.KeyStore key-store} file containing a private key/public certificatepair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity.
Use the following sequence of actions to generate a key-store file
- Use JDK keytool utility to generate a new key
```
keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore
```
  For simplicity use the same password for the key as that of the key-store
- Issue a certificate signing request (CSR)
```
keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore
```
- Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as her own CA and sign the certificate request using a PKI tool, such as OpenSSL.
- Import the trusted CA root certificate
```
keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore
```
- Import the PKCS#7 file containing the complete certificate chain
```
keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore
```
- Verify the content of the resultant keystore file
```
keytool -list -v -keystore my.keystore
```
@since 4.3


        // Create a registry of custom connection socket factories for supported
        // protocol schemes.
        Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
            .register("http", PlainConnectionSocketFactory.INSTANCE)
            .register("https", new SSLConnectionSocketFactory(sslcontext))
            .build();


        // Use custom DNS resolver to override the system DNS resolution.
        DnsResolver dnsResolver = new SystemDefaultDnsResolver() {

View Full Code Here

        // Trust own CA and all self-signed certs
        SSLContext sslcontext = SSLContexts.custom()
                .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy())
                .build();
        // Allow TLSv1 protocol only
        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
                sslcontext,
                new String[] { "TLSv1" },
                null,
                SSLConnectionSocketFactory.getDefaultHostnameVerifier());
        CloseableHttpClient httpclient = HttpClients.custom()

View Full Code Here

                        SSLContexts.custom()
                                   .useTLS()
                                   .loadKeyMaterial(keyStore,"docker".toCharArray())
                                   .loadTrustMaterial(keyStore)
                                   .build();
                SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
                builder.setSSLSocketFactory(sslsf);
            } catch (IOException | GeneralSecurityException e) {
                throw new DockerAccessException("Cannot read keys and/or certs from " + certPath + ": " + e,e);
            }
        }

View Full Code Here

    private CloseableHttpClient createClient () {
        try {
            HttpClientBuilder builder = HttpClientBuilder.create();
            SSLContext ctx = SSLContext.getInstance("TLS");
            ctx.init(null, new TrustManager[]{getTrustManager()}, null);
            SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(ctx, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            builder.setSSLSocketFactory(scsf);
            Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
                    .register("https", scsf)
                    .build();

View Full Code Here


    @Test
    public final void givenHttpClientPost4_3_whenAcceptingAllCertificates_thenCanConsumeHttpsUriWithSelfSignedCertificate() throws IOException, GeneralSecurityException {
        final SSLContextBuilder builder = new SSLContextBuilder();
        builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
        final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build());
        final CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();


        // new


        final String urlOverHttps = "https://localhost:8443/spring-security-rest-basic-auth/api/bars/1";

View Full Code Here

                    @Override
                    public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                        return true;
                    }
                });
                SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
                        builder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
                httpClientBuilder.setSSLSocketFactory(sslsf);
            } catch (NoSuchAlgorithmException e) {
                throw new ServletException(e);
            } catch (KeyStoreException e) {

View Full Code Here

                    @Override
                    public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                        return true;
                    }
                });
                SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(
                        sslContextBuilder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);


                Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
                        .register("https", sslConnectionSocketFactory)
                        .build();

View Full Code Here

                X509HostnameVerifier hostnameVerifier = this.hostnameVerifier;
                if (hostnameVerifier == null) {
                    hostnameVerifier = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
                }
                if (sslcontext != null) {
                    sslSocketFactory = new SSLConnectionSocketFactory(
                            sslcontext, supportedProtocols, supportedCipherSuites, hostnameVerifier);
                } else {
                    if (systemProperties) {
                        sslSocketFactory = new SSLConnectionSocketFactory(
                                (SSLSocketFactory) SSLSocketFactory.getDefault(),
                                supportedProtocols, supportedCipherSuites, hostnameVerifier);
                    } else {
                        sslSocketFactory = new SSLConnectionSocketFactory(
                                SSLContexts.createDefault(),
                                hostnameVerifier);
                    }
                }
            }

View Full Code Here

        }
        SSLContext sslcontext = SSLContexts.custom()
                .loadTrustMaterial(trustStore)
                .build();


        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext,
                SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
        CloseableHttpClient httpclient = HttpClients.custom()
                .setSSLSocketFactory(sslsf)
                .build();
        try {

View Full Code Here

        .setMaxObjectSize(2 * 1024 * 1024).build();


      // configure connection pooling
      PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(RegistryBuilder
        .<ConnectionSocketFactory> create().register("http", PlainConnectionSocketFactory.getSocketFactory())
        .register("https", new SSLConnectionSocketFactory(sslContext)).build());
      int connectionLimit = readFromProperty("bdMaxConnections", 40);
      // there's only one server to connect to, so max per route matters
      connManager.setMaxTotal(connectionLimit);
      connManager.setDefaultMaxPerRoute(connectionLimit);

View Full Code Here

0 1 2 3 4 5 6 7

TOP

Related Classes of org.apache.http.conn.ssl.SSLConnectionSocketFactory

com.almende.util.ApacheHttpClient

com.belladati.sdk.impl.BellaDatiClient

com.foundationdb.http.HttpMonitorVerifySSLIT

com.github.dreamhead.moco.helper.MocoTestHelper

com.google.appengine.tck.endpoints.support.EndPointClient

com.microsoft.windowsazure.credentials.CertificateCloudCredentials

com.seyren.core.util.graphite.GraphiteHttpClient

com.sonatype.nexus.ssl.plugin.internal.CertificateRetriever

com.urswolfer.intellij.plugin.gerrit.rest.SslSupport

io.hawt.web.ProxyServlet

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.