All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.google.api.client.util.SslUtils Maven / Gradle / Ivy

Go to download

Google HTTP Client Library for Java. Functionality that works on all supported Java platforms, including Java 7 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.

The newest version!
/*
 * Copyright (c) 2012 Google Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
 * in compliance with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License
 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */

package com.google.api.client.util;

import com.google.errorprone.annotations.CanIgnoreReturnValue;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/**
 * SSL utilities.
 *
 * @since 1.13
 * @author Yaniv Inbar
 */
public final class SslUtils {

  /**
   * Returns the SSL context for "SSL" algorithm.
   *
   * @since 1.14
   */
  public static SSLContext getSslContext() throws NoSuchAlgorithmException {
    return SSLContext.getInstance("SSL");
  }

  /**
   * Returns the SSL context for "TLS" algorithm.
   *
   * @since 1.14
   */
  public static SSLContext getTlsSslContext() throws NoSuchAlgorithmException {
    return SSLContext.getInstance("TLS");
  }

  /**
   * Returns the default trust manager factory.
   *
   * @since 1.14
   */
  public static TrustManagerFactory getDefaultTrustManagerFactory()
      throws NoSuchAlgorithmException {
    return TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  }

  /**
   * Returns the PKIX trust manager factory.
   *
   * @since 1.14
   */
  public static TrustManagerFactory getPkixTrustManagerFactory() throws NoSuchAlgorithmException {
    return TrustManagerFactory.getInstance("PKIX");
  }

  /**
   * Returns the default key manager factory.
   *
   * @since 1.14
   */
  public static KeyManagerFactory getDefaultKeyManagerFactory() throws NoSuchAlgorithmException {
    return KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  }

  /**
   * Returns the PKIX key manager factory.
   *
   * @since 1.14
   */
  public static KeyManagerFactory getPkixKeyManagerFactory() throws NoSuchAlgorithmException {
    return KeyManagerFactory.getInstance("PKIX");
  }

  /**
   * Initializes the SSL context to the trust managers supplied by the trust manager factory for the
   * given trust store.
   *
   * @param sslContext SSL context (for example {@link SSLContext#getInstance})
   * @param trustStore key store for certificates to trust (for example {@link
   *     SecurityUtils#getJavaKeyStore()})
   * @param trustManagerFactory trust manager factory (for example {@link
   *     #getPkixTrustManagerFactory()})
   * @since 1.14
   */
  @CanIgnoreReturnValue
  public static SSLContext initSslContext(
      SSLContext sslContext, KeyStore trustStore, TrustManagerFactory trustManagerFactory)
      throws GeneralSecurityException {
    trustManagerFactory.init(trustStore);
    sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
    return sslContext;
  }

  /**
   * {@link Beta} 
* Initializes the SSL context to the trust managers supplied by the trust manager factory for the * given trust store, and to the key managers supplied by the key manager factory for the given * key store. * * @param sslContext SSL context (for example {@link SSLContext#getInstance}) * @param trustStore key store for certificates to trust (for example {@link * SecurityUtils#getJavaKeyStore()}) * @param trustManagerFactory trust manager factory (for example {@link * #getPkixTrustManagerFactory()}) * @param mtlsKeyStore key store for client certificate and key to establish mutual TLS * @param mtlsKeyStorePassword password for mtlsKeyStore parameter * @param keyManagerFactory key manager factory (for example {@link * #getDefaultKeyManagerFactory()}) * @since 1.38 */ @Beta public static SSLContext initSslContext( SSLContext sslContext, KeyStore trustStore, TrustManagerFactory trustManagerFactory, KeyStore mtlsKeyStore, String mtlsKeyStorePassword, KeyManagerFactory keyManagerFactory) throws GeneralSecurityException { trustManagerFactory.init(trustStore); keyManagerFactory.init(mtlsKeyStore, mtlsKeyStorePassword.toCharArray()); sslContext.init( keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); return sslContext; } /** * {@link Beta}
* Returns an SSL context in which all X.509 certificates are trusted. * *

Be careful! Disabling SSL certificate validation is dangerous and should only be done in * testing environments. */ @Beta public static SSLContext trustAllSSLContext() throws GeneralSecurityException { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {} public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {} public X509Certificate[] getAcceptedIssuers() { return null; } } }; SSLContext context = getTlsSslContext(); context.init(null, trustAllCerts, null); return context; } /** * {@link Beta}
* Returns a verifier that trusts all host names. * *

Be careful! Disabling host name verification is dangerous and should only be done in testing * environments. */ @Beta public static HostnameVerifier trustAllHostnameVerifier() { return new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } }; } private SslUtils() {} }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy