diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-02-14 12:47:41 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-02-14 13:30:16 +0100 |
commit | b78de773a9afab179b11be5af2b2d035b989a9dd (patch) | |
tree | 4348b28f0172c98156733e994188d8ca0b732975 /security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java | |
parent | 245a9611bce4d9d214ccb76016b67b6ca441dd24 (diff) |
Add utility classes for constructing default x509 trust/key manager
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java new file mode 100644 index 00000000000..f114b672ed8 --- /dev/null +++ b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java @@ -0,0 +1,50 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.security.tls; + +import com.yahoo.security.KeyStoreBuilder; +import com.yahoo.security.KeyStoreType; + +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509ExtendedTrustManager; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.List; + +/** + * Utility methods for constructing {@link X509ExtendedTrustManager}. + * + * @author bjorncs + */ +public class TrustManagerUtils { + + public static X509ExtendedTrustManager createDefaultX509TrustManager(KeyStore truststore) { + try { + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + trustManagerFactory.init(truststore); + TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); + return Arrays.stream(trustManagers) + .filter(manager -> manager instanceof X509ExtendedTrustManager) + .map(X509ExtendedTrustManager.class::cast) + .findFirst() + .orElseThrow(() -> new RuntimeException("No X509ExtendedTrustManager in " + List.of(trustManagers))); + } catch (GeneralSecurityException e) { + throw new RuntimeException(e); + } + } + + public static X509ExtendedTrustManager createDefaultX509TrustManager(List<X509Certificate> certificates) { + KeyStoreBuilder truststoreBuilder = KeyStoreBuilder.withType(KeyStoreType.PKCS12); + for (int i = 0; i < certificates.size(); i++) { + truststoreBuilder.withCertificateEntry("cert-" + i, certificates.get(i)); + } + KeyStore truststore = truststoreBuilder.build(); + return createDefaultX509TrustManager(truststore); + } + + public static X509ExtendedTrustManager createDefaultX509TrustManager() { + return createDefaultX509TrustManager((KeyStore) null); + } +} |