diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-02-14 12:47:41 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-02-14 13:30:16 +0100 |
commit | b78de773a9afab179b11be5af2b2d035b989a9dd (patch) | |
tree | 4348b28f0172c98156733e994188d8ca0b732975 /security-utils/src/main/java/com/yahoo/security/tls | |
parent | 245a9611bce4d9d214ccb76016b67b6ca441dd24 (diff) |
Add utility classes for constructing default x509 trust/key manager
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java | 49 | ||||
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java | 50 |
2 files changed, 99 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java new file mode 100644 index 00000000000..2e48de3c01f --- /dev/null +++ b/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java @@ -0,0 +1,49 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.security.tls; + +import com.yahoo.security.KeyStoreBuilder; +import com.yahoo.security.KeyStoreType; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.X509ExtendedKeyManager; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.List; + +/** + * Utility methods for constructing {@link X509ExtendedKeyManager}. + * + * @author bjorncs + */ +public class KeyManagerUtils { + + public static X509ExtendedKeyManager createDefaultX509KeyManager(KeyStore keystore, char[] password) { + try { + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + keyManagerFactory.init(keystore, password); + KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); + return Arrays.stream(keyManagers) + .filter(manager -> manager instanceof X509ExtendedKeyManager) + .map(X509ExtendedKeyManager.class::cast) + .findFirst() + .orElseThrow(() -> new RuntimeException("No X509ExtendedKeyManager in " + List.of(keyManagers))); + } catch (GeneralSecurityException e) { + throw new RuntimeException(e); + } + } + + public static X509ExtendedKeyManager createDefaultX509KeyManager(PrivateKey privateKey, List<X509Certificate> certificateChain) { + KeyStore keystore = KeyStoreBuilder.withType(KeyStoreType.PKCS12) + .withKeyEntry("default", privateKey, certificateChain) + .build(); + return createDefaultX509KeyManager(keystore, new char[0]); + } + + public static X509ExtendedKeyManager createDefaultX509KeyManager() { + return createDefaultX509KeyManager(null, new char[0]); + } +} diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java new file mode 100644 index 00000000000..f114b672ed8 --- /dev/null +++ b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java @@ -0,0 +1,50 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.security.tls; + +import com.yahoo.security.KeyStoreBuilder; +import com.yahoo.security.KeyStoreType; + +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509ExtendedTrustManager; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.List; + +/** + * Utility methods for constructing {@link X509ExtendedTrustManager}. + * + * @author bjorncs + */ +public class TrustManagerUtils { + + public static X509ExtendedTrustManager createDefaultX509TrustManager(KeyStore truststore) { + try { + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + trustManagerFactory.init(truststore); + TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); + return Arrays.stream(trustManagers) + .filter(manager -> manager instanceof X509ExtendedTrustManager) + .map(X509ExtendedTrustManager.class::cast) + .findFirst() + .orElseThrow(() -> new RuntimeException("No X509ExtendedTrustManager in " + List.of(trustManagers))); + } catch (GeneralSecurityException e) { + throw new RuntimeException(e); + } + } + + public static X509ExtendedTrustManager createDefaultX509TrustManager(List<X509Certificate> certificates) { + KeyStoreBuilder truststoreBuilder = KeyStoreBuilder.withType(KeyStoreType.PKCS12); + for (int i = 0; i < certificates.size(); i++) { + truststoreBuilder.withCertificateEntry("cert-" + i, certificates.get(i)); + } + KeyStore truststore = truststoreBuilder.build(); + return createDefaultX509TrustManager(truststore); + } + + public static X509ExtendedTrustManager createDefaultX509TrustManager() { + return createDefaultX509TrustManager((KeyStore) null); + } +} |