Add withCertificateEntries() to KeyStoreBuilder

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-02-22 15:44:42 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-02-25 12:46:17 +0100
commit: 9fa6c26665ad8ea33d69327a169149593363012a (patch)
tree: f380f15ad63eb414ba598304bb26a83a7fe3c31e /security-utils
parent: 49277b330fea49f49df4563d534d572e73c2af1f (diff)
4 files changed, 17 insertions, 19 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java b/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java
index 2160fbf6455..8bb7e0e5ab9 100644
--- a/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java
+++ b/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java
@@ -69,6 +69,13 @@ public class KeyStoreBuilder {
         return this;
     }
 
+    public KeyStoreBuilder withCertificateEntries(String aliasPrefix, List<X509Certificate> certificates) {
+        for (int i = 0; i < certificates.size(); i++) {
+            withCertificateEntry(aliasPrefix + "-" + i, certificates.get(i));
+        }
+        return this;
+    }
+
     public KeyStore build() {
         try {
             KeyStore keystore = this.keyStoreType.createKeystore();
diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
index 1ef4df9c7bc..0ef179f775e 100644
--- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
+++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
@@ -125,11 +125,9 @@ public class SslContextBuilder {
     }
 
     private static KeyStore createTrustStore(List<X509Certificate> caCertificates) {
-        KeyStoreBuilder trustStoreBuilder = KeyStoreBuilder.withType(KeyStoreType.JKS);
-        for (int i = 0; i < caCertificates.size(); i++) {
-            trustStoreBuilder.withCertificateEntry("cert-" + i, caCertificates.get(i));
-        }
-        return trustStoreBuilder.build();
+        return KeyStoreBuilder.withType(KeyStoreType.JKS)
+                .withCertificateEntries("cert", caCertificates)
+                .build();
     }
 
     private interface KeyStoreSupplier {
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java
index f1fc62de56a..debf14a27f8 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java
@@ -18,9 +18,7 @@ import java.io.UncheckedIOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyStore;
-import java.security.cert.X509Certificate;
 import java.time.Duration;
-import java.util.List;
 import java.util.Set;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
@@ -79,12 +77,9 @@ public class ReloadingTlsContext implements TlsContext {
 
     private static KeyStore loadTruststore(Path caCertificateFile) {
         try {
-            List<X509Certificate> caCertificates = X509CertificateUtils.certificateListFromPem(Files.readString(caCertificateFile));
-            KeyStoreBuilder trustStoreBuilder = KeyStoreBuilder.withType(KeyStoreType.PKCS12);
-            for (int i = 0; i < caCertificates.size(); i++) {
-                trustStoreBuilder.withCertificateEntry("cert-" + i, caCertificates.get(i));
-            }
-            return trustStoreBuilder.build();
+            return KeyStoreBuilder.withType(KeyStoreType.PKCS12)
+                    .withCertificateEntries("cert", X509CertificateUtils.certificateListFromPem(Files.readString(caCertificateFile)))
+                    .build();
         } catch (IOException e) {
             throw new UncheckedIOException(e);
         }
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java
index f114b672ed8..7c1d7070617 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java
@@ -36,12 +36,10 @@ public class TrustManagerUtils {
     }
 
     public static X509ExtendedTrustManager createDefaultX509TrustManager(List<X509Certificate> certificates) {
-        KeyStoreBuilder truststoreBuilder = KeyStoreBuilder.withType(KeyStoreType.PKCS12);
-        for (int i = 0; i < certificates.size(); i++) {
-            truststoreBuilder.withCertificateEntry("cert-" + i, certificates.get(i));
-        }
-        KeyStore truststore = truststoreBuilder.build();
-        return createDefaultX509TrustManager(truststore);
+        return createDefaultX509TrustManager(
+                KeyStoreBuilder.withType(KeyStoreType.PKCS12)
+                        .withCertificateEntries("cert", certificates)
+                        .build());
     }
 
     public static X509ExtendedTrustManager createDefaultX509TrustManager() {
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-02-22 15:44:42 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-02-25 12:46:17 +0100
commit	9fa6c26665ad8ea33d69327a169149593363012a (patch)
tree	f380f15ad63eb414ba598304bb26a83a7fe3c31e /security-utils
parent	49277b330fea49f49df4563d534d572e73c2af1f (diff)