diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-02-22 15:44:42 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-02-25 12:46:17 +0100 |
commit | 9fa6c26665ad8ea33d69327a169149593363012a (patch) | |
tree | f380f15ad63eb414ba598304bb26a83a7fe3c31e /security-utils | |
parent | 49277b330fea49f49df4563d534d572e73c2af1f (diff) |
Add withCertificateEntries() to KeyStoreBuilder
Diffstat (limited to 'security-utils')
4 files changed, 17 insertions, 19 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java b/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java index 2160fbf6455..8bb7e0e5ab9 100644 --- a/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java +++ b/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java @@ -69,6 +69,13 @@ public class KeyStoreBuilder { return this; } + public KeyStoreBuilder withCertificateEntries(String aliasPrefix, List<X509Certificate> certificates) { + for (int i = 0; i < certificates.size(); i++) { + withCertificateEntry(aliasPrefix + "-" + i, certificates.get(i)); + } + return this; + } + public KeyStore build() { try { KeyStore keystore = this.keyStoreType.createKeystore(); diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java index 1ef4df9c7bc..0ef179f775e 100644 --- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java +++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java @@ -125,11 +125,9 @@ public class SslContextBuilder { } private static KeyStore createTrustStore(List<X509Certificate> caCertificates) { - KeyStoreBuilder trustStoreBuilder = KeyStoreBuilder.withType(KeyStoreType.JKS); - for (int i = 0; i < caCertificates.size(); i++) { - trustStoreBuilder.withCertificateEntry("cert-" + i, caCertificates.get(i)); - } - return trustStoreBuilder.build(); + return KeyStoreBuilder.withType(KeyStoreType.JKS) + .withCertificateEntries("cert", caCertificates) + .build(); } private interface KeyStoreSupplier { diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java index f1fc62de56a..debf14a27f8 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java @@ -18,9 +18,7 @@ import java.io.UncheckedIOException; import java.nio.file.Files; import java.nio.file.Path; import java.security.KeyStore; -import java.security.cert.X509Certificate; import java.time.Duration; -import java.util.List; import java.util.Set; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; @@ -79,12 +77,9 @@ public class ReloadingTlsContext implements TlsContext { private static KeyStore loadTruststore(Path caCertificateFile) { try { - List<X509Certificate> caCertificates = X509CertificateUtils.certificateListFromPem(Files.readString(caCertificateFile)); - KeyStoreBuilder trustStoreBuilder = KeyStoreBuilder.withType(KeyStoreType.PKCS12); - for (int i = 0; i < caCertificates.size(); i++) { - trustStoreBuilder.withCertificateEntry("cert-" + i, caCertificates.get(i)); - } - return trustStoreBuilder.build(); + return KeyStoreBuilder.withType(KeyStoreType.PKCS12) + .withCertificateEntries("cert", X509CertificateUtils.certificateListFromPem(Files.readString(caCertificateFile))) + .build(); } catch (IOException e) { throw new UncheckedIOException(e); } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java index f114b672ed8..7c1d7070617 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java @@ -36,12 +36,10 @@ public class TrustManagerUtils { } public static X509ExtendedTrustManager createDefaultX509TrustManager(List<X509Certificate> certificates) { - KeyStoreBuilder truststoreBuilder = KeyStoreBuilder.withType(KeyStoreType.PKCS12); - for (int i = 0; i < certificates.size(); i++) { - truststoreBuilder.withCertificateEntry("cert-" + i, certificates.get(i)); - } - KeyStore truststore = truststoreBuilder.build(); - return createDefaultX509TrustManager(truststore); + return createDefaultX509TrustManager( + KeyStoreBuilder.withType(KeyStoreType.PKCS12) + .withCertificateEntries("cert", certificates) + .build()); } public static X509ExtendedTrustManager createDefaultX509TrustManager() { |