diff options
| author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-09-10 12:21:46 +0200 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-09-10 12:21:46 +0200 |
| commit | 0f73bae31ac0fab67d7206cdd88ced5881738244 (patch) | |
| tree | 0bf82c015a9108adb6d371000b482b62a7254a66 /vespajlib | |
| parent | 0428eb0abc8743121d20745d0f73cde7b742d63d (diff) | |
Add builder method for creating truststore from PEM
Diffstat (limited to 'vespajlib')
| -rw-r--r-- | vespajlib/src/main/java/com/yahoo/security/SslContextBuilder.java | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/vespajlib/src/main/java/com/yahoo/security/SslContextBuilder.java b/vespajlib/src/main/java/com/yahoo/security/SslContextBuilder.java index 56db9c59146..24f6c895e3c 100644 --- a/vespajlib/src/main/java/com/yahoo/security/SslContextBuilder.java +++ b/vespajlib/src/main/java/com/yahoo/security/SslContextBuilder.java @@ -14,6 +14,10 @@ import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.List; + +import static java.util.Collections.singletonList; /** * @author bjorncs @@ -36,6 +40,24 @@ public class SslContextBuilder { return this; } + public SslContextBuilder withTrustStore(X509Certificate caCertificate) { + return withTrustStore(singletonList(caCertificate)); + } + + public SslContextBuilder withTrustStore(List<X509Certificate> caCertificates) { + this.trustStoreSupplier = () -> createTrustStore(caCertificates); + return this; + } + + public SslContextBuilder withTrustStore(Path pemEncodedCaCertificates) { + this.trustStoreSupplier = () -> { + List<X509Certificate> caCertificates = + X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(pemEncodedCaCertificates))); + return createTrustStore(caCertificates); + }; + return this; + } + public SslContextBuilder withKeyStore(PrivateKey privateKey, X509Certificate certificate) { char[] pwd = new char[0]; this.keyStoreSupplier = () -> KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry("default", privateKey, certificate).build(); @@ -100,6 +122,14 @@ public class SslContextBuilder { return keyManagerFactory.getKeyManagers(); } + private static KeyStore createTrustStore(List<X509Certificate> caCertificates) { + KeyStoreBuilder trustStoreBuilder = KeyStoreBuilder.withType(KeyStoreType.JKS); + for (int i = 0; i < caCertificates.size(); i++) { + trustStoreBuilder.withCertificateEntry("cert-" + i, caCertificates.get(i)); + } + return trustStoreBuilder.build(); + } + private interface KeyStoreSupplier { KeyStore get() throws IOException, GeneralSecurityException; } |