summaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security/TrustManagerUtils.java
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/TrustManagerUtils.java')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/TrustManagerUtils.java48
1 files changed, 48 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/TrustManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/TrustManagerUtils.java
new file mode 100644
index 00000000000..bb852ee89a3
--- /dev/null
+++ b/security-utils/src/main/java/com/yahoo/security/TrustManagerUtils.java
@@ -0,0 +1,48 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.security;
+
+import com.yahoo.security.KeyStoreBuilder;
+import com.yahoo.security.KeyStoreType;
+
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509ExtendedTrustManager;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * Utility methods for constructing {@link X509ExtendedTrustManager}.
+ *
+ * @author bjorncs
+ */
+public class TrustManagerUtils {
+
+ public static X509ExtendedTrustManager createDefaultX509TrustManager(KeyStore truststore) {
+ try {
+ TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ trustManagerFactory.init(truststore);
+ TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+ return Arrays.stream(trustManagers)
+ .filter(manager -> manager instanceof X509ExtendedTrustManager)
+ .map(X509ExtendedTrustManager.class::cast)
+ .findFirst()
+ .orElseThrow(() -> new RuntimeException("No X509ExtendedTrustManager in " + Arrays.asList(trustManagers)));
+ } catch (GeneralSecurityException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static X509ExtendedTrustManager createDefaultX509TrustManager(List<X509Certificate> certificates) {
+ return createDefaultX509TrustManager(
+ KeyStoreBuilder.withType(KeyStoreType.PKCS12)
+ .withCertificateEntries("cert", certificates)
+ .build());
+ }
+
+ public static X509ExtendedTrustManager createDefaultX509TrustManager() {
+ return createDefaultX509TrustManager((KeyStore) null);
+ }
+}