From 9fa6c26665ad8ea33d69327a169149593363012a Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@verizonmedia.com>
Date: Fri, 22 Feb 2019 15:44:42 +0100
Subject: Add withCertificateEntries() to KeyStoreBuilder

---
 .../src/main/java/com/yahoo/security/KeyStoreBuilder.java     |  7 +++++++
 .../src/main/java/com/yahoo/security/SslContextBuilder.java   |  8 +++-----
 .../main/java/com/yahoo/security/tls/ReloadingTlsContext.java | 11 +++--------
 .../main/java/com/yahoo/security/tls/TrustManagerUtils.java   | 10 ++++------
 4 files changed, 17 insertions(+), 19 deletions(-)

(limited to 'security-utils/src')

diff --git a/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java b/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java
index 2160fbf6455..8bb7e0e5ab9 100644
--- a/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java
+++ b/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java
@@ -69,6 +69,13 @@ public class KeyStoreBuilder {
         return this;
     }
 
+    public KeyStoreBuilder withCertificateEntries(String aliasPrefix, List<X509Certificate> certificates) {
+        for (int i = 0; i < certificates.size(); i++) {
+            withCertificateEntry(aliasPrefix + "-" + i, certificates.get(i));
+        }
+        return this;
+    }
+
     public KeyStore build() {
         try {
             KeyStore keystore = this.keyStoreType.createKeystore();
diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
index 1ef4df9c7bc..0ef179f775e 100644
--- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
+++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
@@ -125,11 +125,9 @@ public class SslContextBuilder {
     }
 
     private static KeyStore createTrustStore(List<X509Certificate> caCertificates) {
-        KeyStoreBuilder trustStoreBuilder = KeyStoreBuilder.withType(KeyStoreType.JKS);
-        for (int i = 0; i < caCertificates.size(); i++) {
-            trustStoreBuilder.withCertificateEntry("cert-" + i, caCertificates.get(i));
-        }
-        return trustStoreBuilder.build();
+        return KeyStoreBuilder.withType(KeyStoreType.JKS)
+                .withCertificateEntries("cert", caCertificates)
+                .build();
     }
 
     private interface KeyStoreSupplier {
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java
index f1fc62de56a..debf14a27f8 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java
@@ -18,9 +18,7 @@ import java.io.UncheckedIOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyStore;
-import java.security.cert.X509Certificate;
 import java.time.Duration;
-import java.util.List;
 import java.util.Set;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
@@ -79,12 +77,9 @@ public class ReloadingTlsContext implements TlsContext {
 
     private static KeyStore loadTruststore(Path caCertificateFile) {
         try {
-            List<X509Certificate> caCertificates = X509CertificateUtils.certificateListFromPem(Files.readString(caCertificateFile));
-            KeyStoreBuilder trustStoreBuilder = KeyStoreBuilder.withType(KeyStoreType.PKCS12);
-            for (int i = 0; i < caCertificates.size(); i++) {
-                trustStoreBuilder.withCertificateEntry("cert-" + i, caCertificates.get(i));
-            }
-            return trustStoreBuilder.build();
+            return KeyStoreBuilder.withType(KeyStoreType.PKCS12)
+                    .withCertificateEntries("cert", X509CertificateUtils.certificateListFromPem(Files.readString(caCertificateFile)))
+                    .build();
         } catch (IOException e) {
             throw new UncheckedIOException(e);
         }
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java
index f114b672ed8..7c1d7070617 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java
@@ -36,12 +36,10 @@ public class TrustManagerUtils {
     }
 
     public static X509ExtendedTrustManager createDefaultX509TrustManager(List<X509Certificate> certificates) {
-        KeyStoreBuilder truststoreBuilder = KeyStoreBuilder.withType(KeyStoreType.PKCS12);
-        for (int i = 0; i < certificates.size(); i++) {
-            truststoreBuilder.withCertificateEntry("cert-" + i, certificates.get(i));
-        }
-        KeyStore truststore = truststoreBuilder.build();
-        return createDefaultX509TrustManager(truststore);
+        return createDefaultX509TrustManager(
+                KeyStoreBuilder.withType(KeyStoreType.PKCS12)
+                        .withCertificateEntries("cert", certificates)
+                        .build());
     }
 
     public static X509ExtendedTrustManager createDefaultX509TrustManager() {
-- 
cgit v1.2.3