From 0f73bae31ac0fab67d7206cdd88ced5881738244 Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@oath.com>
Date: Mon, 10 Sep 2018 12:21:46 +0200
Subject: Add builder method for creating truststore from PEM

---
 .../java/com/yahoo/security/SslContextBuilder.java | 30 ++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'vespajlib')

diff --git a/vespajlib/src/main/java/com/yahoo/security/SslContextBuilder.java b/vespajlib/src/main/java/com/yahoo/security/SslContextBuilder.java
index 56db9c59146..24f6c895e3c 100644
--- a/vespajlib/src/main/java/com/yahoo/security/SslContextBuilder.java
+++ b/vespajlib/src/main/java/com/yahoo/security/SslContextBuilder.java
@@ -14,6 +14,10 @@ import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.List;
+
+import static java.util.Collections.singletonList;
 
 /**
  * @author bjorncs
@@ -36,6 +40,24 @@ public class SslContextBuilder {
         return this;
     }
 
+    public SslContextBuilder withTrustStore(X509Certificate caCertificate) {
+        return withTrustStore(singletonList(caCertificate));
+    }
+
+    public SslContextBuilder withTrustStore(List<X509Certificate> caCertificates) {
+        this.trustStoreSupplier = () -> createTrustStore(caCertificates);
+        return this;
+    }
+
+    public SslContextBuilder withTrustStore(Path pemEncodedCaCertificates) {
+        this.trustStoreSupplier = () -> {
+            List<X509Certificate> caCertificates =
+                    X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(pemEncodedCaCertificates)));
+            return createTrustStore(caCertificates);
+        };
+        return this;
+    }
+
     public SslContextBuilder withKeyStore(PrivateKey privateKey, X509Certificate certificate) {
         char[] pwd = new char[0];
         this.keyStoreSupplier = () -> KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry("default", privateKey, certificate).build();
@@ -100,6 +122,14 @@ public class SslContextBuilder {
         return keyManagerFactory.getKeyManagers();
     }
 
+    private static KeyStore createTrustStore(List<X509Certificate> caCertificates) {
+        KeyStoreBuilder trustStoreBuilder = KeyStoreBuilder.withType(KeyStoreType.JKS);
+        for (int i = 0; i < caCertificates.size(); i++) {
+            trustStoreBuilder.withCertificateEntry("cert-" + i, caCertificates.get(i));
+        }
+        return trustStoreBuilder.build();
+    }
+
     private interface KeyStoreSupplier {
         KeyStore get() throws IOException, GeneralSecurityException;
     }
-- 
cgit v1.2.3