-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Complete refactoring. Only accept a single Trusted CA certificate tha…
…t can be set using TRUSTED_CA_CERTIFICATE system property.
- Loading branch information
1 parent
83891c9
commit 3d6cf29
Showing
10 changed files
with
442 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
48 changes: 48 additions & 0 deletions
48
src/main/java/com/orange/clara/cloud/boot/ssl/CertificateFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
/* | ||
* | ||
* * Copyright (C) 2015 Orange | ||
* * Licensed under the Apache License, Version 2.0 (the "License"); | ||
* * you may not use this file except in compliance with the License. | ||
* * You may obtain a copy of the License at | ||
* * http://www.apache.org/licenses/LICENSE-2.0 | ||
* * Unless required by applicable law or agreed to in writing, software | ||
* * distributed under the License is distributed on an "AS IS" BASIS, | ||
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* * See the License for the specific language governing permissions and | ||
* * limitations under the License. | ||
* * | ||
* | ||
*/ | ||
|
||
package com.orange.clara.cloud.boot.ssl; | ||
|
||
import java.io.BufferedInputStream; | ||
import java.io.ByteArrayInputStream; | ||
import java.security.cert.Certificate; | ||
|
||
/** | ||
* Created by sbortolussi on 22/10/2015. | ||
*/ | ||
public class CertificateFactory { | ||
|
||
public static final String X_509_CERTIFICATE = "X.509"; | ||
|
||
public static Certificate newInstance(String certificate) { | ||
if (certificate == null || "".equals(certificate)) | ||
throw new IllegalArgumentException("Invalid certificate. Certificate should have text."); | ||
|
||
try (ByteArrayInputStream bais = new ByteArrayInputStream(certificate.getBytes()); BufferedInputStream bis = new BufferedInputStream(bais)) { | ||
java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance(X_509_CERTIFICATE); | ||
Certificate cert = null; | ||
while (bis.available() > 0) { | ||
cert = cf.generateCertificate(bis); | ||
} | ||
return cert; | ||
} catch (Exception e) { | ||
String message = String | ||
.format("Cannot create certificate.", e); | ||
throw new IllegalStateException(message, e); | ||
} | ||
} | ||
|
||
} |
92 changes: 92 additions & 0 deletions
92
src/main/java/com/orange/clara/cloud/boot/ssl/DefaultTrustStoreAppender.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
/* | ||
* | ||
* * Copyright (C) 2015 Orange | ||
* * Licensed under the Apache License, Version 2.0 (the "License"); | ||
* * you may not use this file except in compliance with the License. | ||
* * You may obtain a copy of the License at | ||
* * http://www.apache.org/licenses/LICENSE-2.0 | ||
* * Unless required by applicable law or agreed to in writing, software | ||
* * distributed under the License is distributed on an "AS IS" BASIS, | ||
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* * See the License for the specific language governing permissions and | ||
* * limitations under the License. | ||
* * | ||
* | ||
*/ | ||
|
||
package com.orange.clara.cloud.boot.ssl; | ||
|
||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
|
||
import javax.net.ssl.TrustManagerFactory; | ||
import javax.net.ssl.X509TrustManager; | ||
import java.io.File; | ||
import java.io.FileOutputStream; | ||
import java.security.KeyStore; | ||
import java.security.KeyStoreException; | ||
import java.security.NoSuchAlgorithmException; | ||
import java.security.cert.Certificate; | ||
import java.security.cert.X509Certificate; | ||
import java.util.UUID; | ||
|
||
|
||
/** | ||
* Created by sbortolussi on 28/10/2015. | ||
* <p> | ||
* Credits to https://github.com/cloudfoundry/cf-java-client/blob/master/cloudfoundry-client-spring/src/main/java/org/cloudfoundry/client/spring/util/CertificateCollectingSslCertificateTruster.java | ||
*/ | ||
public class DefaultTrustStoreAppender { | ||
|
||
public static final String TRUSTSTORE_FILENAME = "truststore"; | ||
|
||
private static Logger LOGGER = LoggerFactory.getLogger(DefaultTrustStoreAppender.class); | ||
|
||
/** | ||
* Create new java truststore from default truststore. Add given CA certificate to it. | ||
* | ||
* @param certificate | ||
* @return TrustStoreInfo | ||
* @see <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html">JSSE Reference Guide</a> | ||
*/ | ||
public TrustStoreInfo append(Certificate certificate) { | ||
try { | ||
X509TrustManager trustManager = getDefaultTrustManager(); | ||
|
||
try { | ||
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); | ||
trustStore.load(null); | ||
|
||
if (trustManager != null) { | ||
for (X509Certificate cert : trustManager.getAcceptedIssuers()) { | ||
trustStore.setCertificateEntry(UUID.randomUUID().toString(), cert); | ||
LOGGER.debug("adding existing certificate to truststore {}", cert); | ||
} | ||
} | ||
|
||
if (certificate != null) { | ||
trustStore.setCertificateEntry(UUID.randomUUID().toString(), certificate); | ||
LOGGER.debug("adding new certificate to truststore {}", certificate); | ||
} | ||
|
||
String password = UUID.randomUUID().toString(); | ||
File trustStoreOutputFile = File.createTempFile(TRUSTSTORE_FILENAME, null); | ||
trustStoreOutputFile.deleteOnExit(); | ||
trustStore.store(new FileOutputStream(trustStoreOutputFile), password.toCharArray()); | ||
|
||
return new TrustStoreInfo(trustStoreOutputFile, password); | ||
} catch (Exception e) { | ||
throw new IllegalStateException(e); | ||
} | ||
} catch (Exception e) { | ||
throw new IllegalStateException(e); | ||
} | ||
} | ||
|
||
private X509TrustManager getDefaultTrustManager() throws NoSuchAlgorithmException, KeyStoreException { | ||
TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); | ||
factory.init((KeyStore) null); | ||
return (X509TrustManager) factory.getTrustManagers()[0]; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59 changes: 59 additions & 0 deletions
59
src/main/java/com/orange/clara/cloud/boot/ssl/TrustStoreInfo.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
/* | ||
* | ||
* * Copyright (C) 2015 Orange | ||
* * Licensed under the Apache License, Version 2.0 (the "License"); | ||
* * you may not use this file except in compliance with the License. | ||
* * You may obtain a copy of the License at | ||
* * http://www.apache.org/licenses/LICENSE-2.0 | ||
* * Unless required by applicable law or agreed to in writing, software | ||
* * distributed under the License is distributed on an "AS IS" BASIS, | ||
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* * See the License for the specific language governing permissions and | ||
* * limitations under the License. | ||
* * | ||
* | ||
*/ | ||
|
||
package com.orange.clara.cloud.boot.ssl; | ||
|
||
import java.io.File; | ||
|
||
/** | ||
* | ||
* Created by sbortolussi on 12/11/2015. | ||
*/ | ||
public class TrustStoreInfo { | ||
|
||
private File trustStoreFile; | ||
|
||
private String password; | ||
|
||
public TrustStoreInfo(File file, String password) { | ||
setPassword(password); | ||
setTrustStoreFile(file); | ||
} | ||
|
||
private void setTrustStoreFile(File file) { | ||
if (file == null) | ||
throw new IllegalArgumentException("Unable to create truststore info. trustore file should be set"); | ||
this.trustStoreFile = file; | ||
} | ||
|
||
private void setPassword(String password) { | ||
if (password == null || "".equals(password)) | ||
throw new IllegalArgumentException("Unable to create truststore info. password should be set"); | ||
this.password = password; | ||
} | ||
|
||
|
||
public File getTrustStorefFile() { | ||
return trustStoreFile; | ||
} | ||
|
||
public String getPassword() { | ||
return password; | ||
} | ||
|
||
|
||
|
||
} |
Oops, something went wrong.
3d6cf29
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This library has been really useful - thank you.
I need to import several certificates, so I'm interested to know why you moved away from this? Are there issues when you try to import several certificates?