/
TrustStoreRefresher.scala
62 lines (47 loc) · 2.04 KB
/
TrustStoreRefresher.scala
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package blended.security.ssl.internal
import java.io.File
import java.security.cert.X509Certificate
import java.util.UUID
import blended.security.ssl.internal.SslContextProvider.{propTrustStore, propTrustStorePwd}
import blended.security.ssl.{CertificateHolder, MemoryKeystore}
import blended.util.logging.Logger
import javax.security.auth.x500.X500Principal
import scala.util.Try
class TrustStoreRefresher(ms : MemoryKeystore) {
private val log : Logger = Logger[TrustStoreRefresher]
def refreshTruststore() : Try[Option[MemoryKeystore]] = Try {
(
Option(System.getProperty(propTrustStore)),
Option(System.getProperty(propTrustStorePwd))
) match {
case (Some(store), Some(pwd)) =>
val f = new File(store)
log.info(s"Reading trust store certificates from [${f.getAbsolutePath()}]")
val jks = new JavaKeystore(new File(store), pwd.toCharArray(), None)
val updated : MemoryKeystore = updateRoots(jks.loadKeyStore().get, ms).get
Some(jks.saveKeyStore(updated).get)
case _ => None
}
}
private def updateRoot(trusted : MemoryKeystore, cert : CertificateHolder) : Try[MemoryKeystore] = Try {
val root : X509Certificate = cert.chain.last
val rootCn : X500Principal = root.getSubjectX500Principal()
log.info(s"Checking trusted certificate for [$rootCn]")
trusted.findByPrincipal(rootCn) match {
case None =>
log.info(s"Updating trust store with cerificate for [$rootCn]")
val alias : String = if (trusted.certificates.isDefinedAt(rootCn.toString())) {
UUID.randomUUID().toString()
} else {
rootCn.toString()
}
trusted.update(alias, CertificateHolder.create(root)).get
case Some(_) =>
log.info(s"Certificate for [$rootCn] already exists in trust store.")
trusted
}
}
private def updateRoots(trusted : MemoryKeystore, keystore : MemoryKeystore) : Try[MemoryKeystore] = Try {
keystore.certificates.foldLeft(trusted) { case (s, (_, c)) => updateRoot(s, c).get }
}
}