• Home
• com.yandex.ydb
• ydb-sdk-jdbc-uberjar
• 1.45.6
• source code
• YandexTrustManagersProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.yandex.ydb.core.ssl.YandexTrustManagersProvider Maven / Gradle / Ivy

package com.yandex.ydb.core.ssl;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

final class YandexTrustManagersProvider {
    private static final String JSK_YANDEX_CA_STORE = "certificates/YandexAllCAs.pkcs";
    private static final String STORE_PASSWORD = "yandex";

    private TrustManager[] trustManagers;

    private YandexTrustManagersProvider() {
        try {
            List customTrustManagers = getCustomTrustManagers();
            List defaultTrustManagers = getDefaultTrustManagers();

            List x509TrustManagers = Stream.concat(customTrustManagers.stream(), defaultTrustManagers.stream())
                    .filter(X509TrustManager.class::isInstance).map(X509TrustManager.class::cast).collect(Collectors.toList());
            List allTrustManagers = Stream.concat(customTrustManagers.stream(), defaultTrustManagers.stream())
                    .filter(x -> !(x instanceof X509TrustManager)).collect(Collectors.toCollection(ArrayList::new));
            X509TrustManager composite = new MultiX509TrustManager(x509TrustManagers);
            allTrustManagers.add(composite);
            trustManagers = allTrustManagers.toArray(new TrustManager[0]);
        } catch (NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) {
            String msg = "Can't init yandex root CA setting";
            throw new RuntimeException(msg, e);
        }
    }

    private List getDefaultTrustManagers() throws NoSuchAlgorithmException, KeyStoreException {
        return getTrustManagersFromKeyStore(null);
    }

    private List getCustomTrustManagers()
            throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(YandexTrustManagersProvider.class.getClassLoader().getResourceAsStream(JSK_YANDEX_CA_STORE),
                STORE_PASSWORD.toCharArray());
        return getTrustManagersFromKeyStore(keyStore);
    }

    private List getTrustManagersFromKeyStore(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory =
                TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);

        return Arrays.asList(trustManagerFactory.getTrustManagers());
    }

    private static final class LazyHolder {
        private static final YandexTrustManagersProvider instance = new YandexTrustManagersProvider();
    }

    public static YandexTrustManagersProvider getInstance() {
        return LazyHolder.instance;
    }

    public TrustManager[] getTrustManagers() {
        return trustManagers.clone();
    }

}