org.opensearch.commons.rest.TrustStore Maven / Gradle / Ivy
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
package org.opensearch.commons.rest;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
/**
* Helper class to read raw pem files to keystore.
*/
public class TrustStore {
private final String effectiveKeyAlias = "al";
private final String storeType = "JKS";
private final String certType = "X.509";
private final String cert;
public TrustStore(final String file) {
cert = file;
}
public KeyStore create() throws IOException, GeneralSecurityException {
X509Certificate[] trustCerts = loadCertificatesFromFile(cert);
return toTrustStore(effectiveKeyAlias, trustCerts);
}
private X509Certificate[] loadCertificatesFromFile(String file) throws IOException, GeneralSecurityException {
if (file == null) {
return null;
}
CertificateFactory fact = CertificateFactory.getInstance(certType);
try (FileInputStream is = new FileInputStream(file)) {
Collection certs = fact.generateCertificates(is);
X509Certificate[] x509Certs = new X509Certificate[certs.size()];
int i = 0;
for (Certificate cert : certs) {
x509Certs[i++] = (X509Certificate) cert;
}
return x509Certs;
}
}
private KeyStore toTrustStore(final String trustCertificatesAliasPrefix, final X509Certificate[] trustCertificates) throws IOException,
GeneralSecurityException {
if (trustCertificates == null) {
return null;
}
KeyStore ks = KeyStore.getInstance(storeType);
ks.load(null);
if (trustCertificates != null) {
for (int i = 0; i < trustCertificates.length; i++) {
X509Certificate x509Certificate = trustCertificates[i];
ks.setCertificateEntry(trustCertificatesAliasPrefix + "_" + i, x509Certificate);
}
}
return ks;
}
}