org.xbib.net.security.ssl.util.TrustManagerUtils Maven / Gradle / Ivy
The newest version!
package org.xbib.net.security.ssl.util;
import org.xbib.net.security.ssl.exception.GenericTrustManagerException;
import org.xbib.net.security.ssl.trustmanager.CertificateCapturingX509ExtendedTrustManager;
import org.xbib.net.security.ssl.trustmanager.ChainAndAuthTypeValidator;
import org.xbib.net.security.ssl.trustmanager.ChainAndAuthTypeWithSSLEngineValidator;
import org.xbib.net.security.ssl.trustmanager.ChainAndAuthTypeWithSocketValidator;
import org.xbib.net.security.ssl.trustmanager.CompositeX509ExtendedTrustManager;
import org.xbib.net.security.ssl.trustmanager.DummyX509ExtendedTrustManager;
import org.xbib.net.security.ssl.trustmanager.EnhanceableX509ExtendedTrustManager;
import org.xbib.net.security.ssl.trustmanager.HotSwappableX509ExtendedTrustManager;
import org.xbib.net.security.ssl.trustmanager.TrustManagerFactoryWrapper;
import org.xbib.net.security.ssl.trustmanager.X509TrustManagerWrapper;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
public final class TrustManagerUtils {
private TrustManagerUtils() {}
public static X509ExtendedTrustManager combine(X509TrustManager... trustManagers) {
return combine(Arrays.asList(trustManagers));
}
public static X509ExtendedTrustManager combine(List trustManagers) {
return TrustManagerUtils.trustManagerBuilder()
.withTrustManagers(trustManagers)
.build();
}
public static X509ExtendedTrustManager[] toArray(T trustManager) {
return new X509ExtendedTrustManager[]{TrustManagerUtils.wrapIfNeeded(trustManager)};
}
public static X509ExtendedTrustManager createTrustManagerWithJdkTrustedCertificates() {
return createTrustManager((KeyStore) null);
}
public static Optional createTrustManagerWithSystemTrustedCertificates() {
List trustStores = KeyStoreUtils.loadSystemKeyStores();
if (trustStores.isEmpty()) {
return Optional.empty();
}
X509ExtendedTrustManager trustManager = createTrustManager(trustStores.toArray(new KeyStore[]{}));
return Optional.of(trustManager);
}
public static X509ExtendedTrustManager createTrustManager(KeyStore... trustStores) {
return Arrays.stream(trustStores)
.map(TrustManagerUtils::createTrustManager)
.collect(Collectors.collectingAndThen(Collectors.toList(), TrustManagerUtils::combine));
}
public static X509ExtendedTrustManager createTrustManager(KeyStore trustStore) {
return createTrustManager(trustStore, TrustManagerFactory.getDefaultAlgorithm());
}
public static X509ExtendedTrustManager createTrustManager(KeyStore trustStore, String trustManagerFactoryAlgorithm) {
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerFactoryAlgorithm);
return createTrustManager(trustStore, trustManagerFactory);
} catch (NoSuchAlgorithmException e) {
throw new GenericTrustManagerException(e);
}
}
public static X509ExtendedTrustManager createTrustManager(KeyStore trustStore, String trustManagerFactoryAlgorithm, String securityProviderName) {
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerFactoryAlgorithm, securityProviderName);
return createTrustManager(trustStore, trustManagerFactory);
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
throw new GenericTrustManagerException(e);
}
}
public static X509ExtendedTrustManager createTrustManager(KeyStore trustStore, String trustManagerFactoryAlgorithm, Provider securityProvider) {
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerFactoryAlgorithm, securityProvider);
return createTrustManager(trustStore, trustManagerFactory);
} catch (NoSuchAlgorithmException e) {
throw new GenericTrustManagerException(e);
}
}
public static X509ExtendedTrustManager createTrustManager(KeyStore trustStore, TrustManagerFactory trustManagerFactory) {
try {
trustManagerFactory.init(trustStore);
return TrustManagerUtils.getTrustManager(trustManagerFactory);
} catch (KeyStoreException e) {
throw new GenericTrustManagerException(e);
}
}
public static X509ExtendedTrustManager createTrustManager(ManagerFactoryParameters... managerFactoryParameters) {
return Arrays.stream(managerFactoryParameters)
.map(TrustManagerUtils::createTrustManager)
.collect(Collectors.collectingAndThen(Collectors.toList(), TrustManagerUtils::combine));
}
public static X509ExtendedTrustManager createTrustManager(ManagerFactoryParameters managerFactoryParameters) {
return createTrustManager(managerFactoryParameters, TrustManagerFactory.getDefaultAlgorithm());
}
public static X509ExtendedTrustManager createTrustManager(ManagerFactoryParameters managerFactoryParameters, String trustManagerFactoryAlgorithm) {
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerFactoryAlgorithm);
return createTrustManager(managerFactoryParameters, trustManagerFactory);
} catch (NoSuchAlgorithmException e) {
throw new GenericTrustManagerException(e);
}
}
public static X509ExtendedTrustManager createTrustManager(ManagerFactoryParameters managerFactoryParameters, String trustManagerFactoryAlgorithm, String securityProviderName) {
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerFactoryAlgorithm, securityProviderName);
return createTrustManager(managerFactoryParameters, trustManagerFactory);
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
throw new GenericTrustManagerException(e);
}
}
public static X509ExtendedTrustManager createTrustManager(ManagerFactoryParameters managerFactoryParameters, String trustManagerFactoryAlgorithm, Provider securityProvider) {
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(trustManagerFactoryAlgorithm, securityProvider);
return createTrustManager(managerFactoryParameters, trustManagerFactory);
} catch (NoSuchAlgorithmException e) {
throw new GenericTrustManagerException(e);
}
}
public static X509ExtendedTrustManager createTrustManager(ManagerFactoryParameters managerFactoryParameters, TrustManagerFactory trustManagerFactory) {
try {
trustManagerFactory.init(managerFactoryParameters);
return TrustManagerUtils.getTrustManager(trustManagerFactory);
} catch (InvalidAlgorithmParameterException e) {
throw new GenericTrustManagerException(e);
}
}
public static X509ExtendedTrustManager createDummyTrustManager() {
return DummyX509ExtendedTrustManager.getInstance();
}
public static X509ExtendedTrustManager createCertificateCapturingTrustManager(X509TrustManager baseTrustManager, List certificatesCollector) {
return new CertificateCapturingX509ExtendedTrustManager(wrapIfNeeded(baseTrustManager), certificatesCollector);
}
public static X509ExtendedTrustManager wrapIfNeeded(X509TrustManager trustManager) {
if (trustManager instanceof X509ExtendedTrustManager) {
return (X509ExtendedTrustManager) trustManager;
} else {
return new X509TrustManagerWrapper(trustManager);
}
}
public static TrustManagerFactory createTrustManagerFactory(TrustManager trustManager) {
return new TrustManagerFactoryWrapper(trustManager);
}
public static X509ExtendedTrustManager getTrustManager(T trustManagerFactory) {
return Arrays.stream(trustManagerFactory.getTrustManagers())
.filter(X509TrustManager.class::isInstance)
.map(X509TrustManager.class::cast)
.map(TrustManagerUtils::wrapIfNeeded)
.collect(Collectors.collectingAndThen(Collectors.toList(), TrustManagerUtils::combine));
}
/**
* Wraps the given TrustManager into an instance of a Hot Swappable TrustManager.
* This type of TrustManager has the capability of swapping in and out different TrustManagers at runtime.
*
* @param trustManager To be wrapped TrustManager
* @return Swappable TrustManager
*/
public static X509ExtendedTrustManager createSwappableTrustManager(X509TrustManager trustManager) {
return new HotSwappableX509ExtendedTrustManager(TrustManagerUtils.wrapIfNeeded(trustManager));
}
/**
* Swaps the internal TrustManager instance with the given trustManager object.
* The baseTrustManager should be an instance of {@link HotSwappableX509ExtendedTrustManager}
* and can be created with {@link TrustManagerUtils#createSwappableTrustManager(X509TrustManager)}
*
* @param baseTrustManager an instance of {@link HotSwappableX509ExtendedTrustManager}
* @param newTrustManager to be injected instance of a TrustManager
* @throws GenericTrustManagerException if {@code baseTrustManager} is not instance of {@link HotSwappableX509ExtendedTrustManager}
*/
public static void swapTrustManager(X509TrustManager baseTrustManager, X509TrustManager newTrustManager) {
if (newTrustManager instanceof HotSwappableX509ExtendedTrustManager) {
throw new GenericTrustManagerException(
String.format("The newTrustManager should not be an instance of [%s]", HotSwappableX509ExtendedTrustManager.class.getName())
);
}
if (baseTrustManager instanceof HotSwappableX509ExtendedTrustManager) {
((HotSwappableX509ExtendedTrustManager) baseTrustManager).setTrustManager(TrustManagerUtils.wrapIfNeeded(newTrustManager));
} else {
throw new GenericTrustManagerException(
String.format("The baseTrustManager is from the instance of [%s] and should be an instance of [%s].",
baseTrustManager.getClass().getName(),
HotSwappableX509ExtendedTrustManager.class.getName())
);
}
}
public static X509ExtendedTrustManager createEnhanceableTrustManager(
X509ExtendedTrustManager trustManager,
ChainAndAuthTypeValidator chainAndAuthTypeValidator,
ChainAndAuthTypeWithSocketValidator chainAndAuthTypeWithSocketValidator,
ChainAndAuthTypeWithSSLEngineValidator chainAndAuthTypeWithSSLEngineValidator) {
return new EnhanceableX509ExtendedTrustManager(
trustManager,
chainAndAuthTypeValidator,
chainAndAuthTypeWithSocketValidator,
chainAndAuthTypeWithSSLEngineValidator
);
}
private static List unwrapIfPossible(X509ExtendedTrustManager trustManager) {
List trustManagers = new ArrayList<>();
if (trustManager instanceof CompositeX509ExtendedTrustManager) {
for (X509ExtendedTrustManager innerTrustManager : ((CompositeX509ExtendedTrustManager) trustManager).getTrustManagers()) {
List unwrappedTrustManagers = TrustManagerUtils.unwrapIfPossible(innerTrustManager);
trustManagers.addAll(unwrappedTrustManagers);
}
} else {
trustManagers.add(trustManager);
}
return trustManagers;
}
public static TrustManagerBuilder trustManagerBuilder() {
return new TrustManagerBuilder();
}
public static final class TrustManagerBuilder {
private static final String EMPTY_TRUST_MANAGER_EXCEPTION = "Input does not contain TrustManager";
private TrustManagerBuilder() {}
private final List trustManagers = new ArrayList<>();
private boolean swappableTrustManagerEnabled = false;
private ChainAndAuthTypeValidator chainAndAuthTypeValidator;
private ChainAndAuthTypeWithSocketValidator chainAndAuthTypeWithSocketValidator;
private ChainAndAuthTypeWithSSLEngineValidator chainAndAuthTypeWithSSLEngineValidator;
public TrustManagerBuilder withTrustManagers(List trustManagers) {
for (T trustManager : trustManagers) {
withTrustManager(trustManager);
}
return this;
}
public TrustManagerBuilder withTrustManager(T trustManager) {
this.trustManagers.add(TrustManagerUtils.wrapIfNeeded(trustManager));
return this;
}
public TrustManagerBuilder withTrustStores(List trustStores) {
for (KeyStore trustStore : trustStores) {
this.trustManagers.add(TrustManagerUtils.createTrustManager(trustStore));
}
return this;
}
public TrustManagerBuilder withTrustStore(T trustStore) {
this.trustManagers.add(TrustManagerUtils.createTrustManager(trustStore));
return this;
}
public TrustManagerBuilder withTrustStore(T trustStore, String trustManagerAlgorithm) {
this.trustManagers.add(TrustManagerUtils.createTrustManager(trustStore, trustManagerAlgorithm));
return this;
}
public TrustManagerBuilder withSwappableTrustManager(boolean swappableTrustManagerEnabled) {
this.swappableTrustManagerEnabled = swappableTrustManagerEnabled;
return this;
}
public TrustManagerBuilder withTrustEnhancer(ChainAndAuthTypeValidator validator) {
this.chainAndAuthTypeValidator = validator;
return this;
}
@SuppressWarnings("overloads")
public TrustManagerBuilder withTrustEnhancer(ChainAndAuthTypeWithSocketValidator validator) {
this.chainAndAuthTypeWithSocketValidator = validator;
return this;
}
@SuppressWarnings("overloads")
public TrustManagerBuilder withTrustEnhancer(ChainAndAuthTypeWithSSLEngineValidator validator) {
this.chainAndAuthTypeWithSSLEngineValidator = validator;
return this;
}
public X509ExtendedTrustManager build() {
ValidationUtils.requireNotEmpty(trustManagers, () -> new GenericTrustManagerException(EMPTY_TRUST_MANAGER_EXCEPTION));
X509ExtendedTrustManager baseTrustManager;
if (trustManagers.size() == 1) {
baseTrustManager = trustManagers.get(0);
} else {
baseTrustManager = trustManagers.stream()
.map(TrustManagerUtils::unwrapIfPossible)
.flatMap(Collection::stream)
.filter(trustManager -> trustManager.getAcceptedIssuers().length > 0)
.collect(Collectors.collectingAndThen(Collectors.toList(), CompositeX509ExtendedTrustManager::new));
}
if (chainAndAuthTypeValidator != null
|| chainAndAuthTypeWithSocketValidator != null
|| chainAndAuthTypeWithSSLEngineValidator != null) {
baseTrustManager = TrustManagerUtils.createEnhanceableTrustManager(
baseTrustManager,
chainAndAuthTypeValidator,
chainAndAuthTypeWithSocketValidator,
chainAndAuthTypeWithSSLEngineValidator
);
}
if (swappableTrustManagerEnabled) {
baseTrustManager = TrustManagerUtils.createSwappableTrustManager(baseTrustManager);
}
return baseTrustManager;
}
}
}