/** * Returns a new TrustSource containing the same trusted CAs as this TrustSource, plus all trusted certificate * entries from the specified trustStore. This method will only add trusted certificate entries from the specified * KeyStore (i.e. entries of type {@link java.security.KeyStore.TrustedCertificateEntry}; private keys will be * ignored. The trustStore may be in JKS or PKCS12 format. * * @param trustStore keystore containing trusted certificate entries * @return a new TrustSource containing this TrustSource's trusted CAs plus trusted certificate entries from the keystore */ public TrustSource add(KeyStore trustStore) { if (trustStore == null) { throw new IllegalArgumentException("Trust store cannot be null"); } List<X509Certificate> trustedCertificates = TrustUtil.extractTrustedCertificateEntries(trustStore); return add(trustedCertificates.toArray(new X509Certificate[0])); }
/** * Returns a TrustSource containing only the builtin trusted CAs and does not include the JVM's trusted CAs. * See {@link TrustUtil#getBuiltinTrustedCAs()}. */ public static TrustSource builtinTrustSource() { return new TrustSource(TrustUtil.getBuiltinTrustedCAs()); }
@Override public X509Certificate[] get() { X509TrustManager defaultTrustManager = getDefaultJavaTrustManager(); X509Certificate[] defaultJavaTrustedCerts = defaultTrustManager.getAcceptedIssuers(); if (defaultJavaTrustedCerts != null) { return defaultJavaTrustedCerts; } else { return EMPTY_CERTIFICATE_ARRAY; } } });
@Override public X509Certificate[] get() { try { // the file may contain UTF-8 characters, but the PEM-encoded certificate data itself must be US-ASCII String allCAs = ClasspathResourceUtil.classpathResourceToString(DEFAULT_TRUSTED_CA_RESOURCE, StandardCharsets.UTF_8); return readX509CertificatesFromPem(allCAs); } catch (UncheckedIOException e) { log.warn("Unable to load built-in trusted CAs; no built-in CAs will be trusted", e); return new X509Certificate[0]; } } });
/** * Returns a TrustSource containing the default CAs trusted by this JVM. See {@link TrustUtil#getJavaTrustedCAs()}. */ public static TrustSource javaTrustSource() { return new TrustSource(TrustUtil.getJavaTrustedCAs()); }
/** * Parses a String containing zero or more PEM-encoded X509 certificates into an array of {@link X509Certificate}. * Everything outside of BEGIN CERTIFICATE and END CERTIFICATE lines will be ignored. * * @param pemEncodedCAs a String containing PEM-encoded certficiates * @return array containing certificates in the String */ public static X509Certificate[] readX509CertificatesFromPem(String pemEncodedCAs) { List<X509Certificate> certificates = new ArrayList<>(500); Matcher pemMatcher = CA_PEM_PATTERN.matcher(pemEncodedCAs); while (pemMatcher.find()) { String singleCAPem = pemMatcher.group(); X509Certificate certificate = readSingleX509Certificate(singleCAPem); certificates.add(certificate); } return certificates.toArray(new X509Certificate[0]); }
/** * Returns a new TrustSource containing the same trusted CAs as this TrustSource, plus zero or more CAs contained in * the PEM-encoded String. The String may contain multiple certificates and may contain comments or other non-PEM-encoded * text, as long as the PEM-encoded certificates are delimited by appropriate BEGIN_CERTIFICATE and END_CERTIFICATE * text blocks. * * @param trustedPemEncodedCAs String containing PEM-encoded certificates to trust * @return a new TrustSource containing this TrustSource's trusted CAs plus the CAs in the specified String */ public TrustSource add(String trustedPemEncodedCAs) { if (trustedPemEncodedCAs == null) { throw new IllegalArgumentException("PEM-encoded trusted CA String cannot be null"); } X509Certificate[] trustedCertificates = TrustUtil.readX509CertificatesFromPem(trustedPemEncodedCAs); return add(trustedCertificates); }
/** * Returns a TrustSource containing the default CAs trusted by this JVM. See {@link TrustUtil#getJavaTrustedCAs()}. */ public static TrustSource javaTrustSource() { return new TrustSource(TrustUtil.getJavaTrustedCAs()); }
/** * Parses a String containing zero or more PEM-encoded X509 certificates into an array of {@link X509Certificate}. * Everything outside of BEGIN CERTIFICATE and END CERTIFICATE lines will be ignored. * * @param pemEncodedCAs a String containing PEM-encoded certficiates * @return array containing certificates in the String */ public static X509Certificate[] readX509CertificatesFromPem(String pemEncodedCAs) { List<X509Certificate> certificates = new ArrayList<>(500); Matcher pemMatcher = CA_PEM_PATTERN.matcher(pemEncodedCAs); while (pemMatcher.find()) { String singleCAPem = pemMatcher.group(); X509Certificate certificate = readSingleX509Certificate(singleCAPem); certificates.add(certificate); } return certificates.toArray(new X509Certificate[0]); }
@Override public X509Certificate[] get() { try { // the file may contain UTF-8 characters, but the PEM-encoded certificate data itself must be US-ASCII String allCAs = ClasspathResourceUtil.classpathResourceToString(DEFAULT_TRUSTED_CA_RESOURCE, Charset.forName("UTF-8")); return readX509CertificatesFromPem(allCAs); } catch (UncheckedIOException e) { log.warn("Unable to load built-in trusted CAs; no built-in CAs will be trusted", e); return new X509Certificate[0]; } } });
/** * Returns a TrustSource containing only the builtin trusted CAs and does not include the JVM's trusted CAs. * See {@link TrustUtil#getBuiltinTrustedCAs()}. */ public static TrustSource builtinTrustSource() { return new TrustSource(TrustUtil.getBuiltinTrustedCAs()); }
/** * Returns a TrustSource containing the default CAs trusted by this JVM. See {@link TrustUtil#getJavaTrustedCAs()}. */ public static TrustSource javaTrustSource() { return new TrustSource(TrustUtil.getJavaTrustedCAs()); }
@Override public X509Certificate[] get() { X509TrustManager defaultTrustManager = getDefaultJavaTrustManager(); X509Certificate[] defaultJavaTrustedCerts = defaultTrustManager.getAcceptedIssuers(); if (defaultJavaTrustedCerts != null) { return defaultJavaTrustedCerts; } else { return EMPTY_CERTIFICATE_ARRAY; } } });
/** * Parses a String containing zero or more PEM-encoded X509 certificates into an array of {@link X509Certificate}. * Everything outside of BEGIN CERTIFICATE and END CERTIFICATE lines will be ignored. * * @param pemEncodedCAs a String containing PEM-encoded certficiates * @return array containing certificates in the String */ public static X509Certificate[] readX509CertificatesFromPem(String pemEncodedCAs) { List<X509Certificate> certificates = new ArrayList<>(500); Matcher pemMatcher = CA_PEM_PATTERN.matcher(pemEncodedCAs); while (pemMatcher.find()) { String singleCAPem = pemMatcher.group(); X509Certificate certificate = readSingleX509Certificate(singleCAPem); certificates.add(certificate); } return certificates.toArray(new X509Certificate[0]); }
/** * Returns a new TrustSource containing the same trusted CAs as this TrustSource, plus all trusted certificate * entries from the specified trustStore. This method will only add trusted certificate entries from the specified * KeyStore (i.e. entries of type {@link java.security.KeyStore.TrustedCertificateEntry}; private keys will be * ignored. The trustStore may be in JKS or PKCS12 format. * * @param trustStore keystore containing trusted certificate entries * @return a new TrustSource containing this TrustSource's trusted CAs plus trusted certificate entries from the keystore */ public TrustSource add(KeyStore trustStore) { if (trustStore == null) { throw new IllegalArgumentException("Trust store cannot be null"); } List<X509Certificate> trustedCertificates = TrustUtil.extractTrustedCertificateEntries(trustStore); return add(trustedCertificates.toArray(new X509Certificate[0])); }
@Override public X509Certificate[] get() { try { // the file may contain UTF-8 characters, but the PEM-encoded certificate data itself must be US-ASCII String allCAs = ClasspathResourceUtil.classpathResourceToString(DEFAULT_TRUSTED_CA_RESOURCE, StandardCharsets.UTF_8); return readX509CertificatesFromPem(allCAs); } catch (UncheckedIOException e) { log.warn("Unable to load built-in trusted CAs; no built-in CAs will be trusted", e); return new X509Certificate[0]; } } });
/** * Returns a TrustSource containing only the builtin trusted CAs and does not include the JVM's trusted CAs. * See {@link TrustUtil#getBuiltinTrustedCAs()}. */ public static TrustSource builtinTrustSource() { return new TrustSource(TrustUtil.getBuiltinTrustedCAs()); }
@Override public X509Certificate[] get() { X509TrustManager defaultTrustManager = getDefaultJavaTrustManager(); X509Certificate[] defaultJavaTrustedCerts = defaultTrustManager.getAcceptedIssuers(); if (defaultJavaTrustedCerts != null) { return defaultJavaTrustedCerts; } else { return EMPTY_CERTIFICATE_ARRAY; } } });
/** * Returns a new TrustSource containing the same trusted CAs as this TrustSource, plus all trusted certificate * entries from the specified trustStore. This method will only add trusted certificate entries from the specified * KeyStore (i.e. entries of type {@link KeyStore.TrustedCertificateEntry}; private keys will be * ignored. The trustStore may be in JKS or PKCS12 format. * * @param trustStore keystore containing trusted certificate entries * @return a new TrustSource containing this TrustSource's trusted CAs plus trusted certificate entries from the keystore */ public TrustSource add(KeyStore trustStore) { if (trustStore == null) { throw new IllegalArgumentException("Trust store cannot be null"); } List<X509Certificate> trustedCertificates = TrustUtil.extractTrustedCertificateEntries(trustStore); return add(trustedCertificates.toArray(new X509Certificate[0])); }
/** * Returns a new TrustSource containing the same trusted CAs as this TrustSource, plus zero or more CAs contained in * the PEM-encoded String. The String may contain multiple certificates and may contain comments or other non-PEM-encoded * text, as long as the PEM-encoded certificates are delimited by appropriate BEGIN_CERTIFICATE and END_CERTIFICATE * text blocks. * * @param trustedPemEncodedCAs String containing PEM-encoded certificates to trust * @return a new TrustSource containing this TrustSource's trusted CAs plus the CAs in the specified String */ public TrustSource add(String trustedPemEncodedCAs) { if (trustedPemEncodedCAs == null) { throw new IllegalArgumentException("PEM-encoded trusted CA String cannot be null"); } X509Certificate[] trustedCertificates = TrustUtil.readX509CertificatesFromPem(trustedPemEncodedCAs); return add(trustedCertificates); }