diff options
author | 2019-01-30 15:58:36 +0100 | |
---|---|---|
committer | 2019-01-31 12:55:19 +0100 | |
commit | 1442bffa7b80665049d2347f7ba2a03ca6c2bd70 (patch) | |
tree | 3d767459c08d695cb8529d056a85b3bd48649c87 /services | |
parent | e55759f5f4c9d53108889256d3897c533077f1b8 (diff) |
Extract HV VES Client ssl-related classes
- Create common ssl module
- Extract ssl-related classes from HV VES Client module
- Mark org.onap.dcaegen2.services.sdk.rest.services.ssl.SslFactory
class as deprecated
Change-Id: I31ef784e8822981ba541fb3f525f003218cd5c88
Signed-off-by: Jakub Dudycz <jakub.dudycz@nokia.com>
Issue-ID: DCAEGEN2-1135
Diffstat (limited to 'services')
12 files changed, 9 insertions, 496 deletions
diff --git a/services/hv-ves-client/producer/api/pom.xml b/services/hv-ves-client/producer/api/pom.xml index 1804b162..882ac1cd 100644 --- a/services/hv-ves-client/producer/api/pom.xml +++ b/services/hv-ves-client/producer/api/pom.xml @@ -34,7 +34,6 @@ <version>1.1.1-SNAPSHOT</version> <name>High Volume VES Collector Client :: Producer :: API</name> - <description></description> <packaging>jar</packaging> <dependencies> @@ -45,6 +44,11 @@ <scope>compile</scope> </dependency> <dependency> + <groupId>org.onap.dcaegen2.services.sdk.security</groupId> + <artifactId>ssl</artifactId> + <version>1.1.1-SNAPSHOT</version> + </dependency> + <dependency> <groupId>org.reactivestreams</groupId> <artifactId>reactive-streams</artifactId> </dependency> diff --git a/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/Password.java b/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/Password.java deleted file mode 100644 index 79ae32a8..00000000 --- a/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/Password.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * ============LICENSE_START==================================== - * DCAEGEN2-SERVICES-SDK - * ========================================================= - * Copyright (C) 2019 Nokia. All rights reserved. - * ========================================================= - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END===================================== - */ - -package org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.options; - -import io.vavr.CheckedFunction1; -import io.vavr.Function1; -import io.vavr.control.Try; -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.util.Arrays; -import org.jetbrains.annotations.NotNull; - -/** - * Simple password representation. - * - * A password can be used only once. After it the corresponding memory is zeroed. - * - * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a> - * @since 1.1.1 - */ -public class Password { - - private char[] value; - - public Password(@NotNull char[] value) { - this.value = value; - } - - /** - * Consume the password. - * - * After consumption following uses of this method will return Failure(GeneralSecurityException). - * - * @param user of the password - */ - public <T> Try<T> use(Function1<char[], Try<T>> user) { - if (value == null) - return Try.failure(new GeneralSecurityException("Password had been already used so it is in cleared state")); - - try { - return user.apply(value); - } finally { - clear(); - } - } - - public <T> Try<T> useChecked(CheckedFunction1<char[], T> user) { - return use(CheckedFunction1.liftTry(user)); - } - - public void clear() { - Arrays.fill(value, (char) 0); - value = null; - } -} diff --git a/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/Passwords.java b/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/Passwords.java deleted file mode 100644 index cbadfea9..00000000 --- a/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/Passwords.java +++ /dev/null @@ -1,87 +0,0 @@ -/* - * ============LICENSE_START==================================== - * DCAEGEN2-SERVICES-SDK - * ========================================================= - * Copyright (C) 2019 Nokia. All rights reserved. - * ========================================================= - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END===================================== - */ - -package org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.options; - -import io.vavr.control.Try; -import java.io.File; -import java.nio.ByteBuffer; -import java.nio.CharBuffer; -import java.nio.charset.Charset; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.util.Arrays; -import org.jetbrains.annotations.NotNull; - -/** - * Utility functions for loading passwords. - * - * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a> - * @since 1.1.1 - */ -public final class Passwords { - - private Passwords() { - } - - public static @NotNull Try<Password> fromFile(File file) { - return fromPath(file.toPath()); - } - - public static @NotNull Try<Password> fromPath(Path path) { - return Try.of(() -> { - final byte[] bytes = Files.readAllBytes(path); - final CharBuffer password = decodeChars(bytes); - final char[] result = convertToCharArray(password); - return new Password(result); - }); - } - - public static @NotNull Try<Password> fromResource(String resource) { - return Try.of(() -> Paths.get(Passwords.class.getResource(resource).toURI())) - .flatMap(Passwords::fromPath); - } - - private static @NotNull CharBuffer decodeChars(byte[] bytes) { - try { - return Charset.defaultCharset().decode(ByteBuffer.wrap(bytes)); - } finally { - Arrays.fill(bytes, (byte) 0); - } - } - - private static char[] convertToCharArray(CharBuffer password) { - try { - final char[] result = new char[password.limit()]; - password.get(result); - return result; - } finally { - password.flip(); - clearBuffer(password); - } - } - - private static void clearBuffer(CharBuffer password) { - while (password.remaining() > 0) { - password.put((char) 0); - } - } -} diff --git a/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/ProducerOptions.java b/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/ProducerOptions.java index aead5253..921db52b 100644 --- a/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/ProducerOptions.java +++ b/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/ProducerOptions.java @@ -24,6 +24,7 @@ import java.net.InetSocketAddress; import org.immutables.value.Value; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; +import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys; /** * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a> @@ -43,7 +44,6 @@ public interface ProducerOptions { /** * Security keys definition used when connecting to the collector. - * * @return security keys definition or null when plain TCP sockets are to be used. * @since 1.1.1 diff --git a/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/SecurityKeys.java b/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/SecurityKeys.java deleted file mode 100644 index 66af32fa..00000000 --- a/services/hv-ves-client/producer/api/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/SecurityKeys.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * ============LICENSE_START==================================== - * DCAEGEN2-SERVICES-SDK - * ========================================================= - * Copyright (C) 2019 Nokia. All rights reserved. - * ========================================================= - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END===================================== - */ - -package org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.options; - -import java.nio.file.Path; -import org.immutables.value.Value; - -/** - * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a> - * @since 1.1.1 - */ -@Value.Immutable -public interface SecurityKeys { - Path keyStore(); - Password keyStorePassword(); - - Path trustStore(); - Password trustStorePassword(); -} diff --git a/services/hv-ves-client/producer/api/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/PasswordTest.java b/services/hv-ves-client/producer/api/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/PasswordTest.java deleted file mode 100644 index fbfeb5d5..00000000 --- a/services/hv-ves-client/producer/api/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/PasswordTest.java +++ /dev/null @@ -1,109 +0,0 @@ -/* - * ============LICENSE_START==================================== - * DCAEGEN2-SERVICES-SDK - * ========================================================= - * Copyright (C) 2019 Nokia. All rights reserved. - * ========================================================= - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END===================================== - */ - -package org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.options; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatExceptionOfType; - -import io.vavr.collection.Array; -import io.vavr.control.Try; -import java.security.GeneralSecurityException; -import java.util.Arrays; -import org.junit.jupiter.api.Test; - -/** - * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a> - */ -class PasswordTest { - - @Test - void use_shouldInvokeConsumerWithStoredPassword() { - // given - final String password = "hej ho"; - final Password cut = new Password(password.toCharArray()); - - // when - String result = cut.useChecked(String::new).get(); - - // then - assertThat(result).isEqualTo(password); - } - - @Test - void use_shouldClearPasswordAfterUse() { - // given - final char[] passwordChars = "hej ho".toCharArray(); - final Password cut = new Password(passwordChars); - - // when - useThePassword(cut); - - // then - assertAllCharsAreNull(passwordChars); - } - - @Test - void use_shouldFail_whenItWasAlreadyCalled() { - // given - final Password cut = new Password("ala ma kota".toCharArray()); - - // when & then - useThePassword(cut).get(); - - assertThatExceptionOfType(GeneralSecurityException.class).isThrownBy(() -> - useThePassword(cut).get()); - } - - @Test - void use_shouldFail_whenItWasCleared() { - // given - final Password cut = new Password("ala ma kota".toCharArray()); - - // when & then - cut.clear(); - - assertThatExceptionOfType(GeneralSecurityException.class).isThrownBy(() -> - useThePassword(cut).get()); - } - - @Test - void clear_shouldClearThePassword() { - // given - final char[] passwordChars = "hej ho".toCharArray(); - final Password cut = new Password(passwordChars); - - // when - cut.clear(); - - // then - assertAllCharsAreNull(passwordChars); - } - - private Try<Object> useThePassword(Password cut) { - return cut.use((pass) -> Try.success(42)); - } - - private void assertAllCharsAreNull(char[] passwordChars) { - assertThat(Array.ofAll(passwordChars).forAll(ch -> ch == '\0')) - .describedAs("all characters in " + Arrays.toString(passwordChars) + " should be == '\\0'") - .isTrue(); - } -}
\ No newline at end of file diff --git a/services/hv-ves-client/producer/api/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/PasswordsTest.java b/services/hv-ves-client/producer/api/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/PasswordsTest.java deleted file mode 100644 index 9f91afb7..00000000 --- a/services/hv-ves-client/producer/api/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/api/options/PasswordsTest.java +++ /dev/null @@ -1,100 +0,0 @@ -/* - * ============LICENSE_START==================================== - * DCAEGEN2-SERVICES-SDK - * ========================================================= - * Copyright (C) 2019 Nokia. All rights reserved. - * ========================================================= - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END===================================== - */ - -package org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.options; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Fail.fail; - -import io.vavr.control.Try; -import java.io.File; -import java.net.URISyntaxException; -import java.nio.file.NoSuchFileException; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.util.UUID; -import org.junit.jupiter.api.Test; - -/** - * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a> - * @since January 2019 - */ -class PasswordsTest { - - @Test - void fromFile() { - // given - final File file = new File("./src/test/resources/password.txt"); - - // when - final Try<Password> result = Passwords.fromFile(file); - - // then - assertSuccessful(result); - assertThat(extractPassword(result)).isEqualTo("ja baczewski\n2nd line"); - } - - @Test - void fromPath() throws URISyntaxException { - // given - final Path path = Paths.get(PasswordsTest.class.getResource("/password.txt").toURI()); - - // when - final Try<Password> result = Passwords.fromPath(path); - - // then - assertSuccessful(result); - assertThat(extractPassword(result)).isEqualTo("ja baczewski\n2nd line"); - } - - @Test - void fromPath_shouldFail_whenNotFound() { - // given - final Path path = Paths.get("/", UUID.randomUUID().toString()); - - // when - final Try<Password> result = Passwords.fromPath(path); - - // then - assertThat(result.isFailure()).describedAs("Try.failure?").isTrue(); - assertThat(result.getCause()).isInstanceOf(NoSuchFileException.class); - } - - @Test - void fromResource() { - // given - final String resource = "/password.txt"; - - // when - final Try<Password> result = Passwords.fromResource(resource); - - // then - assertSuccessful(result); - assertThat(extractPassword(result)).isEqualTo("ja baczewski\n2nd line"); - } - - private void assertSuccessful(Try<Password> result) { - assertThat(result.isSuccess()).describedAs("Try.success?").isTrue(); - } - - private String extractPassword(Try<Password> result) { - return result.flatMap(pass -> pass.useChecked(String::new)).get(); - } -}
\ No newline at end of file diff --git a/services/hv-ves-client/producer/api/src/test/resources/password.txt b/services/hv-ves-client/producer/api/src/test/resources/password.txt deleted file mode 100644 index 93e4a005..00000000 --- a/services/hv-ves-client/producer/api/src/test/resources/password.txt +++ /dev/null @@ -1,2 +0,0 @@ -ja baczewski -2nd line
\ No newline at end of file diff --git a/services/hv-ves-client/producer/ct/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/ct/SystemUnderTestWrapper.java b/services/hv-ves-client/producer/ct/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/ct/SystemUnderTestWrapper.java index 2cc2c0b2..ddc87bc4 100644 --- a/services/hv-ves-client/producer/ct/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/ct/SystemUnderTestWrapper.java +++ b/services/hv-ves-client/producer/ct/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/ct/SystemUnderTestWrapper.java @@ -26,12 +26,12 @@ import java.net.InetSocketAddress; import java.nio.file.Path; import java.nio.file.Paths; import java.time.Duration; +import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeys; +import org.onap.dcaegen2.services.sdk.security.ssl.Passwords; import org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.HvVesProducer; import org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.HvVesProducerFactory; import org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.options.ImmutableProducerOptions; import org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.options.ImmutableProducerOptions.Builder; -import org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.options.ImmutableSecurityKeys; -import org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.options.Passwords; import org.onap.ves.VesEventOuterClass.VesEvent; import reactor.core.publisher.Flux; diff --git a/services/hv-ves-client/producer/impl/pom.xml b/services/hv-ves-client/producer/impl/pom.xml index b099b316..38b23603 100644 --- a/services/hv-ves-client/producer/impl/pom.xml +++ b/services/hv-ves-client/producer/impl/pom.xml @@ -34,7 +34,6 @@ <version>1.1.1-SNAPSHOT</version> <name>High Volume VES Collector Client :: Producer :: Implementation</name> - <description></description> <packaging>jar</packaging> <dependencies> diff --git a/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java b/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java index cf656adf..ab10088b 100644 --- a/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java +++ b/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java @@ -21,6 +21,7 @@ package org.onap.dcaegen2.services.sdk.services.hvves.client.producer.impl; import io.netty.handler.ssl.SslContext; import org.jetbrains.annotations.NotNull; +import org.onap.dcaegen2.services.sdk.security.ssl.SslFactory; import org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.HvVesProducer; import org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.HvVesProducerFactory; import org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.options.ProducerOptions; diff --git a/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/SslFactory.java b/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/SslFactory.java deleted file mode 100644 index 4661f595..00000000 --- a/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/SslFactory.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * ============LICENSE_START==================================== - * DCAEGEN2-SERVICES-SDK - * ========================================================= - * Copyright (C) 2019 Nokia. All rights reserved. - * ========================================================= - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END===================================== - */ - -package org.onap.dcaegen2.services.sdk.services.hvves.client.producer.impl; - -import io.netty.handler.ssl.SslContext; -import io.netty.handler.ssl.SslContextBuilder; -import io.vavr.Tuple; -import io.vavr.control.Try; -import java.io.IOException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.StandardOpenOption; -import java.security.GeneralSecurityException; -import java.security.KeyStore; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.TrustManagerFactory; -import org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.options.Password; -import org.onap.dcaegen2.services.sdk.services.hvves.client.producer.api.options.SecurityKeys; - -/* - * TODO: To be merged with org.onap.dcaegen2.services.sdk.rest.services.ssl.SslFactory - */ -public class SslFactory { - - /** - * Function for creating secure ssl context. - * - * @param keys - Security keys to be used - * @return configured SSL context - */ - public Try<SslContext> createSecureContext(final SecurityKeys keys) { - final Try<KeyManagerFactory> keyManagerFactory = - keyManagerFactory(keys.keyStore(), keys.keyStorePassword()); - final Try<TrustManagerFactory> trustManagerFactory = - trustManagerFactory(keys.trustStore(), keys.trustStorePassword()); - - return Try.success(SslContextBuilder.forClient()) - .flatMap(ctx -> keyManagerFactory.map(ctx::keyManager)) - .flatMap(ctx -> trustManagerFactory.map(ctx::trustManager)) - .mapTry(SslContextBuilder::build); - } - - private Try<KeyManagerFactory> keyManagerFactory(Path path, Password password) { - return password.useChecked(passwordChars -> { - KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - kmf.init(loadKeyStoreFromFile(path, passwordChars), passwordChars); - return kmf; - }); - } - - private Try<TrustManagerFactory> trustManagerFactory(Path path, Password password) { - return password.useChecked(passwordChars -> { - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(loadKeyStoreFromFile(path, passwordChars)); - return tmf; - }); - } - - private KeyStore loadKeyStoreFromFile(Path path, char[] keyStorePassword) - throws GeneralSecurityException, IOException { - KeyStore ks = KeyStore.getInstance("pkcs12"); - ks.load(Files.newInputStream(path, StandardOpenOption.READ), keyStorePassword); - return ks; - } -}
\ No newline at end of file |