Skip to content

Instantly share code, notes, and snippets.

@sandipchitale

sandipchitale/DelegatingX509TrustManager.java

Last active December 13, 2022 08:31
Show Gist options
  • Save sandipchitale/6a35347022350f5789d1eb66915ccaff to your computer and use it in GitHub Desktop.
Save sandipchitale/6a35347022350f5789d1eb66915ccaff to your computer and use it in GitHub Desktop.
Download ZIP
Dlelegating X509TrustManager #X509TrustManager #JavaCryptoGraphy
Raw
DelegatingX509TrustManager.java
package com.example.composedtruststores;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
public class DelegatingX509TrustManager implements X509TrustManager {
private final X509TrustManager[] x509TrustManagers;
public DelegatingX509TrustManager(X509TrustManager... x509TrustManagers) {
this.x509TrustManagers = x509TrustManagers;
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
for (X509TrustManager x509TrustManager : x509TrustManagers) {
x509TrustManager.checkClientTrusted(chain, authType);
}
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
for (X509TrustManager x509TrustManager : x509TrustManagers) {
x509TrustManager.checkServerTrusted(chain, authType);
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
List<X509Certificate> x509CertificatesList = new LinkedList<>();
for (X509TrustManager x509TrustManager : x509TrustManagers) {
x509CertificatesList.addAll(Arrays.asList(x509TrustManager.getAcceptedIssuers()));
}
return x509CertificatesList.toArray(new X509Certificate[0]);
}
public SSLContext getSSLContext() throws NoSuchAlgorithmException, KeyManagementException {
return getSSLContext("TLS");
}
public SSLContext getSSLContext(String protocol) throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sslContext = SSLContext.getInstance(protocol);
sslContext.init(null, new TrustManager[] { this }, null);
return sslContext;
}
public static X509TrustManager getTrustManager(String trustStore, String trustStorePassword)
throws FileNotFoundException, KeyStoreException, IOException, NoSuchAlgorithmException,
CertificateException {
// Adapt to load your keystore
try (FileInputStream myKeys = new FileInputStream(trustStore)) {
KeyStore myTrustStore = KeyStore.getInstance("jks");
myTrustStore.load(myKeys, trustStorePassword.toCharArray());
return getTrustManagerFromKeyStore(myTrustStore);
}
}
public static X509TrustManager getDefaultTrustManager(KeyStore keyStore)
throws NoSuchAlgorithmException, KeyStoreException {
return getTrustManagerFromKeyStore(null);
}
private static X509TrustManager getTrustManagerFromKeyStore(KeyStore keyStore)
throws NoSuchAlgorithmException, KeyStoreException {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore); // If keyStore is null, tmf will be initialized with the default trust store
for (TrustManager tm : tmf.getTrustManagers()) {
if (tm instanceof X509TrustManager) {
return (X509TrustManager) tm;
}
}
return null;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment