Skip to content

Instantly share code, notes, and snippets.

@laubstein

laubstein/TrustStoreProvider.java

Created August 4, 2021 13:39
Show Gist options
  • Save laubstein/68f3c2d5632ddbb95b001bab6437080f to your computer and use it in GitHub Desktop.
Save laubstein/68f3c2d5632ddbb95b001bab6437080f to your computer and use it in GitHub Desktop.
Download ZIP
[java] demoiselle-signer - TrustStore Provider
Raw
org.demoiselle.signer.core.ca.provider.ProviderCA
# src/main/resources/META-INF/services/org.demoiselle.signer.core.ca.provider.ProviderCA
br.gov.example.demoiselle.TrustStoreProvider
Raw
TrustStoreProvider.java
package br.gov.example.demoiselle;
import org.demoiselle.signer.core.ca.provider.ProviderCA;
import org.demoiselle.signer.core.util.MessagesBundle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
/**
* TrustStoreProvider retorna CA's disponíveis na truststore
*/
public class TrustStoreProvider implements ProviderCA {
private static final String JAVAX_NET_SSL_TRUST_STORE = "javax.net.ssl.trustStore";
private static final String JAVAX_NET_SSL_TRUST_STORE_PWD = "javax.net.ssl.trustStorePassword";
private static final String JKS = "JKS";
private static final Logger LOGGER = LoggerFactory.getLogger(TrustStoreProvider.class);
private static final String CN = "CN";
private static final String HOM = "hom";
private static final String ICP_BRASIL = "icp-brasil";
private static final String COMMA = ",";
private static MessagesBundle chainMessagesBundle = new MessagesBundle();
private static Collection<X509Certificate> trustStoreCAs = new ArrayList<>();
static {
LOGGER.info("Inicializando TrustStoreProvider");
KeyStore keyStore = null;
try {
String trustStorePath = System.getProperty(JAVAX_NET_SSL_TRUST_STORE);
String trustStorePassword = System.getProperty(JAVAX_NET_SSL_TRUST_STORE_PWD);
try (InputStream is = new FileInputStream(trustStorePath)) {
keyStore = KeyStore.getInstance(JKS);
keyStore.load(is, trustStorePassword.toCharArray());
}
} catch (KeyStoreException ex) {
LOGGER.error(chainMessagesBundle.getString("error.load.keystore"), ex);
} catch (NoSuchAlgorithmException ex) {
LOGGER.error(chainMessagesBundle.getString("error.no.algorithm"), ex);
} catch (CertificateException ex) {
LOGGER.error(chainMessagesBundle.getString("error.jks.certificate"), ex);
} catch (IOException ex) {
LOGGER.error(chainMessagesBundle.getString("error.io"), ex);
}
if (null != keyStore) {
try {
for (Enumeration<String> e = keyStore.aliases(); e.hasMoreElements(); ) {
String alias = e.nextElement();
X509Certificate root = (X509Certificate) keyStore.getCertificate(alias);
String certSubject = root.getSubjectX500Principal().getName();
boolean certificatesWhitelist = certSubject.contains(CN) && certSubject.contains(COMMA) && (
certSubject.toLowerCase().contains(HOM) || certSubject.toLowerCase().contains(ICP_BRASIL));
if (certificatesWhitelist) {
LOGGER.info(String.format("Adicionando %s", certSubject));
trustStoreCAs.add(root);
} else {
LOGGER.info(String.format("Ignorando %s", certSubject));
}
}
} catch (KeyStoreException ex) {
LOGGER.error(chainMessagesBundle.getString("error.load.keystore"), ex);
}
}
}
@Override
public Collection<X509Certificate> getCAs() {
return trustStoreCAs;
}
@Override
public String getName() {
return "TrustStore Provider";
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment