Accueil Explorer Aide
Connexion
openshift
/
api-client-jobs
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

load pem files "properly", hopefully

Grega Bremec il y a 7 mois
Parent
a228cfd3f4
commit
8f4fdbe57d
1 fichiers modifiés avec 15 ajouts et 1 suppressions
Vue séparée Afficher les stats Diff
  1. 15 1
      src/main/java/com/redhat/training/Activator.java

+ 15 - 1
src/main/java/com/redhat/training/Activator.java
Voir le fichier 

@@ -2,14 +2,18 @@ package com.redhat.training;
 
 
 import java.io.BufferedReader;
 
 import java.io.File;
 
+import java.io.FileInputStream;
 
 import java.io.FileReader;
 
 import java.io.IOException;
 
 import java.net.URI;
 
 import java.net.URISyntaxException;
 
 import java.security.KeyManagementException;
 
+import java.security.KeyStore;
 
 import java.security.KeyStoreException;
 
 import java.security.NoSuchAlgorithmException;
 
 import java.security.cert.CertificateException;
 
+import java.security.cert.CertificateFactory;
 
+import java.security.cert.X509Certificate;
 
 import java.util.Optional;
 
 
 import javax.net.ssl.SSLContext;
 
@@ -73,6 +77,7 @@ public class Activator {
 
         // Check for TLS CA cert.
 
         SSLContext sc = null;
 
         if (apiserver.get().startsWith("https://")) {
 
+            // API URL is HTTPS (as it should be)
 
             File tlscaFile;
 
             if (tlsca.isPresent() && !tlsca.get().isEmpty()) {
 
                 LOG.debug("Got TLS CA cert file from environment, checking.");
 
@@ -84,9 +89,18 @@ public class Activator {
 
             if (!tlscaFile.exists()) {
 
                 throw new RuntimeException("TLS CA cert file set, but does not exist.");
 
             }
 
+            // Try to build an SSLContext by using a PEM file.
 
             LOG.info("Attempting to build SSLContext with " + tlscaFile.getAbsolutePath());
 
             try {
 
-                SSLContextBuilder scb = SSLContexts.custom().loadTrustMaterial(tlscaFile);
 
+                KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
 
+                ks.load(null);
 
+
 
+                X509Certificate crt = (X509Certificate)CertificateFactory.getInstance("X509")
 
+                                                                         .generateCertificate(new FileInputStream(tlscaFile));
 
+
 
+                ks.setCertificateEntry(crt.getSubjectX500Principal().getName(), crt);
 
+
 
+                SSLContextBuilder scb = SSLContexts.custom().loadTrustMaterial(ks, (a, b) -> {return true;});
 
                 sc = scb.build();
 
             } catch (NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException | KeyManagementException e) {
 
                 throw new RuntimeException("Could not load TLS CA: " + e.getMessage(), e);