7 months ago · 8f4fdbe57d
--- a/src/main/java/com/redhat/training/Activator.java
+++ b/src/main/java/com/redhat/training/Activator.java
@@ -2,14 +2,18 @@ package com.redhat.training;
 
															 import java.io.BufferedReader;
														
 
															 import java.io.File;
														
 
															+import java.io.FileInputStream;
														
 
															 import java.io.FileReader;
														
 
															 import java.io.IOException;
														
 
															 import java.net.URI;
														
 
															 import java.net.URISyntaxException;
														
 
															 import java.security.KeyManagementException;
														
 
															+import java.security.KeyStore;
														
 
															 import java.security.KeyStoreException;
														
 
															 import java.security.NoSuchAlgorithmException;
														
 
															 import java.security.cert.CertificateException;
														
 
															+import java.security.cert.CertificateFactory;
														
 
															+import java.security.cert.X509Certificate;
														
 
															 import java.util.Optional;
														
 
															 import javax.net.ssl.SSLContext;
														
@@ -73,6 +77,7 @@ public class Activator {
 
															         // Check for TLS CA cert.
														
 
															         SSLContext sc = null;
														
 
															         if (apiserver.get().startsWith("https://")) {
														
 
															+            // API URL is HTTPS (as it should be)
														
 
															             File tlscaFile;
														
 
															             if (tlsca.isPresent() && !tlsca.get().isEmpty()) {
														
 
															                 LOG.debug("Got TLS CA cert file from environment, checking.");
														
@@ -84,9 +89,18 @@ public class Activator {
 
															             if (!tlscaFile.exists()) {
														
 
															                 throw new RuntimeException("TLS CA cert file set, but does not exist.");
														
 
															             }
														
 
															+            // Try to build an SSLContext by using a PEM file.
														
 
															             LOG.info("Attempting to build SSLContext with " + tlscaFile.getAbsolutePath());
														
 
															             try {
														
 
															-                SSLContextBuilder scb = SSLContexts.custom().loadTrustMaterial(tlscaFile);
														
 
															+                KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
														
 
															+                ks.load(null);
														
 
															+
														
 
															+                X509Certificate crt = (X509Certificate)CertificateFactory.getInstance("X509")
														
 
															+                                                                         .generateCertificate(new FileInputStream(tlscaFile));
														
 
															+
														
 
															+                ks.setCertificateEntry(crt.getSubjectX500Principal().getName(), crt);
														
 
															+
														
 
															+                SSLContextBuilder scb = SSLContexts.custom().loadTrustMaterial(ks, (a, b) -> {return true;});
														
 
															                 sc = scb.build();
														
 
															             } catch (NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException | KeyManagementException e) {
														
 
															                 throw new RuntimeException("Could not load TLS CA: " + e.getMessage(), e);