From b0ea218ccbd224aa754358361389d93b6d0fb789 Mon Sep 17 00:00:00 2001 From: Cristian Rosu Date: Sun, 20 Sep 2020 19:57:43 +0300 Subject: [PATCH 1/3] BAEL-4415 get a list of trusted certificates in Java --- .../certificates/CertificatesUnitTest.java | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 core-java-modules/core-java-security-2/src/test/java/certificates/CertificatesUnitTest.java diff --git a/core-java-modules/core-java-security-2/src/test/java/certificates/CertificatesUnitTest.java b/core-java-modules/core-java-security-2/src/test/java/certificates/CertificatesUnitTest.java new file mode 100644 index 0000000000..a631df086b --- /dev/null +++ b/core-java-modules/core-java-security-2/src/test/java/certificates/CertificatesUnitTest.java @@ -0,0 +1,94 @@ +package certificates; + +import org.junit.jupiter.api.Test; + +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.PKIXParameters; +import java.security.cert.TrustAnchor; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Enumeration; +import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +public class CertificatesUnitTest { + + private static final String GODADDY_CA_ALIAS = "godaddyrootg2ca [jdk]"; + + @Test + public void whenLoadingCacertsKeyStore_thenCertificatesArePresent() throws Exception { + KeyStore keyStore = loadKeyStore(); + PKIXParameters params = new PKIXParameters(keyStore); + + Set trustAnchors = params.getTrustAnchors(); + List certificates = trustAnchors.stream() + .map(TrustAnchor::getTrustedCert) + .collect(Collectors.toList()); + + assertFalse(certificates.isEmpty()); + } + + @Test + public void whenLoadingDefaultKeyStore_thenCertificatesArePresent() throws Exception { + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + trustManagerFactory.init((KeyStore)null); + + List trustManagers = Arrays.asList(trustManagerFactory.getTrustManagers()); + List certificates = trustManagers.stream() + .filter(X509TrustManager.class::isInstance) + .map(X509TrustManager.class::cast) + .map(trustManager -> Arrays.asList(trustManager.getAcceptedIssuers())) + .flatMap(Collection::stream) + .collect(Collectors.toList()); + + assertFalse(certificates.isEmpty()); + } + + @Test + public void whenLoadingKeyStore_thenGoDaddyCALabelIsPresent() throws Exception { + KeyStore keyStore = loadKeyStore(); + + Enumeration aliasEnumeration = keyStore.aliases(); + List aliases = Collections.list(aliasEnumeration); + + assertTrue(aliases.contains(GODADDY_CA_ALIAS)); + } + + @Test + public void whenLoadingKeyStore_thenGoDaddyCertificateIsPresent() throws Exception { + KeyStore keyStore = loadKeyStore(); + + Certificate goDaddyCertificate = keyStore.getCertificate(GODADDY_CA_ALIAS); + + assertNotNull(goDaddyCertificate); + } + + private KeyStore loadKeyStore() throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException { + String relativeCacertsPath = "/lib/security/cacerts".replace("/", File.separator); + String filename = System.getProperty("java.home") + relativeCacertsPath; + FileInputStream is = new FileInputStream(filename); + + KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); + String password = "changeit"; + keystore.load(is, password.toCharArray()); + + return keystore; + } +} From 1b999bb1a091e1b634fbdee4fc6c7cfd469bd33b Mon Sep 17 00:00:00 2001 From: Cristian Rosu Date: Wed, 23 Sep 2020 17:34:42 +0300 Subject: [PATCH 2/3] BAEL-4415 correct package name --- .../baeldung/trustedcert}/CertificatesUnitTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename core-java-modules/core-java-security-2/src/test/java/{certificates => com/baeldung/trustedcert}/CertificatesUnitTest.java (99%) diff --git a/core-java-modules/core-java-security-2/src/test/java/certificates/CertificatesUnitTest.java b/core-java-modules/core-java-security-2/src/test/java/com/baeldung/trustedcert/CertificatesUnitTest.java similarity index 99% rename from core-java-modules/core-java-security-2/src/test/java/certificates/CertificatesUnitTest.java rename to core-java-modules/core-java-security-2/src/test/java/com/baeldung/trustedcert/CertificatesUnitTest.java index a631df086b..d99589a2ec 100644 --- a/core-java-modules/core-java-security-2/src/test/java/certificates/CertificatesUnitTest.java +++ b/core-java-modules/core-java-security-2/src/test/java/com/baeldung/trustedcert/CertificatesUnitTest.java @@ -1,4 +1,4 @@ -package certificates; +package com.baeldung.trustedcert; import org.junit.jupiter.api.Test; From 01a6f6b05523ae8e8be41f393ae76be95c994639 Mon Sep 17 00:00:00 2001 From: Cristian Rosu Date: Wed, 23 Sep 2020 17:36:48 +0300 Subject: [PATCH 3/3] BAEL-4415 correct line continuations indent to 2 spaces --- .../baeldung/trustedcert/CertificatesUnitTest.java | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/core-java-modules/core-java-security-2/src/test/java/com/baeldung/trustedcert/CertificatesUnitTest.java b/core-java-modules/core-java-security-2/src/test/java/com/baeldung/trustedcert/CertificatesUnitTest.java index d99589a2ec..4f40c3c195 100644 --- a/core-java-modules/core-java-security-2/src/test/java/com/baeldung/trustedcert/CertificatesUnitTest.java +++ b/core-java-modules/core-java-security-2/src/test/java/com/baeldung/trustedcert/CertificatesUnitTest.java @@ -39,8 +39,8 @@ public class CertificatesUnitTest { Set trustAnchors = params.getTrustAnchors(); List certificates = trustAnchors.stream() - .map(TrustAnchor::getTrustedCert) - .collect(Collectors.toList()); + .map(TrustAnchor::getTrustedCert) + .collect(Collectors.toList()); assertFalse(certificates.isEmpty()); } @@ -52,11 +52,11 @@ public class CertificatesUnitTest { List trustManagers = Arrays.asList(trustManagerFactory.getTrustManagers()); List certificates = trustManagers.stream() - .filter(X509TrustManager.class::isInstance) - .map(X509TrustManager.class::cast) - .map(trustManager -> Arrays.asList(trustManager.getAcceptedIssuers())) - .flatMap(Collection::stream) - .collect(Collectors.toList()); + .filter(X509TrustManager.class::isInstance) + .map(X509TrustManager.class::cast) + .map(trustManager -> Arrays.asList(trustManager.getAcceptedIssuers())) + .flatMap(Collection::stream) + .collect(Collectors.toList()); assertFalse(certificates.isEmpty()); }