BAEL-4415 get a list of trusted certificates in Java

This commit is contained in:
Cristian Rosu 2020-09-20 19:57:43 +03:00
parent 26c7ec551d
commit 4503d5c3f7
1 changed files with 94 additions and 0 deletions

View File

@ -0,0 +1,94 @@
package certificates;
import org.junit.jupiter.api.Test;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
public class CertificatesUnitTest {
private static final String GODADDY_CA_ALIAS = "godaddyrootg2ca [jdk]";
@Test
public void whenLoadingCacertsKeyStore_thenCertificatesArePresent() throws Exception {
KeyStore keyStore = loadKeyStore();
PKIXParameters params = new PKIXParameters(keyStore);
Set<TrustAnchor> trustAnchors = params.getTrustAnchors();
List<Certificate> certificates = trustAnchors.stream()
.map(TrustAnchor::getTrustedCert)
.collect(Collectors.toList());
assertFalse(certificates.isEmpty());
}
@Test
public void whenLoadingDefaultKeyStore_thenCertificatesArePresent() throws Exception {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore)null);
List<TrustManager> trustManagers = Arrays.asList(trustManagerFactory.getTrustManagers());
List<X509Certificate> certificates = trustManagers.stream()
.filter(X509TrustManager.class::isInstance)
.map(X509TrustManager.class::cast)
.map(trustManager -> Arrays.asList(trustManager.getAcceptedIssuers()))
.flatMap(Collection::stream)
.collect(Collectors.toList());
assertFalse(certificates.isEmpty());
}
@Test
public void whenLoadingKeyStore_thenGoDaddyCALabelIsPresent() throws Exception {
KeyStore keyStore = loadKeyStore();
Enumeration<String> aliasEnumeration = keyStore.aliases();
List<String> aliases = Collections.list(aliasEnumeration);
assertTrue(aliases.contains(GODADDY_CA_ALIAS));
}
@Test
public void whenLoadingKeyStore_thenGoDaddyCertificateIsPresent() throws Exception {
KeyStore keyStore = loadKeyStore();
Certificate goDaddyCertificate = keyStore.getCertificate(GODADDY_CA_ALIAS);
assertNotNull(goDaddyCertificate);
}
private KeyStore loadKeyStore() throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
String relativeCacertsPath = "/lib/security/cacerts".replace("/", File.separator);
String filename = System.getProperty("java.home") + relativeCacertsPath;
FileInputStream is = new FileInputStream(filename);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
String password = "changeit";
keystore.load(is, password.toCharArray());
return keystore;
}
}