Signal/Signal-Server
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Server synced 2026-04-19 20:18:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow HTTP clients to trust multiple certificates to support certificate rollover

Browse Source
This commit is contained in:
Jon Chambers
2022-10-17 14:47:39 -04:00
committed by Jon Chambers
parent a41d047f58
commit 0120a85c39
9 changed files with 154 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
service/src/main/java/org/whispersystems/textsecuregcm/util/CertificateUtil.java
View File

@@ -15,33 +15,37 @@ import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
public class CertificateUtil {
public static KeyStore buildKeyStoreForPem(final String caCertificatePem) throws CertificateException
{
try {
X509Certificate certificate = getCertificate(caCertificatePem);
if (certificate == null) {
throw new CertificateException("No certificate found in parsing!");
}
public static KeyStore buildKeyStoreForPem(final String... caCertificatePems) throws CertificateException {
try {
final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
keyStore.setCertificateEntry("ca", certificate);
return keyStore;
} catch (IOException | KeyStoreException ex) {
throw new CertificateException(ex);
} catch (NoSuchAlgorithmException ex) {
throw new AssertionError(ex);
for (int i = 0; i < caCertificatePems.length; i++) {
final X509Certificate certificate = getCertificate(caCertificatePems[i]);
if (certificate == null) {
throw new CertificateException("No certificate found in parsing!");
}
}
public static X509Certificate getCertificate(final String certificatePem) throws CertificateException {
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
keyStore.setCertificateEntry("ca-" + i, certificate);
}
try (final ByteArrayInputStream pemInputStream = new ByteArrayInputStream(certificatePem.getBytes())) {
return (X509Certificate) certificateFactory.generateCertificate(pemInputStream);
} catch (IOException e) {
throw new CertificateException(e);
}
return keyStore;
} catch (IOException | KeyStoreException ex) {
throw new CertificateException(ex);
} catch (NoSuchAlgorithmException ex) {
throw new AssertionError(ex);
}
}
public static X509Certificate getCertificate(final String certificatePem) throws CertificateException {
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
try (final ByteArrayInputStream pemInputStream = new ByteArrayInputStream(certificatePem.getBytes())) {
return (X509Certificate) certificateFactory.generateCertificate(pemInputStream);
} catch (IOException e) {
throw new CertificateException(e);
}
}
}