mirror of
https://github.com/signalapp/Signal-Server
synced 2026-04-20 12:08:05 +01:00
Allow the storage service client to trust the Signal CA root.
This commit is contained in:
committed by
Jon Chambers
parent
cdc6afefe2
commit
a1434524a4
@@ -0,0 +1,47 @@
|
||||
/*
|
||||
* Copyright 2020 Signal Messenger, LLC
|
||||
* SPDX-License-Identifier: AGPL-3.0-only
|
||||
*/
|
||||
|
||||
package org.whispersystems.textsecuregcm.util;
|
||||
|
||||
import org.bouncycastle.openssl.PEMReader;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStreamReader;
|
||||
import java.security.KeyStore;
|
||||
import java.security.KeyStoreException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
public class CertificateUtil {
|
||||
public static KeyStore buildKeyStoreForPem(final String caCertificatePem) throws CertificateException
|
||||
{
|
||||
try {
|
||||
X509Certificate certificate = getCertificate(caCertificatePem);
|
||||
|
||||
if (certificate == null) {
|
||||
throw new CertificateException("No certificate found in parsing!");
|
||||
}
|
||||
|
||||
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
||||
keyStore.load(null);
|
||||
keyStore.setCertificateEntry("ca", certificate);
|
||||
return keyStore;
|
||||
} catch (IOException | KeyStoreException ex) {
|
||||
throw new CertificateException(ex);
|
||||
} catch (NoSuchAlgorithmException ex) {
|
||||
throw new AssertionError(ex);
|
||||
}
|
||||
}
|
||||
|
||||
public static X509Certificate getCertificate(final String certificatePem) throws CertificateException {
|
||||
try (PEMReader reader = new PEMReader(new InputStreamReader(new ByteArrayInputStream(certificatePem.getBytes())))) {
|
||||
return (X509Certificate) reader.readObject();
|
||||
} catch (IOException e) {
|
||||
throw new CertificateException(e);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user