Support for adding certificate in a nested trustManager of CompositeX…

…509ExtendedTrustManager

sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/TrustManagerUtils.java

@@ -276,10 +276,27 @@ public static void addCertificate(X509ExtendedTrustManager trustManager, List<X5
             return;
         }
 
-        if (trustManager instanceof HotSwappableX509ExtendedTrustManager
-                && ((HotSwappableX509ExtendedTrustManager) trustManager).getInnerTrustManager() instanceof InflatableX509ExtendedTrustManager) {
-            ((InflatableX509ExtendedTrustManager) ((HotSwappableX509ExtendedTrustManager) trustManager)
-                    .getInnerTrustManager()).addCertificates(certificates);
+        if (trustManager instanceof HotSwappableX509ExtendedTrustManager) {
+            if (((HotSwappableX509ExtendedTrustManager) trustManager).getInnerTrustManager() instanceof InflatableX509ExtendedTrustManager) {
+                ((InflatableX509ExtendedTrustManager) ((HotSwappableX509ExtendedTrustManager) trustManager)
+                        .getInnerTrustManager()).addCertificates(certificates);
+                return;
+            }
+
+            if (((HotSwappableX509ExtendedTrustManager) trustManager).getInnerTrustManager() instanceof CompositeX509ExtendedTrustManager) {
+                List<X509ExtendedTrustManager> innerTrustManagers = ((CompositeX509ExtendedTrustManager) ((HotSwappableX509ExtendedTrustManager) trustManager)
+                        .getInnerTrustManager()).getInnerTrustManagers();
+
+                Optional<InflatableX509ExtendedTrustManager> inflatableX509ExtendedTrustManager = innerTrustManagers.stream()
+                        .filter(InflatableX509ExtendedTrustManager.class::isInstance)
+                        .map(InflatableX509ExtendedTrustManager.class::cast)
+                        .findFirst();
+
+                if (inflatableX509ExtendedTrustManager.isPresent()) {
+                    inflatableX509ExtendedTrustManager.get().addCertificates(certificates);
+                    return;
+                }
+            }
             return;
         }
 

sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/TrustManagerUtilsShould.java

@@ -671,6 +671,22 @@ void addCertificateToInflatableX509ExtendedTrustManagerEvenThoughItIsWrappedInAH
         verify(inflatableX509ExtendedTrustManager, times(1)).addCertificates(certificates);
     }
 
+    @Test
+    void addCertificateToInflatableX509ExtendedTrustManagerEvenThoughItIsWrappedInAHotSwappableX509ExtendedTrustManagerWhichIsWrappedIntoACompositeX509ExtendedTrustManager() {
+        X509Certificate certificate = mock(X509Certificate.class);
+        List<X509Certificate> certificates = Collections.singletonList(certificate);
+
+        InflatableX509ExtendedTrustManager inflatableX509ExtendedTrustManager = mock(InflatableX509ExtendedTrustManager.class);
+        X509ExtendedTrustManager jdkTrustManager = TrustManagerUtils.createTrustManagerWithJdkTrustedCertificates();
+        X509ExtendedTrustManager combinedTrustManager = TrustManagerUtils.combine(inflatableX509ExtendedTrustManager, jdkTrustManager);
+        HotSwappableX509ExtendedTrustManager hotSwappableX509ExtendedTrustManager = (HotSwappableX509ExtendedTrustManager) TrustManagerUtils.createSwappableTrustManager(combinedTrustManager);
+//        when(hotSwappableX509ExtendedTrustManager.getInnerTrustManager()).thenReturn(combinedTrustManager);
+
+        TrustManagerUtils.addCertificate(hotSwappableX509ExtendedTrustManager, certificates);
+
+        verify(inflatableX509ExtendedTrustManager, times(1)).addCertificates(certificates);
+    }
+
     @Test
     void addCertificateToInflatableX509ExtendedTrustManagerEvenThoughItIsWrappedInACompositeX509ExtendedTrustManager() {
         X509Certificate certificate = mock(X509Certificate.class);