From a6359cee47156196c46fac78f7ba758453ef4cc4 Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Fri, 12 Jan 2024 16:54:23 +0100 Subject: [PATCH] Support for adding certificate in a nested trustManager of CompositeX509ExtendedTrustManager --- .../altindag/ssl/util/TrustManagerUtils.java | 25 ++++++++++++++++--- .../ssl/util/TrustManagerUtilsShould.java | 16 ++++++++++++ 2 files changed, 37 insertions(+), 4 deletions(-) diff --git a/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/TrustManagerUtils.java b/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/TrustManagerUtils.java index 728c5556..871d5e50 100644 --- a/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/TrustManagerUtils.java +++ b/sslcontext-kickstart/src/main/java/nl/altindag/ssl/util/TrustManagerUtils.java @@ -276,10 +276,27 @@ public static void addCertificate(X509ExtendedTrustManager trustManager, List innerTrustManagers = ((CompositeX509ExtendedTrustManager) ((HotSwappableX509ExtendedTrustManager) trustManager) + .getInnerTrustManager()).getInnerTrustManagers(); + + Optional inflatableX509ExtendedTrustManager = innerTrustManagers.stream() + .filter(InflatableX509ExtendedTrustManager.class::isInstance) + .map(InflatableX509ExtendedTrustManager.class::cast) + .findFirst(); + + if (inflatableX509ExtendedTrustManager.isPresent()) { + inflatableX509ExtendedTrustManager.get().addCertificates(certificates); + return; + } + } return; } diff --git a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/TrustManagerUtilsShould.java b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/TrustManagerUtilsShould.java index cd6219c2..816e9e02 100644 --- a/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/TrustManagerUtilsShould.java +++ b/sslcontext-kickstart/src/test/java/nl/altindag/ssl/util/TrustManagerUtilsShould.java @@ -671,6 +671,22 @@ void addCertificateToInflatableX509ExtendedTrustManagerEvenThoughItIsWrappedInAH verify(inflatableX509ExtendedTrustManager, times(1)).addCertificates(certificates); } + @Test + void addCertificateToInflatableX509ExtendedTrustManagerEvenThoughItIsWrappedInAHotSwappableX509ExtendedTrustManagerWhichIsWrappedIntoACompositeX509ExtendedTrustManager() { + X509Certificate certificate = mock(X509Certificate.class); + List certificates = Collections.singletonList(certificate); + + InflatableX509ExtendedTrustManager inflatableX509ExtendedTrustManager = mock(InflatableX509ExtendedTrustManager.class); + X509ExtendedTrustManager jdkTrustManager = TrustManagerUtils.createTrustManagerWithJdkTrustedCertificates(); + X509ExtendedTrustManager combinedTrustManager = TrustManagerUtils.combine(inflatableX509ExtendedTrustManager, jdkTrustManager); + HotSwappableX509ExtendedTrustManager hotSwappableX509ExtendedTrustManager = (HotSwappableX509ExtendedTrustManager) TrustManagerUtils.createSwappableTrustManager(combinedTrustManager); +// when(hotSwappableX509ExtendedTrustManager.getInnerTrustManager()).thenReturn(combinedTrustManager); + + TrustManagerUtils.addCertificate(hotSwappableX509ExtendedTrustManager, certificates); + + verify(inflatableX509ExtendedTrustManager, times(1)).addCertificates(certificates); + } + @Test void addCertificateToInflatableX509ExtendedTrustManagerEvenThoughItIsWrappedInACompositeX509ExtendedTrustManager() { X509Certificate certificate = mock(X509Certificate.class);