1 /* 2 * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.io.File; 25 import java.io.FileInputStream; 26 import java.security.KeyStore; 27 import java.security.Security; 28 import java.util.Arrays; 29 import java.util.Collections; 30 import java.util.List; 31 import java.util.stream.Collectors; 32 33 /** 34 * Common library for various security test helper functions. 35 */ 36 public final class SecurityUtils { 37 getCacerts()38 private static String getCacerts() { 39 String sep = File.separator; 40 return System.getProperty("java.home") + sep 41 + "lib" + sep + "security" + sep + "cacerts"; 42 } 43 44 /** 45 * Returns the cacerts keystore with the configured CA certificates. 46 */ getCacertsKeyStore()47 public static KeyStore getCacertsKeyStore() throws Exception { 48 File file = new File(getCacerts()); 49 if (!file.exists()) { 50 return null; 51 } 52 53 KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 54 try (FileInputStream fis = new FileInputStream(file)) { 55 ks.load(fis, null); 56 } 57 return ks; 58 } 59 60 /** 61 * Removes the specified protocols from the jdk.tls.disabledAlgorithms 62 * security property. 63 */ removeFromDisabledTlsAlgs(String... protocols)64 public static void removeFromDisabledTlsAlgs(String... protocols) { 65 List<String> protocolsList = Arrays.asList(protocols); 66 protocolsList = Collections.unmodifiableList(protocolsList); 67 removeFromDisabledAlgs("jdk.tls.disabledAlgorithms", 68 protocolsList); 69 } 70 removeFromDisabledAlgs(String prop, List<String> algs)71 private static void removeFromDisabledAlgs(String prop, List<String> algs) { 72 String value = Security.getProperty(prop); 73 value = Arrays.stream(value.split(",")) 74 .map(s -> s.trim()) 75 .filter(s -> !algs.contains(s)) 76 .collect(Collectors.joining(",")); 77 Security.setProperty(prop, value); 78 } 79 SecurityUtils()80 private SecurityUtils() {} 81 } 82