java source code of ProxyClientUtil

secrets-proxy-master
- .github
  - PULL_REQUEST_TEMPLATE.md
  - CONTRIBUTING.md
  - ISSUE_TEMPLATE.md
- src
  - main
    - resources
      - application.yaml
      - keystores
        keywhiz_keystore.p12
        keywhiz_proxy_keystore.p12
        keywhiz_truststore.p12
        ldap_truststore.p12
      - META-INF
        additional-spring-configuration-metadata.json
      - logback-spring.xml
      - logback-access.xml
      - banner.txt
      - static
        favicon.ico
    - java
      - com
        oneops
        proxy
        security
        CliVersionFilter.java
        KeywhizKeyStore.java
        RestAuthEntryPoint.java
        JwtTokenService.java
        GlobalSecurityConfig.java
        annotations
        AuthorizeGroup.java
        AuthzRestController.java
        CurrentUser.java
        WebSecurityConfig.java
        endpoint
        KeywhizHealthIndicator.java
        KeywhizEndPoint.java
        ListEndPoints.java
        utils
        SecretsConstants.java
        ldap
        LdapClient.java
        gateway
        ProxyServlet.java
        authz
        UserDataSources.java
        AuthDomain.java
        OneOpsTeam.java
        Authz.java
        UserRepository.java
        web
        GroupController.java
        ErrorControllerAdvice.java
        support
        AppGroupArgResolver.java
        AppSecretArgResolver.java
        CliController.java
        ErrorController.java
        RootController.java
        AuthController.java
        audit
        Event.java
        AuditLogger.java
        AuditLog.java
        EventTag.java
        config
        OneOpsConfig.java
        AccessLogFilter.java
        EmbeddedServerConfig.java
        ApplicationConfig.java
        WebConfig.java
        Constants.java
        CacheConfig.java
        MgmtConfig.java
        PropertyVerifier.java
        ClientsAuthConfig.java
        service
        SecretService.java
        exception
        ExitException.java
        clients
        proxy
        MSProxyClient.java
        TektonProxy.java
        TektonProxyClient.java
        MSProxy.java
        ProxyClientUtil.java
        auth
        Client.java
        ClientSelector.java
        OneopsClient.java
        TektonClient.java
        MSClient.java
        model
        DateAdapter.java
        Result.java
        ErrorRes.java
        keywhiz
        KeywhizClient.java
        KeywhizException.java
        http
        HttpClient.java
        XsrfTokenInterceptor.java
        CookieCutter.java
        HttpStatus.java
        model
        AutomationSecretResponse.java
        Client.java
        AutomationClient.java
        Secret.java
        PartialUpdateSecretRequestV2.java
        SecretDetailResponse.java
        v2
        CreateClientRequestV2.java
        SecretDetailResponseV2.java
        PartialUpdateSecretRequestV2.java
        ModifyClientRequestV2.java
        SecretContentsResponseV2.java
        CreateGroupRequestV2.java
        GroupDetailResponseV2.java
        SetSecretVersionRequestV2.java
        ClientDetailResponseV2.java
        CreateOrUpdateSecretRequestV2.java
        CreateSecretRequestV2.java
        ModifyGroupsRequestV2.java
        SecretContentsRequestV2.java
        SecretSeries.java
        SanitizedSecret.java
        SecretSeriesAndContent.java
        SecretContent.java
        CreateSecretRequest.java
        LoginRequest.java
        ApiDate.java
        SecretsResponse.java
        SanitizedSecretWithGroups.java
        CreateGroupRequest.java
        CreateClientRequest.java
        GroupDetailResponse.java
        Group.java
        ClientDetailResponse.java
        SecretDeliveryResponse.java
        KeywhizAutomationClient.java
        swagger
        SwaggerConfig.java
        auth
        user
        LdapUserService.java
        OneOpsUser.java
        LdapUserDetailsService.java
        token
        TokenAuthProcessingFilter.java
        TokenAuthProvider.java
        SkipPathRequestMatcher.java
        JwtAuthToken.java
        login
        LoginAuthToken.java
        LoginAuthProvider.java
        LoginFailureHandler.java
        LoginProcessingFilter.java
        LoginSuccessHandler.java
        model
        ms
        MSClientAuthResponse.java
        MSClientAuthRequest.java
        ErrorResponse.java
        RootResponse.java
        AppSecret.java
        AppGroup.java
        LoginResponse.java
        UserResponse.java
        SecretContent.java
        LoginRequest.java
        SecretRequest.java
        SecretVersionRequest.java
        metrics
        ThrowingSupplier.java
        MetricsUtilService.java
        Application.java
  - test
    - java
      - com
        oneops
        proxy
        ApplicationTests.java
        model
        AppSecretTest.java
  - generated
    - java
      - com
        oneops
        user
        Keys.java
        tables
        CiProxiesTeams.java
        MiscDocs.java
        Teams.java
        UserWatches.java
        Invitations.java
        TeamsUsers.java
        Authentications.java
        GroupsTeams.java
        UserFavorites.java
        Organizations.java
        SchemaMigrations.java
        Users.java
        Groups.java
        GroupMembers.java
        records
        UserFavoritesRecord.java
        OrganizationsRecord.java
        UserWatchesRecord.java
        TeamsRecord.java
        CiProxiesRecord.java
        SchemaMigrationsRecord.java
        AuthenticationsRecord.java
        GroupMembersRecord.java
        MiscDocsRecord.java
        GroupsRecord.java
        TeamsUsersRecord.java
        InvitationsRecord.java
        CiProxiesTeamsRecord.java
        GroupsTeamsRecord.java
        UsersRecord.java
        CiProxies.java
        Public.java
        Sequences.java
        Tables.java
        DefaultCatalog.java
- pom.xml
- mvnw
- .looper.yml
- LICENSE
- CHANGELOG.md
- .mvn
  - wrapper
    - maven-wrapper.jar
    - MavenWrapperDownloader.java
    - maven-wrapper.properties
- README.md
- Dockerfile
- .gitignore
- docs
  - images
    - keywhiz-proxy-arch.xml
    - keywhiz-proxy-arch.svg
  - javadocs
    - package-list
    - script.js
    - overview-summary.html
    - overview-frame.html
    - overview-tree.html
    - serialized-form.html
    - help-doc.html
    - constant-values.html
    - deprecated-list.html
    - allclasses-frame.html
    - allclasses-noframe.html
    - com
      - oneops
        user
        package-frame.html
        Keys.html
        class-use
        Keys.html
        DefaultCatalog.html
        Tables.html
        Sequences.html
        Public.html
        package-tree.html
        DefaultCatalog.html
        tables
        package-frame.html
        CiProxiesTeams.html
        CiProxies.html
        Authentications.html
        MiscDocs.html
        class-use
        CiProxiesTeams.html
        CiProxies.html
        Authentications.html
        MiscDocs.html
        Teams.html
        Organizations.html
        GroupMembers.html
        Users.html
        Groups.html
        UserFavorites.html
        GroupsTeams.html
        UserWatches.html
        Invitations.html
        TeamsUsers.html
        SchemaMigrations.html
        package-tree.html
        Organizations.html
        GroupMembers.html
        Groups.html
        UserFavorites.html
        GroupsTeams.html
        UserWatches.html
        package-summary.html
        Invitations.html
        records
        package-frame.html
        class-use
        CiProxiesRecord.html
        AuthenticationsRecord.html
        GroupsTeamsRecord.html
        OrganizationsRecord.html
        MiscDocsRecord.html
        InvitationsRecord.html
        UserWatchesRecord.html
        TeamsRecord.html
        GroupMembersRecord.html
        UserFavoritesRecord.html
        TeamsUsersRecord.html
        SchemaMigrationsRecord.html
        CiProxiesTeamsRecord.html
        UsersRecord.html
        GroupsRecord.html
        package-tree.html
        SchemaMigrationsRecord.html
        package-summary.html
        package-use.html
        TeamsUsers.html
        package-use.html
        SchemaMigrations.html
        Tables.html
        Sequences.html
        package-summary.html
        package-use.html
        Public.html
        proxy
        security
        package-frame.html
        RestAuthEntryPoint.html
        class-use
        RestAuthEntryPoint.html
        WebSecurityConfig.html
        KeywhizKeyStore.html
        JwtTokenService.html
        KeywhizKeyStore.Name.html
        GlobalSecurityConfig.html
        package-tree.html
        WebSecurityConfig.html
        KeywhizKeyStore.html
        annotations
        package-frame.html
        CurrentUser.html
        class-use
        CurrentUser.html
        AuthzRestController.html
        AuthorizeGroup.html
        package-tree.html
        AuthzRestController.html
        package-summary.html
        AuthorizeGroup.html
        package-use.html
        JwtTokenService.html
        KeywhizKeyStore.Name.html
        package-summary.html
        GlobalSecurityConfig.html
        package-use.html
        package-frame.html
        endpoint
        package-frame.html
        KeywhizHealthIndicator.html
        class-use
        KeywhizHealthIndicator.html
        ListEndPoints.html
        KeywhizEndPoint.html
        package-tree.html
        ListEndPoints.html
        KeywhizEndPoint.html
        package-summary.html
        package-use.html
        services
        package-frame.html
        class-use
        SecretContentService.html
        package-tree.html
        SecretContentService.html
        package-summary.html
        package-use.html
        ldap
        package-frame.html
        class-use
        LDAPClient.html
        package-tree.html
        LDAPClient.html
        package-summary.html
        package-use.html
        gateway
        package-frame.html
        ProxyServlet.html
        class-use
        ProxyServlet.html
        ProxyServlet.InitParams.html
        package-tree.html
        ProxyServlet.InitParams.html
        package-summary.html
        package-use.html
        authz
        package-frame.html
        class-use
        OneOpsTeam.html
        Authz.html
        UserRepository.html
        package-tree.html
        OneOpsTeam.html
        Authz.html
        UserRepository.html
        package-summary.html
        package-use.html
        web
        package-frame.html
        class-use
        AppGroupArgResolver.html
        SecretsController.html
        CliController.html
        RootController.html
        GroupController.html
        ErrorController.html
        AuthController.html
        ErrorControllerAdvice.html
        AppGroupArgResolver.html
        SecretsController.html
        package-tree.html
        support
        package-frame.html
        class-use
        AppGroupArgResolver.html
        AppSecretArgResolver.html
        AppGroupArgResolver.html
        package-tree.html
        package-summary.html
        package-use.html
        AppSecretArgResolver.html
        CliController.html
        RootController.html
        GroupController.html
        ErrorController.html
        AuthController.html
        package-summary.html
        package-use.html
        ErrorControllerAdvice.html
        class-use
        Application.html
        Application.html
        package-tree.html
        audit
        package-frame.html
        Event.html
        class-use
        Event.html
        AuditLog.html
        AuditLogger.html
        EventTag.html
        package-tree.html
        AuditLog.html
        AuditLogger.html
        package-summary.html
        package-use.html
        EventTag.html
        config
        package-frame.html
        AccessLogFilter.html
        WebConfig.html
        OneOpsConfig.Cli.html
        class-use
        AccessLogFilter.html
        WebConfig.html
        OneOpsConfig.Cli.html
        EmbeddedServerConfig.html
        OneOpsConfig.html
        ApplicationConfig.html
        OneOpsConfig.LDAP.html
        OneOpsConfig.Auth.html
        Constants.html
        OneOpsConfig.Proxy.html
        CacheConfig.html
        OneOpsConfig.TrustStore.html
        OneOpsConfig.Keywhiz.html
        OneOpsConfig.Keystore.html
        PropertyVerifier.html
        MgmtConfig.html
        package-tree.html
        EmbeddedServerConfig.html
        OneOpsConfig.html
        ApplicationConfig.html
        OneOpsConfig.LDAP.html
        OneOpsConfig.Auth.html
        Constants.html
        OneOpsConfig.Proxy.html
        CacheConfig.html
        OneOpsConfig.TrustStore.html
        OneOpsConfig.Keywhiz.html
        OneOpsConfig.Keystore.html
        PropertyVerifier.html
        package-summary.html
        MgmtConfig.html
        package-use.html
        service
        SecretService.html
        package-frame.html
        class-use
        SecretService.html
        package-tree.html
        package-summary.html
        package-use.html
        exception
        package-frame.html
        class-use
        ExitException.html
        package-tree.html
        ExitException.html
        package-summary.html
        package-use.html
        keywhiz
        package-frame.html
        class-use
        KeywhizClient.html
        KeywhizAutomationClient.html
        KeywhizException.html
        package-tree.html
        KeywhizClient.html
        KeywhizAutomationClient.html
        http
        package-frame.html
        class-use
        HttpStatus.html
        HttpClient.html
        HttpClient.NotFoundException.html
        HttpClient.UnauthorizedException.html
        HttpClient.UnsupportedMediaTypeException.html
        CookieCutter.html
        HttpClient.ForbiddenException.html
        HttpClient.ConflictException.html
        XsrfTokenInterceptor.html
        HttpClient.MalformedRequestException.html
        HttpClient.ValidationException.html
        HttpStatus.html
        package-tree.html
        HttpClient.html
        HttpClient.NotFoundException.html
        HttpClient.UnauthorizedException.html
        HttpClient.UnsupportedMediaTypeException.html
        CookieCutter.html
        HttpClient.ForbiddenException.html
        HttpClient.ConflictException.html
        XsrfTokenInterceptor.html
        HttpClient.MalformedRequestException.html
        package-summary.html
        HttpClient.ValidationException.html
        package-use.html
        model
        package-frame.html
        ApiDate.html
        Secret.LazyString.html
        SecretDeliveryResponse.html
        CreateSecretRequest.html
        class-use
        ApiDate.html
        Secret.LazyString.html
        SecretDeliveryResponse.html
        CreateSecretRequest.html
        AutomationSecretResponse.html
        LoginRequest.html
        SanitizedSecret.html
        Secret.html
        Group.html
        AutomationClient.html
        CreateClientRequest.html
        Client.html
        SecretsResponse.html
        PartialUpdateSecretRequestV2.Builder.html
        CreateGroupRequest.html
        SecretDetailResponse.html
        PartialUpdateSecretRequestV2.html
        SecretSeries.html
        SecretSeriesAndContent.html
        ClientDetailResponse.html
        SecretContent.html
        GroupDetailResponse.html
        SanitizedSecretWithGroups.html
        package-tree.html
        v2
        SecretContentsResponseV2.html
        package-frame.html
        CreateSecretRequestV2.Builder.html
        SecretDetailResponseV2.html
        ModifyGroupsRequestV2.Builder.html
        class-use
        SecretContentsResponseV2.html
        CreateSecretRequestV2.Builder.html
        SecretDetailResponseV2.html
        ModifyGroupsRequestV2.Builder.html
        ModifyGroupsRequestV2.html
        SetSecretVersionRequestV2.Builder.html
        ModifyClientRequestV2.html
        CreateClientRequestV2.Builder.html
        CreateOrUpdateSecretRequestV2.Builder.html
        ClientDetailResponseV2.html
        SecretContentsResponseV2.Builder.html
        CreateGroupRequestV2.Builder.html
        SecretDetailResponseV2.Builder.html
        CreateOrUpdateSecretRequestV2.html
        CreateSecretRequestV2.html
        SecretContentsRequestV2.html
        CreateGroupRequestV2.html
        PartialUpdateSecretRequestV2.Builder.html
        PartialUpdateSecretRequestV2.html
        SetSecretVersionRequestV2.html
        SecretContentsRequestV2.Builder.html
        CreateClientRequestV2.html
        GroupDetailResponseV2.Builder.html
        GroupDetailResponseV2.html
        package-tree.html
        ModifyGroupsRequestV2.html
        SetSecretVersionRequestV2.Builder.html
        ModifyClientRequestV2.html
        CreateClientRequestV2.Builder.html
        CreateOrUpdateSecretRequestV2.Builder.html
        ClientDetailResponseV2.html
        SecretContentsResponseV2.Builder.html
        CreateGroupRequestV2.Builder.html
        SecretDetailResponseV2.Builder.html
        CreateOrUpdateSecretRequestV2.html
        CreateSecretRequestV2.html
        SecretContentsRequestV2.html
        CreateGroupRequestV2.html
        PartialUpdateSecretRequestV2.Builder.html
        PartialUpdateSecretRequestV2.html
        SetSecretVersionRequestV2.html
        package-summary.html
        SecretContentsRequestV2.Builder.html
        CreateClientRequestV2.html
        package-use.html
        GroupDetailResponseV2.Builder.html
        GroupDetailResponseV2.html
        AutomationSecretResponse.html
        LoginRequest.html
        SanitizedSecret.html
        Secret.html
        Group.html
        AutomationClient.html
        CreateClientRequest.html
        Client.html
        SecretsResponse.html
        PartialUpdateSecretRequestV2.Builder.html
        CreateGroupRequest.html
        SecretDetailResponse.html
        PartialUpdateSecretRequestV2.html
        SecretSeries.html
        package-summary.html
        SecretSeriesAndContent.html
        ClientDetailResponse.html
        SecretContent.html
        GroupDetailResponse.html
        package-use.html
        SanitizedSecretWithGroups.html
        package-summary.html
        package-use.html
        KeywhizException.html
        swagger
        package-frame.html
        class-use
        SwaggerConfig.html
        package-tree.html
        package-summary.html
        package-use.html
        SwaggerConfig.html
        auth
        user
        package-frame.html
        class-use
        OneOpsUser.Role.html
        OneOpsUser.html
        LdapUserService.html
        LdapUserDetailsService.html
        package-tree.html
        OneOpsUser.Role.html
        OneOpsUser.html
        LdapUserService.html
        package-summary.html
        LdapUserDetailsService.html
        package-use.html
        token
        package-frame.html
        TokenAuthProcessingFilter.html
        class-use
        TokenAuthProcessingFilter.html
        JwtAuthToken.html
        SkipPathRequestMatcher.html
        TokenAuthProvider.html
        package-tree.html
        JwtAuthToken.html
        SkipPathRequestMatcher.html
        package-summary.html
        package-use.html
        TokenAuthProvider.html
        login
        package-frame.html
        LoginSuccessHandler.html
        LoginFailureHandler.html
        class-use
        LoginSuccessHandler.html
        LoginFailureHandler.html
        LoginAuthProvider.html
        LoginAuthToken.html
        LoginProcessingFilter.html
        package-tree.html
        LoginAuthProvider.html
        LoginAuthToken.html
        package-summary.html
        LoginProcessingFilter.html
        package-use.html
        model
        package-frame.html
        LoginResponse.html
        class-use
        LoginResponse.html
        AppGroup.html
        SecretRequest.html
        LoginRequest.html
        ErrorResponse.html
        RootResponse.html
        UserResponse.html
        AppSecret.html
        SecretContent.html
        SecretVersionRequest.html
        AppGroup.html
        package-tree.html
        SecretRequest.html
        LoginRequest.html
        ErrorResponse.html
        RootResponse.html
        UserResponse.html
        package-summary.html
        AppSecret.html
        SecretContent.html
        package-use.html
        SecretVersionRequest.html
        metrics
        package-frame.html
        class-use
        MetricsUtilService.html
        ThrowingSupplier.html
        package-tree.html
        MetricsUtilService.html
        package-summary.html
        package-use.html
        ThrowingSupplier.html
        package-summary.html
        package-use.html
    - index.html
    - stylesheet.css
  - apidocs
    - swagger-ui.css
    - oauth2-redirect.html
    - secrets.json
    - swagger-ui.css.map
    - swagger-ui-standalone-preset.js.map
    - swagger-ui-bundle.js.map
    - index.html
    - swagger-ui.js.map
- mvnw.cmd
- contrib
  - init
    - systemd
      - keywhiz-proxy-env
      - keywhiz-proxy.service
      - README.md
  - README.md
  - scripts
    - upload-secrets.sh

package com.oneops.proxy.clients.proxy;

import com.oneops.proxy.config.OneOpsConfig;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.logging.Logger;
import javax.annotation.Nullable;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.springframework.util.ResourceUtils;

/**
 * Helper class for proxy clients.
 *
 * @author Varsha
 */
public class ProxyClientUtil {

  private static Logger log = Logger.getLogger(ProxyClientUtil.class.getName());

  public static TrustManager[] getTrustManagers(OneOpsConfig.TrustStore config)
      throws GeneralSecurityException {
    final TrustManagerFactory trustManagerFactory =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(keyStoreFromResource(config));
    return trustManagerFactory.getTrustManagers();
  }

  @Nullable
  private static KeyStore keyStoreFromResource(OneOpsConfig.TrustStore config) {
    try {
      try (InputStream ins = new FileInputStream(ResourceUtils.getFile(config.getPath()))) {
        log.info("Loading the trust-store: " + config.getPath());
        if (ins == null) {
          throw new IllegalStateException("Can't find the trust-store.");
        }
        KeyStore ks = KeyStore.getInstance(config.getType());
        ks.load(ins, config.getStorePassword());
        return ks;
      }
    } catch (IOException | GeneralSecurityException ex) {
      throw new IllegalStateException("Can't load the trust-store (" + config.getPath() + ").", ex);
    }
  }

  public static SSLSocketFactory getSocketfactory(TrustManager[] trustManagers)
      throws GeneralSecurityException {
    SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
    sslContext.init(null, trustManagers, new SecureRandom());
    return sslContext.getSocketFactory();
  }
}