Giter VIP home page Giter VIP logo

env-keystore's Introduction

EnvKeyStore

License Maven Central CI

A Java library to create KeyStore and TrustStore objects in memory from environment variables.

Usage

Include this library in your application as a Maven depenency:

<dependency>
  <groupId>com.heroku.sdk</groupId>
  <artifactId>env-keystore</artifactId>
</dependency>

Creating a TrustStore

Creating a TrustStore requires that the certificate PEM be set as an environment variable. You pass that environment variable name to the EnvKeyStore.create method:

KeyStore ts = EnvKeyStore.createWithRandomPassword("TRUSTED_CERT").keyStore();

You can use the KeyStore like any other. For example, you might invoke a service with the trusted cert:

String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(ts);

SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, tmf.getTrustManagers(), new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

String urlStr = "https://ssl.selfsigned.xyz";
URL url = new URL(urlStr);
HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
con.setDoInput(true);
con.setRequestMethod("GET");
con.getInputStream().close();

Creating a KeyStore

Creating a KeyStore requires that the key, certificate and password are all set as environment variables. You pass the environment variable names to the EnvKeyStore.create method:

KeyStore ks = EnvKeyStore.create("KEYSTORE_KEY", "KEYSTORE_CERT", "KEYSTORE_PASSWORD").keyStore();

You can use the KeyStore like any other. But you might also want to convert it to an input stream. For example, you might start a Ratpack server:

EnvKeyStore eks = EnvKeyStore.create("KEYSTORE_KEY", "KEYSTORE_CERT", "KEYSTORE_PASSWORD");

RatpackServer.start(s -> s
  .serverConfig(c -> {
    c.ssl(SSLContexts.sslContext(eks.toInputStream(), eks.password()));
  })
  .handlers(chain -> chain
    .all(ctx -> ctx.render("Hello!"))
  )
);

env-keystore's People

Contributors

codefeld avatar dependabot[bot] avatar edmorley avatar halorgium avatar heroku-linguist[bot] avatar jkutner avatar kissaten-bot avatar malax avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

halorgium portxchange jmpesp jkutner mping lee-gilbert waqar-ucf seetaramayya suyambuganesh82

env-keystore's Issues

Create a keystore from a string

I have certificates coming off Cloud Foundry JSON/env variables so they need lots of pre-processing.

Rather than make a fork which did the pre-processing, would it be reasonable to make the EnvKeyStore(String key, String cert, String password) and EnvKeyStore(String cert, String password) methods explicitly public?

(Or am I missing something that mitigates against doing that?)

Allow ability to append cacerts to TrustStore

As we create a new TrustStore, it overrides Java's default TrustStore which already has loaded all cacerts on the system. Because of this, it makes it difficult to validate different destinations with differing signers. Would like the ability to create a TrustStore which copies over the existing cacerts and appends the one from the ENV var.

Create keystore without cert

EnvKeyStore should be able to create a keystore file without a certificate. This would be analogous to a command like:

keytool -genkeypair -alias pac4j-demo -keypass pac4j-demo-passwd -keystore samlKeystore.jks -storepass pac4j-demo-passwd -keyalg RSA -keysize 2048 -validity 3650

This is derived from the example in the pac4j documentation.

minor doc issue

Your documented version is 0.10, should be 0.12 to get the new create signatures.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.