More TLS features WIP2

jayo-projects · Oct 30, 2024 · d98b561 · d98b561
1 parent 7715fa1
commit d98b561
Show file tree

Hide file tree

Showing 11 changed files with 472 additions and 13 deletions.
diff --git a/core/src/main/java/jayo/internal/tls/RealCertificates.java b/core/src/main/java/jayo/internal/tls/RealCertificates.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2024-present, pull-vert and Jayo contributors.
+ * Use of this source code is governed by the Apache 2.0 license.
+ *
+ * Forked from OkHttp (https://github.com/square/okhttp), original copyright is below
+ *
+ * Copyright (C) 2013 Square, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jayo.internal.tls;
+
+import jayo.ByteString;
+import org.jspecify.annotations.NonNull;
+
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.Objects;
+
+public final class RealCertificates {
+    // un-instantiable
+    private RealCertificates() {
+    }
+
+    public static @NonNull String certificatePem(final @NonNull X509Certificate certificate) {
+        Objects.requireNonNull(certificate);
+
+        final var certificatePemSb = new StringBuilder();
+        certificatePemSb.append("-----BEGIN CERTIFICATE-----\n");
+        try {
+            encodeBase64Lines(certificatePemSb, ByteString.of(certificate.getEncoded()));
+        } catch (CertificateEncodingException e) {
+            throw new IllegalArgumentException("Could not encode certificate", e);
+        }
+        certificatePemSb.append("-----END CERTIFICATE-----\n");
+
+        return certificatePemSb.toString();
+    }
+
+    static void encodeBase64Lines(final @NonNull StringBuilder sb, final @NonNull ByteString data) {
+        final var base64 = data.base64();
+        for (var i = 0; i < base64.length(); i += 64) {
+            sb.append(base64, i, Math.min(i + 64, base64.length())).append('\n');
+        }
+    }
+}
diff --git a/core/src/main/java/jayo/internal/tls/RealHeldCertificate.java b/core/src/main/java/jayo/internal/tls/RealHeldCertificate.java
@@ -0,0 +1,142 @@
+/*
+ * Copyright (c) 2024-present, pull-vert and Jayo contributors.
+ * Use of this source code is governed by the Apache 2.0 license.
+ *
+ * Forked from OkHttp (https://github.com/square/okhttp), original copyright is below
+ *
+ * Copyright (C) 2013 Square, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jayo.internal.tls;
+
+import jayo.internal.ServerTlsEndpoint;
+import jayo.tls.HeldCertificate;
+import org.jspecify.annotations.NonNull;
+import org.jspecify.annotations.Nullable;
+
+import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.time.Duration;
+
+public final class RealHeldCertificate implements HeldCertificate {
+    public static @NonNull RealHeldCertificate decode(final @NonNull String certificateAndPrivateKeyPem) {
+        return null;
+    }
+
+    private final @NonNull KeyPair keyPair;
+    private final @NonNull X509Certificate certificate;
+
+    private RealHeldCertificate(final @NonNull KeyPair keyPair, final @NonNull X509Certificate certificate) {
+        assert keyPair != null;
+        assert certificate != null;
+
+        this.keyPair = keyPair;
+        this.certificate = certificate;
+    }
+
+    @Override
+    public @NonNull KeyPair getKeyPair() {
+        return keyPair;
+    }
+
+    @Override
+    public @NonNull X509Certificate getCertificate() {
+        return certificate;
+    }
+
+    @Override
+    public @NonNull String certificatePem() {
+        return RealCertificates.certificatePem(certificate);
+    }
+
+    @Override
+    public @NonNull String privateKeyPkcs8Pem() {
+        return "";
+    }
+
+    @Override
+    public @NonNull String privateKeyPkcs1Pem() {
+        return "";
+    }
+
+    /**
+     * Builder of {@link ServerTlsEndpoint}
+     */
+    public static final class Builder implements HeldCertificate.Builder {
+
+        @Override
+        public HeldCertificate.@NonNull Builder validityInterval(long notBefore, long notAfter) {
+            return null;
+        }
+
+        @Override
+        public HeldCertificate.@NonNull Builder duration(@NonNull Duration duration) {
+            return null;
+        }
+
+        @Override
+        public HeldCertificate.@NonNull Builder addSubjectAlternativeName(@NonNull String altName) {
+            return null;
+        }
+
+        @Override
+        public HeldCertificate.@NonNull Builder commonName(@NonNull String cn) {
+            return null;
+        }
+
+        @Override
+        public HeldCertificate.@NonNull Builder organizationalUnit(@NonNull String ou) {
+            return null;
+        }
+
+        @Override
+        public HeldCertificate.@NonNull Builder serialNumber(long serialNumber) {
+            return null;
+        }
+
+        @Override
+        public HeldCertificate.@NonNull Builder serialNumber(@NonNull BigInteger serialNumber) {
+            return null;
+        }
+
+        @Override
+        public HeldCertificate.@NonNull Builder keyPair(@NonNull KeyPair keyPair) {
+            return null;
+        }
+
+        @Override
+        public HeldCertificate.@NonNull Builder keyPair(@NonNull PublicKey publicKey, @NonNull PrivateKey privateKey) {
+            return null;
+        }
+
+        @Override
+        public HeldCertificate.@NonNull Builder signedBy(@Nullable HeldCertificate signedBy) {
+            return null;
+        }
+
+        @Override
+        public HeldCertificate.@NonNull Builder keyFormat(@NonNull CertificateKeyFormat keyFormat) {
+            return null;
+        }
+
+        @Override
+        public @NonNull HeldCertificate build() {
+            return null;
+        }
+    }
+}
diff --git a/...al/platform/BouncyCastleJssePlatform.java → ...ls/platform/BouncyCastleJssePlatform.java b/...al/platform/BouncyCastleJssePlatform.java → ...ls/platform/BouncyCastleJssePlatform.java
@@ -19,7 +19,7 @@
  * limitations under the License.
  */
 
-package jayo.internal.platform;
+package jayo.internal.tls.platform;
 
 import jayo.tls.AlpnProtocol;
 import org.bouncycastle.jsse.BCSSLEngine;

diff --git a/...ernal/platform/ConscryptJssePlatform.java → ...l/tls/platform/ConscryptJssePlatform.java b/...ernal/platform/ConscryptJssePlatform.java → ...l/tls/platform/ConscryptJssePlatform.java
@@ -19,7 +19,7 @@
  * limitations under the License.
  */
 
-package jayo.internal.platform;
+package jayo.internal.tls.platform;
 
 import jayo.tls.AlpnProtocol;
 import org.conscrypt.Conscrypt;

diff --git a/...yo/internal/platform/JdkJssePlatform.java → ...nternal/tls/platform/JdkJssePlatform.java b/...yo/internal/platform/JdkJssePlatform.java → ...nternal/tls/platform/JdkJssePlatform.java
@@ -19,7 +19,7 @@
  * limitations under the License.
  */
 
-package jayo.internal.platform;
+package jayo.internal.tls.platform;
 
 import jayo.tls.AlpnProtocol;
 import jayo.tls.JssePlatform;

diff --git a/.../internal/platform/JssePlatformUtils.java → ...ernal/tls/platform/JssePlatformUtils.java b/.../internal/platform/JssePlatformUtils.java → ...ernal/tls/platform/JssePlatformUtils.java
@@ -19,7 +19,7 @@
  * limitations under the License.
  */
 
-package jayo.internal.platform;
+package jayo.internal.tls.platform;
 
 import jayo.tls.JssePlatform;
 import org.jspecify.annotations.NonNull;

diff --git a/core/src/main/java/jayo/tls/Certificates.java b/core/src/main/java/jayo/tls/Certificates.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2024-present, pull-vert and Jayo contributors.
+ * Use of this source code is governed by the Apache 2.0 license.
+ *
+ * Forked from OkHttp (https://github.com/square/okhttp), original copyright is below
+ *
+ * Copyright (C) 2013 Square, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package jayo.tls;
+
+import jayo.internal.tls.RealCertificates;
+import org.jspecify.annotations.NonNull;
+
+import java.security.cert.X509Certificate;
+
+public final class Certificates {
+    // un-instantiable
+    private Certificates() {
+    }
+
+    public static @NonNull String certificatePem(final @NonNull X509Certificate certificate) {
+        return RealCertificates.certificatePem(certificate);
+    }
+}