TlsManager (helidon-io#7291)

Author: trentjeff

bom/pom.xml

@@ -833,6 +833,11 @@
                 <artifactId>helidon-integrations-oci-metrics-cdi</artifactId>
                 <version>${helidon.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.helidon.integrations.oci</groupId>
+                <artifactId>helidon-integrations-oci-tls-certificates</artifactId>
+                <version>${helidon.version}</version>
+            </dependency>
             <dependency>
                 <groupId>io.helidon.integrations.vault</groupId>
                 <artifactId>helidon-integrations-vault</artifactId>

common/key-util/src/main/java/io/helidon/common/pki/PemReader.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2022 Oracle and/or its affiliates.
+ * Copyright (c) 2017, 2023 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -47,7 +47,7 @@
 /**
  * Reads a PEM file and converts it into a list of DERs so that they are imported into a {@link java.security.KeyStore} easily.
  */
-final class PemReader {
+public final class PemReader {
     private static final System.Logger LOGGER = System.getLogger(PemReader.class.getName());
 
     private static final Pattern CERT_PATTERN = Pattern.compile(
@@ -69,6 +69,54 @@ final class PemReader {
     private PemReader() {
     }
 
+    /**
+     * Reads a certificate-based input stream and converts it to a list of {@link X509Certificate}s.
+     *
+     * @param certStream cert input stream
+     * @return list of certificates
+     */
+    public static List<X509Certificate> readCertificates(InputStream certStream) {
+        CertificateFactory cf;
+        try {
+            cf = CertificateFactory.getInstance("X.509");
+        } catch (CertificateException e) {
+            throw new PkiException("Failed to create certificate factory", e);
+        }
+        String content;
+        try {
+            content = readContent(certStream);
+        } catch (IOException e) {
+            throw new PkiException("Failed to read certificate input stream", e);
+        } finally {
+            safeClose(certStream);
+        }
+
+        List<X509Certificate> certs = new ArrayList<>();
+        Matcher m = CERT_PATTERN.matcher(content);
+        int start = 0;
+        while (true) {
+            if (!m.find(start)) {
+                break;
+            }
+
+            byte[] base64 = m.group(1).getBytes(StandardCharsets.US_ASCII);
+            byte[] der = Base64.getMimeDecoder().decode(base64);
+            try {
+                certs.add((X509Certificate) cf.generateCertificate(new ByteArrayInputStream(der)));
+            } catch (Exception e) {
+                throw new PkiException("Failed to read certificate from bytes", e);
+            }
+
+            start = m.end();
+        }
+
+        if (certs.isEmpty()) {
+            throw new PkiException("Found no certificates in input stream");
+        }
+
+        return certs;
+    }
+
     static PublicKey readPublicKey(InputStream input) {
         byte[] pkBytes = readPublicKeyBytes(input);
 
@@ -143,56 +191,13 @@ private static PrivateKey dsaPrivateKey(KeySpec keySpec) {
     }
 
     private static PrivateKey rsaPrivateKey(KeySpec keySpec) {
-
         try {
             return KeyFactory.getInstance("RSA").generatePrivate(keySpec);
         } catch (Exception e) {
             throw new PkiException("Failed to get RSA private key", e);
         }
     }
 
-    static List<X509Certificate> readCertificates(InputStream certStream) {
-        CertificateFactory cf;
-        try {
-            cf = CertificateFactory.getInstance("X.509");
-        } catch (CertificateException e) {
-            throw new PkiException("Failed to create certificate factory", e);
-        }
-        String content;
-        try {
-            content = readContent(certStream);
-        } catch (IOException e) {
-            throw new PkiException("Failed to read certificate input stream", e);
-        } finally {
-            safeClose(certStream);
-        }
-
-        List<X509Certificate> certs = new ArrayList<>();
-        Matcher m = CERT_PATTERN.matcher(content);
-        int start = 0;
-        while (true) {
-            if (!m.find(start)) {
-                break;
-            }
-
-            byte[] base64 = m.group(1).getBytes(StandardCharsets.US_ASCII);
-            byte[] der = Base64.getMimeDecoder().decode(base64);
-            try {
-                certs.add((X509Certificate) cf.generateCertificate(new ByteArrayInputStream(der)));
-            } catch (Exception e) {
-                throw new PkiException("Failed to read certificate from bytes", e);
-            }
-
-            start = m.end();
-        }
-
-        if (certs.isEmpty()) {
-            throw new PkiException("Found no certificates in input stream");
-        }
-
-        return certs;
-    }
-
     private static KeySpec generateKeySpec(byte[] keyBytes, char[] password) {
         if (password == null) {
             return new PKCS8EncodedKeySpec(keyBytes);

common/tls/pom.xml

@@ -61,6 +61,16 @@
             <artifactId>helidon-builder-api</artifactId>
             <optional>true</optional>
         </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest-all</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>