Add certs to keystore for configuring ssl certs in http client.

srinivasankavitha · vepanimas · commit a83835c64061 · 2021-12-02T02:59:51.000+03:00
diff --git a/src/main/com/intellij/lang/jsgraphql/ide/editor/GraphQLIntrospectionSSLBuilder.java b/src/main/com/intellij/lang/jsgraphql/ide/editor/GraphQLIntrospectionSSLBuilder.java
@@ -0,0 +1,94 @@
+package com.intellij.lang.jsgraphql.ide.editor;
+
+import com.intellij.lang.jsgraphql.ide.project.graphqlconfig.model.GraphQLConfigCertificate;
+import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.*;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Base64;
+import java.util.Collection;
+
+public class GraphQLIntrospectionSSLBuilder {
+    @NotNull
+    public static KeyStore makeKeyStore(final Path certPath, final Path keyPath, final GraphQLConfigCertificate.Encoding format) throws UnsupportedEncodingException {
+        CertificateFactory certificateFactory;
+        try {
+            certificateFactory = CertificateFactory.getInstance("X509");
+        } catch (CertificateException e) {
+            throw new IllegalStateException(e);
+        }
+
+        java.security.cert.Certificate[] certChain;
+        try (InputStream inputStream = Files.newInputStream(certPath)) {
+            Collection<? extends Certificate> certCollection = certificateFactory.generateCertificates(inputStream);
+            certChain = certCollection.toArray(new java.security.cert.Certificate[certCollection.size()]);
+        } catch (CertificateException | IOException e) {
+            throw new RuntimeException(e);
+        }
+
+        // We only support PEM format for now
+        if (format != GraphQLConfigCertificate.Encoding.PEM) {
+            throw new UnsupportedEncodingException("Format needs to be specified as PEM");
+        }
+
+        KeyStore keyStore;
+        try {
+            PrivateKey privateKey = generatePEMPrivateKey(keyPath);
+            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+            // Not supporting keystore and key passwords yet
+            keyStore.load(null, null);
+            keyStore.setKeyEntry("1", privateKey, null, certChain);
+        } catch (NoSuchAlgorithmException | KeyStoreException | IOException | CertificateException e) {
+            throw new IllegalStateException(e);
+        }
+        return keyStore;
+    }
+
+    @Nullable
+    private static PrivateKey generatePEMPrivateKey(final Path keyPath) throws IOException {
+
+        String key = new String(Files.readAllBytes(keyPath), Charset.defaultCharset());
+        String privateKeyPEM = key
+            .replace("-----BEGIN PRIVATE KEY-----", "")
+            .replaceAll(System.lineSeparator(), "")
+            .replace("-----END PRIVATE KEY-----", "");
+
+        byte[] decoded = Base64.getDecoder().decode(privateKeyPEM);
+        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decoded);
+        PrivateKey privateKey;
+        try {
+            KeyFactory kf = KeyFactory.getInstance("RSA");
+            privateKey = kf.generatePrivate(keySpec);
+        } catch (NoSuchAlgorithmException e) {
+            throw new IllegalStateException(e);
+        } catch (InvalidKeySpecException e) {
+            try {
+                KeyFactory kf = KeyFactory.getInstance("EC");
+                privateKey = kf.generatePrivate(keySpec);
+            } catch (InvalidKeySpecException e1) {
+                try {
+                    KeyFactory kf = KeyFactory.getInstance("DSA");
+                    privateKey = kf.generatePrivate(keySpec);
+                } catch (InvalidKeySpecException | NoSuchAlgorithmException e2) {
+                    throw new RuntimeException(e2);
+                }
+            } catch (NoSuchAlgorithmException e1) {
+                throw new IllegalStateException(e1);
+            }
+        }
+
+        return privateKey;
+    }
+}
diff --git a/src/main/com/intellij/lang/jsgraphql/ide/introspection/GraphQLIntrospectionService.java b/src/main/com/intellij/lang/jsgraphql/ide/introspection/GraphQLIntrospectionService.java
@@ -16,8 +16,7 @@
 import com.intellij.lang.jsgraphql.ide.notifications.GraphQLNotificationUtil;
 import com.intellij.lang.jsgraphql.ide.project.GraphQLUIProjectService;
 import com.intellij.lang.jsgraphql.ide.project.graphqlconfig.GraphQLConfigManager;
-import com.intellij.lang.jsgraphql.ide.project.graphqlconfig.model.GraphQLConfigEndpoint;
-import com.intellij.lang.jsgraphql.ide.project.graphqlconfig.model.GraphQLConfigVariableAwareEndpoint;
+import com.intellij.lang.jsgraphql.ide.project.graphqlconfig.model.*;
 import com.intellij.lang.jsgraphql.schema.GraphQLKnownTypes;
 import com.intellij.lang.jsgraphql.schema.GraphQLRegistryInfo;
 import com.intellij.lang.jsgraphql.schema.GraphQLSchemaInfo;
@@ -80,6 +79,7 @@
 import org.jetbrains.annotations.Nullable;
 
 import java.io.IOException;
+
 import java.security.GeneralSecurityException;
 import java.security.KeyManagementException;
 import java.security.KeyStoreException;
@@ -88,6 +88,10 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.*;
+import java.security.cert.CertificateException;
 
 import static com.intellij.lang.jsgraphql.ide.project.GraphQLUIProjectService.setHeadersFromOptions;
 
@@ -99,6 +103,7 @@ public class GraphQLIntrospectionService implements Disposable {
 
     private GraphQLIntrospectionTask latestIntrospection = null;
     private final Project myProject;
+    private Project myProject1;
 
     public static GraphQLIntrospectionService getInstance(@NotNull Project project) {
         return ServiceManager.getService(project, GraphQLIntrospectionService.class);
@@ -186,14 +191,38 @@ public static HttpPost createRequest(@NotNull GraphQLConfigVariableAwareEndpoint
     }
 
     @NotNull
-    public CloseableHttpClient createHttpClient() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException {
+    public CloseableHttpClient createHttpClient() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, UnrecoverableKeyException, CertificateException {
         HttpClientBuilder builder = HttpClients.custom();
         builder.setRedirectStrategy(LaxRedirectStrategy.INSTANCE);
 
         if (PropertiesComponent.getInstance(myProject).isTrueValue(GRAPHQL_TRUST_ALL_HOSTS)) {
-            builder
-                .setSSLContext(new SSLContextBuilder().loadTrustMaterial(null, TrustAllStrategy.INSTANCE).build())
-                .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
+            Map<VirtualFile, GraphQLConfigData> configEntries =
+                GraphQLConfigManager.getService(myProject).getConfigurationsByPath();
+            GraphQLConfigSecurity sslConfig = configEntries.get(myProject.getBaseDir()).sslConfiguration;
+            if (sslConfig != null) {
+                if (sslConfig.clientCertificate.path == null || sslConfig.clientCertificateKey.path == null) {
+                    throw new RuntimeException("Path needs to be specified for the key and certificate");
+                }
+                Path certPath = Paths.get(sslConfig.clientCertificate.path);
+                Path keyPath = Paths.get(sslConfig.clientCertificateKey.path);
+                GraphQLConfigCertificate.Encoding keyFormat = sslConfig.clientCertificateKey.format;
+
+                KeyStore store = GraphQLIntrospectionSSLBuilder.makeKeyStore(certPath, keyPath, keyFormat);
+                builder
+                    .setSSLContext(
+                        new SSLContextBuilder()
+                            .loadTrustMaterial(null, TrustAllStrategy.INSTANCE)
+                            .loadKeyMaterial(store, null)
+                            .build())
+                    .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
+            } else {
+                builder
+                    .setSSLContext(
+                        new SSLContextBuilder()
+                            .loadTrustMaterial(null, TrustAllStrategy.INSTANCE)
+                            .build())
+                    .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
+            }
         }
         return builder.build();
     }
diff --git a/src/main/com/intellij/lang/jsgraphql/ide/project/graphqlconfig/GraphQLConfigManager.java b/src/main/com/intellij/lang/jsgraphql/ide/project/graphqlconfig/GraphQLConfigManager.java
@@ -25,6 +25,7 @@
 import com.intellij.lang.jsgraphql.ide.notifications.GraphQLNotificationUtil;
 import com.intellij.lang.jsgraphql.ide.project.graphqlconfig.model.GraphQLConfigData;
 import com.intellij.lang.jsgraphql.ide.project.graphqlconfig.model.GraphQLConfigEndpoint;
+import com.intellij.lang.jsgraphql.ide.project.graphqlconfig.model.GraphQLConfigSecurity;
 import com.intellij.lang.jsgraphql.ide.project.graphqlconfig.model.GraphQLResolvedConfigData;
 import com.intellij.lang.jsgraphql.ide.findUsages.GraphQLFindUsagesUtil;
 import com.intellij.lang.jsgraphql.psi.GraphQLFile;
diff --git a/src/main/com/intellij/lang/jsgraphql/ide/project/graphqlconfig/model/GraphQLConfigCertificate.java b/src/main/com/intellij/lang/jsgraphql/ide/project/graphqlconfig/model/GraphQLConfigCertificate.java
@@ -0,0 +1,8 @@
+package com.intellij.lang.jsgraphql.ide.project.graphqlconfig.model;
+
+public class GraphQLConfigCertificate {
+    public enum Encoding {PEM}
+
+    public String path;
+    public Encoding format = Encoding.PEM;
+}
diff --git a/src/main/com/intellij/lang/jsgraphql/ide/project/graphqlconfig/model/GraphQLConfigData.java b/src/main/com/intellij/lang/jsgraphql/ide/project/graphqlconfig/model/GraphQLConfigData.java
@@ -13,7 +13,5 @@
  * graphql-config root config
  */
 public class GraphQLConfigData extends GraphQLResolvedConfigData {
-
     public Map<String, GraphQLResolvedConfigData> projects;
-
 }
diff --git a/src/main/com/intellij/lang/jsgraphql/ide/project/graphqlconfig/model/GraphQLConfigSecurity.java b/src/main/com/intellij/lang/jsgraphql/ide/project/graphqlconfig/model/GraphQLConfigSecurity.java
@@ -0,0 +1,9 @@
+package com.intellij.lang.jsgraphql.ide.project.graphqlconfig.model;
+
+/**
+ * graphql-config security config
+ */
+public class GraphQLConfigSecurity {
+    public GraphQLConfigCertificate clientCertificate;
+    public GraphQLConfigCertificate clientCertificateKey;
+}
diff --git a/src/main/com/intellij/lang/jsgraphql/ide/project/graphqlconfig/model/GraphQLResolvedConfigData.java b/src/main/com/intellij/lang/jsgraphql/ide/project/graphqlconfig/model/GraphQLResolvedConfigData.java
@@ -24,4 +24,5 @@ public class GraphQLResolvedConfigData {
 
     public Map<String, Object> extensions;
 
+    public GraphQLConfigSecurity sslConfiguration;
 }

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,5 @@`
`13`	`13`	`* graphql-config root config`
`14`	`14`	`*/`
`15`	`15`	`public class GraphQLConfigData extends GraphQLResolvedConfigData {`
`16`		`-`
`17`	`16`	`public Map<String, GraphQLResolvedConfigData> projects;`
`18`		`-`
`19`	`17`	`}`
Original file line number	Diff line number	Diff line change
`@@ -24,4 +24,5 @@ public class GraphQLResolvedConfigData {`
`24`	`24`
`25`	`25`	`public Map<String, Object> extensions;`
`26`	`26`
	`27`	`+ public GraphQLConfigSecurity sslConfiguration;`
`27`	`28`	`}`