From d2cd53678b57c83657a8319cc63116e52e99c4a8 Mon Sep 17 00:00:00 2001
From: Satyam Chaurasia <samchaurasia86@gmail.com>
Date: Thu, 25 Jul 2024 16:59:39 +0530
Subject: [PATCH] Added code for support of custom key store

---
 pom.xml                                       |  2 +-
 .../checkmarx/sdk/config/CxProperties.java    | 10 +++
 .../sdk/config/SpringConfiguration.java       | 69 ++++++++++++++++---
 3 files changed, 71 insertions(+), 10 deletions(-)

diff --git a/pom.xml b/pom.xml
index 04a1620a..519dcda4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
 	</parent>
 	<groupId>com.github.checkmarx-ltd</groupId>
 	<artifactId>cx-spring-boot-sdk</artifactId>
-	<version>0.6.9</version>
+	<version>0.6.10</version>
 
 
 	<name>cx-spring-boot-sdk</name>
diff --git a/src/main/java/com/checkmarx/sdk/config/CxProperties.java b/src/main/java/com/checkmarx/sdk/config/CxProperties.java
index aa7fae83..c19912b5 100644
--- a/src/main/java/com/checkmarx/sdk/config/CxProperties.java
+++ b/src/main/java/com/checkmarx/sdk/config/CxProperties.java
@@ -46,6 +46,13 @@ public class CxProperties extends CxPropertiesBase{
     @Getter
     @Setter
     private boolean trustcerts = false;
+
+    @Getter
+    @Setter
+    private String truststorepath;
+    @Getter
+    @Setter
+    private String truststorepassword;
     
     private Integer httpConnectionTimeout = 30000;
     private Integer httpReadTimeout = 120000;
@@ -77,6 +84,9 @@ public class CxProperties extends CxPropertiesBase{
 
     private Boolean cxBranch = false;
 
+    @Getter @Setter
+    private Boolean customkeystore = false;
+
     /*
      * If set to true, group results by vulnerability, filename and
      * severity (by default, results are grouped only by vulnerability
diff --git a/src/main/java/com/checkmarx/sdk/config/SpringConfiguration.java b/src/main/java/com/checkmarx/sdk/config/SpringConfiguration.java
index ff191f48..c7e07c98 100644
--- a/src/main/java/com/checkmarx/sdk/config/SpringConfiguration.java
+++ b/src/main/java/com/checkmarx/sdk/config/SpringConfiguration.java
@@ -3,6 +3,9 @@
 import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
 import org.apache.hc.client5.http.io.HttpClientConnectionManager;
 import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
 import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -14,9 +17,12 @@
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
+import java.io.FileInputStream;
 import java.nio.charset.StandardCharsets;
 import java.security.KeyManagementException;
+import java.security.KeyStore;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 import java.time.Duration;
@@ -29,19 +35,54 @@ public SpringConfiguration(CxProperties properties) {
         this.properties = properties;
     }
 
+
+    public static SSLContext createCustomSSLContext(String trustStorePath, String trustStorePassword) throws Exception {
+        TrustManagerFactory defaultTmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        defaultTmFactory.init((KeyStore) null);
+
+        // Load the custom trust store
+        KeyStore customTrustStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        try (FileInputStream fis = new FileInputStream(trustStorePath)) {
+            customTrustStore.load(fis, trustStorePassword.toCharArray());
+        }
+        TrustManagerFactory customTmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        customTmFactory.init(customTrustStore);
+
+        // Combine both TrustManagers
+        TrustManager[] defaultTrustManagers = defaultTmFactory.getTrustManagers();
+        TrustManager[] customTrustManagers = customTmFactory.getTrustManagers();
+        TrustManager[] combinedTrustManagers = new TrustManager[defaultTrustManagers.length + customTrustManagers.length];
+        System.arraycopy(customTrustManagers, 0, combinedTrustManagers, 0, customTrustManagers.length);
+        System.arraycopy(defaultTrustManagers, 0, combinedTrustManagers, customTrustManagers.length, defaultTrustManagers.length);
+
+        // Initialize SSLContext with combined TrustManagers
+        SSLContext sslContext = SSLContext.getInstance("TLS");
+        sslContext.init(null, combinedTrustManagers, new java.security.SecureRandom());
+        return sslContext;
+    }
+
     @Bean(name = "cxRestTemplate")
-    public RestTemplate restTemplateByPassSSL(RestTemplateBuilder builder) throws NoSuchAlgorithmException, KeyManagementException {
+    public RestTemplate restTemplateByPassSSL(RestTemplateBuilder builder) throws Exception {
 
-        if (!properties.isTrustcerts()) {
-            RestTemplate restTemplate = new RestTemplateBuilder()
-                    .setConnectTimeout(Duration.ofMillis(properties.getHttpConnectionTimeout()))
-                    .setReadTimeout(Duration.ofMillis(properties.getHttpReadTimeout()))
+        if (properties.getCustomkeystore()) {
+            SSLContext sslContext = createCustomSSLContext(properties.getTruststorepath(), properties.getTruststorepassword());
+
+            SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
+
+
+            HttpClientConnectionManager connectionManager = PoolingHttpClientConnectionManagerBuilder.create()
+                    .setSSLSocketFactory(socketFactory)
                     .build();
 
-            restTemplate.getMessageConverters()
-                    .add(0, new StringHttpMessageConverter(StandardCharsets.UTF_8));
-            return restTemplate;
-        } else {
+            org.apache.hc.client5.http.impl.classic.CloseableHttpClient httpClient = org.apache.hc.client5.http.impl.classic.HttpClients.custom()
+
+                    .setConnectionManager(connectionManager)
+                    .evictExpiredConnections()
+                    .build();
+            HttpComponentsClientHttpRequestFactory customRequestFactory = new HttpComponentsClientHttpRequestFactory();
+            customRequestFactory.setHttpClient(httpClient);
+            return builder.requestFactory(() -> customRequestFactory).build();
+        } else if (properties.isTrustcerts()) {
             TrustManager[] trustAllCerts = new TrustManager[]{
                     new X509TrustManager() {
                         public java.security.cert.X509Certificate[] getAcceptedIssuers() {
@@ -73,6 +114,16 @@ public void checkServerTrusted(
             HttpComponentsClientHttpRequestFactory customRequestFactory = new HttpComponentsClientHttpRequestFactory();
             customRequestFactory.setHttpClient(httpClient);
             return builder.requestFactory(() -> customRequestFactory).build();
+        } else {
+            RestTemplate restTemplate = new RestTemplateBuilder()
+                    .setConnectTimeout(Duration.ofMillis(properties.getHttpConnectionTimeout()))
+                    .setReadTimeout(Duration.ofMillis(properties.getHttpReadTimeout()))
+                    .build();
+
+            restTemplate.getMessageConverters()
+                    .add(0, new StringHttpMessageConverter(StandardCharsets.UTF_8));
+            return restTemplate;
+
         }
     }