From 383385cfd4256e56c71884ace5fd821dd01229e4 Mon Sep 17 00:00:00 2001
From: Eric Alvarez <ealvarez@palantir.com>
Date: Mon, 14 Aug 2023 14:50:49 -0400
Subject: [PATCH] Revert top level SSLSocketFactories methods

---
 .../conjure/java/config/ssl/KeyStores.java    | 44 ++++++++++
 .../java/config/ssl/SslSocketFactories.java   | 82 +------------------
 2 files changed, 45 insertions(+), 81 deletions(-)

diff --git a/keystores/src/main/java/com/palantir/conjure/java/config/ssl/KeyStores.java b/keystores/src/main/java/com/palantir/conjure/java/config/ssl/KeyStores.java
index 2726ac129..13587c494 100644
--- a/keystores/src/main/java/com/palantir/conjure/java/config/ssl/KeyStores.java
+++ b/keystores/src/main/java/com/palantir/conjure/java/config/ssl/KeyStores.java
@@ -20,7 +20,9 @@
 import com.github.benmanes.caffeine.cache.Caffeine;
 import com.google.common.base.Throwables;
 import com.google.common.io.BaseEncoding;
+import com.palantir.conjure.java.api.config.ssl.SslConfiguration.StoreType;
 import com.palantir.conjure.java.config.ssl.pkcs1.Pkcs1PrivateKeyReader;
+import com.palantir.logsafe.SafeArg;
 import com.palantir.logsafe.exceptions.SafeRuntimeException;
 import java.io.BufferedInputStream;
 import java.io.ByteArrayInputStream;
@@ -321,6 +323,48 @@ static KeyStore newKeyStoreWithEntry(KeyStore original, Optional<String> passwor
         }
     }
 
+    /**
+     * Return a new {@link KeyStore} that contains the contents of the trust store and all default ca certificates.
+     *
+     * @param trustStorePath The path to the trust store.
+     * @param trustStoreType The type of trust store.
+     * @return a newly constructed key store of the type trustStoreType that contains the contents of the trust store
+     * and all default ca certificates.
+     */
+    static KeyStore getCombinedTrustStoreAndDefaultCas(Path trustStorePath, StoreType trustStoreType) {
+        KeyStore keyStore;
+        switch (trustStoreType) {
+            case JKS:
+            case PKCS12:
+                keyStore = loadKeyStore(trustStoreType.name(), trustStorePath, Optional.empty());
+                break;
+            case PEM:
+                keyStore = createTrustStoreFromCertificates(trustStorePath);
+                break;
+            case PUPPET:
+                Path puppetCertsDir = trustStorePath.resolve("certs");
+                if (!puppetCertsDir.toFile().isDirectory()) {
+                    throw new IllegalStateException(
+                            String.format("Puppet certs directory did not exist at path \"%s\"", puppetCertsDir));
+                }
+                keyStore = createTrustStoreFromCertificates(puppetCertsDir);
+                break;
+            default:
+                throw new IllegalStateException("Unrecognized trust store type: " + trustStoreType);
+        }
+
+        // Add globally trusted root CAs
+        DefaultCas.getCertificates().forEach((certAlias, cert) -> {
+            try {
+                keyStore.setCertificateEntry(certAlias, cert);
+            } catch (KeyStoreException e) {
+                throw new SafeRuntimeException(
+                        "Unable to add certificate to store", e, SafeArg.of("certificateAlias", certAlias));
+            }
+        });
+        return keyStore;
+    }
+
     private static KeyStore createKeyStore() {
         KeyStore keyStore;
         try {
diff --git a/keystores/src/main/java/com/palantir/conjure/java/config/ssl/SslSocketFactories.java b/keystores/src/main/java/com/palantir/conjure/java/config/ssl/SslSocketFactories.java
index 0160fb8fe..5e4fc895c 100644
--- a/keystores/src/main/java/com/palantir/conjure/java/config/ssl/SslSocketFactories.java
+++ b/keystores/src/main/java/com/palantir/conjure/java/config/ssl/SslSocketFactories.java
@@ -18,7 +18,6 @@
 
 import com.google.common.base.Throwables;
 import com.palantir.conjure.java.api.config.ssl.SslConfiguration;
-import com.palantir.conjure.java.api.config.ssl.SslConfiguration.StoreType;
 import com.palantir.logsafe.SafeArg;
 import com.palantir.logsafe.exceptions.SafeRuntimeException;
 import java.nio.file.Path;
@@ -92,20 +91,6 @@ public static SSLSocketFactory createSslSocketFactory(
         return sslContext.getSocketFactory();
     }
 
-    /**
-     * Create a {@link SSLSocketFactory} from the provided certificates and configuration.
-     *
-     * @param trustCertificatesByAlias a map of X.509 certificate in PEM or DER format by the alias to load the
-     *     certificate as.
-     * @param config an {@link SslConfiguration} describing the trust store configuration
-     * @param provider The preferred security {@link Provider}
-     */
-    public static SSLSocketFactory createSslSocketFactory(
-            Map<String, PemX509Certificate> trustCertificatesByAlias, SslConfiguration config, Provider provider) {
-        SSLContext sslContext = createSslContext(config, trustCertificatesByAlias, provider);
-        return sslContext.getSocketFactory();
-    }
-
     /**
      * Create an {@link SSLContext} initialized from the provided configuration.
      *
@@ -157,19 +142,6 @@ public static SSLContext createSslContext(
         return createSslContext(trustManagers, new KeyManager[] {}, provider);
     }
 
-    /**
-     * Create an {@link SSLContext} initialized from the provided configuration and certificates.
-     *
-     * @param trustCertificatesByAlias a map of X.509 certificate in PEM or DER format by the alias to load the
-     *       certificate as.
-     * @param config an {@link SslConfiguration} describing the trust store configuration
-     */
-    public static SSLContext createSslContext(
-            SslConfiguration config, Map<String, PemX509Certificate> trustCertificatesByAlias, Provider provider) {
-        TrustManager[] trustManagers = createMergedTrustManagers(config, trustCertificatesByAlias);
-        return createSslContext(trustManagers, new KeyManager[] {}, provider);
-    }
-
     /**
      * Create an {@link SSLContext} initialized from the provided certificates.
      * @see SSLContext#init(KeyManager[], TrustManager[], SecureRandom)
@@ -228,20 +200,6 @@ public static TrustManager[] createTrustManagers(Map<String, PemX509Certificate>
         }
     }
 
-    /**
-     * Create SSL socket factory and trust manager from the given certificates, see {@link #createX509TrustManager} and
-     * {@link #createSslSocketFactory}.
-     */
-    public static TrustManager[] createMergedTrustManagers(
-            SslConfiguration config, Map<String, PemX509Certificate> trustCertificatesByAlias) {
-        KeyStore keystore = getCombinedTrustStoreAndDefaultCas(config.trustStorePath(), config.trustStoreType());
-
-        KeyStores.addCertificatesToKeystore(trustCertificatesByAlias, keystore);
-
-        return ConscryptCompatTrustManagers.wrap(
-                getTrustManagerFactory(keystore).getTrustManagers());
-    }
-
     /**
      * Create SSL socket factory and trust manager from the given configuration, see {@link #createX509TrustManager} and
      * {@link #createSslSocketFactory}.
@@ -311,12 +269,8 @@ public static KeyManager[] createKeyManagers(SslConfiguration config) {
 
     private static TrustManagerFactory createTrustManagerFactory(
             Path trustStorePath, SslConfiguration.StoreType trustStoreType) {
-        KeyStore keyStore = getCombinedTrustStoreAndDefaultCas(trustStorePath, trustStoreType);
+        KeyStore keyStore = KeyStores.getCombinedTrustStoreAndDefaultCas(trustStorePath, trustStoreType);
 
-        return getTrustManagerFactory(keyStore);
-    }
-
-    private static TrustManagerFactory getTrustManagerFactory(KeyStore keyStore) {
         try {
             TrustManagerFactory trustManagerFactory =
                     TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
@@ -327,40 +281,6 @@ private static TrustManagerFactory getTrustManagerFactory(KeyStore keyStore) {
         }
     }
 
-    private static KeyStore getCombinedTrustStoreAndDefaultCas(Path trustStorePath, StoreType trustStoreType) {
-        KeyStore keyStore;
-        switch (trustStoreType) {
-            case JKS:
-            case PKCS12:
-                keyStore = KeyStores.loadKeyStore(trustStoreType.name(), trustStorePath, Optional.empty());
-                break;
-            case PEM:
-                keyStore = KeyStores.createTrustStoreFromCertificates(trustStorePath);
-                break;
-            case PUPPET:
-                Path puppetCertsDir = trustStorePath.resolve("certs");
-                if (!puppetCertsDir.toFile().isDirectory()) {
-                    throw new IllegalStateException(
-                            String.format("Puppet certs directory did not exist at path \"%s\"", puppetCertsDir));
-                }
-                keyStore = KeyStores.createTrustStoreFromCertificates(puppetCertsDir);
-                break;
-            default:
-                throw new IllegalStateException("Unrecognized trust store type: " + trustStoreType);
-        }
-
-        // Add globally trusted root CAs
-        DefaultCas.getCertificates().forEach((certAlias, cert) -> {
-            try {
-                keyStore.setCertificateEntry(certAlias, cert);
-            } catch (KeyStoreException e) {
-                throw new SafeRuntimeException(
-                        "Unable to add certificate to store", e, SafeArg.of("certificateAlias", certAlias));
-            }
-        });
-        return keyStore;
-    }
-
     private static KeyManagerFactory createKeyManagerFactory(
             Path keyStorePath,
             Optional<String> keyStorePassword,