in libs/utils/src/main/java/co/elastic/gradle/utils/SSLCAChainExtractor.java [61:97]
public static List<X509Certificate> extract(String host, int port) {
try {
SSLContext context = SSLContext.getInstance("TLS");
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm()
);
tmf.init((KeyStore) null);
final SavingTrustManager savingTrustManager = new SavingTrustManager((X509TrustManager) tmf
.getTrustManagers()[0]
);
context.init(
null,
new TrustManager[]{
savingTrustManager
},
null
);
SSLSocketFactory factory = context.getSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
socket.setSoTimeout(10000);
socket.startHandshake();
socket.close();
X509Certificate[] chain = savingTrustManager.chain;
if (chain == null) {
throw new IllegalStateException("Could not get CA chain from " + host + ":" + port);
}
return Arrays.asList(chain);
} catch (IOException e) {
throw new UncheckedIOException(e);
} catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
throw new IllegalStateException(e);
}
}