SCANJLIB-234 Limit the use of BouncyCastle to the minimum

henryju · henryju · commit ea575b085f1c · 2024-09-27T15:15:15.000+02:00
diff --git a/lib/src/main/java/org/sonarsource/scanner/lib/internal/http/OkHttpClientFactory.java b/lib/src/main/java/org/sonarsource/scanner/lib/internal/http/OkHttpClientFactory.java
@@ -19,21 +19,22 @@
  */
 package org.sonarsource.scanner.lib.internal.http;
 
+import java.io.InputStream;
 import java.net.CookieManager;
 import java.net.CookiePolicy;
 import java.net.HttpURLConnection;
 import java.net.InetSocketAddress;
 import java.net.Proxy;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
 import java.security.KeyStore;
-import java.security.Security;
 import java.time.Duration;
 import java.time.format.DateTimeParseException;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
 import nl.altindag.ssl.SSLFactory;
-import nl.altindag.ssl.util.KeyStoreUtils;
+import nl.altindag.ssl.exception.GenericKeyStoreException;
 import okhttp3.ConnectionSpec;
 import okhttp3.Credentials;
 import okhttp3.JavaNetCookieJar;
@@ -186,15 +187,23 @@ private static SSLFactory configureSsl(SslConfig sslConfig) {
     }
     var trustStoreConfig = sslConfig.getTrustStore();
     if (trustStoreConfig != null && Files.exists(trustStoreConfig.getPath())) {
-      Security.addProvider(new BouncyCastleProvider());
-      KeyStore trustStore = KeyStoreUtils.loadKeyStore(
+      KeyStore trustStore = loadKeyStoreWithBouncyCastle(
         trustStoreConfig.getPath(),
         trustStoreConfig.getKeyStorePassword().toCharArray(),
-        trustStoreConfig.getKeyStoreType(),
-        BouncyCastleProvider.PROVIDER_NAME);
+        trustStoreConfig.getKeyStoreType());
       sslFactoryBuilder.withTrustMaterial(trustStore);
     }
     return sslFactoryBuilder.build();
   }
 
+  public static KeyStore loadKeyStoreWithBouncyCastle(Path keystorePath, char[] keystorePassword, String keystoreType) {
+    try (InputStream keystoreInputStream = Files.newInputStream(keystorePath, StandardOpenOption.READ)) {
+      KeyStore keystore = KeyStore.getInstance(keystoreType, new BouncyCastleProvider());
+      keystore.load(keystoreInputStream, keystorePassword);
+      return keystore;
+    } catch (Exception e) {
+      throw new GenericKeyStoreException(e);
+    }
+  }
+
 }
