Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add NR EU certs. Fixes #86 #89

Merged
merged 2 commits into from
Oct 20, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@

package com.newrelic.agent.transport.apache;

import com.google.common.collect.ImmutableList;
import com.newrelic.agent.Agent;
import org.apache.http.ssl.SSLContextBuilder;

Expand All @@ -31,8 +32,9 @@
import java.util.logging.Level;

public class ApacheSSLManager {
private static final String NEW_RELIC_CERT = "META-INF/newrelic-com.pem";

private static final String NEW_RELIC_CERTS_PATH = "META-INF/certs/";
private static final Collection<String> NEW_RELIC_CERTS = ImmutableList.of("newrelic-com.pem",
"eu-newrelic-com.pem", "eu01-nr-data-net.pem");

public static SSLContext createSSLContext(String caBundlePath) {
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
Expand All @@ -49,30 +51,36 @@ public static SSLContext createSSLContext(String caBundlePath) {
}
}

private static void addNewRelicCertToTrustStore(SSLContextBuilder sslContextBuilder)
throws KeyStoreException, CertificateException, NoSuchAlgorithmException {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
URL nrCertUrl = ApacheSSLManager.class.getClassLoader().getResource(NEW_RELIC_CERT);
if (nrCertUrl != null) {
try (InputStream is = nrCertUrl.openStream()) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
boolean sslCertIsValid = isSslCertValid(cert);
if (sslCertIsValid) {
logIfExpiringSoon(cert.getNotAfter());
// Initialize keystore and add valid New Relic certificate
keystore.load(null, null);
keystore.setCertificateEntry("newrelic", cert);
Agent.LOG.log(Level.FINEST, "Installed New Relic ssl certificate at alias: newrelic. ");
Agent.LOG.log(Level.FINEST, "SSL Certificate expires on: {0}", cert.getNotAfter());
private static void addNewRelicCertToTrustStore(SSLContextBuilder sslContextBuilder) {
// Initialize keystore and add valid New Relic certificates
try {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, null);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (String file : NEW_RELIC_CERTS) {
URL nrCertUrl = ApacheSSLManager.class.getClassLoader().getResource(NEW_RELIC_CERTS_PATH + file);
if (nrCertUrl != null) {
try (InputStream is = nrCertUrl.openStream()) {
X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
boolean sslCertIsValid = isSslCertValid(cert);
if (sslCertIsValid) {
logIfExpiringSoon(cert.getNotAfter());
String alias = file.split("\\.pem")[0];
keystore.setCertificateEntry(alias, cert);
Agent.LOG.log(Level.FINEST, "Installed New Relic ssl certificate at alias: " + alias);
Agent.LOG.log(Level.FINEST, "SSL Certificate expires on: {0}", cert.getNotAfter());
}
} catch (IOException e) {
Agent.LOG.log(Level.INFO, "Unable to add bundled New Relic ssl certificate.", e);
}
} else {
Agent.LOG.log(Level.INFO, "Unable to find bundled New Relic ssl certificates.");
}
} catch (IOException e) {
Agent.LOG.log(Level.INFO, "Unable to add bundled New Relic ssl certificate.", e);
}
} else {
Agent.LOG.log(Level.INFO, "Unable to find bundled New Relic ssl certificate.");
sslContextBuilder.loadTrustMaterial(keystore, null);
} catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) {
Agent.LOG.log(Level.INFO, "Unable to add bundled New Relic ssl certificate.", e);
}
sslContextBuilder.loadTrustMaterial(keystore, null);
}

private static void logIfExpiringSoon(Date expiry) {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
-----BEGIN CERTIFICATE-----
MIIHLTCCBhWgAwIBAgIQAbm2WL12atsmJFQ7SjYkfDANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwODE5MDAwMDAwWhcN
MjIxMTIyMDAwMDAwWjBwMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
YTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEYMBYGA1UEChMPTmV3IFJlbGljLCBJ
bmMuMRowGAYDVQQDDBEqLmV1Lm5ld3JlbGljLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMZXnx2CbaFxMmYV2T2IQJPDB6DkRsRsN05oQU0i4oQi
6FBc/UMSZ0CFjX8/5s3yb5a/b4W9ZrwjKMSfiF7LraIZ29RFvCrOetZkpyQT6FWq
DTPW3EYl/D+n73jutScsf2qsPcwnMQnq2XeX8/3kkfS5LdeKjYA4Tf1iQuP98dgP
dSKZpJe+taFNGJMFg2LjtO5z4hGY/6dFLjzjWIf87RWbzoaotZFRrOt+tdrG3G67
bbaVGKAZnD9QMyy0l0mp1YIGFmoADmzyweVlkyL/lu1AV878Vw1p1txDbh3FbNql
mYmXhOMMrdPgvR8D8XpJfbTDnuEpdAfwuJGgHY4cVkUCAwEAAaOCA+QwggPgMB8G
A1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBQxQ+aRxwSg
OQj3564dwJiw4WHXpjAtBgNVHREEJjAkghEqLmV1Lm5ld3JlbGljLmNvbYIPZXUu
bmV3cmVsaWMuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNl
cnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2lj
ZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYG
Z4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au
ZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2Vy
dC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQC
MAAwggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3ACl5vvCeOTkh8FZzn2Old+W+
V32cYAr4+U1dJlwlXceEAAABdAfCybMAAAQDAEgwRgIhALGcb8jP7a7R1mSpAZWX
QkiGLor/QxqwNdqFr3hIjRUVAiEA2kBrYq9eUFPTwS02WAkbWvlgSrbvzYLr2Wxh
P7wPHAkAdgBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAXQHwsla
AAAEAwBHMEUCIGhkFbGd5QtNUNvj1M150dDCeH1hxbbFJmCIPhfc2YgxAiEAqEXL
idwpIWMHg8jwIlh6wMBgD3uVVb7R3+6tOkTJb94AdQBGpVXrdfqRIDC1oolp9PN9
ESxBdL79SbiFq/L8cP5tRwAAAXQHwsoOAAAEAwBGMEQCIFjseSIg1NKi2enOjxDI
mzi3gVQh8uv2KQa5LeErXNjDAiBp7CE17PwYc3zQA3qWMcbC/GgR0k9F3EFqVPNz
pccWzwB3AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABdAfCy3oA
AAQDAEgwRgIhAP7IC3qsW75WOMBPJ9Rg3Kuf/70DFq4sZkyVynW0pb4OAiEAmBoP
bRCpBIrWdqrChFaGow9hok/GR3ZhJ+YaTohragowDQYJKoZIhvcNAQELBQADggEB
ABYfSelCt9reHKchYmPro3NdrxCCQ5YFcnFYS3FiBTIm9bD4oTL7X7F2ZKQk1gjj
A2U1382FOGFvNb6B//iP2QPZ2dnqdI6QaWD3YUX/JuIxxqPdJZXfZJAHOxzLri8g
OhHDneyCmlH7fRtCErUc43Sqdx0wSQVgcT4rEPnDx66bg2kKb7Yz8SmnpNnDO8Yn
D21m/On0+WOvQeNWqZiEJZRwvYQofKGFuWDgneK5KWAcW2DYu7f3ORUK8YF9BjA0
vSO4Fd184eeVquJeWRfvtoTzD1m4yqMW0QxuiTcnkDcA0J4kE4qTkYy3H9rXn0nI
EKGikOyOmtaLWus3AA3jKoo=
-----END CERTIFICATE-----
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
-----BEGIN CERTIFICATE-----
MIIGtzCCBZ+gAwIBAgIQCBflwGdmH3qAeNydtCm8ZDANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMjA0MDAwMDAwWhcN
MjIwMjA4MTIwMDAwWjBxMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
YTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEYMBYGA1UEChMPTmV3IFJlbGljLCBJ
bmMuMRswGQYDVQQDDBIqLmV1MDEubnItZGF0YS5uZXQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDWQq63H7zKI5sQ0LJIMOjHzCQ5R96PFe75mtF/uN/Q
El5ao5IZcispqxLRRNZNivyW9n6w+oGWcuhQWOnLHkNuU1O4bK1HPHXNZMjgX4ss
ZJpalCVx74U+uC3ta4ywNHgiPlwwGBXn9ow+wfi8OAlN/jG0RW+s/6wRRHhBNpWt
d9y8uKH8LPUKmct0JNMKHb3pigUY9piJf1xExR8FpmdbCtOgP/319lmcfHje8TMB
cJ9Kl/BnWu6QGustndZ4gkx0Kl4T1VzAl2Pzzzs/OR69rgax4FIWeYXpiAHNSSxB
AEsO152NZvEU/4bVG7rCfXLokkP+m4C+mH7sfWPVNVlXAgMBAAGjggNtMIIDaTAf
BgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQULbvrib1J
0IoiGqhwMimtNiEzjC4wLwYDVR0RBCgwJoISKi5ldTAxLm5yLWRhdGEubmV0ghBl
dTAxLm5yLWRhdGEubmV0MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGln
aWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRp
Z2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9
bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw
CAYGZ4EMAQICMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29j
c3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdp
Y2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB
/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB3AO5Lvbd1zmC64UJpH6vh
nmajD35fsHLYgwDEe4l6qP3LAAABcBHGnuIAAAQDAEgwRgIhAKCkr4VpbYxrrdyn
vq5cX9oGpr0q3xqBk2mFhOwUffcVAiEAv/yHaJj+YSGij3mv5KDk5ojyC13okxIl
rvtEo63YYL0AdQBRo7D1/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAXAR
xp8QAAAEAwBGMEQCIG0nWPBfAoXDmCy64liAYaDS0dvWPeCyhUr3KB77pa9VAiBW
6G8Jpqjl8/PAkPXkM6ebHkSsaR/qDiy+8cf7BRRtbQB2AEHIyrHfIkZKEMahOglC
h15OMYsbA+vrS8do8JBilgb2AAABcBHGnlcAAAQDAEcwRQIhANuXCyiTRLmT1gJi
vs2Ycy49Dg8LK5/yjJDEdvLh1MEVAiAbxb0p/oo4lXvQPnRG9MlbCm71qvLQbgwl
Tzyx6G/GBzANBgkqhkiG9w0BAQsFAAOCAQEAEy0GufbczPZukMkcRrYV/SYEwnMg
KT5YgTWZFNwF05xRzL/ulC26ptU6xvqv6nCMsl887mn2CaHG3biA6zTMc2kwIV/G
rbNTWYAcrZRJG8t5EY57PCAsOPGDlUT1nwW4SrGaj4zwuktMhprniYAkwOdiRhdT
4mRAUoInma5BCzYyqjkk+yHTGETVk6mMcI0UzUDfZkFNSv48H6AbIKtKjMa31Wzp
x1Rn7uRrErIgkvZNQ+FjIPHy/IWhWvslC4yXYDM90pKmw+E7OwOQIpYIYzSqf4mS
K71Fy4eq+qre35KveASXlie75iJDsdmUyhljy4VohwqzrFg6o1Z8miCj1A==
-----END CERTIFICATE-----