aboutsummaryrefslogtreecommitdiff
path: root/juick-server
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2018-09-26 21:31:13 +0300
committerGravatar Vitaly Takmazov2018-09-26 21:31:13 +0300
commit213fdfb49dc1c7355f77427676159a416508b7a4 (patch)
treec3aa9dff6808b33fd6ce264e5ce367cc3eb9b0e4 /juick-server
parent71bf01c9d7056d68aaa34144d8cd6c49d20b7ca5 (diff)
Generate debug key from Gradle task, drop private API usage
Diffstat (limited to 'juick-server')
-rw-r--r--juick-server/build.gradle2
-rw-r--r--juick-server/src/main/java/com/juick/server/KeystoreManager.java54
2 files changed, 3 insertions, 53 deletions
diff --git a/juick-server/build.gradle b/juick-server/build.gradle
index 9a6196da..9b0a6496 100644
--- a/juick-server/build.gradle
+++ b/juick-server/build.gradle
@@ -58,7 +58,6 @@ asciidoctor {
outputDir = docsOutputDir
}
-
dependencies {
compile project(':juick-common')
compile 'com.github.ben-manes.caffeine:caffeine:2.6.2'
@@ -115,5 +114,6 @@ bootJar {
launchScript()
}
+bootRun.dependsOn ':generateDebugKey'
compileFrontend.dependsOn 'yarn'
processResources.dependsOn 'compileFrontend'
diff --git a/juick-server/src/main/java/com/juick/server/KeystoreManager.java b/juick-server/src/main/java/com/juick/server/KeystoreManager.java
index dd962527..44b0b90e 100644
--- a/juick-server/src/main/java/com/juick/server/KeystoreManager.java
+++ b/juick-server/src/main/java/com/juick/server/KeystoreManager.java
@@ -5,25 +5,20 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.util.Base64Utils;
-import sun.security.x509.*;
import javax.annotation.PostConstruct;
import javax.net.ssl.KeyManagerFactory;
import java.io.FileInputStream;
-import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
-import java.math.BigInteger;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
@Component
public class KeystoreManager {
private static final Logger logger = LoggerFactory.getLogger("com.juick.server");
- @Value("${keystore:juick.p12}")
+ @Value("${keystore:../juick.p12}")
private String keystore;
@Value("${keystore_password:secret}")
private String keystorePassword;
@@ -41,19 +36,7 @@ public class KeystoreManager {
.getDefaultAlgorithm());
kmf.init(ks, keystorePassword.toCharArray());
} catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
- logger.warn("Keystore error, creating self-signed");
- KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
- keyPairGenerator.initialize(4096);
- KeyPair keyPair = keyPairGenerator.generateKeyPair();
-
- Certificate[] chain = {generateCertificate("cn=localhost", keyPair, 365, "SHA256withRSA")};
-
- ks = KeyStore.getInstance(KeyStore.getDefaultType());
- ks.load(null, null);
- ks.setKeyEntry("1", keyPair.getPrivate(), keystorePassword.toCharArray(), chain);
- kmf = KeyManagerFactory.getInstance(KeyManagerFactory
- .getDefaultAlgorithm());
- kmf.init(ks, keystorePassword.toCharArray());
+ logger.error("Keystore error", e);
}
}
@@ -80,37 +63,4 @@ public class KeystoreManager {
return String.format("-----BEGIN RSA PUBLIC KEY-----\n%s\n-----END RSA PUBLIC KEY-----\n",
new String(Base64Utils.encode(getKeyPair().getPublic().getEncoded())));
}
- private X509Certificate generateCertificate(String dn, KeyPair keyPair, int validity, String sigAlgName) throws GeneralSecurityException, IOException {
- PrivateKey privateKey = keyPair.getPrivate();
-
- X509CertInfo info = new X509CertInfo();
-
- Date from = new Date();
- Date to = new Date(from.getTime() + validity * 1000L * 24L * 60L * 60L);
-
- CertificateValidity interval = new CertificateValidity(from, to);
- BigInteger serialNumber = new BigInteger(64, new SecureRandom());
- X500Name owner = new X500Name(dn);
- AlgorithmId sigAlgId = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
-
- info.set(X509CertInfo.VALIDITY, interval);
- info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialNumber));
- info.set(X509CertInfo.SUBJECT, owner);
- info.set(X509CertInfo.ISSUER, owner);
- info.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic()));
- info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
- info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(sigAlgId));
-
- // Sign the cert to identify the algorithm that's used.
- X509CertImpl certificate = new X509CertImpl(info);
- certificate.sign(privateKey, sigAlgName);
-
- // Update the algorith, and resign.
- sigAlgId = (AlgorithmId) certificate.get(X509CertImpl.SIG_ALG);
- info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, sigAlgId);
- certificate = new X509CertImpl(info);
- certificate.sign(privateKey, sigAlgName);
-
- return certificate;
- }
}