diff options
-rw-r--r-- | build.gradle | 12 | ||||
-rw-r--r-- | juick-server/build.gradle | 2 | ||||
-rw-r--r-- | juick-server/src/main/java/com/juick/server/KeystoreManager.java | 54 |
3 files changed, 15 insertions, 53 deletions
diff --git a/build.gradle b/build.gradle index f7595ac2..7de01cdf 100644 --- a/build.gradle +++ b/build.gradle @@ -44,4 +44,16 @@ allprojects { } } } +class GenKey extends DefaultTask { + @OutputFile + String keystore + @TaskAction + def generate() { + ant.genkey(alias:"1", keystore:keystore.toString(), storepass:"secret", dname:"CN=localhost", keysize:2048) + } +} + +task generateDebugKey(type: GenKey) { + keystore = "${projectDir}/juick.p12" +} diff --git a/juick-server/build.gradle b/juick-server/build.gradle index 9a6196da..9b0a6496 100644 --- a/juick-server/build.gradle +++ b/juick-server/build.gradle @@ -58,7 +58,6 @@ asciidoctor { outputDir = docsOutputDir } - dependencies { compile project(':juick-common') compile 'com.github.ben-manes.caffeine:caffeine:2.6.2' @@ -115,5 +114,6 @@ bootJar { launchScript() } +bootRun.dependsOn ':generateDebugKey' compileFrontend.dependsOn 'yarn' processResources.dependsOn 'compileFrontend' diff --git a/juick-server/src/main/java/com/juick/server/KeystoreManager.java b/juick-server/src/main/java/com/juick/server/KeystoreManager.java index dd962527..44b0b90e 100644 --- a/juick-server/src/main/java/com/juick/server/KeystoreManager.java +++ b/juick-server/src/main/java/com/juick/server/KeystoreManager.java @@ -5,25 +5,20 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import org.springframework.util.Base64Utils; -import sun.security.x509.*; import javax.annotation.PostConstruct; import javax.net.ssl.KeyManagerFactory; import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; -import java.math.BigInteger; import java.security.*; import java.security.cert.Certificate; import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.Date; @Component public class KeystoreManager { private static final Logger logger = LoggerFactory.getLogger("com.juick.server"); - @Value("${keystore:juick.p12}") + @Value("${keystore:../juick.p12}") private String keystore; @Value("${keystore_password:secret}") private String keystorePassword; @@ -41,19 +36,7 @@ public class KeystoreManager { .getDefaultAlgorithm()); kmf.init(ks, keystorePassword.toCharArray()); } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) { - logger.warn("Keystore error, creating self-signed"); - KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); - keyPairGenerator.initialize(4096); - KeyPair keyPair = keyPairGenerator.generateKeyPair(); - - Certificate[] chain = {generateCertificate("cn=localhost", keyPair, 365, "SHA256withRSA")}; - - ks = KeyStore.getInstance(KeyStore.getDefaultType()); - ks.load(null, null); - ks.setKeyEntry("1", keyPair.getPrivate(), keystorePassword.toCharArray(), chain); - kmf = KeyManagerFactory.getInstance(KeyManagerFactory - .getDefaultAlgorithm()); - kmf.init(ks, keystorePassword.toCharArray()); + logger.error("Keystore error", e); } } @@ -80,37 +63,4 @@ public class KeystoreManager { return String.format("-----BEGIN RSA PUBLIC KEY-----\n%s\n-----END RSA PUBLIC KEY-----\n", new String(Base64Utils.encode(getKeyPair().getPublic().getEncoded()))); } - private X509Certificate generateCertificate(String dn, KeyPair keyPair, int validity, String sigAlgName) throws GeneralSecurityException, IOException { - PrivateKey privateKey = keyPair.getPrivate(); - - X509CertInfo info = new X509CertInfo(); - - Date from = new Date(); - Date to = new Date(from.getTime() + validity * 1000L * 24L * 60L * 60L); - - CertificateValidity interval = new CertificateValidity(from, to); - BigInteger serialNumber = new BigInteger(64, new SecureRandom()); - X500Name owner = new X500Name(dn); - AlgorithmId sigAlgId = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid); - - info.set(X509CertInfo.VALIDITY, interval); - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialNumber)); - info.set(X509CertInfo.SUBJECT, owner); - info.set(X509CertInfo.ISSUER, owner); - info.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic())); - info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); - info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(sigAlgId)); - - // Sign the cert to identify the algorithm that's used. - X509CertImpl certificate = new X509CertImpl(info); - certificate.sign(privateKey, sigAlgName); - - // Update the algorith, and resign. - sigAlgId = (AlgorithmId) certificate.get(X509CertImpl.SIG_ALG); - info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, sigAlgId); - certificate = new X509CertImpl(info); - certificate.sign(privateKey, sigAlgName); - - return certificate; - } } |