/* * Copyright (C) 2008-2020, Juick * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ package com.juick; import com.juick.model.User; import com.juick.www.api.activity.model.objects.Actor; import io.jsonwebtoken.Jwts; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.core.io.Resource; import org.tomitribe.churchkey.Key; import org.tomitribe.churchkey.Keys; import javax.net.ssl.KeyManagerFactory; import java.io.IOException; import java.io.InputStream; import java.security.*; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.time.ZonedDateTime; import java.util.Arrays; import java.util.Date; public class KeystoreManager { private static final Logger logger = LoggerFactory.getLogger("ActivityPub"); private final String keystorePassword; private KeyStore ks; public KeystoreManager(Resource keystore, String keystorePassword) { this.keystorePassword = keystorePassword; try (InputStream ksIs = keystore.getInputStream()) { ks = KeyStore.getInstance("PKCS12"); ks.load(ksIs, keystorePassword.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory .getDefaultAlgorithm()); kmf.init(ks, keystorePassword.toCharArray()); } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) { logger.error("Keystore error", e); } } public KeyPair getKeyPair() { java.security.Key privateKey; try { privateKey = ks.getKey("1", keystorePassword.toCharArray()); Certificate certificate = ks.getCertificate("1"); return new KeyPair(certificate.getPublicKey(), (PrivateKey) privateKey); } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) { e.printStackTrace(); } return null; } public PrivateKey getPrivateKey() { return getKeyPair().getPrivate(); } public PublicKey getPublicKey() { return getKeyPair().getPublic(); } public String getPublicKeyPem() { return new String(Keys.of(getPublicKey()).encode(Key.Format.PEM)).replace("\r\n", "\n"); } public static java.security.Key publicKeyOf(Actor person) { String pubkeyPem = person.getPublicKey().getPublicKeyPem(); return Keys.decode(pubkeyPem.getBytes()).getKey(); } public String generateToken(User user) { return Jwts.builder() .setSubject(user.getName()) .setIssuedAt(Date.from(ZonedDateTime.now().toInstant())) .signWith(getPrivateKey()) .compact(); } }