Example 1 with X509Builder
use of com.intel.mtwilson.crypto.X509Builder in project OpenAttestation by OpenAttestation.
the class TagCreateCaKey method execute.
@Override
public void execute(String[] args) throws Exception {
// file name, and either outfile or stdout
String dn;
if (args.length > 0) {
dn = args[0];
} else {
dn = "CN=asset-tag-service,OU=mtwilson";
}
// create a new key pair
KeyPair cakey = RsaUtil.generateRsaKeyPair(2048);
X509Builder builder = X509Builder.factory();
X509Certificate cacert = builder.selfSigned(dn, cakey).expires(3650, TimeUnit.DAYS).build();
if (cacert == null) {
// log.error("Failed to create certificate"); // no need to print this, if the build failed there are guaranteed to be faults to print...
List<Fault> faults = builder.getFaults();
for (Fault fault : faults) {
log.error(String.format("%s: %s", fault.getClass().getName(), fault.toString()));
// log.error(String.format("%s%s", fault.toString(), fault.getCause() == null ? "" : ": "+fault.getCause().getMessage()));
}
return;
}
String privateKeyPem = RsaUtil.encodePemPrivateKey(cakey.getPrivate());
String cacertPem = X509Util.encodePemCertificate(cacert);
String combinedPrivateKeyAndCertPem = privateKeyPem + cacertPem;
byte[] combinedPrivateKeyAndCertPemBytes = combinedPrivateKeyAndCertPem.getBytes("UTF-8");
byte[] cacertPemContent = cacertPem.getBytes("UTF-8");
// for now... there can only be ONE CA private key in the database (but we support storing multiple certs)
File cakeyFile = TagJdbi.fileDao().findByName(PRIVATEKEY_FILE);
if (cakeyFile == null) {
// create new private key file
TagJdbi.fileDao().insert(new UUID(), PRIVATEKEY_FILE, "text/plain", combinedPrivateKeyAndCertPemBytes);
} else {
// replace existing private key...
TagJdbi.fileDao().update(cakeyFile.getId(), PRIVATEKEY_FILE, "text/plain", combinedPrivateKeyAndCertPemBytes);
}
// add the ca cert to the list of approved certs
File cacertsFile = TagJdbi.fileDao().findByName(CACERTS_FILE);
if (cacertsFile == null) {
// create new cacerts file
TagJdbi.fileDao().insert(new UUID(), CACERTS_FILE, "text/plain", cacertPemContent);
} else {
// append new cacert to existing file in database
byte[] content = ByteArray.concat(cacertsFile.getContent(), cacertPemContent);
TagJdbi.fileDao().update(cacertsFile.getId(), CACERTS_FILE, "text/plain", content);
// and write to disk also for easy sharing with mtwilson: tag-cacerts.pem
try (FileOutputStream out = new FileOutputStream(ASConfig.getAssetTagCaCertificateFile())) {
IOUtils.write(content, out);
}
}
}
Also used :
KeyPair(java.security.KeyPair)
X509Builder(com.intel.mtwilson.crypto.X509Builder)
FileOutputStream(java.io.FileOutputStream)
Fault(com.intel.mtwilson.util.validation.Fault)
UUID(com.intel.mtwilson.util.io.UUID)
File(com.intel.mtwilson.datatypes.File)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
X509Builder (com.intel.mtwilson.crypto.X509Builder)1
File (com.intel.mtwilson.datatypes.File)1
UUID (com.intel.mtwilson.util.io.UUID)1
Fault (com.intel.mtwilson.util.validation.Fault)1
FileOutputStream (java.io.FileOutputStream)1
KeyPair (java.security.KeyPair)1
X509Certificate (java.security.cert.X509Certificate)1
