use of de.trustable.ca3s.cert.bundle.KeyCertBundle in project ca3sCore by kuehne-trustable-de.
the class Ca3sFallbackBundleFactory method newKeyBundle.
@Override
public KeyCertBundle newKeyBundle(final String bundleName, long minValiditySeconds) throws GeneralSecurityException {
KeyPair localKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
try {
InetAddress ip = InetAddress.getLocalHost();
String hostname = ip.getHostName();
LOG.debug("requesting certificate for host : " + hostname);
String x500Name = "CN=" + hostname;
if (!dnSuffix.trim().isEmpty()) {
x500Name += ", " + dnSuffix;
}
X500Name subject = new X500Name(x500Name);
GeneralName[] sanArray = new GeneralName[1];
sanArray[0] = new GeneralName(GeneralName.dNSName, hostname);
GeneralNames gns = new GeneralNames(sanArray);
List<Map<String, Object>> extensions = new ArrayList<>();
Map<String, Object> serverAuthMap = new HashMap<>();
serverAuthMap.put("oid", Extension.extendedKeyUsage.getId());
serverAuthMap.put("critical", Boolean.FALSE);
List<String> valList = new ArrayList<>();
valList.add(KeyPurposeId.id_kp_serverAuth.getId());
serverAuthMap.put("value", valList);
extensions.add(serverAuthMap);
LOG.debug("building certificate for SAN '{}' and EKU {}", hostname, Extension.extendedKeyUsage.getId());
X509Certificate issuedCertificate = cryptoUtil.issueCertificate(x500Issuer, getRootKeyPair(), subject, SubjectPublicKeyInfo.getInstance(localKeyPair.getPublic().getEncoded()), Calendar.HOUR, 1, gns, extensions, PKILevel.END_ENTITY);
// build the (short) chain
X509Certificate[] certificateChain = { issuedCertificate, getRootCertificate() };
LOG.debug("returning temp. certificate : " + issuedCertificate);
return new KeyCertBundle(bundleName, certificateChain, issuedCertificate, localKeyPair.getPrivate());
} catch (IOException e) {
// certificate creation failed with an exception not inheriting from 'GeneralSecurityException'
throw new GeneralSecurityException(e);
}
}
use of de.trustable.ca3s.cert.bundle.KeyCertBundle in project ca3sCore by kuehne-trustable-de.
the class BundleCertHolder method createKeyBundle.
public BundleCertHolder createKeyBundle(final String bundleName, long minValiditySeconds) throws GeneralSecurityException {
KeyPair localKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
try {
InetAddress ip = InetAddress.getLocalHost();
String hostname = ip.getCanonicalHostName();
String x500Name = "CN=" + hostname;
if (!dnSuffix.trim().isEmpty()) {
x500Name += ", " + dnSuffix;
}
X500Principal subject = new X500Principal(x500Name);
LOG.debug("requesting certificate for subject : " + subject.getName());
GeneralName[] sanArray = CertificateUtil.splitSANString(sans, hostname);
List<Map<String, Object>> extensions = new ArrayList<>();
Map<String, Object> serverAuthMap = new HashMap<>();
serverAuthMap.put("oid", Extension.extendedKeyUsage.getId());
serverAuthMap.put("critical", Boolean.FALSE);
List<String> valList = new ArrayList<>();
valList.add(KeyPurposeId.id_kp_serverAuth.getId());
serverAuthMap.put("value", valList);
extensions.add(serverAuthMap);
PKCS10CertificationRequest req = CryptoUtil.getCsr(subject, localKeyPair.getPublic(), localKeyPair.getPrivate(), null, extensions, sanArray);
String csrBase64 = CryptoUtil.pkcs10RequestToPem(req);
Certificate cert = cacAdapt.signCertificateRequest(csrBase64, caConfigDao);
certUtil.setCertAttribute(cert, CertificateAttribute.ATTRIBUTE_TLS_CERTIFICATE, "true");
// build the chain
X509Certificate[] certificateChain = certUtil.getX509CertificateChain(cert);
LOG.debug("returning new certificate : " + certificateChain[0]);
return new BundleCertHolder(new KeyCertBundle(bundleName, certificateChain, certificateChain[0], localKeyPair.getPrivate()), cert);
} catch (IOException e) {
// certificate creation failed with an exception not inheriting from 'GeneralSecurityException'
throw new GeneralSecurityException(e);
}
}
use of de.trustable.ca3s.cert.bundle.KeyCertBundle in project ca3sCore by kuehne-trustable-de.
the class BundleCertHolder method newDBKeyBundle.
public KeyCertBundle newDBKeyBundle(final String bundleName, long minValiditySeconds) throws GeneralSecurityException {
List<Certificate> certDaoList = certificateRepository.findActiveTLSCertificate();
if (certDaoList.isEmpty()) {
LOG.debug("Creating new TLS certificate.");
BundleCertHolder bundleCertHolder = createKeyBundle(bundleName, minValiditySeconds);
KeyCertBundle keyCertBundle = bundleCertHolder.getKeyCertBundle();
KeyPair keyPair = new KeyPair(keyCertBundle.getCertificate().getPublicKey(), (PrivateKey) keyCertBundle.getKey());
try {
certUtil.storePrivateKey(bundleCertHolder.getCertificate(), keyPair);
certUtil.setCertAttribute(bundleCertHolder.getCertificate(), CertificateAttribute.ATTRIBUTE_TLS_KEY, "true");
} catch (IOException e) {
LOG.warn("problem storing key and certificate ", e);
throw new GeneralSecurityException(e.getMessage());
}
return keyCertBundle;
} else {
Certificate certificate = certDaoList.get(0);
LOG.debug("Found TLS certificate {} in database.", certificate.getId());
X509Certificate[] certificateChain = certUtil.getX509CertificateChain(certificate);
PrivateKey privateKey = certUtil.getPrivateKey(certificate);
return new KeyCertBundle(bundleName, certificateChain, certificateChain[0], privateKey);
}
}
Aggregations