Examples with Subject io.strimzi.certs.Subject used on opensource projects

Search in sources :

Example 1 with Subject

use of io.strimzi.certs.Subject in project strimzi by strimzi.

the class CertificateRenewalTest method generateCa.

private CertAndKey generateCa(OpenSslCertManager certManager, CertificateAuthority certificateAuthority, String commonName) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
    String clusterCaStorePassword = "123456";
    Path clusterCaKeyFile = Files.createTempFile("tls", "cluster-ca-key");
    Path clusterCaCertFile = Files.createTempFile("tls", "cluster-ca-cert");
    Path clusterCaStoreFile = Files.createTempFile("tls", "cluster-ca-store");
    try {
        Subject sbj = new Subject.Builder().withOrganizationName("io.strimzi").withCommonName(commonName).build();
        certManager.generateSelfSignedCert(clusterCaKeyFile.toFile(), clusterCaCertFile.toFile(), sbj, ModelUtils.getCertificateValidity(certificateAuthority));
        certManager.addCertToTrustStore(clusterCaCertFile.toFile(), CA_CRT, clusterCaStoreFile.toFile(), clusterCaStorePassword);
        return new CertAndKey(Files.readAllBytes(clusterCaKeyFile), Files.readAllBytes(clusterCaCertFile), Files.readAllBytes(clusterCaStoreFile), null, clusterCaStorePassword);
    } finally {
        Files.delete(clusterCaKeyFile);
        Files.delete(clusterCaCertFile);
        Files.delete(clusterCaStoreFile);
    }
}
Also used : Path(java.nio.file.Path) CertAndKey(io.strimzi.certs.CertAndKey) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Subject(io.strimzi.certs.Subject)

Example 2 with Subject

use of io.strimzi.certs.Subject in project strimzi by strimzi.

the class Ca method generateSignedCert.

/**
 * Generates a certificate signed by this CA
 *
 * @param commonName The CN of the certificate to be generated.
 * @param organization The O of the certificate to be generated. May be null.
 * @return The CertAndKey
 * @throws IOException If the cert could not be generated.
 */
public CertAndKey generateSignedCert(String commonName, String organization) throws IOException {
    File csrFile = File.createTempFile("tls", "csr");
    File keyFile = File.createTempFile("tls", "key");
    File certFile = File.createTempFile("tls", "cert");
    File keyStoreFile = File.createTempFile("tls", "p12");
    Subject.Builder subject = new Subject.Builder();
    if (organization != null) {
        subject.withOrganizationName(organization);
    }
    subject.withCommonName(commonName);
    CertAndKey result = generateSignedCert(subject.build(), csrFile, keyFile, certFile, keyStoreFile);
    delete(reconciliation, csrFile);
    delete(reconciliation, keyFile);
    delete(reconciliation, certFile);
    delete(reconciliation, keyStoreFile);
    return result;
}
Also used : CertAndKey(io.strimzi.certs.CertAndKey) DateTimeFormatterBuilder(java.time.format.DateTimeFormatterBuilder) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) File(java.io.File) Subject(io.strimzi.certs.Subject)

Example 3 with Subject

use of io.strimzi.certs.Subject in project strimzi by strimzi.

the class Ca method getSubjectAltNames.

/**
 * Extracts the alternate subject names out of existing certificate
 *
 * @param certificate Existing X509 certificate as a byte array
 * @return
 */
protected List<String> getSubjectAltNames(byte[] certificate) {
    List<String> subjectAltNames = null;
    try {
        X509Certificate cert = x509Certificate(certificate);
        Collection<List<?>> altNames = cert.getSubjectAlternativeNames();
        subjectAltNames = altNames.stream().filter(name -> name.get(1) instanceof String).map(item -> (String) item.get(1)).collect(Collectors.toList());
    } catch (CertificateException | RuntimeException e) {
        // TODO: We should mock the certificates properly so that this doesn't fail in tests (not now => long term :-o)
        LOGGER.debugCr(reconciliation, "Failed to parse existing certificate", e);
    }
    return subjectAltNames;
}
Also used : X509Certificate(java.security.cert.X509Certificate) HOUR_OF_DAY(java.time.temporal.ChronoField.HOUR_OF_DAY) SECOND_OF_MINUTE(java.time.temporal.ChronoField.SECOND_OF_MINUTE) CertificateFactory(java.security.cert.CertificateFactory) Date(java.util.Date) Annotations(io.strimzi.operator.common.Annotations) KeyStoreException(java.security.KeyStoreException) SignStyle(java.time.format.SignStyle) ByteArrayInputStream(java.io.ByteArrayInputStream) IsoChronology(java.time.chrono.IsoChronology) Map(java.util.Map) Collection(java.util.Collection) Set(java.util.Set) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) StandardCharsets(java.nio.charset.StandardCharsets) ZoneId(java.time.ZoneId) Subject(io.strimzi.certs.Subject) Base64(java.util.Base64) List(java.util.List) Certificate(java.security.cert.Certificate) NANO_OF_SECOND(java.time.temporal.ChronoField.NANO_OF_SECOND) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Secret(io.fabric8.kubernetes.api.model.Secret) Optional(java.util.Optional) DateTimeFormatterBuilder(java.time.format.DateTimeFormatterBuilder) CertManager(io.strimzi.certs.CertManager) HashMap(java.util.HashMap) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) CertAndKey(io.strimzi.certs.CertAndKey) Function(java.util.function.Function) ArrayList(java.util.ArrayList) YEAR(java.time.temporal.ChronoField.YEAR) Collections.singletonMap(java.util.Collections.singletonMap) CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy) SecretCertProvider(io.strimzi.certs.SecretCertProvider) ReconciliationLogger(io.strimzi.operator.common.ReconciliationLogger) MONTH_OF_YEAR(java.time.temporal.ChronoField.MONTH_OF_YEAR) Collections.emptyMap(java.util.Collections.emptyMap) Iterator(java.util.Iterator) Files(java.nio.file.Files) MINUTE_OF_HOUR(java.time.temporal.ChronoField.MINUTE_OF_HOUR) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) DAY_OF_MONTH(java.time.temporal.ChronoField.DAY_OF_MONTH) File(java.io.File) Reconciliation(io.strimzi.operator.common.Reconciliation) Util(io.strimzi.operator.common.Util) DateTimeFormatter(java.time.format.DateTimeFormatter) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) List(java.util.List) ArrayList(java.util.ArrayList) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate)

Example 4 with Subject

use of io.strimzi.certs.Subject in project strimzi by strimzi.

the class CaRenewalTest method renewalOfStatefulSetCertificatesDelayedRenewalOutsideWindow.

@ParallelTest
public void renewalOfStatefulSetCertificatesDelayedRenewalOutsideWindow() throws IOException {
    MockedCa mockedCa = new MockedCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, null, null, 2, 1, true, null);
    mockedCa.setCertExpiring(true);
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("pod0.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("pod0.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("pod0.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("pod0.password", Base64.getEncoder().encodeToString("old-password".getBytes())).addToData("pod1.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("pod1.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("pod1.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("pod1.password", Base64.getEncoder().encodeToString("old-password".getBytes())).addToData("pod2.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("pod2.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("pod2.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("pod2.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    int replicas = 3;
    Function<Integer, Subject> subjectFn = i -> new Subject.Builder().build();
    Function<Integer, String> podNameFn = i -> "pod" + i;
    boolean isMaintenanceTimeWindowsSatisfied = false;
    Map<String, CertAndKey> newCerts = mockedCa.maybeCopyOrGenerateCerts(Reconciliation.DUMMY_RECONCILIATION, replicas, subjectFn, initialSecret, podNameFn, isMaintenanceTimeWindowsSatisfied);
    assertThat(new String(newCerts.get("pod0").cert()), is("old-cert"));
    assertThat(new String(newCerts.get("pod0").key()), is("old-key"));
    assertThat(new String(newCerts.get("pod0").keyStore()), is("old-keystore"));
    assertThat(newCerts.get("pod0").storePassword(), is("old-password"));
    assertThat(new String(newCerts.get("pod1").cert()), is("old-cert"));
    assertThat(new String(newCerts.get("pod1").key()), is("old-key"));
    assertThat(new String(newCerts.get("pod1").keyStore()), is("old-keystore"));
    assertThat(newCerts.get("pod1").storePassword(), is("old-password"));
    assertThat(new String(newCerts.get("pod2").cert()), is("old-cert"));
    assertThat(new String(newCerts.get("pod2").key()), is("old-key"));
    assertThat(new String(newCerts.get("pod2").keyStore()), is("old-keystore"));
    assertThat(newCerts.get("pod2").storePassword(), is("old-password"));
}
Also used : X509Certificate(java.security.cert.X509Certificate) CoreMatchers.is(org.hamcrest.CoreMatchers.is) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) ParallelTest(io.strimzi.test.annotations.ParallelTest) CertManager(io.strimzi.certs.CertManager) IOException(java.io.IOException) VertxExtension(io.vertx.junit5.VertxExtension) CertAndKey(io.strimzi.certs.CertAndKey) Function(java.util.function.Function) File(java.io.File) Subject(io.strimzi.certs.Subject) Reconciliation(io.strimzi.operator.common.Reconciliation) Base64(java.util.Base64) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) Map(java.util.Map) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy) Subject(io.strimzi.certs.Subject) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CertAndKey(io.strimzi.certs.CertAndKey) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 5 with Subject

use of io.strimzi.certs.Subject in project strimzi-kafka-operator by strimzi.

the class CaRenewalTest method renewalOfStatefulSetCertificatesWithCaRenewal.

@ParallelTest
public void renewalOfStatefulSetCertificatesWithCaRenewal() throws IOException {
    MockedCa mockedCa = new MockedCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, null, null, 2, 1, true, null);
    mockedCa.setCertRenewed(true);
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("pod0.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("pod0.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("pod0.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("pod0.password", Base64.getEncoder().encodeToString("old-password".getBytes())).addToData("pod1.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("pod1.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("pod1.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("pod1.password", Base64.getEncoder().encodeToString("old-password".getBytes())).addToData("pod2.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("pod2.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("pod2.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("pod2.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    int replicas = 3;
    Function<Integer, Subject> subjectFn = i -> new Subject.Builder().build();
    Function<Integer, String> podNameFn = i -> "pod" + i;
    boolean isMaintenanceTimeWindowsSatisfied = true;
    Map<String, CertAndKey> newCerts = mockedCa.maybeCopyOrGenerateCerts(Reconciliation.DUMMY_RECONCILIATION, replicas, subjectFn, initialSecret, podNameFn, isMaintenanceTimeWindowsSatisfied);
    assertThat(new String(newCerts.get("pod0").cert()), is("new-cert0"));
    assertThat(new String(newCerts.get("pod0").key()), is("new-key0"));
    assertThat(new String(newCerts.get("pod0").keyStore()), is("new-keystore0"));
    assertThat(newCerts.get("pod0").storePassword(), is("new-password0"));
    assertThat(new String(newCerts.get("pod1").cert()), is("new-cert1"));
    assertThat(new String(newCerts.get("pod1").key()), is("new-key1"));
    assertThat(new String(newCerts.get("pod1").keyStore()), is("new-keystore1"));
    assertThat(newCerts.get("pod1").storePassword(), is("new-password1"));
    assertThat(new String(newCerts.get("pod2").cert()), is("new-cert2"));
    assertThat(new String(newCerts.get("pod2").key()), is("new-key2"));
    assertThat(new String(newCerts.get("pod2").keyStore()), is("new-keystore2"));
    assertThat(newCerts.get("pod2").storePassword(), is("new-password2"));
}
Also used : X509Certificate(java.security.cert.X509Certificate) CoreMatchers.is(org.hamcrest.CoreMatchers.is) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) ParallelTest(io.strimzi.test.annotations.ParallelTest) CertManager(io.strimzi.certs.CertManager) IOException(java.io.IOException) VertxExtension(io.vertx.junit5.VertxExtension) CertAndKey(io.strimzi.certs.CertAndKey) Function(java.util.function.Function) File(java.io.File) Subject(io.strimzi.certs.Subject) Reconciliation(io.strimzi.operator.common.Reconciliation) Base64(java.util.Base64) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) Map(java.util.Map) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy) Subject(io.strimzi.certs.Subject) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CertAndKey(io.strimzi.certs.CertAndKey) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Aggregations

CertAndKey (io.strimzi.certs.CertAndKey)14 Subject (io.strimzi.certs.Subject)14 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)12 File (java.io.File)12 Secret (io.fabric8.kubernetes.api.model.Secret)10 CertificateExpirationPolicy (io.strimzi.api.kafka.model.CertificateExpirationPolicy)10 CertManager (io.strimzi.certs.CertManager)10 PasswordGenerator (io.strimzi.operator.common.PasswordGenerator)10 Reconciliation (io.strimzi.operator.common.Reconciliation)10 IOException (java.io.IOException)10 X509Certificate (java.security.cert.X509Certificate)10 Base64 (java.util.Base64)10 Map (java.util.Map)10 Function (java.util.function.Function)10 ParallelSuite (io.strimzi.test.annotations.ParallelSuite)6 ParallelTest (io.strimzi.test.annotations.ParallelTest)6 VertxExtension (io.vertx.junit5.VertxExtension)6 DateTimeFormatterBuilder (java.time.format.DateTimeFormatterBuilder)6 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)6 CoreMatchers.is (org.hamcrest.CoreMatchers.is)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial