Examples with Certificates org.neo4j.bolt.security.ssl.Certificates used on opensource projects

Search in sources :

Example 1 with Certificates

use of org.neo4j.bolt.security.ssl.Certificates in project neo4j by neo4j.

the class CertificatesIT method setUp.

@BeforeClass
public static void setUp() throws IOException, GeneralSecurityException, OperatorCreationException {
    certFactory = new Certificates();
    keyFile = File.createTempFile("key", "pem");
    certFile = File.createTempFile("key", "pem");
    keyFile.deleteOnExit();
    certFile.deleteOnExit();
    // make sure files are not there
    keyFile.delete();
    certFile.delete();
    certFactory.createSelfSignedCertificate(certFile, keyFile, "my.domain");
}
Also used : Certificates(org.neo4j.bolt.security.ssl.Certificates) BeforeClass(org.junit.BeforeClass)

Example 2 with Certificates

use of org.neo4j.bolt.security.ssl.Certificates in project neo4j by neo4j.

the class BoltKernelExtension method createKeyStore.

private KeyStoreInformation createKeyStore(Configuration config, Log log, AdvertisedSocketAddress address) throws GeneralSecurityException, IOException, OperatorCreationException {
    File privateKeyPath = config.get(Settings.tls_key_file).getAbsoluteFile();
    File certificatePath = config.get(Settings.tls_certificate_file).getAbsoluteFile();
    if (!certificatePath.exists() && !privateKeyPath.exists()) {
        log.info("No SSL certificate found, generating a self-signed certificate..");
        Certificates certFactory = new Certificates();
        certFactory.createSelfSignedCertificate(certificatePath, privateKeyPath, address.getHostname());
    }
    if (!certificatePath.exists()) {
        throw new IllegalStateException(format("TLS private key found, but missing certificate at '%s'. Cannot start server without " + "certificate.", certificatePath));
    }
    if (!privateKeyPath.exists()) {
        throw new IllegalStateException(format("TLS certificate found, but missing key at '%s'. Cannot start server without key.", privateKeyPath));
    }
    return new KeyStoreFactory().createKeyStore(privateKeyPath, certificatePath);
}
Also used : KeyStoreFactory(org.neo4j.bolt.security.ssl.KeyStoreFactory) Certificates(org.neo4j.bolt.security.ssl.Certificates) File(java.io.File)

Example 3 with Certificates

use of org.neo4j.bolt.security.ssl.Certificates in project neo4j by neo4j.

the class SelfSignedCertificatesIT method createSelfSignedCertificateWithCorrectPermissions.

@Test
public void createSelfSignedCertificateWithCorrectPermissions() throws Exception {
    assumeTrue(!SystemUtils.IS_OS_WINDOWS);
    Certificates certificates = new Certificates();
    certificates.createSelfSignedCertificate(testDirectory.file("certificate"), testDirectory.file("privateKey"), "localhost");
    PosixFileAttributes certificateAttributes = Files.getFileAttributeView(testDirectory.file("certificate").toPath(), PosixFileAttributeView.class).readAttributes();
    assertTrue(certificateAttributes.permissions().contains(PosixFilePermission.OWNER_READ));
    assertTrue(certificateAttributes.permissions().contains(PosixFilePermission.OWNER_WRITE));
    assertFalse(certificateAttributes.permissions().contains(PosixFilePermission.OWNER_EXECUTE));
    assertFalse(certificateAttributes.permissions().contains(PosixFilePermission.GROUP_READ));
    assertFalse(certificateAttributes.permissions().contains(PosixFilePermission.GROUP_WRITE));
    assertFalse(certificateAttributes.permissions().contains(PosixFilePermission.GROUP_EXECUTE));
    assertFalse(certificateAttributes.permissions().contains(PosixFilePermission.OTHERS_READ));
    assertFalse(certificateAttributes.permissions().contains(PosixFilePermission.OTHERS_WRITE));
    assertFalse(certificateAttributes.permissions().contains(PosixFilePermission.OTHERS_EXECUTE));
    PosixFileAttributes privateKey = Files.getFileAttributeView(testDirectory.file("privateKey").toPath(), PosixFileAttributeView.class).readAttributes();
    assertTrue(privateKey.permissions().contains(PosixFilePermission.OWNER_READ));
    assertTrue(privateKey.permissions().contains(PosixFilePermission.OWNER_WRITE));
    assertFalse(privateKey.permissions().contains(PosixFilePermission.OWNER_EXECUTE));
    assertFalse(privateKey.permissions().contains(PosixFilePermission.GROUP_READ));
    assertFalse(privateKey.permissions().contains(PosixFilePermission.GROUP_WRITE));
    assertFalse(privateKey.permissions().contains(PosixFilePermission.GROUP_EXECUTE));
    assertFalse(privateKey.permissions().contains(PosixFilePermission.OTHERS_READ));
    assertFalse(privateKey.permissions().contains(PosixFilePermission.OTHERS_WRITE));
    assertFalse(privateKey.permissions().contains(PosixFilePermission.OTHERS_EXECUTE));
}
Also used : Certificates(org.neo4j.bolt.security.ssl.Certificates) PosixFileAttributes(java.nio.file.attribute.PosixFileAttributes) PosixFileAttributeView(java.nio.file.attribute.PosixFileAttributeView) Test(org.junit.Test)

Example 4 with Certificates

use of org.neo4j.bolt.security.ssl.Certificates in project neo4j by neo4j.

the class AbstractNeoServer method createKeyStore.

protected Optional<KeyStoreInformation> createKeyStore() {
    if (httpsIsEnabled()) {
        File privateKeyPath = config.get(ServerSettings.tls_key_file).getAbsoluteFile();
        File certificatePath = config.get(ServerSettings.tls_certificate_file).getAbsoluteFile();
        try {
            // If neither file is specified
            if (!certificatePath.exists() && !privateKeyPath.exists()) {
                //noinspection deprecation
                log.info("No SSL certificate found, generating a self-signed certificate..");
                Certificates certFactory = new Certificates();
                certFactory.createSelfSignedCertificate(certificatePath, privateKeyPath, httpListenAddress.getHostname());
            }
            // Make sure both files were there, or were generated
            if (!certificatePath.exists()) {
                throw new ServerStartupException(String.format("TLS private key found, but missing certificate at '%s'. Cannot start server " + "without certificate.", certificatePath));
            }
            if (!privateKeyPath.exists()) {
                throw new ServerStartupException(String.format("TLS certificate found, but missing key at '%s'. Cannot start server without key.", privateKeyPath));
            }
            return Optional.of(new KeyStoreFactory().createKeyStore(privateKeyPath, certificatePath));
        } catch (GeneralSecurityException e) {
            throw new ServerStartupException("TLS certificate error occurred, unable to start server: " + e.getMessage(), e);
        } catch (IOException | OperatorCreationException e) {
            throw new ServerStartupException("IO problem while loading or creating TLS certificates: " + e.getMessage(), e);
        }
    } else {
        return Optional.empty();
    }
}
Also used : KeyStoreFactory(org.neo4j.bolt.security.ssl.KeyStoreFactory) GeneralSecurityException(java.security.GeneralSecurityException) Certificates(org.neo4j.bolt.security.ssl.Certificates) IOException(java.io.IOException) OperatorCreationException(org.bouncycastle.operator.OperatorCreationException) File(java.io.File)

Aggregations

Certificates (org.neo4j.bolt.security.ssl.Certificates)4 File (java.io.File)2 KeyStoreFactory (org.neo4j.bolt.security.ssl.KeyStoreFactory)2 IOException (java.io.IOException)1 PosixFileAttributeView (java.nio.file.attribute.PosixFileAttributeView)1 PosixFileAttributes (java.nio.file.attribute.PosixFileAttributes)1 GeneralSecurityException (java.security.GeneralSecurityException)1 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)1 BeforeClass (org.junit.BeforeClass)1 Test (org.junit.Test)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial