Example 1 with KeyStoreFactory
use of org.neo4j.bolt.security.ssl.KeyStoreFactory in project neo4j by neo4j.
the class BoltKernelExtension method createKeyStore.
private KeyStoreInformation createKeyStore(Configuration config, Log log, AdvertisedSocketAddress address) throws GeneralSecurityException, IOException, OperatorCreationException {
File privateKeyPath = config.get(Settings.tls_key_file).getAbsoluteFile();
File certificatePath = config.get(Settings.tls_certificate_file).getAbsoluteFile();
if (!certificatePath.exists() && !privateKeyPath.exists()) {
log.info("No SSL certificate found, generating a self-signed certificate..");
Certificates certFactory = new Certificates();
certFactory.createSelfSignedCertificate(certificatePath, privateKeyPath, address.getHostname());
}
if (!certificatePath.exists()) {
throw new IllegalStateException(format("TLS private key found, but missing certificate at '%s'. Cannot start server without " + "certificate.", certificatePath));
}
if (!privateKeyPath.exists()) {
throw new IllegalStateException(format("TLS certificate found, but missing key at '%s'. Cannot start server without key.", privateKeyPath));
}
return new KeyStoreFactory().createKeyStore(privateKeyPath, certificatePath);
}
Also used :
KeyStoreFactory(org.neo4j.bolt.security.ssl.KeyStoreFactory)
Certificates(org.neo4j.bolt.security.ssl.Certificates)
File(java.io.File)
Example 2 with KeyStoreFactory
use of org.neo4j.bolt.security.ssl.KeyStoreFactory in project neo4j by neo4j.
the class AbstractNeoServer method createKeyStore.
protected Optional<KeyStoreInformation> createKeyStore() {
if (httpsIsEnabled()) {
File privateKeyPath = config.get(ServerSettings.tls_key_file).getAbsoluteFile();
File certificatePath = config.get(ServerSettings.tls_certificate_file).getAbsoluteFile();
try {
// If neither file is specified
if (!certificatePath.exists() && !privateKeyPath.exists()) {
//noinspection deprecation
log.info("No SSL certificate found, generating a self-signed certificate..");
Certificates certFactory = new Certificates();
certFactory.createSelfSignedCertificate(certificatePath, privateKeyPath, httpListenAddress.getHostname());
}
// Make sure both files were there, or were generated
if (!certificatePath.exists()) {
throw new ServerStartupException(String.format("TLS private key found, but missing certificate at '%s'. Cannot start server " + "without certificate.", certificatePath));
}
if (!privateKeyPath.exists()) {
throw new ServerStartupException(String.format("TLS certificate found, but missing key at '%s'. Cannot start server without key.", privateKeyPath));
}
return Optional.of(new KeyStoreFactory().createKeyStore(privateKeyPath, certificatePath));
} catch (GeneralSecurityException e) {
throw new ServerStartupException("TLS certificate error occurred, unable to start server: " + e.getMessage(), e);
} catch (IOException | OperatorCreationException e) {
throw new ServerStartupException("IO problem while loading or creating TLS certificates: " + e.getMessage(), e);
}
} else {
return Optional.empty();
}
}
Also used :
KeyStoreFactory(org.neo4j.bolt.security.ssl.KeyStoreFactory)
GeneralSecurityException(java.security.GeneralSecurityException)
Certificates(org.neo4j.bolt.security.ssl.Certificates)
IOException(java.io.IOException)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
File(java.io.File)
Aggregations
File (java.io.File)2
Certificates (org.neo4j.bolt.security.ssl.Certificates)2
KeyStoreFactory (org.neo4j.bolt.security.ssl.KeyStoreFactory)2
IOException (java.io.IOException)1
GeneralSecurityException (java.security.GeneralSecurityException)1
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)1
