You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuweni.apache.org by to...@apache.org on 2019/12/16 08:29:32 UTC
[incubator-tuweni] branch master updated: Allow CN as option when
generating the self-signed certs
This is an automated email from the ASF dual-hosted git repository.
toulmean pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-tuweni.git
The following commit(s) were added to refs/heads/master by this push:
new 3c23981 Allow CN as option when generating the self-signed certs
3c23981 is described below
commit 3c239818a42aab9f8df912912db612c3a5e6a9af
Author: Antoine Toulme <an...@lunar-ocean.com>
AuthorDate: Mon Dec 16 00:29:17 2019 -0800
Allow CN as option when generating the self-signed certs
---
.../main/java/org/apache/tuweni/net/tls/TLS.java | 28 +++++++++++++++++++---
1 file changed, 25 insertions(+), 3 deletions(-)
diff --git a/net/src/main/java/org/apache/tuweni/net/tls/TLS.java b/net/src/main/java/org/apache/tuweni/net/tls/TLS.java
index b90fadf..5ecc20f 100644
--- a/net/src/main/java/org/apache/tuweni/net/tls/TLS.java
+++ b/net/src/main/java/org/apache/tuweni/net/tls/TLS.java
@@ -16,6 +16,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
import static java.nio.file.Files.createDirectories;
import static org.apache.tuweni.crypto.Hash.sha2_256;
+import jdk.internal.joptsimple.internal.Strings;
import org.apache.tuweni.bytes.Bytes;
import java.io.BufferedReader;
@@ -35,6 +36,7 @@ import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
+import java.util.UUID;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509v3CertificateBuilder;
@@ -73,6 +75,22 @@ public final class TLS {
* @throws IOException If an IO error occurs creating the certificate.
*/
public static boolean createSelfSignedCertificateIfMissing(Path key, Path certificate) throws IOException {
+ return createSelfSignedCertificateIfMissing(key, certificate, null);
+ }
+
+ /**
+ * Create a self-signed certificate, if it is not already present.
+ *
+ * <p>
+ * If both the key or the certificate file are missing, they will be re-created as a self-signed certificate.
+ *
+ * @param key The key path.
+ * @param certificate The certificate path.
+ * @param commonName the name to use for the CN attribute of the certificate. If null or empty, a random value is used.
+ * @return {@code true} if a self-signed certificate was created.
+ * @throws IOException If an IO error occurs creating the certificate.
+ */
+ public static boolean createSelfSignedCertificateIfMissing(Path key, Path certificate, String commonName) throws IOException {
if (Files.exists(certificate) || Files.exists(key)) {
return false;
}
@@ -84,7 +102,7 @@ public final class TLS {
Path certFile = Files.createTempFile(certificate.getParent(), "client-cert", ".tmp");
try {
- createSelfSignedCertificate(new Date(), keyFile, certFile);
+ createSelfSignedCertificate(new Date(), keyFile, certFile, commonName);
} catch (CertificateException | NoSuchAlgorithmException | OperatorCreationException e) {
throw new TLSEnvironmentException("Could not generate certificate: " + e.getMessage(), e);
}
@@ -94,7 +112,7 @@ public final class TLS {
return true;
}
- private static void createSelfSignedCertificate(Date now, Path key, Path certificate) throws NoSuchAlgorithmException,
+ private static void createSelfSignedCertificate(Date now, Path key, Path certificate, String commonName) throws NoSuchAlgorithmException,
IOException,
OperatorCreationException,
CertificateException {
@@ -108,7 +126,11 @@ public final class TLS {
cal.add(Calendar.YEAR, 1);
Date yearFromNow = cal.getTime();
- X500Name dn = new X500Name("CN=example.com");
+ if (Strings.isNullOrEmpty(commonName)) {
+ commonName = UUID.randomUUID().toString() + ".com";
+ }
+
+ X500Name dn = new X500Name("CN=" + commonName);
X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
dn,
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@tuweni.apache.org
For additional commands, e-mail: commits-help@tuweni.apache.org