You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2015/03/18 14:38:20 UTC
svn commit: r1667550 - in /directory/sandbox/kayyagari/cert-util: ./ src/
src/main/ src/main/java/ src/main/java/org/ src/main/java/org/apache/
src/main/java/org/apache/directory/ src/test/ src/test/java/
src/test/java/org/ src/test/java/org/apache/ sr...
Author: kayyagari
Date: Wed Mar 18 13:38:19 2015
New Revision: 1667550
URL: http://svn.apache.org/r1667550
Log:
utility for generating the LDIF for updating the certificate and keys of ApacheDS
Added:
directory/sandbox/kayyagari/cert-util/
directory/sandbox/kayyagari/cert-util/pom.xml
directory/sandbox/kayyagari/cert-util/src/
directory/sandbox/kayyagari/cert-util/src/main/
directory/sandbox/kayyagari/cert-util/src/main/java/
directory/sandbox/kayyagari/cert-util/src/main/java/org/
directory/sandbox/kayyagari/cert-util/src/main/java/org/apache/
directory/sandbox/kayyagari/cert-util/src/main/java/org/apache/directory/
directory/sandbox/kayyagari/cert-util/src/main/java/org/apache/directory/CertificateUtil.java
directory/sandbox/kayyagari/cert-util/src/test/
directory/sandbox/kayyagari/cert-util/src/test/java/
directory/sandbox/kayyagari/cert-util/src/test/java/org/
directory/sandbox/kayyagari/cert-util/src/test/java/org/apache/
directory/sandbox/kayyagari/cert-util/src/test/java/org/apache/directory/
Added: directory/sandbox/kayyagari/cert-util/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/kayyagari/cert-util/pom.xml?rev=1667550&view=auto
==============================================================================
--- directory/sandbox/kayyagari/cert-util/pom.xml (added)
+++ directory/sandbox/kayyagari/cert-util/pom.xml Wed Mar 18 13:38:19 2015
@@ -0,0 +1,74 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.directory</groupId>
+ <artifactId>cert-util</artifactId>
+ <packaging>jar</packaging>
+ <version>1.0-SNAPSHOT</version>
+ <name>cert-util</name>
+
+ <properties>
+ <bouncycastle.version>1.51</bouncycastle.version>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>${bouncycastle.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ <version>${bouncycastle.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.11</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <finalName>cert-util</finalName>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-shade-plugin</artifactId>
+ <version>2.3</version>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>shade</goal>
+ </goals>
+ <configuration>
+ <filters>
+ <filter>
+ <artifact>org.bouncycastle:bcprov-jdk15on</artifact>
+ <excludes>
+ <exclude>META-INF/BCKEY.SF</exclude>
+ <exclude>META-INF/BCKEY.DSA</exclude>
+ </excludes>
+ </filter>
+ <filter>
+ <artifact>org.bouncycastle:bcpkix-jdk15on</artifact>
+ <excludes>
+ <exclude>META-INF/BCKEY.SF</exclude>
+ <exclude>META-INF/BCKEY.DSA</exclude>
+ </excludes>
+ </filter>
+ </filters>
+ <transformers>
+ <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
+ <mainClass>org.apache.directory.CertificateUtil</mainClass>
+ </transformer>
+ </transformers>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
Added: directory/sandbox/kayyagari/cert-util/src/main/java/org/apache/directory/CertificateUtil.java
URL: http://svn.apache.org/viewvc/directory/sandbox/kayyagari/cert-util/src/main/java/org/apache/directory/CertificateUtil.java?rev=1667550&view=auto
==============================================================================
--- directory/sandbox/kayyagari/cert-util/src/main/java/org/apache/directory/CertificateUtil.java (added)
+++ directory/sandbox/kayyagari/cert-util/src/main/java/org/apache/directory/CertificateUtil.java Wed Mar 18 13:38:19 2015
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory;
+
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileReader;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import org.bouncycastle.openssl.PEMDecryptorProvider;
+import org.bouncycastle.openssl.PEMEncryptedKeyPair;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
+import org.bouncycastle.util.encoders.Base64;
+
+
+/**
+ * A utility class to parse a Keystore and create a LDIF entry
+ * used for updating the server's certificate and keys.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class CertificateUtil
+{
+ public static String createCertUpdateEntry( File certFile, File privateKeyFile, String password ) throws Exception
+ {
+ X509Certificate cert = null;
+
+ FileInputStream inStream = new FileInputStream( certFile );
+
+ CertificateFactory cf = CertificateFactory.getInstance( "X.509" );
+ try
+ {
+ cert = ( X509Certificate ) cf.generateCertificate( inStream );
+ }
+ catch( Exception e )
+ {
+ System.out.println( "Failed to parse the certificate from the file " + certFile + " make sure it is DER encoded" );
+ throw e;
+ }
+ finally
+ {
+ inStream.close();
+ }
+
+ PublicKey pubKey = cert.getPublicKey();
+
+ FileReader fr = new FileReader( privateKeyFile );
+ PEMParser parser = new PEMParser( fr );
+ Object obj = parser.readObject();
+ fr.close();
+
+ JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
+
+ KeyPair keyPair = null;
+
+ if ( obj instanceof PEMEncryptedKeyPair )
+ {
+ PEMEncryptedKeyPair pep = ( PEMEncryptedKeyPair ) obj;
+ PEMDecryptorProvider decrypter = new JcePEMDecryptorProviderBuilder().build( password.toCharArray() );
+ keyPair = converter.getKeyPair( pep.decryptKeyPair( decrypter ) );
+ }
+
+ PrivateKey privKey = keyPair.getPrivate();
+
+ StringBuilder sb = new StringBuilder();
+ sb.append( "\ndn: uid=admin,ou=system" );
+ sb.append( "\nchangetype: modify" );
+ sb.append( "\nreplace: publicKey" );
+ sb.append( "\npublicKey:: " ).append( Base64.toBase64String( pubKey.getEncoded() ) ).append( "\n" );
+
+ sb.append( "\ndn: uid=admin,ou=system" );
+ sb.append( "\nchangetype: modify" );
+ sb.append( "\nreplace: privateKey" );
+ sb.append( "\nprivateKey:: " ).append( Base64.toBase64String( privKey.getEncoded() ) ).append( "\n" );
+
+ sb.append( "\ndn: uid=admin,ou=system" );
+ sb.append( "\nchangetype: modify" );
+ sb.append( "\nreplace: userCertificate" );
+ sb.append( "\nuserCertificate:: " ).append( Base64.toBase64String( cert.getEncoded() ) ).append( "\n" );
+
+ return sb.toString();
+ }
+
+
+ public static void main( String[] args ) throws Exception
+ {
+ if( args.length < 3 )
+ {
+ System.out.println( "java -jar cert-utils.jar <cert-file> <private-key-file> <password>" );
+ System.exit( 0 );
+ }
+
+ File certFile = new File( args[0] );
+ File keyFile = new File( args[1] );
+
+ String ldif = createCertUpdateEntry( certFile, keyFile, args[2] );
+
+ System.out.println( ldif );
+ }
+}