import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
+import java.net.InetAddress;
import java.net.URI;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.KeyStore;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Dictionary;
import java.util.Hashtable;
import java.util.List;
+import javax.security.auth.x500.X500Principal;
+
import org.apache.commons.io.FileUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
String httpPort = getFrameworkProp("org.osgi.service.http.port");
String httpsPort = getFrameworkProp("org.osgi.service.http.port.secure");
/// TODO make it more generic
- String httpHost = getFrameworkProp("org.eclipse.equinox.http.jetty.http.host");
+ String httpHost = getFrameworkProp(JettyConstants.PROPERTY_PREFIX + '.' + JettyConstants.HTTP_HOST);
+ String httpsHost = getFrameworkProp(JettyConstants.PROPERTY_PREFIX + '.' + JettyConstants.HTTPS_HOST);
final Hashtable<String, Object> props = new Hashtable<String, Object>();
// try {
if (httpsPort != null) {
props.put(JettyConstants.HTTPS_PORT, httpsPort);
props.put(JettyConstants.HTTPS_ENABLED, true);
+ Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
+ String keyStorePassword = getFrameworkProp(
+ JettyConstants.PROPERTY_PREFIX + '.' + JettyConstants.SSL_PASSWORD);
+ if (keyStorePassword == null)
+ keyStorePassword = "changeit";
+ if (!Files.exists(keyStorePath))
+ createSelfSignedKeyStore(keyStorePath);
props.put(JettyConstants.SSL_KEYSTORETYPE, "PKCS12");
- props.put(JettyConstants.SSL_KEYSTORE, "../../ssl/server.p12");
- // jettyProps.put(JettyConstants.SSL_KEYSTORE,
- // nodeSecurity.getHttpServerKeyStore().getCanonicalPath());
- props.put(JettyConstants.SSL_PASSWORD, "changeit");
+ props.put(JettyConstants.SSL_KEYSTORE, keyStorePath.toString());
+ props.put(JettyConstants.SSL_PASSWORD, keyStorePassword);
props.put(JettyConstants.SSL_WANTCLIENTAUTH, true);
}
- if (httpHost != null) {
+ if (httpHost != null)
props.put(JettyConstants.HTTP_HOST, httpHost);
- }
+ if (httpsHost != null)
+ props.put(JettyConstants.HTTPS_HOST, httpHost);
+
props.put(NodeConstants.CN, NodeConstants.DEFAULT);
}
return props;
}
}
+ private void createSelfSignedKeyStore(Path keyStorePath) {
+ // for (Provider provider : Security.getProviders())
+ // System.out.println(provider.getName());
+ File keyStoreFile = keyStorePath.toFile();
+ char[] ksPwd = "changeit".toCharArray();
+ char[] keyPwd = Arrays.copyOf(ksPwd, ksPwd.length);
+ if (!keyStoreFile.exists()) {
+ try {
+ keyStoreFile.getParentFile().mkdirs();
+ KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd);
+ PkiUtils.generateSelfSignedCertificate(keyStore,
+ new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
+ 1024, keyPwd);
+ PkiUtils.saveKeyStore(keyStoreFile, ksPwd, keyStore);
+ if (log.isDebugEnabled())
+ log.debug("Created self-signed unsecure keystore " + keyStoreFile);
+ } catch (Exception e) {
+ if (keyStoreFile.length() == 0)
+ keyStoreFile.delete();
+ log.error("Cannot create keystore " + keyStoreFile, e);
+ }
+ } else {
+ throw new CmsException("Keystore " + keyStorePath + " already exists");
+ }
+ }
+
}
kpGen.initialize(keySize, new SecureRandom());
KeyPair pair = kpGen.generateKeyPair();
Date notBefore = new Date(System.currentTimeMillis() - 10000);
- Date notAfter = new Date(System.currentTimeMillis() + 24L * 3600 * 1000);
+ Date notAfter = new Date(System.currentTimeMillis() + 365 * 24L * 3600 * 1000);
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(x500Principal, serial, notBefore,
notAfter, x500Principal, pair.getPublic());
long begin = System.currentTimeMillis();
for (int i = 512; i < 1024; i = i + 2) {
try {
- KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM,provider);
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM, provider);
keyGen.initialize(i, secureRandom);
keyGen.generateKeyPair();
} catch (Exception e) {
System.err.println(i + " : " + e.getMessage());
}
}
- System.out.println( (System.currentTimeMillis() - begin) + " ms");
+ System.out.println((System.currentTimeMillis() - begin) + " ms");
-// // String text = "a";
-// String text = "testtesttesttesttesttesttesttesttesttesttesttesttesttesttest";
-// try {
-// System.out.println(text);
-// PrivateKey privateKey;
-// PublicKey publicKey;
-// char[] password = "changeit".toCharArray();
-// String alias = "CN=test";
-// KeyStore keyStore = KeyStore.getInstance("pkcs12");
-// File p12file = new File("test.p12");
-// p12file.delete();
-// if (!p12file.exists()) {
-// keyStore.load(null);
-// generateSelfSignedCertificate(keyStore, new X500Principal(alias), 513, password);
-// try (OutputStream out = new FileOutputStream(p12file)) {
-// keyStore.store(out, password);
-// }
-// }
-// try (InputStream in = new FileInputStream(p12file)) {
-// keyStore.load(in, password);
-// privateKey = (PrivateKey) keyStore.getKey(alias, password);
-// publicKey = keyStore.getCertificateChain(alias)[0].getPublicKey();
-// }
-// // KeyPair key;
-// // final KeyPairGenerator keyGen =
-// // KeyPairGenerator.getInstance(ALGORITHM);
-// // keyGen.initialize(4096, new SecureRandom());
-// // long begin = System.currentTimeMillis();
-// // key = keyGen.generateKeyPair();
-// // System.out.println((System.currentTimeMillis() - begin) + " ms");
-// // keyStore.load(null);
-// // keyStore.setKeyEntry("test", key.getPrivate(), password, null);
-// // try(OutputStream out=new FileOutputStream(p12file)) {
-// // keyStore.store(out, password);
-// // }
-// // privateKey = key.getPrivate();
-// // publicKey = key.getPublic();
-//
-// Cipher encrypt = Cipher.getInstance(ALGORITHM);
-// encrypt.init(Cipher.ENCRYPT_MODE, publicKey);
-// byte[] encrypted = encrypt.doFinal(text.getBytes());
-// String encryptedBase64 = Base64.getEncoder().encodeToString(encrypted);
-// System.out.println(encryptedBase64);
-// byte[] encryptedFromBase64 = Base64.getDecoder().decode(encryptedBase64);
-//
-// Cipher decrypt = Cipher.getInstance(ALGORITHM);
-// decrypt.init(Cipher.DECRYPT_MODE, privateKey);
-// byte[] decrypted = decrypt.doFinal(encryptedFromBase64);
-// System.out.println(new String(decrypted));
-// } catch (Exception e) {
-// e.printStackTrace();
-// }
+ // // String text = "a";
+ // String text =
+ // "testtesttesttesttesttesttesttesttesttesttesttesttesttesttest";
+ // try {
+ // System.out.println(text);
+ // PrivateKey privateKey;
+ // PublicKey publicKey;
+ // char[] password = "changeit".toCharArray();
+ // String alias = "CN=test";
+ // KeyStore keyStore = KeyStore.getInstance("pkcs12");
+ // File p12file = new File("test.p12");
+ // p12file.delete();
+ // if (!p12file.exists()) {
+ // keyStore.load(null);
+ // generateSelfSignedCertificate(keyStore, new X500Principal(alias),
+ // 513, password);
+ // try (OutputStream out = new FileOutputStream(p12file)) {
+ // keyStore.store(out, password);
+ // }
+ // }
+ // try (InputStream in = new FileInputStream(p12file)) {
+ // keyStore.load(in, password);
+ // privateKey = (PrivateKey) keyStore.getKey(alias, password);
+ // publicKey = keyStore.getCertificateChain(alias)[0].getPublicKey();
+ // }
+ // // KeyPair key;
+ // // final KeyPairGenerator keyGen =
+ // // KeyPairGenerator.getInstance(ALGORITHM);
+ // // keyGen.initialize(4096, new SecureRandom());
+ // // long begin = System.currentTimeMillis();
+ // // key = keyGen.generateKeyPair();
+ // // System.out.println((System.currentTimeMillis() - begin) + " ms");
+ // // keyStore.load(null);
+ // // keyStore.setKeyEntry("test", key.getPrivate(), password, null);
+ // // try(OutputStream out=new FileOutputStream(p12file)) {
+ // // keyStore.store(out, password);
+ // // }
+ // // privateKey = key.getPrivate();
+ // // publicKey = key.getPublic();
+ //
+ // Cipher encrypt = Cipher.getInstance(ALGORITHM);
+ // encrypt.init(Cipher.ENCRYPT_MODE, publicKey);
+ // byte[] encrypted = encrypt.doFinal(text.getBytes());
+ // String encryptedBase64 =
+ // Base64.getEncoder().encodeToString(encrypted);
+ // System.out.println(encryptedBase64);
+ // byte[] encryptedFromBase64 =
+ // Base64.getDecoder().decode(encryptedBase64);
+ //
+ // Cipher decrypt = Cipher.getInstance(ALGORITHM);
+ // decrypt.init(Cipher.DECRYPT_MODE, privateKey);
+ // byte[] decrypted = decrypt.doFinal(encryptedFromBase64);
+ // System.out.println(new String(decrypted));
+ // } catch (Exception e) {
+ // e.printStackTrace();
+ // }
}