commit | author | age
|
f13c4c
|
1 |
/*
|
JM |
2 |
* Copyright 2011 gitblit.com.
|
|
3 |
*
|
|
4 |
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
5 |
* you may not use this file except in compliance with the License.
|
|
6 |
* You may obtain a copy of the License at
|
|
7 |
*
|
|
8 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
9 |
*
|
|
10 |
* Unless required by applicable law or agreed to in writing, software
|
|
11 |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
12 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13 |
* See the License for the specific language governing permissions and
|
|
14 |
* limitations under the License.
|
|
15 |
*/
|
a92997
|
16 |
package com.gitblit;
|
JM |
17 |
|
|
18 |
import java.io.File;
|
|
19 |
import java.io.FileInputStream;
|
|
20 |
import java.io.FileOutputStream;
|
|
21 |
import java.math.BigInteger;
|
|
22 |
import java.security.KeyPair;
|
|
23 |
import java.security.KeyPairGenerator;
|
|
24 |
import java.security.KeyStore;
|
|
25 |
import java.security.SecureRandom;
|
|
26 |
import java.security.Security;
|
|
27 |
import java.security.cert.X509Certificate;
|
|
28 |
import java.util.Date;
|
|
29 |
|
|
30 |
import javax.security.auth.x500.X500Principal;
|
|
31 |
|
|
32 |
import org.bouncycastle.asn1.x500.X500NameBuilder;
|
|
33 |
import org.bouncycastle.asn1.x500.style.BCStyle;
|
|
34 |
import org.bouncycastle.cert.X509v3CertificateBuilder;
|
|
35 |
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
|
|
36 |
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
|
|
37 |
import org.bouncycastle.operator.ContentSigner;
|
|
38 |
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
|
|
39 |
|
|
40 |
import com.beust.jcommander.JCommander;
|
|
41 |
import com.beust.jcommander.Parameter;
|
|
42 |
import com.beust.jcommander.ParameterException;
|
|
43 |
import com.beust.jcommander.Parameters;
|
2a7306
|
44 |
import com.gitblit.utils.TimeUtils;
|
a92997
|
45 |
|
JM |
46 |
public class MakeCertificate {
|
db653a
|
47 |
|
2a7306
|
48 |
private static final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;
|
a92997
|
49 |
|
JM |
50 |
public static void main(String... args) {
|
|
51 |
Params params = new Params();
|
|
52 |
JCommander jc = new JCommander(params);
|
|
53 |
try {
|
|
54 |
jc.parse(args);
|
|
55 |
} catch (ParameterException t) {
|
2a7306
|
56 |
System.err.println(t.getMessage());
|
a92997
|
57 |
jc.usage();
|
JM |
58 |
}
|
|
59 |
File keystore = new File("keystore");
|
d39680
|
60 |
generateSelfSignedCertificate(params.hostname, keystore, params.storePassword, params.subject);
|
a92997
|
61 |
}
|
2a7306
|
62 |
|
JM |
63 |
public static void generateSelfSignedCertificate(String hostname, File keystore,
|
|
64 |
String keystorePassword) {
|
a92997
|
65 |
try {
|
JM |
66 |
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
|
|
67 |
|
|
68 |
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
|
|
69 |
kpGen.initialize(1024, new SecureRandom());
|
|
70 |
KeyPair pair = kpGen.generateKeyPair();
|
|
71 |
|
|
72 |
// Generate self-signed certificate
|
|
73 |
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
|
|
74 |
builder.addRDN(BCStyle.OU, Constants.NAME);
|
|
75 |
builder.addRDN(BCStyle.O, Constants.NAME);
|
|
76 |
builder.addRDN(BCStyle.CN, hostname);
|
|
77 |
|
2a7306
|
78 |
Date notBefore = new Date(System.currentTimeMillis() - TimeUtils.ONEDAY);
|
JM |
79 |
Date notAfter = new Date(System.currentTimeMillis() + 10 * TimeUtils.ONEYEAR);
|
a92997
|
80 |
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
|
JM |
81 |
|
2a7306
|
82 |
X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(),
|
JM |
83 |
serial, notBefore, notAfter, builder.build(), pair.getPublic());
|
|
84 |
ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
|
|
85 |
.setProvider(BC).build(pair.getPrivate());
|
|
86 |
X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC)
|
|
87 |
.getCertificate(certGen.build(sigGen));
|
a92997
|
88 |
cert.checkValidity(new Date());
|
JM |
89 |
cert.verify(cert.getPublicKey());
|
|
90 |
|
2a7306
|
91 |
// Save to keystore
|
a92997
|
92 |
KeyStore store = KeyStore.getInstance("JKS");
|
JM |
93 |
if (keystore.exists()) {
|
|
94 |
FileInputStream fis = new FileInputStream(keystore);
|
|
95 |
store.load(fis, keystorePassword.toCharArray());
|
2a7306
|
96 |
fis.close();
|
a92997
|
97 |
} else {
|
JM |
98 |
store.load(null);
|
|
99 |
}
|
2a7306
|
100 |
store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(),
|
JM |
101 |
new java.security.cert.Certificate[] { cert });
|
|
102 |
FileOutputStream fos = new FileOutputStream(keystore);
|
|
103 |
store.store(fos, keystorePassword.toCharArray());
|
|
104 |
fos.close();
|
a92997
|
105 |
} catch (Throwable t) {
|
JM |
106 |
t.printStackTrace();
|
|
107 |
throw new RuntimeException("Failed to generate self-signed certificate!", t);
|
|
108 |
}
|
|
109 |
}
|
2a7306
|
110 |
|
JM |
111 |
public static void generateSelfSignedCertificate(String hostname, File keystore,
|
|
112 |
String keystorePassword, String info) {
|
a92997
|
113 |
try {
|
JM |
114 |
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
|
|
115 |
|
|
116 |
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
|
|
117 |
kpGen.initialize(1024, new SecureRandom());
|
|
118 |
KeyPair pair = kpGen.generateKeyPair();
|
|
119 |
|
|
120 |
// Generate self-signed certificate
|
|
121 |
X500Principal principal = new X500Principal(info);
|
2a7306
|
122 |
|
JM |
123 |
Date notBefore = new Date(System.currentTimeMillis() - TimeUtils.ONEDAY);
|
|
124 |
Date notAfter = new Date(System.currentTimeMillis() + 10 * TimeUtils.ONEYEAR);
|
a92997
|
125 |
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
|
JM |
126 |
|
2a7306
|
127 |
X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(principal, serial,
|
JM |
128 |
notBefore, notAfter, principal, pair.getPublic());
|
|
129 |
ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
|
|
130 |
.setProvider(BC).build(pair.getPrivate());
|
|
131 |
X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC)
|
|
132 |
.getCertificate(certGen.build(sigGen));
|
a92997
|
133 |
cert.checkValidity(new Date());
|
JM |
134 |
cert.verify(cert.getPublicKey());
|
|
135 |
|
2a7306
|
136 |
// Save to keystore
|
a92997
|
137 |
KeyStore store = KeyStore.getInstance("JKS");
|
JM |
138 |
if (keystore.exists()) {
|
|
139 |
FileInputStream fis = new FileInputStream(keystore);
|
|
140 |
store.load(fis, keystorePassword.toCharArray());
|
2a7306
|
141 |
fis.close();
|
a92997
|
142 |
} else {
|
JM |
143 |
store.load(null);
|
|
144 |
}
|
2a7306
|
145 |
store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(),
|
JM |
146 |
new java.security.cert.Certificate[] { cert });
|
|
147 |
FileOutputStream fos = new FileOutputStream(keystore);
|
|
148 |
store.store(fos, keystorePassword.toCharArray());
|
|
149 |
fos.close();
|
a92997
|
150 |
} catch (Throwable t) {
|
JM |
151 |
t.printStackTrace();
|
|
152 |
throw new RuntimeException("Failed to generate self-signed certificate!", t);
|
|
153 |
}
|
|
154 |
}
|
2a7306
|
155 |
|
a92997
|
156 |
@Parameters(separators = " ")
|
JM |
157 |
private static class Params {
|
|
158 |
|
28d6b2
|
159 |
private static final FileSettings FILESETTINGS = new FileSettings(Constants.PROPERTIES_FILE);
|
db653a
|
160 |
|
d39680
|
161 |
@Parameter(names = { "--hostname" }, description = "Server Hostname", required = true)
|
JM |
162 |
public String hostname;
|
2a7306
|
163 |
|
a92997
|
164 |
@Parameter(names = { "--subject" }, description = "Certificate subject", required = true)
|
2a7306
|
165 |
public String subject;
|
a92997
|
166 |
|
JM |
167 |
@Parameter(names = "--storePassword", description = "Password for SSL (https) keystore.")
|
2a7306
|
168 |
public String storePassword = FILESETTINGS.getString(Keys.server.storePassword, "");
|
a92997
|
169 |
}
|
JM |
170 |
}
|