githubFork/gitblit.git - Solinfo Gitblit

James Moger

2011-06-28 d39680e9f54322ddcb40b00503a8ee30aee6c99c

commit \| author \| age
f13c4c	1	/*
JM	2	* Copyright 2011 gitblit.com.
	3	*
	4	* Licensed under the Apache License, Version 2.0 (the "License");
	5	* you may not use this file except in compliance with the License.
	6	* You may obtain a copy of the License at
	7	*
	8	* http://www.apache.org/licenses/LICENSE-2.0
	9	*
	10	* Unless required by applicable law or agreed to in writing, software
	11	* distributed under the License is distributed on an "AS IS" BASIS,
	12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	13	* See the License for the specific language governing permissions and
	14	* limitations under the License.
	15	*/
a92997	16	package com.gitblit;
JM	17
	18	import java.io.File;
	19	import java.io.FileInputStream;
	20	import java.io.FileOutputStream;
	21	import java.math.BigInteger;
	22	import java.security.KeyPair;
	23	import java.security.KeyPairGenerator;
	24	import java.security.KeyStore;
	25	import java.security.SecureRandom;
	26	import java.security.Security;
	27	import java.security.cert.X509Certificate;
	28	import java.util.Date;
	29
	30	import javax.security.auth.x500.X500Principal;
	31
	32	import org.bouncycastle.asn1.x500.X500NameBuilder;
	33	import org.bouncycastle.asn1.x500.style.BCStyle;
	34	import org.bouncycastle.cert.X509v3CertificateBuilder;
	35	import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
	36	import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
	37	import org.bouncycastle.operator.ContentSigner;
	38	import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
	39
	40	import com.beust.jcommander.JCommander;
	41	import com.beust.jcommander.Parameter;
	42	import com.beust.jcommander.ParameterException;
	43	import com.beust.jcommander.Parameters;
2a7306	44	import com.gitblit.utils.TimeUtils;
a92997	45
JM	46	public class MakeCertificate {
db653a	47
2a7306	48	private static final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;
a92997	49
JM	50	public static void main(String... args) {
	51	Params params = new Params();
	52	JCommander jc = new JCommander(params);
	53	try {
	54	jc.parse(args);
	55	} catch (ParameterException t) {
2a7306	56	System.err.println(t.getMessage());
a92997	57	jc.usage();
JM	58	}
	59	File keystore = new File("keystore");
d39680	60	generateSelfSignedCertificate(params.hostname, keystore, params.storePassword, params.subject);
a92997	61	}
2a7306	62
JM	63	public static void generateSelfSignedCertificate(String hostname, File keystore,
	64	String keystorePassword) {
a92997	65	try {
JM	66	Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
	67
	68	KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
	69	kpGen.initialize(1024, new SecureRandom());
	70	KeyPair pair = kpGen.generateKeyPair();
	71
	72	// Generate self-signed certificate
	73	X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
	74	builder.addRDN(BCStyle.OU, Constants.NAME);
	75	builder.addRDN(BCStyle.O, Constants.NAME);
	76	builder.addRDN(BCStyle.CN, hostname);
	77
2a7306	78	Date notBefore = new Date(System.currentTimeMillis() - TimeUtils.ONEDAY);
JM	79	Date notAfter = new Date(System.currentTimeMillis() + 10 * TimeUtils.ONEYEAR);
a92997	80	BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
JM	81
2a7306	82	X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(),
JM	83	serial, notBefore, notAfter, builder.build(), pair.getPublic());
	84	ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
	85	.setProvider(BC).build(pair.getPrivate());
	86	X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC)
	87	.getCertificate(certGen.build(sigGen));
a92997	88	cert.checkValidity(new Date());
JM	89	cert.verify(cert.getPublicKey());
	90
2a7306	91	// Save to keystore
a92997	92	KeyStore store = KeyStore.getInstance("JKS");
JM	93	if (keystore.exists()) {
	94	FileInputStream fis = new FileInputStream(keystore);
	95	store.load(fis, keystorePassword.toCharArray());
2a7306	96	fis.close();
a92997	97	} else {
JM	98	store.load(null);
	99	}
2a7306	100	store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(),
JM	101	new java.security.cert.Certificate[] { cert });
	102	FileOutputStream fos = new FileOutputStream(keystore);
	103	store.store(fos, keystorePassword.toCharArray());
	104	fos.close();
a92997	105	} catch (Throwable t) {
JM	106	t.printStackTrace();
	107	throw new RuntimeException("Failed to generate self-signed certificate!", t);
	108	}
	109	}
2a7306	110
JM	111	public static void generateSelfSignedCertificate(String hostname, File keystore,
	112	String keystorePassword, String info) {
a92997	113	try {
JM	114	Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
	115
	116	KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
	117	kpGen.initialize(1024, new SecureRandom());
	118	KeyPair pair = kpGen.generateKeyPair();
	119
	120	// Generate self-signed certificate
	121	X500Principal principal = new X500Principal(info);
2a7306	122
JM	123	Date notBefore = new Date(System.currentTimeMillis() - TimeUtils.ONEDAY);
	124	Date notAfter = new Date(System.currentTimeMillis() + 10 * TimeUtils.ONEYEAR);
a92997	125	BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
JM	126
2a7306	127	X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(principal, serial,
JM	128	notBefore, notAfter, principal, pair.getPublic());
	129	ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
	130	.setProvider(BC).build(pair.getPrivate());
	131	X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC)
	132	.getCertificate(certGen.build(sigGen));
a92997	133	cert.checkValidity(new Date());
JM	134	cert.verify(cert.getPublicKey());
	135
2a7306	136	// Save to keystore
a92997	137	KeyStore store = KeyStore.getInstance("JKS");
JM	138	if (keystore.exists()) {
	139	FileInputStream fis = new FileInputStream(keystore);
	140	store.load(fis, keystorePassword.toCharArray());
2a7306	141	fis.close();
a92997	142	} else {
JM	143	store.load(null);
	144	}
2a7306	145	store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(),
JM	146	new java.security.cert.Certificate[] { cert });
	147	FileOutputStream fos = new FileOutputStream(keystore);
	148	store.store(fos, keystorePassword.toCharArray());
	149	fos.close();
a92997	150	} catch (Throwable t) {
JM	151	t.printStackTrace();
	152	throw new RuntimeException("Failed to generate self-signed certificate!", t);
	153	}
	154	}
2a7306	155
a92997	156	@Parameters(separators = " ")
JM	157	private static class Params {
	158
28d6b2	159	private static final FileSettings FILESETTINGS = new FileSettings(Constants.PROPERTIES_FILE);
db653a	160
d39680	161	@Parameter(names = { "--hostname" }, description = "Server Hostname", required = true)
JM	162	public String hostname;
2a7306	163
a92997	164	@Parameter(names = { "--subject" }, description = "Certificate subject", required = true)
2a7306	165	public String subject;
a92997	166
JM	167	@Parameter(names = "--storePassword", description = "Password for SSL (https) keystore.")
2a7306	168	public String storePassword = FILESETTINGS.getString(Keys.server.storePassword, "");
a92997	169	}
JM	170	}