GitHub-Spring
/
spring-authorization-server
mirror of https://github.com/spring-projects/spring-authorization-server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add self-signed certificate for the demo-client sample to X509Certificate generator 

Issue gh-1559
pull/1609/head
Joe Grandja 2 years ago
parent
79fe240d1e
commit
9f9bf65cbd
1 changed files with 38 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 52
      samples/x509-certificate-generator/src/main/java/sample/X509CertificateGeneratorApplication.java

52
samples/x509-certificate-generator/src/main/java/sample/X509CertificateGeneratorApplication.java
Unescape View File

@ -15,6 +15,7 @@ @@ -15,6 +15,7 @@
*/
package sample;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.StringWriter;
import java.nio.file.Files;
@ -54,7 +55,7 @@ public class X509CertificateGeneratorApplication implements CommandLineRunner { @@ -54,7 +55,7 @@ public class X509CertificateGeneratorApplication implements CommandLineRunner {
KeyPair rootKeyPair = BouncyCastleUtils.generateRSAKeyPair();
X509Certificate rootCertificate = BouncyCastleUtils.createTrustAnchorCertificate(rootKeyPair, distinguishedName);
writeCertificatePEMEncoded(rootCertificate, "./samples/x509-certificate-generator/generated/" + commonName + ".pem");
createKeystoreFile(rootKeyPair, new Certificate[] {rootCertificate}, commonName,
writeKeystore(rootKeyPair, new Certificate[] {rootCertificate}, commonName,
null, "./samples/x509-certificate-generator/generated/" + commonName + "-keystore.p12");
TrustedCertificateHolder[] rootTrustedCertificate = { new TrustedCertificateHolder(rootCertificate, rootCommonName) };
@ -66,7 +67,7 @@ public class X509CertificateGeneratorApplication implements CommandLineRunner { @@ -66,7 +67,7 @@ public class X509CertificateGeneratorApplication implements CommandLineRunner {
X509Certificate caCertificate = BouncyCastleUtils.createCACertificate(
rootCertificate, rootKeyPair.getPrivate(), caKeyPair.getPublic(), distinguishedName);
writeCertificatePEMEncoded(caCertificate, "./samples/x509-certificate-generator/generated/" + commonName + ".pem");
createKeystoreFile(caKeyPair, new Certificate[] {caCertificate, rootCertificate}, commonName,
writeKeystore(caKeyPair, new Certificate[] {caCertificate, rootCertificate}, commonName,
rootTrustedCertificate, "./samples/x509-certificate-generator/generated/" + commonName + "-keystore.p12");
TrustedCertificateHolder[] caTrustedCertificate = { new TrustedCertificateHolder(caCertificate, caCommonName) };
@ -77,9 +78,22 @@ public class X509CertificateGeneratorApplication implements CommandLineRunner { @@ -77,9 +78,22 @@ public class X509CertificateGeneratorApplication implements CommandLineRunner {
X509Certificate demoClientCertificate = BouncyCastleUtils.createEndEntityCertificate(
caCertificate, caKeyPair.getPrivate(), demoClientKeyPair.getPublic(), distinguishedName);
demoClientCertificate.verify(caCertificate.getPublicKey(), BC_PROVIDER);
createKeystoreFile(demoClientKeyPair, new Certificate[] {demoClientCertificate, caCertificate, rootCertificate}, commonName,
writeKeystore(demoClientKeyPair, new Certificate[] {demoClientCertificate, caCertificate, rootCertificate}, commonName,
caTrustedCertificate, "./samples/demo-client/src/main/resources/keystore.p12");
// Generate a self-signed certificate and keystore file for the demo-client sample
commonName = "demo-client-sample";
distinguishedName = "CN=" + commonName + ", " + baseDistinguishedName;
String alias = "self-signed-" + commonName;
KeyPair selfSignedDemoClientKeyPair = BouncyCastleUtils.generateRSAKeyPair();
X509Certificate selfSignedDemoClientCertificate = BouncyCastleUtils.createTrustAnchorCertificate(selfSignedDemoClientKeyPair, distinguishedName);
writeKeystore(selfSignedDemoClientKeyPair, new Certificate[] {selfSignedDemoClientCertificate}, alias,
caTrustedCertificate, "./samples/demo-client/src/main/resources/keystore-self-signed.p12");
TrustedCertificateHolder[] trustedCertificates = {
caTrustedCertificate[0],
new TrustedCertificateHolder(selfSignedDemoClientCertificate, alias)
};
// Generate the certificate and keystore file for the messages-resource sample
commonName = "messages-resource-sample";
distinguishedName = "CN=" + commonName + ", " + baseDistinguishedName;
@ -87,8 +101,8 @@ public class X509CertificateGeneratorApplication implements CommandLineRunner { @@ -87,8 +101,8 @@ public class X509CertificateGeneratorApplication implements CommandLineRunner {
X509Certificate messagesResourceCertificate = BouncyCastleUtils.createEndEntityCertificate(
caCertificate, caKeyPair.getPrivate(), messagesResourceKeyPair.getPublic(), distinguishedName);
messagesResourceCertificate.verify(caCertificate.getPublicKey(), BC_PROVIDER);
createKeystoreFile(messagesResourceKeyPair, new Certificate[] {messagesResourceCertificate, caCertificate, rootCertificate}, commonName,
caTrustedCertificate, "./samples/messages-resource/src/main/resources/keystore.p12");
writeKeystore(messagesResourceKeyPair, new Certificate[] {messagesResourceCertificate, caCertificate, rootCertificate}, commonName,
trustedCertificates, "./samples/messages-resource/src/main/resources/keystore.p12");
// Generate the certificate and keystore file for the demo-authorizationserver sample
commonName = "demo-authorizationserver-sample";
@ -97,28 +111,38 @@ public class X509CertificateGeneratorApplication implements CommandLineRunner { @@ -97,28 +111,38 @@ public class X509CertificateGeneratorApplication implements CommandLineRunner {
X509Certificate demoAuthorizationServerCertificate = BouncyCastleUtils.createEndEntityCertificate(
caCertificate, caKeyPair.getPrivate(), demoAuthorizationServerKeyPair.getPublic(), distinguishedName);
demoAuthorizationServerCertificate.verify(caCertificate.getPublicKey(), BC_PROVIDER);
createKeystoreFile(demoAuthorizationServerKeyPair, new Certificate[] {demoAuthorizationServerCertificate, caCertificate, rootCertificate}, commonName,
caTrustedCertificate, "./samples/demo-authorizationserver/src/main/resources/keystore.p12");
writeKeystore(demoAuthorizationServerKeyPair, new Certificate[] {demoAuthorizationServerCertificate, caCertificate, rootCertificate}, commonName,
trustedCertificates, "./samples/demo-authorizationserver/src/main/resources/keystore.p12");
}
private static void createKeystoreFile(KeyPair keyPair, Certificate[] certificateChain, String alias,
private static void writeKeystore(KeyPair keyPair, Certificate[] certificateChain, String alias,
TrustedCertificateHolder[] trustedCertificates, String fileName) throws Exception {
Path path = Paths.get(fileName);
Path parent = path.getParent();
if (parent != null && Files.notExists(parent)) {
Files.createDirectories(parent);
}
KeyStore keyStore = KeyStore.getInstance("PKCS12", BC_PROVIDER);
keyStore.load(null, null);
if (Files.exists(path)) {
FileInputStream fis = new FileInputStream(fileName);
keyStore.load(fis, "password".toCharArray());
fis.close();
} else {
keyStore.load(null, null);
}
keyStore.setKeyEntry(alias, keyPair.getPrivate(), "password".toCharArray(), certificateChain);
if (trustedCertificates != null && trustedCertificates.length > 0) {
for (TrustedCertificateHolder trustedCertificate : trustedCertificates) {
keyStore.setCertificateEntry(trustedCertificate.alias, trustedCertificate.certificate);
}
}
Path path = Paths.get(fileName);
Path parent = path.getParent();
if (parent != null && Files.notExists(parent)) {
Files.createDirectories(parent);
}
FileOutputStream fos = new FileOutputStream(fileName);
keyStore.store(fos, "password".toCharArray());
fos.close();
}
private static void writeCertificatePEMEncoded(Certificate certificate, String fileName) throws Exception {

Write Preview
Loading…
Cancel
Save