public class SSLCertGenUtil
extends java.lang.Object
The private keys will be saved under the "/security/certificates/private-keys/" node.
The company information (used to build the certificate's subject) will be saved under the "/security/certificates/company/" node. If the node does not already exist, it will ask the user for the information.
Modifier and Type | Field and Description |
---|---|
private java.security.KeyStore |
accCertStore
Store where to add the certificates associated with non-server accounts.
|
private java.security.KeyStore |
accKeyStore
Store where to add the private keys for the certificates associated with non-server
accounts.
|
private java.util.Set<java.lang.String> |
aliases
All the collected aliases from the defined accounts.
|
private static java.lang.String |
CERT_VALIDITY_YEARS_NODE
Constant identifying the name of the company node containing the certificate validity.
|
private BootstrapConfig |
cfg
Configuration used to initialize the directory.
|
private java.util.Map<java.lang.String,java.lang.String> |
company
Map identifying the company attributes.
|
private int |
currentInputIdx
Current index in the
inputs , if set. |
private java.util.Map<java.lang.String,java.lang.String> |
directoryPasswords
The passwords used to encrypt the directory private keys.
|
private DirectoryService |
ds
Instance to access the directory.
|
private SSLCertFactory |
factory
Factory to generate the SSL certificate.
|
private java.lang.String[] |
inputs
Array from where to read the input.
|
private java.util.Map<java.lang.String,java.lang.String> |
keyEntryPasswords
The random passwords used to encrypt the private keys in their
KeyStore , per each
alias. |
private java.lang.String |
masterPassword
The master password to encrypt all private keys, in the directory.
|
private java.io.BufferedReader |
reader
Read data from the standard input.
|
private boolean |
reusePasswords
Flag indicating if passwords are reused from the directory.
|
private boolean |
reuseRootCA
Flag indicating if the existing root CA is re-used.
|
private static java.lang.String |
ROOT_CA_NODE
Constant identifying the CAs node in the directory.
|
private static java.lang.String |
ROOT_CERT_COMMON_NAME
Constant identifying the common name node in the directory.
|
private static java.lang.String |
ROOT_CERTIFICATES_NODE
Constant identifying the security/certificates node in the directory.
|
private static java.lang.String |
ROOT_COMPANY_NODE
Constant identifying the company information node in the directory.
|
private static java.lang.String |
ROOT_PEER_NODE
Constant identifying the peer certs node in the directory.
|
private static java.lang.String |
ROOT_PRIVATE_KEYS_NODE
Constant identifying the private keys container node in the directory.
|
private static java.lang.String |
ROOT_PROCESSES_NODE
Constant identifying the process accounts node in the directory.
|
private static java.lang.String |
ROOT_USERS_NODE
Constant identifying the user accounts node in the directory.
|
private java.lang.String |
rootCAAlias
Alias for the root CA.
|
private java.lang.String |
rootCAPassword
Password for the root CA (if reused).
|
private static java.lang.String |
RSA_PRIVATE_KEY_STRENGTH
Constant identifying the name of the company node containing the RSA private key strength.
|
private static java.lang.String |
RSA_PUBLIC_EXPONENT
Constant identifying the name of the company node containing the RSA public exponent.
|
private java.util.Set<java.lang.String> |
serverAliases
All the aliases associated with server processes.
|
private java.security.KeyStore |
trustCertStore
Store where to add the trusted certificates (servers and CAs).
|
private java.security.KeyStore |
trustKeyStore
Store where to add the private keys for the trusted certificates.
|
private int |
validity
The certificate's validity, in years.
|
private static java.lang.String[] |
YES_NO
Valid entries for yes/no options.
|
Constructor and Description |
---|
SSLCertGenUtil(BootstrapConfig config)
Create a new utility.
|
Modifier and Type | Method and Description |
---|---|
private void |
addNode(java.lang.String nodeId,
java.lang.String cls,
Attribute[] attrs)
Add a new node to the directory, having the specified class and attributes.
|
private void |
addNode(java.lang.String nodeId,
java.lang.String cls,
java.lang.Object value)
Add a new node to the directory, having the specified class and a single attribute
with the same class and specified value.
|
private void |
closeBatch(java.lang.String node)
Close a batch editing session.
|
private java.lang.String |
createAES256BitKey()
Create a random 256-bit password to be used as an AES encryption key.
|
private java.lang.String |
createAES256BitKey(java.lang.String alias)
Create a random 256-bit password to be used as an AES encryption key.
|
private java.security.KeyStore |
createEmptyStore()
Create an empty store, to hold either private keys or certificates.
|
private void |
deleteNode(java.lang.String nodeId)
Delete the specified node and all of its children.
|
void |
generate()
Main method to (re)generate the root CA, peer certificates and private keys.
|
private void |
generateCertificates()
Generate peer certificates for all
aliases . |
private void |
generateRootCA()
Generate the root CA.
|
static void |
main(java.lang.String[] args)
Command line driver.
|
private void |
openBatch(java.lang.String node)
Open a batch editing session for the specified node.
|
private void |
readAccounts(java.lang.String rootNode)
Read all the accounts which have an alias specified.
|
private void |
readCompanyConfiguration()
Read the existing company configuration from the directory or, if missing, read it from
the standard input.
|
private java.lang.String |
readLine(java.lang.String txt)
Read a line of text using the created
reader . |
private java.lang.String |
readOption(java.lang.String msg,
java.lang.String[] valid)
Ask the user to enter one of the specified valid options, using the given message.
|
private java.lang.String |
readPassword(java.lang.String alias)
Get the reused password or generate a new one, for the given alias.
|
private void |
saveCertificate(java.lang.String alias,
java.security.KeyStore certStore,
java.lang.String parentNode)
Save the certificate for the specified alias in the directory, under the specified parent
node.
|
private void |
saveCertificates()
Save all the peer certificates and their private keys in the directory.
|
private void |
savePrivateKey(java.lang.String alias,
java.security.KeyStore privateKeyStore)
Save the private key for the specified alias in the directory.
|
private void |
savePrivateKeys(boolean server)
Save the private keys in external key store(s).
|
private void |
saveRootCA()
Save all the root CA certificate and its private key in the directory.
|
private void |
saveRootCAPrivateKey()
Save the root CA private key in an external key store.
|
private void |
saveServerCertificates()
Save the server certificates in an external store.
|
private static final java.lang.String ROOT_CA_NODE
private static final java.lang.String ROOT_PEER_NODE
private static final java.lang.String ROOT_CERTIFICATES_NODE
private static final java.lang.String ROOT_PROCESSES_NODE
private static final java.lang.String ROOT_USERS_NODE
private static final java.lang.String ROOT_COMPANY_NODE
private static final java.lang.String ROOT_CERT_COMMON_NAME
private static final java.lang.String ROOT_PRIVATE_KEYS_NODE
private static final java.lang.String CERT_VALIDITY_YEARS_NODE
private static final java.lang.String RSA_PRIVATE_KEY_STRENGTH
private static final java.lang.String RSA_PUBLIC_EXPONENT
private static final java.lang.String[] YES_NO
private final java.io.BufferedReader reader
private final BootstrapConfig cfg
private final java.util.Map<java.lang.String,java.lang.String> company
private final java.util.Set<java.lang.String> aliases
private final java.util.Set<java.lang.String> serverAliases
private final SSLCertFactory factory
private final java.security.KeyStore trustCertStore
private final java.security.KeyStore trustKeyStore
private final java.security.KeyStore accCertStore
private final java.security.KeyStore accKeyStore
private final java.util.Map<java.lang.String,java.lang.String> keyEntryPasswords
KeyStore
, per each
alias.private int validity
private java.lang.String rootCAAlias
private java.lang.String rootCAPassword
private DirectoryService ds
private java.lang.String masterPassword
private boolean reusePasswords
private boolean reuseRootCA
private java.util.Map<java.lang.String,java.lang.String> directoryPasswords
private java.lang.String[] inputs
private int currentInputIdx
inputs
, if set.public SSLCertGenUtil(BootstrapConfig config) throws SSLCertGenException
config
- Configuration for accessing the directory.SSLCertGenException
- If the utility could not be instantiated.public void generate() throws ConfigurationException, java.io.IOException, SSLCertGenException
ConfigurationException
- In case the directory service
could not be initialized.java.io.IOException
- If standard input can not be accessed.SSLCertGenException
- In case of problems during the generation of root CA or peer certificates.private void saveRootCAPrivateKey() throws java.io.IOException, SSLCertGenException
java.io.IOException
- If standard input can not be accessed.SSLCertGenException
- In case of problems during key store access.private void saveServerCertificates() throws java.io.IOException, SSLCertGenException
java.io.IOException
- If standard input can not be accessed.SSLCertGenException
- In case of problems during key store access.private java.lang.String readPassword(java.lang.String alias)
alias
- The certificate alias.private void savePrivateKeys(boolean server) throws java.io.IOException, SSLCertGenException
server
- true
to save the server private keys; false
to save
the account private-keys.java.io.IOException
- If standard input can not be accessed.SSLCertGenException
- In case of problems during key store access.private void saveRootCA() throws SSLCertGenException
SSLCertGenException
- If the data could not be saved.private void saveCertificates() throws SSLCertGenException
SSLCertGenException
- If the data could not be saved.private void saveCertificate(java.lang.String alias, java.security.KeyStore certStore, java.lang.String parentNode) throws SSLCertGenException
alias
- The alias.certStore
- The store from which to retrieve the certificate.parentNode
- The parent node where to save the certificate.SSLCertGenException
- If the data could not be saved.private void savePrivateKey(java.lang.String alias, java.security.KeyStore privateKeyStore) throws SSLCertGenException
The private key is encrypted using a random password, which will be saved too in the directory.
alias
- The alias.privateKeyStore
- The store from which to read the private key.SSLCertGenException
- If the private key could not be saved.private void generateCertificates() throws SSLCertGenException
aliases
.SSLCertGenException
- If the SSL certificates could not be generated.private void generateRootCA() throws SSLCertGenException, java.io.IOException
SSLCertGenException
- If the root CA could not be generated.java.io.IOException
- If the alias for the root CA could not be read from standard input.private void readAccounts(java.lang.String rootNode)
rootNode
- The node from which to read the accounts.private void readCompanyConfiguration() throws java.io.IOException, SSLCertGenException
java.io.IOException
- In case of problems during reading.SSLCertGenException
- If the SSLCertFactory
factory could not be initialized.private void deleteNode(java.lang.String nodeId)
nodeId
- The node ID.java.lang.RuntimeException
- If the node or one of its children could not be deleted.private void addNode(java.lang.String nodeId, java.lang.String cls, java.lang.Object value)
nodeId
- The node ID.cls
- The node's and attribute's class.value
- The attribute's value.java.lang.RuntimeException
- If the node could not be added.private void addNode(java.lang.String nodeId, java.lang.String cls, Attribute[] attrs)
nodeId
- The node ID.cls
- The node's class.attrs
- The node's attributes.java.lang.RuntimeException
- If the node could not be added.private void openBatch(java.lang.String node)
node
- The node ID.java.lang.RuntimeException
- If the batch editing session could not be opened.private void closeBatch(java.lang.String node)
node
- The node ID.java.lang.RuntimeException
- If the batch editing session could not be closed.private java.lang.String readLine(java.lang.String txt) throws java.io.IOException
reader
.txt
- Description to be written to standard output.java.io.IOException
- If data could not be read.private java.lang.String readOption(java.lang.String msg, java.lang.String[] valid) throws java.io.IOException
msg
- The message shown to the user.valid
- An array of valid options.java.io.IOException
private java.security.KeyStore createEmptyStore() throws SSLCertGenException
KeyStore
instance.SSLCertGenException
- If the store could not be generated.private java.lang.String createAES256BitKey()
private java.lang.String createAES256BitKey(java.lang.String alias)
If reusePasswords
is on, and there is a password in the directory, that will be
returned.
alias
- The alias to check.public static void main(java.lang.String[] args) throws ConfigurationException, java.io.IOException, SSLCertGenException
args
- Application command line parameters. File name is the only one expected.ConfigurationException
- In case the directory service
could not be initialized.java.io.IOException
- If standard input can not be accessed.SSLCertGenException
- In case of problems during the generation of root CA or peer certificates.