\r
import java.io.BufferedReader;\r
import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileOutputStream;\r
import java.io.IOException;\r
import java.io.InputStreamReader;\r
import java.io.OutputStream;\r
-import java.math.BigInteger;\r
import java.net.InetAddress;\r
import java.net.ServerSocket;\r
import java.net.Socket;\r
import java.net.URL;\r
import java.net.UnknownHostException;\r
-import java.security.KeyPair;\r
-import java.security.KeyPairGenerator;\r
-import java.security.KeyStore;\r
import java.security.ProtectionDomain;\r
-import java.security.SecureRandom;\r
-import java.security.Security;\r
-import java.security.cert.X509Certificate;\r
import java.text.MessageFormat;\r
import java.util.ArrayList;\r
-import java.util.Date;\r
import java.util.List;\r
\r
import org.apache.log4j.ConsoleAppender;\r
import org.apache.log4j.PatternLayout;\r
import org.apache.wicket.protocol.http.ContextParamWebApplicationFactory;\r
import org.apache.wicket.protocol.http.WicketFilter;\r
-import org.bouncycastle.asn1.x500.X500NameBuilder;\r
-import org.bouncycastle.asn1.x500.style.BCStyle;\r
-import org.bouncycastle.cert.X509v3CertificateBuilder;\r
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;\r
-import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;\r
-import org.bouncycastle.operator.ContentSigner;\r
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;\r
import org.eclipse.jetty.http.security.Constraint;\r
import org.eclipse.jetty.security.ConstraintMapping;\r
import org.eclipse.jetty.security.ConstraintSecurityHandler;\r
File keystore = new File("keystore");\r
if (!keystore.exists()) {\r
logger.info("Generating self-signed SSL certificate");\r
- generateSelfSignedCertificate("localhost", keystore, params.storePassword);\r
+ MakeCertificate.generateSelfSignedCertificate("localhost", keystore, params.storePassword);\r
}\r
if (keystore.exists()) {\r
Connector secureConnector = createSSLConnector(keystore, params.storePassword, params.useNIO, params.securePort);\r
return connector;\r
}\r
\r
- private static void generateSelfSignedCertificate(String hostname, File keystore, String keystorePassword) {\r
- try {\r
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());\r
-\r
- final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;\r
- \r
- KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");\r
- kpGen.initialize(1024, new SecureRandom());\r
- KeyPair pair = kpGen.generateKeyPair();\r
-\r
- // Generate self-signed certificate\r
- X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);\r
- builder.addRDN(BCStyle.OU, Constants.NAME);\r
- builder.addRDN(BCStyle.O, Constants.NAME);\r
- builder.addRDN(BCStyle.CN, hostname);\r
-\r
- Date notBefore = new Date(System.currentTimeMillis() - 1*24*60*60*1000l);\r
- Date notAfter = new Date(System.currentTimeMillis() + 10*365*24*60*60*1000l);\r
- BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());\r
-\r
- X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, notBefore, notAfter, builder.build(), pair.getPublic());\r
- ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(pair.getPrivate());\r
- X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));\r
- cert.checkValidity(new Date());\r
- cert.verify(cert.getPublicKey());\r
-\r
- // Save to keystore \r
- KeyStore store = KeyStore.getInstance("JKS");\r
- if (keystore.exists()) {\r
- FileInputStream fis = new FileInputStream(keystore);\r
- store.load(fis, keystorePassword.toCharArray());\r
- } else {\r
- store.load(null);\r
- }\r
- store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(), new java.security.cert.Certificate[] { cert });\r
- store.store(new FileOutputStream(keystore), keystorePassword.toCharArray());\r
- } catch (Throwable t) {\r
- t.printStackTrace();\r
- throw new RuntimeException("Failed to generate self-signed certificate!", t);\r
- }\r
- }\r
-\r
/**\r
* Recursively delete a folder and its contents.\r
* \r
--- /dev/null
+package com.gitblit;\r
+\r
+import java.io.File;\r
+import java.io.FileInputStream;\r
+import java.io.FileOutputStream;\r
+import java.math.BigInteger;\r
+import java.security.KeyPair;\r
+import java.security.KeyPairGenerator;\r
+import java.security.KeyStore;\r
+import java.security.SecureRandom;\r
+import java.security.Security;\r
+import java.security.cert.X509Certificate;\r
+import java.util.Date;\r
+\r
+import javax.security.auth.x500.X500Principal;\r
+\r
+import org.bouncycastle.asn1.x500.X500NameBuilder;\r
+import org.bouncycastle.asn1.x500.style.BCStyle;\r
+import org.bouncycastle.cert.X509v3CertificateBuilder;\r
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;\r
+import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;\r
+import org.bouncycastle.operator.ContentSigner;\r
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;\r
+\r
+import com.beust.jcommander.JCommander;\r
+import com.beust.jcommander.Parameter;\r
+import com.beust.jcommander.ParameterException;\r
+import com.beust.jcommander.Parameters;\r
+\r
+public class MakeCertificate {\r
+\r
+ private final static FileSettings fileSettings = new FileSettings();\r
+\r
+ public static void main(String... args) {\r
+ Params params = new Params();\r
+ JCommander jc = new JCommander(params);\r
+ try {\r
+ jc.parse(args);\r
+ } catch (ParameterException t) {\r
+ jc.usage();\r
+ }\r
+ File keystore = new File("keystore");\r
+ generateSelfSignedCertificate(params.alias, keystore, params.storePassword, params.subject);\r
+ }\r
+ \r
+ public static void generateSelfSignedCertificate(String hostname, File keystore, String keystorePassword) {\r
+ try {\r
+ Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());\r
+\r
+ final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;\r
+ \r
+ KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");\r
+ kpGen.initialize(1024, new SecureRandom());\r
+ KeyPair pair = kpGen.generateKeyPair();\r
+\r
+ // Generate self-signed certificate\r
+ X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);\r
+ builder.addRDN(BCStyle.OU, Constants.NAME);\r
+ builder.addRDN(BCStyle.O, Constants.NAME);\r
+ builder.addRDN(BCStyle.CN, hostname);\r
+\r
+ Date notBefore = new Date(System.currentTimeMillis() - 1*24*60*60*1000l);\r
+ Date notAfter = new Date(System.currentTimeMillis() + 10*365*24*60*60*1000l);\r
+ BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());\r
+\r
+ X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, notBefore, notAfter, builder.build(), pair.getPublic());\r
+ ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(pair.getPrivate());\r
+ X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));\r
+ cert.checkValidity(new Date());\r
+ cert.verify(cert.getPublicKey());\r
+\r
+ // Save to keystore \r
+ KeyStore store = KeyStore.getInstance("JKS");\r
+ if (keystore.exists()) {\r
+ FileInputStream fis = new FileInputStream(keystore);\r
+ store.load(fis, keystorePassword.toCharArray());\r
+ } else {\r
+ store.load(null);\r
+ }\r
+ store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(), new java.security.cert.Certificate[] { cert });\r
+ store.store(new FileOutputStream(keystore), keystorePassword.toCharArray());\r
+ } catch (Throwable t) {\r
+ t.printStackTrace();\r
+ throw new RuntimeException("Failed to generate self-signed certificate!", t);\r
+ }\r
+ }\r
+ \r
+ public static void generateSelfSignedCertificate(String hostname, File keystore, String keystorePassword, String info) {\r
+ try {\r
+ Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());\r
+\r
+ final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;\r
+ \r
+ KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");\r
+ kpGen.initialize(1024, new SecureRandom());\r
+ KeyPair pair = kpGen.generateKeyPair();\r
+\r
+ // Generate self-signed certificate\r
+ X500Principal principal = new X500Principal(info);\r
+ \r
+ Date notBefore = new Date(System.currentTimeMillis() - 1*24*60*60*1000l);\r
+ Date notAfter = new Date(System.currentTimeMillis() + 10*365*24*60*60*1000l);\r
+ BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());\r
+\r
+ X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(principal, serial, notBefore, notAfter, principal, pair.getPublic());\r
+ ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(pair.getPrivate());\r
+ X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));\r
+ cert.checkValidity(new Date());\r
+ cert.verify(cert.getPublicKey());\r
+\r
+ // Save to keystore \r
+ KeyStore store = KeyStore.getInstance("JKS");\r
+ if (keystore.exists()) {\r
+ FileInputStream fis = new FileInputStream(keystore);\r
+ store.load(fis, keystorePassword.toCharArray());\r
+ } else {\r
+ store.load(null);\r
+ }\r
+ store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(), new java.security.cert.Certificate[] { cert });\r
+ store.store(new FileOutputStream(keystore), keystorePassword.toCharArray());\r
+ } catch (Throwable t) {\r
+ t.printStackTrace();\r
+ throw new RuntimeException("Failed to generate self-signed certificate!", t);\r
+ }\r
+ }\r
+ \r
+ @Parameters(separators = " ")\r
+ private static class Params {\r
+\r
+ @Parameter(names = { "--alias" }, description = "Server alias", required = true)\r
+ public String alias = null;\r
+ \r
+ @Parameter(names = { "--subject" }, description = "Certificate subject", required = true)\r
+ public String subject = null;\r
+ \r
+\r
+ @Parameter(names = "--storePassword", description = "Password for SSL (https) keystore.")\r
+ public String storePassword = fileSettings.getString(Keys.server.storePassword, "");\r
+ }\r
+}\r
projects / gitblit.git / commitdiff