mirrors
/
gitblit
mirror of https://github.com/gitblit/gitblit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 43 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
76 Commits
11 Branches
Tree: f13c4c5a35
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f13c4c5a35'
${ noResults }
gitblit/src/com/gitblit/MakeCertificate.java

MakeCertificate.java 6.4KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155 
  1. /*

  2.  * Copyright 2011 gitblit.com.

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *     http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. package com.gitblit;

  17. 

  18. import java.io.File;

  19. import java.io.FileInputStream;

  20. import java.io.FileOutputStream;

  21. import java.math.BigInteger;

  22. import java.security.KeyPair;

  23. import java.security.KeyPairGenerator;

  24. import java.security.KeyStore;

  25. import java.security.SecureRandom;

  26. import java.security.Security;

  27. import java.security.cert.X509Certificate;

  28. import java.util.Date;

  29. 

  30. import javax.security.auth.x500.X500Principal;

  31. 

  32. import org.bouncycastle.asn1.x500.X500NameBuilder;

  33. import org.bouncycastle.asn1.x500.style.BCStyle;

  34. import org.bouncycastle.cert.X509v3CertificateBuilder;

  35. import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;

  36. import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;

  37. import org.bouncycastle.operator.ContentSigner;

  38. import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

  39. 

  40. import com.beust.jcommander.JCommander;

  41. import com.beust.jcommander.Parameter;

  42. import com.beust.jcommander.ParameterException;

  43. import com.beust.jcommander.Parameters;

  44. 

  45. public class MakeCertificate {

  46. 

  47. 	private final static FileSettings fileSettings = new FileSettings();

  48. 

  49. 	public static void main(String... args) {

  50. 		Params params = new Params();

  51. 		JCommander jc = new JCommander(params);

  52. 		try {

  53. 			jc.parse(args);

  54. 		} catch (ParameterException t) {

  55. 			jc.usage();

  56. 		}

  57. 		File keystore = new File("keystore");

  58. 		generateSelfSignedCertificate(params.alias, keystore, params.storePassword, params.subject);

  59. 	}

  60. 	

  61. 	public static void generateSelfSignedCertificate(String hostname, File keystore, String keystorePassword) {

  62. 		try {

  63. 			Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

  64. 

  65. 			final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;

  66. 			

  67. 			KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");

  68. 			kpGen.initialize(1024, new SecureRandom());

  69. 			KeyPair pair = kpGen.generateKeyPair();

  70. 

  71. 			// Generate self-signed certificate

  72. 			X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);

  73. 			builder.addRDN(BCStyle.OU, Constants.NAME);

  74. 			builder.addRDN(BCStyle.O, Constants.NAME);

  75. 			builder.addRDN(BCStyle.CN, hostname);

  76. 

  77. 			Date notBefore = new Date(System.currentTimeMillis() - 1*24*60*60*1000l);

  78. 			Date notAfter = new Date(System.currentTimeMillis() + 10*365*24*60*60*1000l);

  79. 			BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());

  80. 

  81. 			X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(), serial, notBefore, notAfter, builder.build(), pair.getPublic());

  82. 			ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(pair.getPrivate());

  83. 			X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));

  84. 			cert.checkValidity(new Date());

  85. 			cert.verify(cert.getPublicKey());

  86. 

  87. 			// Save to keystore			

  88. 			KeyStore store = KeyStore.getInstance("JKS");

  89. 			if (keystore.exists()) {

  90. 				FileInputStream fis = new FileInputStream(keystore);

  91. 				store.load(fis, keystorePassword.toCharArray());

  92. 			} else {

  93. 				store.load(null);

  94. 			}

  95. 			store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(), new java.security.cert.Certificate[] { cert });

  96. 			store.store(new FileOutputStream(keystore), keystorePassword.toCharArray());

  97. 		} catch (Throwable t) {

  98. 			t.printStackTrace();

  99. 			throw new RuntimeException("Failed to generate self-signed certificate!", t);

  100. 		}

  101. 	}

  102. 	

  103. 	public static void generateSelfSignedCertificate(String hostname, File keystore, String keystorePassword, String info) {

  104. 		try {

  105. 			Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

  106. 

  107. 			final String BC = org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME;

  108. 			

  109. 			KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");

  110. 			kpGen.initialize(1024, new SecureRandom());

  111. 			KeyPair pair = kpGen.generateKeyPair();

  112. 

  113. 			// Generate self-signed certificate

  114. 			X500Principal principal = new X500Principal(info);

  115. 			

  116. 			Date notBefore = new Date(System.currentTimeMillis() - 1*24*60*60*1000l);

  117. 			Date notAfter = new Date(System.currentTimeMillis() + 10*365*24*60*60*1000l);

  118. 			BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());

  119. 

  120. 			X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(principal, serial, notBefore, notAfter, principal, pair.getPublic());

  121. 			ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(pair.getPrivate());

  122. 			X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));

  123. 			cert.checkValidity(new Date());

  124. 			cert.verify(cert.getPublicKey());

  125. 

  126. 			// Save to keystore			

  127. 			KeyStore store = KeyStore.getInstance("JKS");

  128. 			if (keystore.exists()) {

  129. 				FileInputStream fis = new FileInputStream(keystore);

  130. 				store.load(fis, keystorePassword.toCharArray());

  131. 			} else {

  132. 				store.load(null);

  133. 			}

  134. 			store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(), new java.security.cert.Certificate[] { cert });

  135. 			store.store(new FileOutputStream(keystore), keystorePassword.toCharArray());

  136. 		} catch (Throwable t) {

  137. 			t.printStackTrace();

  138. 			throw new RuntimeException("Failed to generate self-signed certificate!", t);

  139. 		}

  140. 	}

  141. 	

  142. 	@Parameters(separators = " ")

  143. 	private static class Params {

  144. 

  145. 		@Parameter(names = { "--alias" }, description = "Server alias", required = true)

  146. 		public String alias = null;

  147. 		

  148. 		@Parameter(names = { "--subject" }, description = "Certificate subject", required = true)

  149. 		public String subject = null;

  150. 		

  151. 

  152. 		@Parameter(names = "--storePassword", description = "Password for SSL (https) keystore.")

  153. 		public String storePassword = fileSettings.getString(Keys.server.storePassword, "");

  154. 	}

  155. }