public static void generateNewKeyPairAndCertificate(String certificateCommonName) { try { logger.log(Level.INFO, "(Re-)generating keypair and certificate for hostname " + certificateCommonName + " ..."); // Generate key pair and certificate KeyPair keyPair = CipherUtil.generateRsaKeyPair(); X509Certificate certificate = CipherUtil.generateSelfSignedCertificate(certificateCommonName, keyPair); // Add key and certificate to key store UserConfig.getUserKeyStore().setKeyEntry(CipherParams.CERTIFICATE_IDENTIFIER, keyPair.getPrivate(), new char[0], new Certificate[]{certificate}); UserConfig.storeUserKeyStore(); // Add certificate to trust store (for CLI->API connection) UserConfig.getUserTrustStore().setCertificateEntry(CipherParams.CERTIFICATE_IDENTIFIER, certificate); UserConfig.storeTrustStore(); } catch (Exception e) { throw new RuntimeException("Unable to read key store or generate self-signed certificate.", e); } }
private boolean certificateCommonNameChanged(String certificateCommonName) { try { KeyStore userKeyStore = UserConfig.getUserKeyStore(); X509Certificate currentCertificate = (X509Certificate) userKeyStore.getCertificate(CipherParams.CERTIFICATE_IDENTIFIER); if (currentCertificate != null) { X500Name currentCertificateSubject = new JcaX509CertificateHolder(currentCertificate).getSubject(); RDN currentCertificateSubjectCN = currentCertificateSubject.getRDNs(BCStyle.CN)[0]; String currentCertificateSubjectCnStr = IETFUtils.valueToString(currentCertificateSubjectCN.getFirst().getValue()); if (!certificateCommonName.equals(currentCertificateSubjectCnStr)) { logger.log(Level.INFO, "- Certificate regeneration necessary: Cert common name in daemon config changed from " + currentCertificateSubjectCnStr + " to " + certificateCommonName + "."); return true; } } else { logger.log(Level.INFO, "- Certificate regeneration necessary, because no certificate found in key store."); return true; } return false; } catch (Exception e) { throw new RuntimeException("Cannot (re-)generate server certificate for hostname: " + certificateCommonName, e); } }