@Override public void fillResource(CommonServicesContext servicesCtx, ChangesContext changesContext, Map<String, String> validFormValues, WebsiteCertificate resource) { StringBuilder allPem = new StringBuilder(); allPem.append(validFormValues.get(WebsiteCertificate.PROPERTY_CERTIFICATE)).append("\n"); allPem.append(validFormValues.get(WebsiteCertificate.PROPERTY_PRIVATE_KEY)).append("\n"); String value = validFormValues.get(WebsiteCertificate.PROPERTY_PUBLIC_KEY); if (value != null) { allPem.append(value); } RSACertificate rsaCertificate = RSACertificate.loadPemFromString(allPem.toString()); CertificateHelper.toWebsiteCertificate(validFormValues.get(WebsiteCertificate.PROPERTY_CA_CERTIFICATE), rsaCertificate, resource); }
private WebsiteCertificate createWebsiteCertificate(String... domainNames) { String commonName = domainNames[0]; AsymmetricKeys keys = RSACrypt.RSA_CRYPT.generateKeyPair(1024); RSACertificate rsaCertificate = new RSACertificate(keys).selfSign( // new CertificateDetails().setCommonName(commonName) // .addSanDns(domainNames) // .setStartDate(DateTools.parseDateOnly("2001-07-01")).setEndDate(DateTools.parseDateOnly("2001-08-01"))); WebsiteCertificate websiteCertificate = new WebsiteCertificate(); CertificateHelper.toWebsiteCertificate(null, rsaCertificate, websiteCertificate); websiteCertificate.setThumbprint(HashSha1.hashString(Joiner.on(',').join(domainNames))); return websiteCertificate; }
public static void toWebsiteCertificate(String caCertificate, RSACertificate rsaCertificate, WebsiteCertificate websiteCertificate) { websiteCertificate.setCaCertificate(caCertificate); websiteCertificate.setThumbprint(rsaCertificate.getThumbprint()); websiteCertificate.setCertificate(rsaCertificate.saveCertificatePemAsString()); websiteCertificate.setPublicKey(RSACrypt.RSA_CRYPT.savePublicKeyPemAsString(rsaCertificate.getKeysForSigning())); websiteCertificate.setPrivateKey(RSACrypt.RSA_CRYPT.savePrivateKeyPemAsString(rsaCertificate.getKeysForSigning())); websiteCertificate.setStart(rsaCertificate.getStartDate()); websiteCertificate.setEnd(rsaCertificate.getEndDate()); websiteCertificate.setDomainNames(rsaCertificate.getSubjectAltNames()); }
@Override public void timerHandler(CommonServicesContext services, ChangesContext changes, TimerEventContext event) { IPResourceService resourceService = services.getResourceService(); // Check the certs that will expire in 1 week logger.info("Getting self-signed certificates that expire in 1 week"); List<WebsiteCertificate> certificatesToUpdate = resourceService.resourceFindAll( // resourceService.createResourceQuery(WebsiteCertificate.class) // .addEditorEquals(SelfSignedWebsiteCertificateEditor.EDITOR_NAME) // .propertyLesserAndEquals(WebsiteCertificate.PROPERTY_END, DateTools.addDate(Calendar.WEEK_OF_YEAR, 1) // )); // Update them logger.info("Got {} certificates to update", certificatesToUpdate.size()); for (WebsiteCertificate certificate : certificatesToUpdate) { logger.info("Updating certificate {}", certificate.getDomainNames()); try { RSACertificate currentRsaCertificate = CertificateHelper.toRSACertificate(certificate); AsymmetricKeys keys = currentRsaCertificate.getKeysForSigning(); RSACertificate rsaCertificate = new RSACertificate(keys).selfSign( // new CertificateDetails().setCommonName(currentRsaCertificate.getCommonName()) // .addSanDns(currentRsaCertificate.getCommonName()) // .setEndDate(DateTools.addDate(Calendar.MONTH, 1))); CertificateHelper.toWebsiteCertificate(null, rsaCertificate, certificate); changes.resourceUpdate(certificate.getInternalId(), certificate); } catch (Exception e) { logger.error("Problem updating self-signed certificate {}", certificate.getDomainNames(), e); services.getMessagingService().alertingError("Problem updating self-signed certificate " + certificate.getDomainNames(), e.getMessage()); } } }
Certificate certificate = rsaCert.getCertificate(); keyStore.setCertificateEntry(alias, certificate); Key key = RSATools.createPrivateKey(rsaCert.getKeysForSigning()); keyStore.setKeyEntry(alias, key, password, new Certificate[] { certificate });
return new RSACertificate(cert);
private void login() { KeyPair accountKeyPair = RSATools.createKeyPair(RSACrypt.RSA_CRYPT.loadKeysPemFromString(config.getAccountKeypairPem())); LOGGER.info("Registering account"); try { account = new AccountBuilder() // .addContact("mailto:" + config.getContactEmail()) // .agreeToTermsOfService() // .useKeyPair(accountKeyPair) // .create(session); } catch (AcmeException e) { LOGGER.error("Problem logging in", e); throw new LetsencryptException("Problem logging in", e); } URL accountLocationUrl = account.getLocation(); session.login(accountLocationUrl, accountKeyPair); // Get the location LOGGER.info("AcmeClient location: {}", accountLocationUrl); }
private WebsiteCertificate createWebsiteCertificate(String... domainNames) { String commonName = domainNames[0]; AsymmetricKeys keys = RSACrypt.RSA_CRYPT.generateKeyPair(1024); RSACertificate rsaCertificate = new RSACertificate(keys).selfSign( // new CertificateDetails().setCommonName(commonName) // .addSanDns(domainNames) // .setStartDate(DateTools.parseDateOnly("2001-07-01")).setEndDate(DateTools.parseDateOnly("2001-08-01"))); WebsiteCertificate websiteCertificate = new WebsiteCertificate(); CertificateHelper.toWebsiteCertificate(null, rsaCertificate, websiteCertificate); websiteCertificate.setThumbprint(HashSha1.hashString(Joiner.on(',').join(domainNames))); return websiteCertificate; }
@Override public void timerHandler(CommonServicesContext services, ChangesContext changes, TimerEventContext event) { IPResourceService resourceService = services.getResourceService(); // Check the certs that will expire in 1 week logger.info("Getting self-signed certificates that expire in 1 week"); List<WebsiteCertificate> certificatesToUpdate = resourceService.resourceFindAll( // resourceService.createResourceQuery(WebsiteCertificate.class) // .addEditorEquals(SelfSignedWebsiteCertificateEditor.EDITOR_NAME) // .propertyLesserAndEquals(WebsiteCertificate.PROPERTY_END, DateTools.addDate(Calendar.WEEK_OF_YEAR, 1) // )); // Update them logger.info("Got {} certificates to update", certificatesToUpdate.size()); for (WebsiteCertificate certificate : certificatesToUpdate) { logger.info("Updating certificate {}", certificate.getDomainNames()); try { RSACertificate currentRsaCertificate = CertificateHelper.toRSACertificate(certificate); AsymmetricKeys keys = currentRsaCertificate.getKeysForSigning(); RSACertificate rsaCertificate = new RSACertificate(keys).selfSign( // new CertificateDetails().setCommonName(currentRsaCertificate.getCommonName()) // .addSanDns(currentRsaCertificate.getCommonName()) // .setEndDate(DateTools.addDate(Calendar.MONTH, 1))); CertificateHelper.toWebsiteCertificate(null, rsaCertificate, certificate); changes.resourceUpdate(certificate.getInternalId(), certificate); } catch (Exception e) { logger.error("Problem updating self-signed certificate {}", certificate.getDomainNames(), e); services.getMessagingService().alertingError("Problem updating self-signed certificate " + certificate.getDomainNames(), e.getMessage()); } } }
public static void toWebsiteCertificate(String caCertificate, RSACertificate rsaCertificate, WebsiteCertificate websiteCertificate) { websiteCertificate.setCaCertificate(caCertificate); websiteCertificate.setThumbprint(rsaCertificate.getThumbprint()); websiteCertificate.setCertificate(rsaCertificate.saveCertificatePemAsString()); websiteCertificate.setPublicKey(RSACrypt.RSA_CRYPT.savePublicKeyPemAsString(rsaCertificate.getKeysForSigning())); websiteCertificate.setPrivateKey(RSACrypt.RSA_CRYPT.savePrivateKeyPemAsString(rsaCertificate.getKeysForSigning())); websiteCertificate.setStart(rsaCertificate.getStartDate()); websiteCertificate.setEnd(rsaCertificate.getEndDate()); websiteCertificate.getDomainNames().addAll(rsaCertificate.getSubjectAltNames()); }
@Override public void fillResource(CommonServicesContext servicesCtx, ChangesContext changesContext, Map<String, String> validFormValues, WebsiteCertificate resource) { StringBuilder allPem = new StringBuilder(); allPem.append(validFormValues.get(WebsiteCertificate.PROPERTY_CERTIFICATE)).append("\n"); allPem.append(validFormValues.get(WebsiteCertificate.PROPERTY_PRIVATE_KEY)).append("\n"); String value = validFormValues.get(WebsiteCertificate.PROPERTY_PUBLIC_KEY); if (value != null) { allPem.append(value); } RSACertificate rsaCertificate = RSACertificate.loadPemFromString(allPem.toString()); CertificateHelper.toWebsiteCertificate(validFormValues.get(WebsiteCertificate.PROPERTY_CA_CERTIFICATE), rsaCertificate, resource); }
@Override public void fillResource(CommonServicesContext servicesCtx, ChangesContext changesContext, Map<String, String> validFormValues, WebsiteCertificate resource) { String domain = validFormValues.get(FIELD_NAME_DOMAIN); boolean gen = resource.getInternalId() == null; // Not gen gen |= resource.getCertificate() == null; // Expired if (resource.getEnd() == null) { gen = true; } else { gen |= resource.getEnd().getTime() < System.currentTimeMillis(); } // Not the same domain Optional<String> currentDomainOptional = resource.getDomainNames().stream().findFirst(); if (currentDomainOptional.isPresent()) { gen |= !currentDomainOptional.get().equals(domain); } else { gen = true; } // Generate if needed if (gen) { AsymmetricKeys keys = RSACrypt.RSA_CRYPT.generateKeyPair(4096); RSACertificate rsaCertificate = new RSACertificate(keys).selfSign( // new CertificateDetails().setCommonName(domain) // .addSanDns(domain) // .setEndDate(DateTools.addDate(Calendar.MONTH, 1))); CertificateHelper.toWebsiteCertificate(null, rsaCertificate, resource); } }
public static RSACertificate toRSACertificate(WebsiteCertificate websiteCertificate) { return RSACertificate.loadPemFromString( // websiteCertificate.getCertificate(), // websiteCertificate.getPrivateKey(), // websiteCertificate.getPublicKey() // ); }
@Override public void fillResource(CommonServicesContext servicesCtx, ChangesContext changesContext, Map<String, String> validFormValues, WebsiteCertificate resource) { String domain = validFormValues.get(FIELD_NAME_DOMAIN); boolean gen = resource.getInternalId() == null; // Not gen gen |= resource.getCertificate() == null; // Expired if (resource.getEnd() == null) { gen = true; } else { gen |= resource.getEnd().getTime() < System.currentTimeMillis(); } // Not the same domain Optional<String> currentDomainOptional = resource.getDomainNames().stream().findFirst(); if (currentDomainOptional.isPresent()) { gen |= !currentDomainOptional.get().equals(domain); } else { gen = true; } // Generate if needed if (gen) { AsymmetricKeys keys = RSACrypt.RSA_CRYPT.generateKeyPair(4096); RSACertificate rsaCertificate = new RSACertificate(keys).selfSign( // new CertificateDetails().setCommonName(domain) // .addSanDns(domain) // .setEndDate(DateTools.addDate(Calendar.MONTH, 1))); CertificateHelper.toWebsiteCertificate(null, rsaCertificate, resource); } }
public static RSACertificate toRSACertificate(WebsiteCertificate websiteCertificate) { return RSACertificate.loadPemFromString( // websiteCertificate.getCertificate(), // websiteCertificate.getPrivateKey(), // websiteCertificate.getPublicKey() // ); }
RSACertificate rsaCertificate = new RSACertificate(keys).selfSign( // new CertificateDetails().setCommonName(domain) // .addSanDns(domain) // .setEndDate(DateTools.addDate(Calendar.DAY_OF_YEAR, 1))); CertificateHelper.toWebsiteCertificate(null, rsaCertificate, resource);
@Override public List<Tuple2<String, String>> validateForm(CommonServicesContext servicesCtx, Map<String, String> rawFormValues) { List<Tuple2<String, String>> errors = CommonValidation.validateNotNullOrEmpty(rawFormValues, WebsiteCertificate.PROPERTY_CERTIFICATE, WebsiteCertificate.PROPERTY_PRIVATE_KEY); // Validate cert try { RSACertificate.loadPemFromString(rawFormValues.get(WebsiteCertificate.PROPERTY_CERTIFICATE)); } catch (Exception e) { errors.add(new Tuple2<>(WebsiteCertificate.PROPERTY_CERTIFICATE, "error.cert.notCertificate")); } // Validate key try { RSACrypt.RSA_CRYPT.loadKeysPemFromString(rawFormValues.get(WebsiteCertificate.PROPERTY_PRIVATE_KEY)); } catch (Exception e) { errors.add(new Tuple2<>(WebsiteCertificate.PROPERTY_PRIVATE_KEY, "error.cert.notKey")); } return errors; }
RSACertificate rsaCert = new RSACertificate(rootKeys); rsaCert.selfSign(new CertificateDetails() // .setStartDate(DateTools.parseDateOnly("2001-01-01")) // .setEndDate(DateTools.parseDateOnly("2002-01-01")) // .addSanDns("m1.example.com", "m2.example.com") // ); rsaCert = new RSACertificate(rootKeys); rsaCert.selfSign(new CertificateDetails() // .setStartDate(DateTools.parseDateOnly("2001-01-01")) // .setEndDate(DateTools.parseDateOnly("2002-01-01")) // .addSanDns("m3.example.com", "m2.example.com") // );
@Override public List<Tuple2<String, String>> validateForm(CommonServicesContext servicesCtx, Map<String, String> rawFormValues) { List<Tuple2<String, String>> errors = CommonValidation.validateNotNullOrEmpty(rawFormValues, WebsiteCertificate.PROPERTY_CERTIFICATE, WebsiteCertificate.PROPERTY_PRIVATE_KEY); // Validate cert try { RSACertificate.loadPemFromString(rawFormValues.get(WebsiteCertificate.PROPERTY_CERTIFICATE)); } catch (Exception e) { errors.add(new Tuple2<>(WebsiteCertificate.PROPERTY_CERTIFICATE, "error.cert.notCertificate")); } // Validate key try { RSACrypt.RSA_CRYPT.loadKeysPemFromString(rawFormValues.get(WebsiteCertificate.PROPERTY_PRIVATE_KEY)); } catch (Exception e) { errors.add(new Tuple2<>(WebsiteCertificate.PROPERTY_PRIVATE_KEY, "error.cert.notKey")); } return errors; }
RSACertificate rsaCert = new RSACertificate(rootKeys); rsaCert.selfSign(new CertificateDetails() // .setStartDate(DateTools.parseDateOnly("2001-01-01")) // .setEndDate(DateTools.parseDateOnly("2002-01-01")) // .addSanDns("m1.example.com", "m2.example.com") // ); rsaCert = new RSACertificate(rootKeys); rsaCert.selfSign(new CertificateDetails() // .setStartDate(DateTools.parseDateOnly("2001-01-01")) // .setEndDate(DateTools.parseDateOnly("2002-01-01")) // .addSanDns("m3.example.com", "m2.example.com") // );