cert-signer.git

commit 69d101a4a0048201d502b4a0fd8cf7158cfa6e37

Author: Paolo Lulli <paolo@lulli.net>

Explicit key size and algo


 src/main/java/net/lulli/certsigner/Client.java | 4 ++--
 src/main/java/net/lulli/certsigner/Settings.java | 1 +
 src/main/java/net/lulli/certsigner/ca/CaData.java | 2 +-
 src/main/java/net/lulli/certsigner/ca/CertificateIssue.java | 1 -
 src/main/java/net/lulli/certsigner/util/FileCAUtils.java | 2 +-
 src/main/java/net/lulli/certsigner/util/Keys.java | 6 ++++--


diff --git a/src/main/java/net/lulli/certsigner/Client.java b/src/main/java/net/lulli/certsigner/Client.java
index 53fbad9e5b334107f90fe3d9f0c7740f62abd912..e58c80b74bb0296ce04218ab715ed2b722228da5 100644
--- a/src/main/java/net/lulli/certsigner/Client.java
+++ b/src/main/java/net/lulli/certsigner/Client.java
@@ -60,8 +60,8 @@     public String createCsr() {
         try {
             Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
 
-            KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
-            keyGen.initialize(2048);
+            KeyPairGenerator keyGen = KeyPairGenerator.getInstance(Settings.KEY_ALGORITHM);
+            keyGen.initialize(Settings.KEYSIZE);
             KeyPair keypair = keyGen.genKeyPair();
 
             Serde.toFile(keypair.getPrivate(), getCertificatesPath() + "/" + this.clientName + ".key");




diff --git a/src/main/java/net/lulli/certsigner/Settings.java b/src/main/java/net/lulli/certsigner/Settings.java
index b0939523e8412d5500f9a4f9b7439fe814f7017b..b04fba7305bfad9b0779b8e75bc1707dd0221fec 100644
--- a/src/main/java/net/lulli/certsigner/Settings.java
+++ b/src/main/java/net/lulli/certsigner/Settings.java
@@ -18,6 +18,7 @@
 package net.lulli.certsigner;
 
 public interface Settings {
+    int KEYSIZE = 2048;
     String BC_PROVIDER = "BC";
     String KEY_ALGORITHM = "RSA";
     String SIGNATURE_ALGORITHM = "SHA256withRSA";




diff --git a/src/main/java/net/lulli/certsigner/ca/CaData.java b/src/main/java/net/lulli/certsigner/ca/CaData.java
index dc8c67afd66baa1315ae294fd04c63a746a6661e..c8a78d304960e6d19da7ac8d8f06654d22847fc3 100644
--- a/src/main/java/net/lulli/certsigner/ca/CaData.java
+++ b/src/main/java/net/lulli/certsigner/ca/CaData.java
@@ -45,7 +45,7 @@         try {
             Security.addProvider(new BouncyCastleProvider());
 
             var keyPairGenerator = KeyPairGenerator.getInstance(Settings.KEY_ALGORITHM, Settings.BC_PROVIDER);
-            keyPairGenerator.initialize(2048);
+            keyPairGenerator.initialize(Settings.KEYSIZE);
 
             var rootKeyPair = keyPairGenerator.generateKeyPair();
             var rootCert = CertificateIssue.rootCertificate(rootKeyPair.getPublic(), rootKeyPair.getPrivate(), rootSubject);




diff --git a/src/main/java/net/lulli/certsigner/ca/CertificateIssue.java b/src/main/java/net/lulli/certsigner/ca/CertificateIssue.java
index 4dcc08ab4e28acc2c0d2670636e48e139504145c..0df828211c232a857488e73bd5c1b441f460293d 100644
--- a/src/main/java/net/lulli/certsigner/ca/CertificateIssue.java
+++ b/src/main/java/net/lulli/certsigner/ca/CertificateIssue.java
@@ -62,7 +62,6 @@         return new JcaX509CertificateConverter().setProvider(Settings.BC_PROVIDER).getCertificate(rootCertHolder);
     }
 
 
-
     public static X509Certificate clientCertificate(
             PrivateKey privateKey,
             String certificateSubject,




diff --git a/src/main/java/net/lulli/certsigner/util/FileCAUtils.java b/src/main/java/net/lulli/certsigner/util/FileCAUtils.java
index 675da4bf3cb5cdb8491486120942db2f840a90fe..3626306c3adb34642cf3d838949c2054030c1fea 100644
--- a/src/main/java/net/lulli/certsigner/util/FileCAUtils.java
+++ b/src/main/java/net/lulli/certsigner/util/FileCAUtils.java
@@ -39,7 +39,7 @@         try {
             Security.addProvider(new BouncyCastleProvider());
 
             KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(Settings.KEY_ALGORITHM, Settings.BC_PROVIDER);
-            keyPairGenerator.initialize(2048);
+            keyPairGenerator.initialize(Settings.KEYSIZE);
             KeyPair rootKeyPair = keyPairGenerator.generateKeyPair();
 
             X509Certificate rootCert = CertificateIssue.rootCertificate(rootKeyPair.getPublic(), rootKeyPair.getPrivate(), rootSubject);




diff --git a/src/main/java/net/lulli/certsigner/util/Keys.java b/src/main/java/net/lulli/certsigner/util/Keys.java
index 031803178cb3d5c6109f4af7ec6a6870ee2f3c77..f773b00230e41504ee8aec8c11cb9d28ebc1758d 100644
--- a/src/main/java/net/lulli/certsigner/util/Keys.java
+++ b/src/main/java/net/lulli/certsigner/util/Keys.java
@@ -17,6 +17,8 @@  */
 
 package net.lulli.certsigner.util;
 
+import net.lulli.certsigner.Settings;
+
 import java.io.File;
 import java.nio.charset.Charset;
 import java.nio.file.Files;
@@ -39,7 +41,7 @@                 .replace("-----END PUBLIC KEY-----", "");
 
         byte[] encoded = Base64.getDecoder().decode(publicKeyPEM);
 
-        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+        KeyFactory keyFactory = KeyFactory.getInstance(Settings.KEY_ALGORITHM);
         X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
         return (RSAPublicKey) keyFactory.generatePublic(keySpec);
     }
@@ -53,7 +55,7 @@                 .replace("-----END PRIVATE KEY-----", "");
 
         byte[] encoded = Base64.getDecoder().decode(privateKeyPEM);
 
-        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+        KeyFactory keyFactory = KeyFactory.getInstance(Settings.KEY_ALGORITHM);
         PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
         return (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
     }