ref: fe7b972d29b2e63536932fc017a78bc89bcade9c
src/main/java/net/lulli/certsigner/Client.java
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
/* * This file is part of cert-signer * Copyright (c) 2024 Paolo Lulli. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 3. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ package net.lulli.certsigner; import net.lulli.certsigner.service.CertificateSigningService; import net.lulli.certsigner.util.CSRManager; import net.lulli.certsigner.util.Serde; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.Security; import java.util.Base64; import java.util.Objects; public class Client { private static final String CERTIFICATES_HOME = System.getenv("HOME") + "/.config/tlscerts"; private final String serviceName; private final String clientName; public Client(String serviceName, String clientName) { Objects.requireNonNull(serviceName); Objects.requireNonNull(clientName); this.serviceName = serviceName; this.clientName = clientName; init(); } private void init() { var home = new File(getCertificatesPath()); if (!home.exists()) { home.mkdirs(); } } private String getCertificatesPath() { return CERTIFICATES_HOME + "/" + this.serviceName + "/" + this.clientName; } public String createCsr() { try { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPairGenerator keyGen = KeyPairGenerator.getInstance(Settings.KEY_ALGORITHM); keyGen.initialize(Settings.KEYSIZE); KeyPair keypair = keyGen.genKeyPair(); Serde.toFile(keypair.getPrivate(), getCertificatesPath() + "/" + this.clientName + ".key"); Serde.toFile(keypair.getPublic(), getCertificatesPath() + "/" + this.clientName + ".key.pub"); var subject = "CN=" + this.clientName + ", O=" + this.serviceName + ""; var csrManager = CSRManager.with(subject, keypair.getPrivate(), keypair.getPublic()); var csrFileName = getCertificatesPath() + "/" + this.clientName + ".csr"; saveCsrAs(csrManager.pem(), csrFileName); return csrManager.pem(); } catch (Exception e) { throw new IllegalStateException(e.getMessage()); } } private void saveCsrAs(String content, String filename) { System.out.println("Writing content to file: " + filename); try { Files.write(Paths.get(filename), content.getBytes()); } catch (Exception e) { throw new IllegalStateException(e); } } public String requestCertificate() { try { var client = new Client(serviceName, clientName); var csr = client.createCsr(); var base64Csr = Base64.getEncoder().encodeToString(csr.getBytes()); var certificateSigningService = new CertificateSigningService(serviceName); var certificate = certificateSigningService.sign(clientName, base64Csr); Files.write(Paths.get(CERTIFICATES_HOME + "/" + serviceName + "/" + clientName + "/" + clientName + ".pem"), certificate.getBytes()); return certificate; } catch (Exception e) { throw new IllegalStateException(e.getMessage(), e); } } public static void main(String[] args) { if (args.length != 2){ throw new IllegalStateException("Missing parameters"); } var serviceName = args[0]; var clientName = args[1]; var client = new Client(serviceName, clientName); var certificate = client.requestCertificate(); System.out.printf("Certificate data:\n%s", certificate); } } |