org.wisdom.framework.vertx.ssl.FakeKeyStore.java Source code

Java tutorial

Introduction

Here is the source code for org.wisdom.framework.vertx.ssl.FakeKeyStore.java

Source

/*
 * #%L
 * Wisdom-Framework
 * %%
 * Copyright (C) 2013 - 2014 Wisdom Framework
 * %%
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * #L%
 */
package org.wisdom.framework.vertx.ssl;

import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.x509.*;

import javax.net.ssl.KeyManagerFactory;
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/**
 * Generate a Fake Key Store.
 * Do not use this in production!
 */
public final class FakeKeyStore {

    public static final String KEYSTORE_PATH = "conf/fake.keystore";
    public static final String DN_NAME = "CN=localhost, OU=Testing, O=Mavericks, L=Moon Base 1, ST=Cyberspace, "
            + "C=CY";
    private static final String SHA1WITHRSA = "SHA1withRSA";
    private static final Logger LOGGER = LoggerFactory.getLogger("wisdom-vertx-engine");

    private FakeKeyStore() {
        //Unused
    }

    public static File generateFakeKey(File root) {
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            File keyStoreFile = new File(root, KEYSTORE_PATH);
            if (!keyStoreFile.exists()) {
                generateAndStoreKeyStore(keyStore, keyStoreFile);
            } else {
                loadKeyStore(keyStore, keyStoreFile);
            }
            return keyStoreFile;
        } catch (Exception e) {
            LOGGER.error("Cannot generate or read the fake key store", e);
            return null;
        }
    }

    private static void loadKeyStore(KeyStore keyStore, File keyStoreFile)
            throws IOException, NoSuchAlgorithmException, CertificateException {
        InputStream is = null;
        try {
            is = new FileInputStream(keyStoreFile);
            keyStore.load(is, "".toCharArray());
        } finally {
            IOUtils.closeQuietly(is);
        }

    }

    private static void generateAndStoreKeyStore(KeyStore keyStore, File keyStoreFile) throws Exception {
        FileOutputStream out = null;
        try {
            LOGGER.info("Generating HTTPS key pair in " + keyStoreFile.getAbsolutePath() + " - this may take some"
                    + " time. If nothing happens, try moving the mouse/typing on the keyboard to generate some entropy.");

            // Generate the key pair
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(1024);
            KeyPair keyPair = keyPairGenerator.generateKeyPair();

            // Generate a self signed certificate
            X509Certificate cert = createSelfSignedCertificate(keyPair);

            // Create the key store, first set the store pass
            keyStore.load(null, "".toCharArray());
            keyStore.setKeyEntry("wisdom-generated", keyPair.getPrivate(), "".toCharArray(),
                    new X509Certificate[] { cert });

            keyStoreFile.getParentFile().mkdirs();
            out = new FileOutputStream(keyStoreFile);
            keyStore.store(out, "".toCharArray());

            LOGGER.info("Key Store generated in " + keyStoreFile.getAbsoluteFile());
        } finally {
            IOUtils.closeQuietly(out);
        }
    }

    @SuppressWarnings("restriction")
    private static X509Certificate createSelfSignedCertificate(KeyPair keyPair) throws Exception {
        X509CertInfo certInfo = new X509CertInfo();
        // Serial number and version
        certInfo.set(X509CertInfo.SERIAL_NUMBER,
                new CertificateSerialNumber(new BigInteger(64, new SecureRandom())));
        certInfo.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));

        // Validity
        Date validFrom = new Date();
        Date validTo = new Date(validFrom.getTime() + 50L * 365L * 24L * 60L * 60L * 1000L);
        CertificateValidity validity = new CertificateValidity(validFrom, validTo);
        certInfo.set(X509CertInfo.VALIDITY, validity);

        // Subject & Issuer
        X500Name owner = new X500Name(DN_NAME);
        boolean justName = isJavaAtLeast(1.8);
        if (justName) {
            certInfo.set(X509CertInfo.SUBJECT, owner);
            certInfo.set(X509CertInfo.ISSUER, owner);
        } else {
            certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
            certInfo.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
        }

        // Key and algorithm
        certInfo.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic()));
        AlgorithmId algorithm = new AlgorithmId(AlgorithmId.sha1WithRSAEncryption_oid);
        certInfo.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algorithm));

        // Create a new certificate and sign it
        X509CertImpl cert = new X509CertImpl(certInfo);
        cert.sign(keyPair.getPrivate(), SHA1WITHRSA);

        // Since the SHA1withRSA provider may have a different algorithm ID to what we think it should be,
        // we need to reset the algorithm ID, and resign the certificate
        AlgorithmId actualAlgorithm = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG);
        certInfo.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, actualAlgorithm);
        X509CertImpl newCert = new X509CertImpl(certInfo);
        newCert.sign(keyPair.getPrivate(), SHA1WITHRSA);

        return newCert;

    }

    public static final Pattern JAVA_VERSION = Pattern.compile("([0-9]*.[0-9]*)(.*)?");

    /**
     * Checks whether the current JAva runtime has a version equal or higher then the given one. As Java version are
     * not double (because they can use more digits such as 1.8.0), this method extracts the two first digits and
     * transforms it as a double.
     * @param version the version
     * @return {@literal true} if the current Java runtime is at least the specified one,
     * {@literal false} if not or if the current version cannot be retrieve or is the retrieved version cannot be
     * parsed as a double.
     */
    public static boolean isJavaAtLeast(double version) {
        String javaVersion = System.getProperty("java.version");
        if (javaVersion == null) {
            return false;
        }

        // if the retrieved version is one three digits, remove the last one.
        Matcher matcher = JAVA_VERSION.matcher(javaVersion);
        if (matcher.matches()) {
            javaVersion = matcher.group(1);
        }

        try {
            double v = Double.parseDouble(javaVersion);
            return v >= version;
        } catch (NumberFormatException e) { //NOSONAR if it's not a number, just return false
            return false;
        }
    }
}