[server] Add missing Identity.java

1 files changed, 162 insertions, 0 deletions

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Identity.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Identity.java
new file mode 100644
index 00000000..c288fcab
--- /dev/null
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Identity.java
@@ -0,0 +1,162 @@
+package org.openslx.bwlp.sat.util;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.sql.SQLException;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+
+import org.apache.log4j.Logger;
+import org.openslx.bwlp.sat.database.mappers.DbConfiguration;
+import org.openslx.util.QuickTimer;
+import org.openslx.util.QuickTimer.Task;
+
+public class Identity {
+
+	private static final Logger LOGGER = Logger.getLogger(Identity.class);
+
+	private static final String ALIAS = "dozmod";
+
+	private static final String PASSWORD = "donotchangeme";
+
+	private static KeyStore currentKeyStore = null;
+
+	public static KeyStore loadCertificate() {
+		if (currentKeyStore != null)
+			return currentKeyStore;
+		KeyStore keystore = null;
+		try {
+			keystore = DbConfiguration.loadKeyStore(PASSWORD);
+		} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | SQLException
+				| IOException e) {
+			LOGGER.error("Could not load existing keystore from database", e);
+			LOGGER.info("Will generate a new temporary key. Please fix the existing key"
+					+ " or delete it to permanently generate a new one");
+		}
+		if (keystore == null) {
+			if (!generateCertificate()) {
+				LOGGER.error("Could not create certificate, encrypted connections not supported");
+				return null;
+			}
+			try {
+				keystore = DbConfiguration.loadKeyStore(PASSWORD);
+			} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | SQLException
+					| IOException e) {
+				LOGGER.error("Error loading key", e);
+			}
+			if (keystore == null) {
+				LOGGER.error("Could not load freshly generated certificate back from db. Something's fishy.");
+				return null;
+			}
+		}
+		currentKeyStore = keystore;
+		return keystore;
+	}
+
+	public static SSLContext getSSLContext() {
+		if (loadCertificate() == null)
+			return null;
+		KeyManagerFactory kmf;
+		try {
+			kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+			kmf.init(currentKeyStore, PASSWORD.toCharArray());
+		} catch (NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException e) {
+			LOGGER.warn("Could not create a key manager factory, SSL unavailable", e);
+			return null;
+		}
+		SSLContext sslContext;
+		try {
+			sslContext = SSLContext.getInstance("TLSv1.2");
+		} catch (NoSuchAlgorithmException e) {
+			LOGGER.warn("Could not create a TLS1.2 context, SSL unavailable", e);
+			return null;
+		}
+		KeyManager[] keyManagers = kmf.getKeyManagers();
+		try {
+			sslContext.init(keyManagers, null, null);
+		} catch (KeyManagementException e) {
+			LOGGER.warn("Could not find a suitable cert/key in the keystore. SSL unavailable", e);
+		}
+		return sslContext;
+	}
+
+	private static boolean generateCertificate() {
+		File tmpFile = null;
+		try {
+			tmpFile = File.createTempFile("certfile", ".jks");
+			tmpFile.delete();
+		} catch (IOException e1) {
+			LOGGER.error("Could not generate temp file for self-signed cert container", e1);
+			return false;
+		}
+		try {
+			LOGGER.info("Generating certificate for this server...");
+			final Process proc;
+			try {
+				proc = Runtime.getRuntime().exec(
+						new String[] { "keytool", "-genkeypair", "-alias", ALIAS, "-keyalg", "rsa",
+								"-validity", "3000", "-keypass", PASSWORD, "-storepass", PASSWORD,
+								"-keystore", tmpFile.getAbsolutePath(), "-storetype", "JKS", "-dname",
+								"CN=dozmodserver" });
+				QuickTimer.scheduleOnce(new Task() {
+					@Override
+					public void fire() {
+						try {
+							proc.exitValue();
+							proc.destroy();
+						} catch (IllegalThreadStateException e) {
+						}
+					}
+				}, 10000);
+			} catch (IOException e) {
+				LOGGER.error("Launching keytool failed", e);
+				return false;
+			}
+			int exitCode;
+			try {
+				exitCode = proc.waitFor();
+			} catch (InterruptedException e) {
+				LOGGER.warn("Got interrupted while creating the certificate");
+				proc.destroy();
+				return false;
+			}
+			if (exitCode != 0) {
+				LOGGER.warn("keytool returned exit code " + exitCode);
+				InputStream is = proc.getInputStream();
+				BufferedReader br = new BufferedReader(new InputStreamReader(is));
+				try {
+					String line;
+					while (null != (line = br.readLine())) {
+						LOGGER.info(line);
+					}
+				} catch (IOException e) {
+					// TODO Auto-generated catch block
+					e.printStackTrace();
+				}
+				return false;
+			}
+			LOGGER.info("Certificate successfully created!");
+			try {
+				DbConfiguration.saveKeyStore(tmpFile);
+			} catch (SQLException | IOException e) {
+				LOGGER.error("Could not import generated keystore to database", e);
+				return false;
+			}
+			return true;
+		} finally {
+			tmpFile.delete();
+		}
+	}
+
+}