summaryrefslogtreecommitdiffstats
path: root/dozentenmodulserver/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'dozentenmodulserver/src/main/java')
-rw-r--r--dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Identity.java162
1 files changed, 162 insertions, 0 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Identity.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Identity.java
new file mode 100644
index 00000000..c288fcab
--- /dev/null
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/util/Identity.java
@@ -0,0 +1,162 @@
+package org.openslx.bwlp.sat.util;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.sql.SQLException;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+
+import org.apache.log4j.Logger;
+import org.openslx.bwlp.sat.database.mappers.DbConfiguration;
+import org.openslx.util.QuickTimer;
+import org.openslx.util.QuickTimer.Task;
+
+public class Identity {
+
+ private static final Logger LOGGER = Logger.getLogger(Identity.class);
+
+ private static final String ALIAS = "dozmod";
+
+ private static final String PASSWORD = "donotchangeme";
+
+ private static KeyStore currentKeyStore = null;
+
+ public static KeyStore loadCertificate() {
+ if (currentKeyStore != null)
+ return currentKeyStore;
+ KeyStore keystore = null;
+ try {
+ keystore = DbConfiguration.loadKeyStore(PASSWORD);
+ } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | SQLException
+ | IOException e) {
+ LOGGER.error("Could not load existing keystore from database", e);
+ LOGGER.info("Will generate a new temporary key. Please fix the existing key"
+ + " or delete it to permanently generate a new one");
+ }
+ if (keystore == null) {
+ if (!generateCertificate()) {
+ LOGGER.error("Could not create certificate, encrypted connections not supported");
+ return null;
+ }
+ try {
+ keystore = DbConfiguration.loadKeyStore(PASSWORD);
+ } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | SQLException
+ | IOException e) {
+ LOGGER.error("Error loading key", e);
+ }
+ if (keystore == null) {
+ LOGGER.error("Could not load freshly generated certificate back from db. Something's fishy.");
+ return null;
+ }
+ }
+ currentKeyStore = keystore;
+ return keystore;
+ }
+
+ public static SSLContext getSSLContext() {
+ if (loadCertificate() == null)
+ return null;
+ KeyManagerFactory kmf;
+ try {
+ kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(currentKeyStore, PASSWORD.toCharArray());
+ } catch (NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException e) {
+ LOGGER.warn("Could not create a key manager factory, SSL unavailable", e);
+ return null;
+ }
+ SSLContext sslContext;
+ try {
+ sslContext = SSLContext.getInstance("TLSv1.2");
+ } catch (NoSuchAlgorithmException e) {
+ LOGGER.warn("Could not create a TLS1.2 context, SSL unavailable", e);
+ return null;
+ }
+ KeyManager[] keyManagers = kmf.getKeyManagers();
+ try {
+ sslContext.init(keyManagers, null, null);
+ } catch (KeyManagementException e) {
+ LOGGER.warn("Could not find a suitable cert/key in the keystore. SSL unavailable", e);
+ }
+ return sslContext;
+ }
+
+ private static boolean generateCertificate() {
+ File tmpFile = null;
+ try {
+ tmpFile = File.createTempFile("certfile", ".jks");
+ tmpFile.delete();
+ } catch (IOException e1) {
+ LOGGER.error("Could not generate temp file for self-signed cert container", e1);
+ return false;
+ }
+ try {
+ LOGGER.info("Generating certificate for this server...");
+ final Process proc;
+ try {
+ proc = Runtime.getRuntime().exec(
+ new String[] { "keytool", "-genkeypair", "-alias", ALIAS, "-keyalg", "rsa",
+ "-validity", "3000", "-keypass", PASSWORD, "-storepass", PASSWORD,
+ "-keystore", tmpFile.getAbsolutePath(), "-storetype", "JKS", "-dname",
+ "CN=dozmodserver" });
+ QuickTimer.scheduleOnce(new Task() {
+ @Override
+ public void fire() {
+ try {
+ proc.exitValue();
+ proc.destroy();
+ } catch (IllegalThreadStateException e) {
+ }
+ }
+ }, 10000);
+ } catch (IOException e) {
+ LOGGER.error("Launching keytool failed", e);
+ return false;
+ }
+ int exitCode;
+ try {
+ exitCode = proc.waitFor();
+ } catch (InterruptedException e) {
+ LOGGER.warn("Got interrupted while creating the certificate");
+ proc.destroy();
+ return false;
+ }
+ if (exitCode != 0) {
+ LOGGER.warn("keytool returned exit code " + exitCode);
+ InputStream is = proc.getInputStream();
+ BufferedReader br = new BufferedReader(new InputStreamReader(is));
+ try {
+ String line;
+ while (null != (line = br.readLine())) {
+ LOGGER.info(line);
+ }
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ return false;
+ }
+ LOGGER.info("Certificate successfully created!");
+ try {
+ DbConfiguration.saveKeyStore(tmpFile);
+ } catch (SQLException | IOException e) {
+ LOGGER.error("Could not import generated keystore to database", e);
+ return false;
+ }
+ return true;
+ } finally {
+ tmpFile.delete();
+ }
+ }
+
+}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-03-01 13:50:18 +0100