feat: Implement Truststore/Keystore creation

chore: Run spotless feat: Update ordering of certificate chains to match what JDK demands feat: Implement creating trust- and keystores from certs :)
2024-11-23 19:49:21 +01:00 · 2024-11-23 19:49:21 +01:00 · 402bd99abf
commit 402bd99abf
parent 861b7469d2
10 changed files with 403 additions and 41 deletions
--- a/src/main/java/de/mlessmann/certassist/openssl/CertificateUsage.java
+++ b/src/main/java/de/mlessmann/certassist/openssl/CertificateUsage.java
@ -36,5 +36,7 @@ public interface CertificateUsage extends AutoCloseable {
    String fingerprint();

    @Override
-    void close();
+    default void close() {
+        // Default implementation does nothing - overwrite this if you need to close resources.
+    }
 }
--- a/src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
+++ b/src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
@ -139,8 +139,9 @@ public class OpenSSLCertificateCreator {
                Path certAuthFullchain = Optional
                    .ofNullable(certAuthority.fullchainPath())
                    .orElse(certAuthority.certificatePath());
-                Files.write(fullchain, Files.readAllBytes(certAuthFullchain), StandardOpenOption.CREATE);
+                // Leaf certificate first, then the CA chain
                Files.write(fullchain, Files.readAllBytes(signedCert), StandardOpenOption.APPEND);
+                Files.write(fullchain, Files.readAllBytes(certAuthFullchain), StandardOpenOption.CREATE);
            } catch (IOException e) {
                throw new CommandLineOperationException("Failed to create fullchain file.", e);
            }
@ -616,4 +617,30 @@ public class OpenSSLCertificateCreator {
            default -> throw new IllegalStateException("Unexpected subject key: %s in line: %s".formatted(key, line));
        };
    }
+
+    public String readDecryptedKey(Path keyFile, String passphrase) throws CommandLineOperationException {
+        StartedProcess keyReadProc = null;
+        try {
+            keyReadProc =
+            new ProcessExecutor()
+                .command(resolveOpenSSL(), "rsa", "-in", keyFile.toString(), "-passin", OSSL_ARG_KEY_PW)
+                .environment(OSSL_ENV_KEY_PW, passphrase)
+                .readOutput(true)
+                .redirectError(Slf4jStream.of(openSSLLogger).asError())
+                .start();
+            var keyReadResult = keyReadProc.getFuture().get(30, SECONDS);
+            if (keyReadResult.getExitValue() != 0) {
+                throw new CommandLineOperationException(
+                    "Failed to read decrypted key - is the passphrase correct? Exit code: %d".formatted(
+                            keyReadResult.getExitValue()
+                        )
+                );
+            }
+            return keyReadResult.getOutput().getUTF8();
+        } catch (IOException | InterruptedException | ExecutionException | TimeoutException e) {
+            throw new RuntimeException(e);
+        } finally {
+            killIfActive(keyReadProc);
+        }
+    }
 }