feat: Implement Truststore/Keystore creation (#17)

* feat: Implement Truststore/Keystore creation * feat: Update ordering of certificate chains to match what JDK demands * feat: Implement creating trust- and keystores from certs :)
2024-11-23 20:24:43 +01:00 · 2024-11-23 20:24:43 +01:00 · 8856d8773e
commit 8856d8773e
parent 861b7469d2
10 changed files with 402 additions and 42 deletions
--- a/src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
+++ b/src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
@ -139,8 +139,9 @@ public class OpenSSLCertificateCreator {
                Path certAuthFullchain = Optional
                    .ofNullable(certAuthority.fullchainPath())
                    .orElse(certAuthority.certificatePath());
-                Files.write(fullchain, Files.readAllBytes(certAuthFullchain), StandardOpenOption.CREATE);
-                Files.write(fullchain, Files.readAllBytes(signedCert), StandardOpenOption.APPEND);
+                // Leaf certificate first, then the CA chain
+                Files.write(fullchain, Files.readAllBytes(signedCert), StandardOpenOption.CREATE);
+                Files.write(fullchain, Files.readAllBytes(certAuthFullchain), StandardOpenOption.APPEND);
            } catch (IOException e) {
                throw new CommandLineOperationException("Failed to create fullchain file.", e);
            }
@ -616,4 +617,30 @@ public class OpenSSLCertificateCreator {
            default -> throw new IllegalStateException("Unexpected subject key: %s in line: %s".formatted(key, line));
        };
    }
+
+    public String readDecryptedKey(Path keyFile, String passphrase) throws CommandLineOperationException {
+        StartedProcess keyReadProc = null;
+        try {
+            keyReadProc =
+            new ProcessExecutor()
+                .command(resolveOpenSSL(), "rsa", "-in", keyFile.toString(), "-passin", OSSL_ARG_KEY_PW)
+                .environment(OSSL_ENV_KEY_PW, passphrase)
+                .readOutput(true)
+                .redirectError(Slf4jStream.of(openSSLLogger).asError())
+                .start();
+            var keyReadResult = keyReadProc.getFuture().get(30, SECONDS);
+            if (keyReadResult.getExitValue() != 0) {
+                throw new CommandLineOperationException(
+                    "Failed to read decrypted key - is the passphrase correct? Exit code: %d".formatted(
+                            keyReadResult.getExitValue()
+                        )
+                );
+            }
+            return keyReadResult.getOutput().getUTF8();
+        } catch (IOException | InterruptedException | ExecutionException | TimeoutException e) {
+            throw new RuntimeException(e);
+        } finally {
+            killIfActive(keyReadProc);
+        }
+    }
 }