🚧 Work on allowing the creation of OpenSSL certificates

src/main/java/de/mlessmann/certassist/ExecutableResolver.java

@@ -1,55 +1,67 @@
-package de.mlessmann.certassist;
+package de.mlessmann.certassist;
-
+
-import de.mlessmann.certassist.except.UnresolvableCLIDependency;
+import de.mlessmann.certassist.except.UnresolvableCLIDependency;
-import lombok.Setter;
+import lombok.Setter;
-import org.slf4j.Logger;
+import org.apache.commons.lang3.SystemUtils;
-import org.springframework.beans.factory.annotation.Value;
+import org.slf4j.Logger;
-import org.springframework.stereotype.Service;
+import org.springframework.beans.factory.annotation.Value;
-
+import org.springframework.stereotype.Service;
-import java.io.File;
+
-import java.nio.file.Files;
+import java.io.File;
-import java.nio.file.Path;
+import java.nio.file.Files;
-import java.util.Objects;
+import java.nio.file.Path;
-import java.util.Optional;
+import java.util.List;
-
+import java.util.Objects;
-import static org.slf4j.LoggerFactory.getLogger;
+import java.util.Optional;
-
+
-@Service
+import static org.slf4j.LoggerFactory.getLogger;
-public class ExecutableResolver {
+
-
+@Service
-    private static final Logger LOGGER = getLogger(ExecutableResolver.class);
+public class ExecutableResolver {
-
+
-    @Value("${openssl.path:#{null}}")
+    private static final Logger LOGGER = getLogger(ExecutableResolver.class);
-    private String opensslPath;
+
-
+    @Value("${openssl.path:#{null}}")
-    public String getOpenSSLPath() throws UnresolvableCLIDependency {
+    private String opensslPath;
-        if (opensslPath == null) {
+
-            LOGGER.atDebug().log("No openssl path configured, falling back to resolving by shell.");
+    public String getOpenSSLPath() throws UnresolvableCLIDependency {
-            var optSSLPath = searchCommandFromPath("openssl");
+        if (opensslPath == null) {
-            opensslPath = optSSLPath.orElseThrow(() -> new UnresolvableCLIDependency("openssl", "openssl.path"));
+            LOGGER.atDebug().log("No openssl path configured, falling back to resolving by shell.");
-        }
+            var optSSLPath = searchCommandFromPath("openssl");
-
+            opensslPath = optSSLPath.orElseThrow(() -> new UnresolvableCLIDependency("openssl", "openssl.path"));
-        Path configuredPath = new File(opensslPath).toPath();
+        }
-        if (!Files.isRegularFile(configuredPath)) {
+
-            throw new UnresolvableCLIDependency("openssl", "openssl.path");
+        Path configuredPath = new File(opensslPath).toPath();
-        }
+        if (!Files.isRegularFile(configuredPath)) {
-
+            throw new UnresolvableCLIDependency("openssl", "openssl.path");
-        return opensslPath;
+        }
-    }
+
-
+        return opensslPath;
-    private Optional<String> searchCommandFromPath(String executableName) {
+    }
-        String envPath = System.getenv("PATH");
+
-        Objects.requireNonNull(envPath, "Environment variable 'PATH' is not set?!");
+    private Optional<String> searchCommandFromPath(String executableName) {
-        String[] pathEntries = envPath.split(File.pathSeparator);
+        String envPath = System.getenv("PATH");
-
+        Objects.requireNonNull(envPath, "Environment variable 'PATH' is not set?!");
-        for (String pathEntry : pathEntries) {
+        String[] pathEntries = envPath.split(File.pathSeparator);
-            Path executablePath = Path.of(pathEntry, executableName);
+
-            if (Files.isRegularFile(executablePath) && Files.isExecutable(executablePath)) {
+        for (String pathEntry : pathEntries) {
-                return Optional.of(executablePath.toString());
+            for (String fileExtension : getAllowedExtensions()) {
-            }
+                Path executablePath = Path.of(pathEntry, executableName + fileExtension);
-        }
+                if (Files.isRegularFile(executablePath) && Files.isExecutable(executablePath)) {
-
+                    return Optional.of(executablePath.toString());
-        LOGGER.error("Could not find executable '{}' in PATH. Make sure that it exists on the of the directory and is executable.", executableName);
+                }
-        return Optional.empty();
+            }
-    }
+        }
-}
+
+        LOGGER.error("Could not find executable '{}' in PATH. Make sure that it exists on the of the directory and is executable.", executableName);
+        return Optional.empty();
+    }
+
+    public List<String> getAllowedExtensions() {
+        if (SystemUtils.IS_OS_WINDOWS) {
+            return List.of(".exe", ".bat", ".cmd");
+        } else {
+            return List.of("", ".sh");
+        }
+    }
+}

src/main/java/de/mlessmann/certassist/OpenSSLCertificateCreator.java

@@ -1,39 +0,0 @@
-package de.mlessmann.certassist;
-
-import de.mlessmann.certassist.except.UnresolvableCLIDependency;
-import org.slf4j.Logger;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import java.io.IOException;
-
-import static org.slf4j.LoggerFactory.getLogger;
-
-@Service
-public class OpenSSLCertificateCreator {
-
-    private static final Logger LOGGER = getLogger(OpenSSLCertificateCreator.class);
-
-    private final ExecutableResolver executableResolver;
-
-    @Autowired
-    public OpenSSLCertificateCreator(ExecutableResolver executableResolver) {
-        this.executableResolver = executableResolver;
-    }
-
-    public void createCertificate(CertificateRequest request) {
-        try {
-            String openSSLPath = executableResolver.getOpenSSLPath();
-
-            Process process = new ProcessBuilder()
-                    .command(openSSLPath, "--version")
-                    .redirectOutput(ProcessBuilder.Redirect.PIPE)
-                    .start();
-            process.waitFor();
-        } catch (IOException | InterruptedException e) {
-            LOGGER.atError().log(e.getMessage());
-        } catch (UnresolvableCLIDependency e) {
-            LOGGER.atError().log(e.getMessage());
-        }
-    }
-}

src/main/java/de/mlessmann/certassist/openssl/CertificateRequest.java

@@ -1,35 +1,40 @@
-package de.mlessmann.certassist;
+package de.mlessmann.certassist.openssl;
-
+
-import lombok.Builder;
+import lombok.Builder;
-import lombok.Getter;
+import lombok.Getter;
-import lombok.Setter;
+import lombok.Setter;
-
+
-import java.util.UUID;
+import java.util.UUID;
-
+
-
+
-@Builder
+@Builder
-public class CertificateRequest {
+public class CertificateRequest {
-
+
-    @Getter
+    @Getter
-    @Setter
+    @Setter
-    @Builder.Default
+    @Builder.Default
-    private String oid = UUID.randomUUID().toString();
+    private String oid = UUID.randomUUID().toString();
-
+
-    @Getter
+    @Getter
-    @Setter
+    @Setter
-    private RequestType type;
+    private RequestType type;
-
+
-    @Getter
+    @Getter
-    @Setter
+    @Setter
-    private String commonName;
+    private String commonName;
-
+
-    @Getter
+    @Getter
-    @Setter
+    @Setter
-    private String trustingAuthority;
+    private String trustingAuthority;
-
+
-    public enum RequestType {
+    @Getter
-        ROOT_AUTHORITY,
+    @Setter
-        STANDALONE_CERTIFICATE,
+    @Builder.Default
-        NORMAL_CERTIFICATE
+    private int requestedKeyLength = 4096;
-    }
+
-}
+    public enum RequestType {
+        ROOT_AUTHORITY,
+        STANDALONE_CERTIFICATE,
+        NORMAL_CERTIFICATE
+    }
+}

src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java

@@ -0,0 +1,62 @@
+package de.mlessmann.certassist.openssl;
+
+import de.mlessmann.certassist.ExecutableResolver;
+import de.mlessmann.certassist.except.UnresolvableCLIDependency;
+import org.slf4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import static org.slf4j.LoggerFactory.getLogger;
+
+@Service
+public class OpenSSLCertificateCreator {
+
+    private static final Logger LOGGER = getLogger(OpenSSLCertificateCreator.class);
+
+    private final ExecutableResolver executableResolver;
+
+    @Autowired
+    public OpenSSLCertificateCreator(ExecutableResolver executableResolver) {
+        this.executableResolver = executableResolver;
+    }
+
+    public void createCertificate(CertificateRequest request) {
+        Path tmpDir;
+        try {
+            tmpDir = Files.createTempDirectory("certassist");
+        } catch (IOException e) {
+            LOGGER.atError()
+                  .log("Could not create temp directory for openssl generator!", e);
+            return;
+        }
+
+        try {
+            createKeyfile(request, tmpDir);
+
+        } catch (IOException | InterruptedException e) {
+            LOGGER.atError()
+                  .log(e.getMessage());
+        } catch (UnresolvableCLIDependency e) {
+            LOGGER.atError()
+                  .log(e.getMessage());
+        }
+    }
+
+    private Path createKeyfile(CertificateRequest request, Path tmpDir) throws UnresolvableCLIDependency, IOException, InterruptedException {
+        Path keyFile = tmpDir.resolve("root.key").toAbsolutePath();
+        LOGGER.atDebug().log("Creating root certificate key at: {}", keyFile);
+
+        String openSSLPath = executableResolver.getOpenSSLPath();
+        Process createRootKeyProc = new ProcessBuilder()
+                .command(openSSLPath, "req", "genrsa", "-des3", "-out", keyFile.toString(),
+                         Integer.toString(request.getRequestedKeyLength()))
+                .inheritIO()
+                .start();
+        createRootKeyProc.waitFor();
+        return keyFile;
+    }
+}

src/test/java/de/mlessmann/certassist/TestOpenSSLCertificateCreator.java

@@ -1,28 +1,28 @@
-package de.mlessmann.certassist;
+package de.mlessmann.certassist;
-
+
-import de.mlessmann.certassist.CertificateRequest.RequestType;
+import de.mlessmann.certassist.openssl.CertificateRequest;
-import org.junit.jupiter.api.BeforeEach;
+import de.mlessmann.certassist.openssl.CertificateRequest.RequestType;
-import org.junit.jupiter.api.Test;
+import de.mlessmann.certassist.openssl.OpenSSLCertificateCreator;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.junit.jupiter.api.BeforeEach;
-import org.springframework.boot.test.context.SpringBootTest;
+import org.junit.jupiter.api.Test;
-
+
-public class TestOpenSSLCertificateCreator {
+public class TestOpenSSLCertificateCreator {
-
+
-    private OpenSSLCertificateCreator openSSLCertificateCreator;
+    private OpenSSLCertificateCreator openSSLCertificateCreator;
-
+
-    @BeforeEach
+    @BeforeEach
-    void setUp() {
+    void setUp() {
-        ExecutableResolver executableResolver = new ExecutableResolver();
+        ExecutableResolver executableResolver = new ExecutableResolver();
-        openSSLCertificateCreator = new OpenSSLCertificateCreator(executableResolver);
+        openSSLCertificateCreator = new OpenSSLCertificateCreator(executableResolver);
-    }
+    }
-
+
-    @Test
+    @Test
-    void testCertificateCreation() {
+    void testCertificateCreation() {
-        CertificateRequest certRequest = CertificateRequest.builder()
+        CertificateRequest certRequest = CertificateRequest.builder()
-                                                     .commonName("test.home")
+                                                           .commonName("test.home")
-                                                     .type(RequestType.STANDALONE_CERTIFICATE)
+                                                           .type(RequestType.STANDALONE_CERTIFICATE)
-                                                     .build();
+                                                           .build();
-
+
-        openSSLCertificateCreator.createCertificate(certRequest);
+        openSSLCertificateCreator.createCertificate(certRequest);
-    }
+    }
-}
+}