Mark.TwoFive/home-cert-assistant
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Wiki Activity Actions

feat: Read notBefore/After and serial from x509 command

Browse source 
- Added notBefore/After to the DB entity
- API changed to a command output oriented record instead of the certificate request object to separate concerns
This commit is contained in:
Magnus Leßmann (@MarkL4YG) 2024-12-28 09:45:19 +01:00
parent cdd82443b0
commit d725d7d249
Signed by: Mark.TwoFive
GPG key ID: 5B5EBCBE331F1E6F
6 changed files with 184 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

38
src/main/java/de/mlessmann/certassist/service/CertificateCreationService.java
View file

@ -7,6 +7,7 @@ import de.mlessmann.certassist.repositories.CertificateRepository;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.time.OffsetDateTime;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -55,7 +56,9 @@ public class CertificateCreationService {
certificate.setSubjectCommonName(certificateInfo.getSubject().getCommonName());
certificate.setTrustingAuthority(certificateInfo.getTrustingAuthority());
certificate.setRequestedKeyLength(certificateInfo.getRequestedKeyLength());
certificate.setRequestedValidityDays(certificateInfo.getRequestedValidityDays());
certificate.setNotBefore(OffsetDateTime.now());
certificate.setNotAfter(OffsetDateTime.now().plusDays(certificateInfo.getRequestedValidityDays()));
final CertificateInfoSubject subjectInfo = certificateInfo.getSubject();
certificate.setSubjectEmailAddress(subjectInfo.getEmailAddress());
certificate.setSubjectOrganization(subjectInfo.getOrganization());
@ -74,6 +77,33 @@ public class CertificateCreationService {
return certificate;
}
private Certificate createEntityFromInfo(X509CertificateInfo info) {
final Certificate certificate = new Certificate();
certificate.setType(mapCertificateRequestType(info.issuer() != null ? CertificateInfo.RequestType.NORMAL_CERTIFICATE : CertificateInfo.RequestType.STANDALONE_CERTIFICATE));
certificate.setSubjectCommonName(info.subject().getCommonName());
certificate.setTrustingAuthority(info.issuer().getCommonName());
certificate.setRequestedKeyLength(-1);
certificate.setNotBefore(info.notBefore());
certificate.setNotAfter(info.notAfter());
final CertificateInfoSubject subjectInfo = info.subject();
certificate.setSubjectEmailAddress(subjectInfo.getEmailAddress());
certificate.setSubjectOrganization(subjectInfo.getOrganization());
certificate.setSubjectOrganizationalUnit(subjectInfo.getOrganizationalUnit());
certificate.setSubjectCountry(subjectInfo.getCountry());
certificate.setSubjectState(subjectInfo.getState());
certificate.setSubjectLocality(subjectInfo.getLocality());
final CertificateInfoExtension extension = info.extensions().getFirst();
if (extension != null) {
final CertificateExtension certificateExtension = new CertificateExtension();
certificateExtension.setIdentifier("alternativeNames");
certificateExtension.setValue(String.join(",", extension.getAlternativeDnsNames()));
certificate.setCertificateExtension(List.of(certificateExtension));
}
return certificate;
}
@NonNull
public Certificate importCertificate(
@NonNull Path certificate,
@ -82,8 +112,7 @@ public class CertificateCreationService {
) {
try {
String fingerprint = openSSLService.getCertificateFingerprint(certificate);
var generatedRequest = openSSLService.getCertificateInfo(certificate);
Certificate entity = createEntityFromRequest(generatedRequest);
Certificate entity = createEntityFromInfo(openSSLService.getCertificateInfo(certificate));
entity.setFingerprint(fingerprint);
entity.setCert(Files.readAllBytes(certificate));
if (keyFile != null) {
@ -113,8 +142,7 @@ public class CertificateCreationService {
int endIdx = endMatcher.end();
String singleCert = pemContent.substring(startIdx, endIdx);
String fingerprint = openSSLService.getCertificateFingerprint(singleCert);
var generatedRequest = openSSLService.getCertificateInfo(singleCert);
Certificate entity = createEntityFromRequest(generatedRequest);
Certificate entity = createEntityFromInfo(openSSLService.getCertificateInfo(singleCert));
entity.setFingerprint(fingerprint);
entity.setCert(singleCert.getBytes());
certsInBundle.put(fingerprint, entity);