Mark.TwoFive/home-cert-assistant
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Wiki Activity Actions

feat: Implement support for importing certificates

Browse source 
chore: Remove obsolete model
wip: Create first working test case for cert import
wip: Generate basic certRequest from given cert files
wip: Start work on being able to import certificates
chore: Update gitignore
This commit is contained in:
Magnus Leßmann (@MarkL4YG) 2024-11-22 17:43:02 +01:00
parent b39242baba
commit f2ed523285
15 changed files with 518 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

113
src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
View file

@ -7,6 +7,7 @@ import de.mlessmann.certassist.ExecutableResolver;
import de.mlessmann.certassist.except.CommandLineOperationException;
import de.mlessmann.certassist.except.UnresolvableCLIDependency;
import de.mlessmann.certassist.openssl.CertificateRequest.RequestType;
import de.mlessmann.certassist.openssl.CertificateSubject.CertificateSubjectBuilder;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
@ -59,7 +60,7 @@ public class OpenSSLCertificateCreator {
.replace("STATE", request.getSubject().getState())
.replace("LOCALITY", request.getSubject().getLocality())
.replace("ORGANIZATION", request.getSubject().getOrganization())
.replace("COMMON-NAME", request.getCommonName());
.replace("COMMON-NAME", request.getSubject().getCommonName());
if (StringUtils.isNotBlank(request.getSubject().getOrganizationalUnit())) {
certSubject += "/OU=" + request.getSubject().getOrganizationalUnit();
@ -351,7 +352,7 @@ public class OpenSSLCertificateCreator {
return outFile;
}
private String getCertificateFingerprint(Path certificate)
public String getCertificateFingerprint(Path certificate)
throws CommandLineOperationException, InterruptedException {
try {
StartedProcess fingerprintProc = new ProcessExecutor()
@ -361,6 +362,16 @@ public class OpenSSLCertificateCreator {
.start();
var fingerprintResult = fingerprintProc.getFuture().get();
String output = fingerprintResult.getOutput().getUTF8();
if (fingerprintResult.getExitValue() != 0) {
log.debug("Fingerprint command output:\n{}", output);
throw new CommandLineOperationException(
"Failed to get fingerprint of certificate. Exit code: %d".formatted(
fingerprintResult.getExitValue()
)
);
}
Matcher matcher = FINGERPRINT_EXTRACTOR.matcher(output);
if (!matcher.find()) {
log.debug(output);
@ -381,6 +392,49 @@ public class OpenSSLCertificateCreator {
}
}
public CertificateRequest getCertificateInfo(Path path) throws CommandLineOperationException, InterruptedException {
try {
StartedProcess infoProc = new ProcessExecutor()
.command(
resolveOpenSSL(),
"x509",
"-in",
path.toString(),
"-noout",
"-dateopt",
"iso_8601",
"-fingerprint",
"-subject",
"-issuer",
"-serial",
"-dates",
"-alias",
"-email",
"-purpose",
"-ext",
"subjectAltName",
"-nameopt",
"sep_multiline",
"-nameopt",
"lname"
)
.readOutput(true)
.redirectError(Slf4jStream.ofCaller().asError())
.start();
var infoResult = infoProc.getFuture().get();
String output = infoResult.getOutput().getUTF8();
if (infoResult.getExitValue() != 0) {
log.debug("Certificate info command output:\n{}", output);
throw new CommandLineOperationException(
"Failed to get info of path. Exit code: %d".formatted(infoResult.getExitValue())
);
}
return getCertificateInfo(output.lines().toArray(String[]::new));
} catch (IOException | ExecutionException e) {
throw new RuntimeException(e);
}
}
private String resolveOpenSSL() throws CommandLineOperationException {
try {
return executableResolver.getOpenSSLPath();
@ -388,4 +442,59 @@ public class OpenSSLCertificateCreator {
throw new CommandLineOperationException(e);
}
}
private CertificateRequest getCertificateInfo(String[] lines) {
var builder = CertificateRequest.builder();
boolean hasIssuer = false;
for (int i = 0; i < lines.length; i++) {
String line = lines[i];
if (line.startsWith("subject=")) {
CertificateSubjectBuilder subjectBuilder = CertificateSubject.builder();
line = lines[++i];
while (line.startsWith(" ")) {
subjectBuilder = readSubjectInfo(line, subjectBuilder);
line = lines[++i];
}
builder = builder.subject(subjectBuilder);
} else if (line.startsWith("issuer=")) {
hasIssuer = true;
CertificateSubjectBuilder issuerBuilder = CertificateSubject.builder();
line = lines[++i];
while (line.startsWith(" ")) {
issuerBuilder = readSubjectInfo(line, issuerBuilder);
line = lines[++i];
}
builder = builder.issuer(issuerBuilder);
} else if (line.startsWith("X509v3 Subject Alternative Name")) {
String[] altNames = lines[++i].split(",");
builder = builder.extension(CertificateRequestExtension.builder().alternativeNames(altNames));
}
}
builder = builder.type(hasIssuer ? RequestType.NORMAL_CERTIFICATE : RequestType.STANDALONE_CERTIFICATE);
return builder.build();
}
private CertificateSubjectBuilder readSubjectInfo(String line, CertificateSubjectBuilder builder) {
String[] parts = line.split("=", 2);
if (parts.length != 2) {
return builder;
}
String key = parts[0];
String value = parts[1];
return switch (key.trim()) {
case "countryName" -> builder.country(value);
case "stateOrProvinceName" -> builder.state(value);
case "localityName" -> builder.locality(value);
case "organizationName" -> builder.organization(value);
case "organizationalUnitName" -> builder.organizationalUnit(value);
case "commonName" -> builder.commonName(value);
case "emailAddress" -> builder.emailAddress(value);
default -> throw new IllegalStateException("Unexpected subject key: %s in line: %s".formatted(key, line));
};
}
}