feat: Implement support for importing certificates

chore: Remove obsolete model wip: Create first working test case for cert import wip: Generate basic certRequest from given cert files wip: Start work on being able to import certificates chore: Update gitignore
2024-11-22 17:43:02 +01:00 · 2024-11-22 17:43:02 +01:00 · f2ed523285
commit f2ed523285
parent b39242baba
15 changed files with 518 additions and 33 deletions
--- a/src/main/java/de/mlessmann/certassist/service/CertificateCreationService.java
+++ b/src/main/java/de/mlessmann/certassist/service/CertificateCreationService.java
@ -8,8 +8,10 @@ import de.mlessmann.certassist.openssl.*;
 import de.mlessmann.certassist.repositories.CertificateRepository;
 import java.io.IOException;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;

@Service
@ -18,29 +20,10 @@ public class CertificateCreationService {

    private final CertificateRepository certificateRepository;
    private final OpenSSLCertificateCreator openSSLCertificateCreator;
+    private final PassphraseService passphraseService;

    public Certificate createCertificate(final CertificateRequest certificateRequest) {
-        final Certificate certificate = new Certificate();
-        certificate.setType(mapCertificateRequestType(certificateRequest.getType()));
-        certificate.setCommonName(certificateRequest.getCommonName());
-        certificate.setTrustingAuthority(certificateRequest.getTrustingAuthority());
-        certificate.setRequestedKeyLength(certificateRequest.getRequestedKeyLength());
-        certificate.setRequestedValidityDays(certificateRequest.getRequestedValidityDays());
-        final CertificateSubject certificateSubject = certificateRequest.getSubject();
-        certificate.setSubjectEmailAddress(certificateSubject.getEmailAddress());
-        certificate.setSubjectOrganization(certificateSubject.getOrganization());
-        certificate.setSubjectOrganizationalUnit(certificateSubject.getOrganizationalUnit());
-        certificate.setSubjectCountry(certificateSubject.getCountry());
-        certificate.setSubjectState(certificateSubject.getState());
-        certificate.setSubjectLocality(certificateSubject.getLocality());
-
-        final CertificateRequestExtension extension = certificateRequest.getExtension();
-        if (extension != null) {
-            final CertificateExtension certificateExtension = new CertificateExtension();
-            certificateExtension.setIdentifier("alternativeNames");
-            certificateExtension.setValue(String.join(",", extension.getAlternativeNames()));
-            certificate.setCertificateExtension(List.of(certificateExtension));
-        }
+        final Certificate certificate = createEntityFromRequest(certificateRequest);

        try (
            OpenSSLCertificateResult certificateCreatorResult = openSSLCertificateCreator.createCertificate(
@ -60,6 +43,49 @@ public class CertificateCreationService {
        return certificate;
    }

+    private Certificate createEntityFromRequest(CertificateRequest certificateRequest) {
+        final Certificate certificate = new Certificate();
+        certificate.setType(mapCertificateRequestType(certificateRequest.getType()));
+        certificate.setCommonName(certificateRequest.getSubject().getCommonName());
+        certificate.setTrustingAuthority(certificateRequest.getTrustingAuthority());
+        certificate.setRequestedKeyLength(certificateRequest.getRequestedKeyLength());
+        certificate.setRequestedValidityDays(certificateRequest.getRequestedValidityDays());
+        final CertificateSubject certificateSubject = certificateRequest.getSubject();
+        certificate.setSubjectEmailAddress(certificateSubject.getEmailAddress());
+        certificate.setSubjectOrganization(certificateSubject.getOrganization());
+        certificate.setSubjectOrganizationalUnit(certificateSubject.getOrganizationalUnit());
+        certificate.setSubjectCountry(certificateSubject.getCountry());
+        certificate.setSubjectState(certificateSubject.getState());
+        certificate.setSubjectLocality(certificateSubject.getLocality());
+
+        final CertificateRequestExtension extension = certificateRequest.getExtension();
+        if (extension != null) {
+            final CertificateExtension certificateExtension = new CertificateExtension();
+            certificateExtension.setIdentifier("alternativeNames");
+            certificateExtension.setValue(String.join(",", extension.getAlternativeNames()));
+            certificate.setCertificateExtension(List.of(certificateExtension));
+        }
+        return certificate;
+    }
+
+    public Certificate importCertificate(Path certificate, Path keyFile, String passphrase) {
+        try {
+            String fingerprint = openSSLCertificateCreator.getCertificateFingerprint(certificate);
+            var generatedRequest = openSSLCertificateCreator.getCertificateInfo(certificate);
+            Certificate entity = createEntityFromRequest(generatedRequest);
+            entity.setCert(Files.readAllBytes(certificate));
+            entity.setPrivateKey(Files.readAllBytes(keyFile));
+            if (StringUtils.isNotBlank(passphrase)) {
+                passphraseService.storePassphrase("cert:" + fingerprint, passphrase);
+            }
+            return certificateRepository.save(entity);
+        } catch (CommandLineOperationException | IOException e) {
+            throw new RuntimeException("Unable to import certificate", e);
+        } catch (InterruptedException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
    private CertificateType mapCertificateRequestType(CertificateRequest.RequestType requestType) {
        return switch (requestType) {
            case ROOT_AUTHORITY -> CertificateType.ROOT_CA;