Mark.TwoFive/home-cert-assistant
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Wiki Activity Actions

feat: Implement way of retrieving CAs in signing process

Browse source
This commit is contained in:
Magnus Leßmann (@MarkL4YG) 2024-11-19 23:02:27 +01:00
parent 2608bca428
commit fc34320ffd
4 changed files with 53 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

23
src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
View file

@ -47,6 +47,7 @@ public class OpenSSLCertificateCreator {
private final ExecutableResolver executableResolver;
private final CertPasswordProvider passwordProvider;
private final CertificateProvider certificateProvider;
private static String buildSubjectArg(CertificateRequest request) {
String certSubject = OPENSSL_CERT_SUBJECT_TEMPLATE
@ -77,21 +78,23 @@ public class OpenSSLCertificateCreator {
}
String certPassword = passwordProvider.generateNewPassword();
Path keyFile = createKeyfile(request, tmpDir.resolve("root.key"), certPassword);
Path rootCert = createCertificate(request, keyFile, tmpDir.resolve("root.crt"), certPassword);
Path keyFile = createKeyfile(request, tmpDir.resolve("certificate.key"), certPassword);
if (
request.getType() == RequestType.ROOT_AUTHORITY || request.getType() == RequestType.STANDALONE_CERTIFICATE
) {
String fingerprint = getCertificateFingerprint(rootCert);
return new OpenSSLCertificateResult(tmpDir, rootCert, keyFile, fingerprint);
Path certificate = createCertificate(request, keyFile, tmpDir.resolve("certificate.crt"), certPassword);
String fingerprint = getCertificateFingerprint(certificate);
passwordProvider.setPasswordFor(fingerprint, certPassword);
return new OpenSSLCertificateResult(tmpDir, certificate, keyFile, fingerprint);
}
Path childKey = createKeyfile(request, tmpDir.resolve("child.key"), certPassword);
Path unsignedCert = createSigningRequest(request, childKey, tmpDir.resolve("child.csr"), certPassword);
Path signedCert = signCertificate(request, rootCert, keyFile, unsignedCert, certPassword);
String fingerPrint = getCertificateFingerprint(signedCert);
passwordProvider.setPasswordFor(fingerPrint, certPassword);
return new OpenSSLCertificateResult(tmpDir, signedCert, childKey, fingerPrint);
try (var certAuthority = certificateProvider.requestCertificateUsage(request.getTrustingAuthority())) {
Path unsignedCert = createSigningRequest(request, keyFile, tmpDir.resolve("child.csr"), certPassword);
Path signedCert = signCertificate(request, certAuthority.certificatePath(), certAuthority.certificateKeyPath(), unsignedCert, certPassword);
String fingerprint = getCertificateFingerprint(signedCert);
passwordProvider.setPasswordFor(fingerprint, certPassword);
return new OpenSSLCertificateResult(tmpDir, signedCert, keyFile, fingerprint);
}
}
private Path createKeyfile(CertificateRequest request, Path outFile, String filePassword)