Compare commits
3 commits
2a02e26b01
...
a9d8782a27
| Author | SHA1 | Date | |
|---|---|---|---|
a9d8782a27
|
|||
|
f8e9158a76
|
|||
|
4b863fec42
|
6 changed files with 109 additions and 89 deletions
|
|
@ -3,13 +3,12 @@ package de.mlessmann.certassist.models;
|
|||
import jakarta.persistence.*;
|
||||
import jakarta.validation.constraints.Min;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import lombok.*;
|
||||
import org.hibernate.proxy.HibernateProxy;
|
||||
|
||||
import java.time.OffsetDateTime;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import lombok.*;
|
||||
import org.hibernate.proxy.HibernateProxy;
|
||||
|
||||
@Entity
|
||||
@Table(uniqueConstraints = { @UniqueConstraint(columnNames = { "fingerprint" }) })
|
||||
|
|
@ -30,7 +29,14 @@ public class Certificate {
|
|||
|
||||
private String trustingAuthority;
|
||||
|
||||
@Min(1)
|
||||
/**
|
||||
* <ul>
|
||||
* <li>-1 = no requested key length is known (might happen with imported certificates)</li>
|
||||
* <li>0 = no key is available for this certificate (might happen with trusted third party certificates)</li>
|
||||
* <li>> 1 = The key length in bits used for the private key of this certificate</li>
|
||||
* </ul>
|
||||
*/
|
||||
@Min(-1)
|
||||
private int requestedKeyLength;
|
||||
|
||||
private OffsetDateTime notBefore;
|
||||
|
|
@ -69,8 +75,12 @@ public class Certificate {
|
|||
public final boolean equals(Object o) {
|
||||
if (this == o) return true;
|
||||
if (o == null) return false;
|
||||
Class<?> oEffectiveClass = o instanceof HibernateProxy ? ((HibernateProxy) o).getHibernateLazyInitializer().getPersistentClass() : o.getClass();
|
||||
Class<?> thisEffectiveClass = this instanceof HibernateProxy ? ((HibernateProxy) this).getHibernateLazyInitializer().getPersistentClass() : this.getClass();
|
||||
Class<?> oEffectiveClass = o instanceof HibernateProxy
|
||||
? ((HibernateProxy) o).getHibernateLazyInitializer().getPersistentClass()
|
||||
: o.getClass();
|
||||
Class<?> thisEffectiveClass = this instanceof HibernateProxy
|
||||
? ((HibernateProxy) this).getHibernateLazyInitializer().getPersistentClass()
|
||||
: this.getClass();
|
||||
if (thisEffectiveClass != oEffectiveClass) return false;
|
||||
Certificate that = (Certificate) o;
|
||||
return getId() != null && Objects.equals(getId(), that.getId());
|
||||
|
|
@ -78,6 +88,8 @@ public class Certificate {
|
|||
|
||||
@Override
|
||||
public final int hashCode() {
|
||||
return this instanceof HibernateProxy ? ((HibernateProxy) this).getHibernateLazyInitializer().getPersistentClass().hashCode() : getClass().hashCode();
|
||||
return this instanceof HibernateProxy
|
||||
? ((HibernateProxy) this).getHibernateLazyInitializer().getPersistentClass().hashCode()
|
||||
: getClass().hashCode();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,11 +23,9 @@ import java.nio.file.Path;
|
|||
import java.nio.file.StandardOpenOption;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.time.OffsetDateTime;
|
||||
import java.time.ZonedDateTime;
|
||||
import java.time.format.DateTimeFormatter;
|
||||
import java.time.format.DateTimeFormatterBuilder;
|
||||
import java.time.temporal.ChronoField;
|
||||
import java.time.temporal.IsoFields;
|
||||
import java.util.*;
|
||||
import java.util.concurrent.ExecutionException;
|
||||
import java.util.concurrent.TimeoutException;
|
||||
|
|
@ -84,7 +82,7 @@ public class OpenSSLService {
|
|||
.appendValue(ChronoField.MINUTE_OF_HOUR, 2)
|
||||
.appendLiteral(':')
|
||||
.appendValue(ChronoField.SECOND_OF_MINUTE, 2)
|
||||
.appendOffset("+HH:MM:ss","Z")
|
||||
.appendOffset("+HH:MM:ss", "Z")
|
||||
.toFormatter();
|
||||
private static final String OSSL_ENV_KEY_PW = "KEY_PASS";
|
||||
private static final String OSSL_ARG_KEY_PW = "env:" + OSSL_ENV_KEY_PW;
|
||||
|
|
|
|||
|
|
@ -2,14 +2,12 @@ package de.mlessmann.certassist.openssl;
|
|||
|
||||
import de.mlessmann.certassist.models.CertificateInfoExtension;
|
||||
import de.mlessmann.certassist.models.CertificateInfoSubject;
|
||||
import lombok.Builder;
|
||||
import org.springframework.lang.Nullable;
|
||||
|
||||
import java.time.OffsetDateTime;
|
||||
import java.time.ZonedDateTime;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import lombok.Builder;
|
||||
import org.springframework.lang.Nullable;
|
||||
|
||||
@Builder
|
||||
public record X509CertificateInfo(
|
||||
|
|
@ -34,4 +32,8 @@ public record X509CertificateInfo(
|
|||
}
|
||||
return Collections.unmodifiableList(extensions);
|
||||
}
|
||||
|
||||
public boolean hasExtensions() {
|
||||
return extensions != null && !extensions.isEmpty();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -79,9 +79,17 @@ public class CertificateCreationService {
|
|||
|
||||
private Certificate createEntityFromInfo(X509CertificateInfo info) {
|
||||
final Certificate certificate = new Certificate();
|
||||
certificate.setType(mapCertificateRequestType(info.issuer() != null ? CertificateInfo.RequestType.NORMAL_CERTIFICATE : CertificateInfo.RequestType.STANDALONE_CERTIFICATE));
|
||||
certificate.setType(
|
||||
mapCertificateRequestType(
|
||||
info.issuer() != null
|
||||
? CertificateInfo.RequestType.NORMAL_CERTIFICATE
|
||||
: CertificateInfo.RequestType.STANDALONE_CERTIFICATE
|
||||
)
|
||||
);
|
||||
certificate.setSubjectCommonName(info.subject().getCommonName());
|
||||
if (info.issuer() != null) {
|
||||
certificate.setTrustingAuthority(info.issuer().getCommonName());
|
||||
}
|
||||
certificate.setRequestedKeyLength(-1);
|
||||
certificate.setNotBefore(info.notBefore());
|
||||
certificate.setNotAfter(info.notAfter());
|
||||
|
|
@ -94,6 +102,7 @@ public class CertificateCreationService {
|
|||
certificate.setSubjectState(subjectInfo.getState());
|
||||
certificate.setSubjectLocality(subjectInfo.getLocality());
|
||||
|
||||
if (info.hasExtensions()) {
|
||||
final CertificateInfoExtension extension = info.extensions().getFirst();
|
||||
if (extension != null) {
|
||||
final CertificateExtension certificateExtension = new CertificateExtension();
|
||||
|
|
@ -101,6 +110,7 @@ public class CertificateCreationService {
|
|||
certificateExtension.setValue(String.join(",", extension.getAlternativeDnsNames()));
|
||||
certificate.setCertificateExtension(List.of(certificateExtension));
|
||||
}
|
||||
}
|
||||
return certificate;
|
||||
}
|
||||
|
||||
|
|
@ -113,6 +123,7 @@ public class CertificateCreationService {
|
|||
try {
|
||||
String fingerprint = openSSLService.getCertificateFingerprint(certificate);
|
||||
Certificate entity = createEntityFromInfo(openSSLService.getCertificateInfo(certificate));
|
||||
entity.setRequestedKeyLength(-1);
|
||||
entity.setFingerprint(fingerprint);
|
||||
entity.setCert(Files.readAllBytes(certificate));
|
||||
if (keyFile != null) {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,9 @@
|
|||
package de.mlessmann.certassist;
|
||||
|
||||
import static java.util.Objects.requireNonNull;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import de.mlessmann.certassist.models.CertificateInfo;
|
||||
import de.mlessmann.certassist.models.CertificateInfo.RequestType;
|
||||
import de.mlessmann.certassist.models.CertificateInfoExtension;
|
||||
|
|
@ -8,17 +12,12 @@ import de.mlessmann.certassist.openssl.CertificatePasswordProvider;
|
|||
import de.mlessmann.certassist.openssl.CertificateProvider;
|
||||
import de.mlessmann.certassist.openssl.OpenSSLService;
|
||||
import de.mlessmann.certassist.service.ExecutableResolver;
|
||||
import java.nio.file.Path;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.mock.mockito.MockBean;
|
||||
|
||||
import java.nio.file.Path;
|
||||
|
||||
import static java.util.Objects.requireNonNull;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
@SpringBootTest
|
||||
class TestOpenSSLService {
|
||||
|
||||
|
|
@ -88,9 +87,7 @@ class TestOpenSSLService {
|
|||
when(certificateProvider.requestCertificateUsage(cert.fingerprint())).thenReturn(spiedCert);
|
||||
try (var childCert = certificateCreator.createCertificate(childRequest)) {
|
||||
Path fullchain = childCert.fullchainPath();
|
||||
assertThat(
|
||||
certificateCreator.verifyCertificate(requireNonNull(fullchain), cert.certificatePath())
|
||||
)
|
||||
assertThat(certificateCreator.verifyCertificate(requireNonNull(fullchain), cert.certificatePath()))
|
||||
.withFailMessage(ERR_VERIFY_FAILED)
|
||||
.isTrue();
|
||||
assertThat(certificateCreator.isKeyEncrypted(requireNonNull(childCert.certificateKeyPath())))
|
||||
|
|
@ -124,6 +121,7 @@ class TestOpenSSLService {
|
|||
assertThat(request.subject().getState()).isEqualTo("SH");
|
||||
assertThat(request.subject().getLocality()).isEqualTo("HH");
|
||||
assertThat(request.subject().getOrganization()).isEqualTo("Crazy-Cats");
|
||||
assertThat(request.extensions().getFirst().getAlternativeDnsNames()).containsExactly("test2.local", "test3.local");
|
||||
assertThat(request.extensions().getFirst().getAlternativeDnsNames())
|
||||
.containsExactly("test2.local", "test3.local");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ import de.mlessmann.certassist.models.Certificate;
|
|||
import de.mlessmann.certassist.models.CertificateExtension;
|
||||
import de.mlessmann.certassist.models.CertificateType;
|
||||
import jakarta.transaction.Transactional;
|
||||
|
||||
import java.time.OffsetDateTime;
|
||||
import java.util.List;
|
||||
import java.util.stream.StreamSupport;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue