home-cert-assistant/src/main/java/de/mlessmann/certassist/service/CertificateCreationService.java

package de.mlessmann.certassist.service;

import de.mlessmann.certassist.except.CommandLineOperationException;
import de.mlessmann.certassist.models.Certificate;
import de.mlessmann.certassist.models.CertificateExtension;
import de.mlessmann.certassist.models.CertificateType;
import de.mlessmann.certassist.openssl.*;
import de.mlessmann.certassist.repositories.CertificateRepository;
import java.io.IOException;
import java.nio.file.Files;
import java.util.List;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;

@Service
@RequiredArgsConstructor
public class CertificateCreationService {

    private final CertificateRepository certificateRepository;
    private final OpenSSLCertificateCreator openSSLCertificateCreator;

    public Certificate createCertificate(final CertificateRequest certificateRequest) {
        final Certificate certificate = new Certificate();
        certificate.setType(mapCertificateRequestType(certificateRequest.getType()));
        certificate.setCommonName(certificateRequest.getCommonName());
        certificate.setTrustingAuthority(certificateRequest.getTrustingAuthority());
        certificate.setRequestedKeyLength(certificateRequest.getRequestedKeyLength());
        certificate.setRequestedValidityDays(certificateRequest.getRequestedValidityDays());
        final CertificateSubject certificateSubject = certificateRequest.getSubject();
        certificate.setSubjectEmailAddress(certificateSubject.getEmailAddress());
        certificate.setSubjectOrganization(certificateSubject.getOrganization());
        certificate.setSubjectOrganizationalUnit(certificateSubject.getOrganizationalUnit());
        certificate.setSubjectCountry(certificateSubject.getCountry());
        certificate.setSubjectState(certificateSubject.getState());
        certificate.setSubjectLocality(certificateSubject.getLocality());

        final CertificateRequestExtension extension = certificateRequest.getExtension();
        if (extension != null) {
            final CertificateExtension certificateExtension = new CertificateExtension();
            certificateExtension.setIdentifier("alternativeNames");
            certificateExtension.setValue(String.join(",", extension.getAlternativeNames()));
            certificate.setCertificateExtension(List.of(certificateExtension));
        }

        try (
            OpenSSLCertificateResult certificateCreatorResult = openSSLCertificateCreator.createCertificate(
                certificateRequest
            );
        ) {
            certificate.setPrivateKey(Files.readAllBytes(certificateCreatorResult.certificateKeyPath()));
            certificate.setCert(Files.readAllBytes(certificateCreatorResult.certificatePath()));
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new IllegalStateException("Interrupted exception", e);
        } catch (CommandLineOperationException | IOException e) {
            throw new IllegalStateException("Failed to create certificate!", e);
        }

        certificateRepository.save(certificate);
        return certificate;
    }

    private CertificateType mapCertificateRequestType(CertificateRequest.RequestType requestType) {
        return switch (requestType) {
            case ROOT_AUTHORITY -> CertificateType.ROOT_CA;
            case STANDALONE_CERTIFICATE -> CertificateType.STANDALONE_CERT;
            case NORMAL_CERTIFICATE -> CertificateType.SIGNED_CERT;
        };
    }
}