[FEATURE] CertificateManager стал полноценной частью API

This commit is contained in:
Gravit 2019-07-12 20:01:55 +07:00
parent bbbe7a968c
commit 6f77c5720f
2 changed files with 67 additions and 1 deletions

View file

@ -13,7 +13,9 @@
import java.nio.file.Path;
import java.nio.file.SimpleFileVisitor;
import java.nio.file.attribute.BasicFileAttributes;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
@ -33,6 +35,10 @@
import java.util.zip.CRC32;
import io.netty.handler.logging.LogLevel;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PrivateKeyInfoFactory;
import org.bouncycastle.operator.OperatorCreationException;
import pro.gravit.launcher.Launcher;
import pro.gravit.launcher.LauncherConfig;
import pro.gravit.launcher.NeedGarbageCollection;
@ -391,6 +397,14 @@ public static void main(String... args) throws Throwable {
public final Path privateKeyFile;
public final Path caCertFile;
public final Path caKeyFile;
public final Path serverCertFile;
public final Path serverKeyFile;
public final Path updatesDir;
//public static LaunchServer server = null;
@ -479,6 +493,12 @@ public LaunchServer(Path dir, boolean testEnv, String[] args) throws IOException
updatesDir = dir.resolve("updates");
profilesDir = dir.resolve("profiles");
caCertFile = dir.resolve("ca.crt");
caKeyFile = dir.resolve("ca.key");
serverCertFile = dir.resolve("server.crt");
serverKeyFile = dir.resolve("server.key");
//Registration handlers and providers
AuthHandler.registerHandlers();
AuthProvider.registerProviders();
@ -591,6 +611,41 @@ public LaunchServer(Path dir, boolean testEnv, String[] args) throws IOException
authHookManager = new AuthHookManager();
configManager = new ConfigManager();
certificateManager = new CertificateManager();
//Generate or set new Certificate API
certificateManager.orgName = config.projectName;
if(IOHelper.isFile(caCertFile) && IOHelper.isFile(caKeyFile))
{
certificateManager.ca = certificateManager.readCertificate(caCertFile);
certificateManager.caKey = certificateManager.readPrivateKey(caKeyFile);
}
else
{
try {
certificateManager.generateCA();
certificateManager.writeCertificate(caCertFile, certificateManager.ca);
certificateManager.writePrivateKey(caKeyFile, certificateManager.caKey);
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | OperatorCreationException e) {
LogHelper.error(e);
}
}
if(IOHelper.isFile(serverCertFile) && IOHelper.isFile(serverKeyFile))
{
certificateManager.server = certificateManager.readCertificate(serverCertFile);
certificateManager.serverKey = certificateManager.readPrivateKey(serverKeyFile);
}
else
{
try {
KeyPair pair = certificateManager.generateKeyPair();
certificateManager.server = certificateManager.generateCertificate(config.projectName.concat(" Server"), pair.getPublic());
certificateManager.serverKey = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
certificateManager.writePrivateKey(serverKeyFile, pair.getPrivate());
certificateManager.writeCertificate(serverCertFile, certificateManager.server);
} catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | OperatorCreationException e) {
LogHelper.error(e);
}
}
GarbageManager.registerNeedGC(sessionManager);
reloadManager.registerReloadable("launchServer", this);
registerObject("permissionsHandler", config.permissionsHandler);

View file

@ -42,12 +42,18 @@ public class CertificateManager {
public X509CertificateHolder ca;
public AsymmetricKeyParameter caKey;
public X509CertificateHolder server;
public AsymmetricKeyParameter serverKey;
//public X509CertificateHolder server;
//public AsymmetricKeyParameter serverKey;
public int validDays = 60;
public int minusHours = 6;
public String orgName;
public X509CertificateHolder generateCertificate(String subjectName, PublicKey subjectPublicKey) throws OperatorCreationException {
SubjectPublicKeyInfo subjectPubKeyInfo = SubjectPublicKeyInfo.getInstance(subjectPublicKey.getEncoded());
BigInteger serial = BigInteger.valueOf(SecurityHelper.newRandom().nextLong());
@ -56,6 +62,7 @@ public X509CertificateHolder generateCertificate(String subjectName, PublicKey s
X500NameBuilder subject = new X500NameBuilder();
subject.addRDN(BCStyle.CN, subjectName);
subject.addRDN(BCStyle.O, orgName);
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(ca.getSubject(), serial,
startDate, endDate, subject.build(), subjectPubKeyInfo);
@ -73,8 +80,12 @@ public void generateCA() throws NoSuchAlgorithmException, IOException, OperatorC
KeyPair pair = generator.generateKeyPair();
LocalDateTime startDate = LocalDate.now().atStartOfDay();
X500NameBuilder subject = new X500NameBuilder();
subject.addRDN(BCStyle.CN, orgName.concat(" CA"));
subject.addRDN(BCStyle.O, orgName);
X509v3CertificateBuilder builder= new X509v3CertificateBuilder(
new X500Name("CN=ca"),
subject.build(),
new BigInteger("0"),
Date.from(startDate.atZone(ZoneId.systemDefault()).toInstant()),
Date.from(startDate.plusDays(3650).atZone(ZoneId.systemDefault()).toInstant()),