Permalink
Browse files

Expire in 10 years. Only use generated keystore if no keystore settin…

…gs are changed.
  • Loading branch information...
greboid committed Dec 9, 2018
1 parent b1b0b23 commit fec9c4fcc1326f47d775cc37b5704f742f028f96
Showing with 13 additions and 5 deletions.
  1. +12 −4 src/com/dfbnc/DFBnc.java
  2. +1 −1 ssl.sh
@@ -62,6 +62,9 @@
import java.util.Timer;
import java.util.TimerTask;

import java.nio.file.Path;
import java.nio.file.FileSystems;

/**
* Main BNC Class.
*/
@@ -389,10 +392,15 @@ public void createSSLContextManager() {
getConfig().getOption("ssl", "certificatefile"),
getConfig().getOption("ssl", "privatekeyfile"));
} else {
sslContextManager = new SSLContextManager(
getConfig().getOption("ssl", "keystore"),
getConfig().getOption("ssl", "storepass"),
getConfig().getOption("ssl", "keypass"));
final Path path = FileSystems.getDefault().getPath(System.getProperty("user.dir")).toAbsolutePath().resolve(".keystore.p12");
final String keystoreLocation = getConfig().getOption("ssl", "keystore");
final String keystorePassword = getConfig().getOption("ssl", "storepass");
final String keyPassword = getConfig().getOption("ssl", "keypass");
if (path.toFile().exists() && keystoreLocation.isEmpty() && keystorePassword.isEmpty() && keyPassword.isEmpty()) {
sslContextManager = new SSLContextManager(path.toString(), "password", "password");
} else {
sslContextManager = new SSLContextManager(keystoreLocation, keystorePassword, keyPassword);
}
}
}

2 ssl.sh
@@ -1,7 +1,7 @@
#!/bin/sh
set -e
REQUESTOU=${OU:="/C=GB/ST=DFBnc/L=DFBnc/O=DFBnc/OU=DFBnc/CN=dfbnc"}
openssl req -new -passout pass:password -newkey rsa:2048 -keyout key.pem -x509 -days 365 -out certificate.pem -subj "$REQUESTOU"
openssl req -new -passout pass:password -newkey rsa:2048 -keyout key.pem -x509 -days 3650 -out certificate.pem -subj "$REQUESTOU"
openssl pkcs12 -inkey key.pem -in certificate.pem -export -out /home/dfbnc/keystore.p12 -password pass:password -passin pass:password
rm certificate.pem
rm key.pem

0 comments on commit fec9c4f

Please sign in to comment.