Permalink
Browse files

Generate Java keystore from PEM keypair in setup.

Deployed new autocommon tarball into web/.
  • Loading branch information...
1 parent eea7329 commit e1e3ba23de3a5df3f77e5e885695c9cbff512a89 @labisso labisso committed Feb 24, 2010
View
105 autocommon/src/org/nimbustools/auto_common/ezpz_ca/KeystoreFromPEM.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 1999-2010 University of Chicago
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.nimbustools.auto_common.ezpz_ca;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMReader;
+
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.Security;
+import java.security.KeyPair;
+import java.io.*;
+
+/**
+ * Creates a Java Keystore from PEM encoded cert and private key
+ */
+public class KeystoreFromPEM {
+
+ static {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+
+ public static KeyStore createJavaKeystore(X509Certificate cert, PrivateKey key, String password)
+ throws Exception {
+
+ KeyStore store = KeyStore.getInstance("JKS", "SUN");
+ store.load(null, password.toCharArray());
+ store.setKeyEntry("", key, password.toCharArray(),
+ new Certificate[] {cert});
+
+ return store;
+ }
+
+ public static void createJavaKeystore(File certFile, File keyFile,
+ File keystoreFile, String password)
+ throws Exception {
+
+ X509Certificate cert = (X509Certificate) readPemObject(certFile);
+ KeyPair keypair = (KeyPair) readPemObject(keyFile);
+ KeyStore store = createJavaKeystore(cert, keypair.getPrivate(), password);
+ OutputStream outStream = new FileOutputStream(keystoreFile);
+ try {
+ store.store(outStream, password.toCharArray());
+ } finally {
+ outStream.close();
+ }
+ }
+
+ private static Object readPemObject(File file) throws IOException {
+ FileReader reader = new FileReader(file);
+ try {
+ PEMReader pemReader = new PEMReader(reader, null, BouncyCastleProvider.PROVIDER_NAME);
+ return pemReader.readObject();
+ } finally {
+ reader.close();
+ }
+ }
+
+ public static void main(String[] args) {
+
+ if (args == null || args.length != 4) {
+ System.err.println("Needs these arguments:\n" +
+ "1 - the certificate file\n" +
+ "2 = the private key file\n" +
+ "3 - the destination file\n" +
+ "4 - the keystore password\n"
+ );
+ System.exit(1);
+ }
+
+ try {
+ File certFile = new File(args[0]);
+ File keyFile = new File(args[1]);
+ File keystoreFile = new File(args[2]);
+ String password = args[3];
+
+ if (keystoreFile.exists()) {
+ throw new Exception("keystore file already exists!");
+ //TODO maybe it would be better to add to existing keystore?
+ }
+
+ createJavaKeystore(certFile, keyFile, keystoreFile, password);
+
+ } catch (Throwable t) {
+ System.err.println("Problem: " + t.getMessage());
+ t.printStackTrace();
+ System.exit(1);
+ }
+ }
+}
View
17 home/sbin/setup.py
@@ -10,7 +10,7 @@
from StringIO import StringIO
import readline
-from nimbusweb.setup import pathutil,javautil,checkssl,gtcontainer
+from nimbusweb.setup import pathutil,javautil,checkssl,gtcontainer,autoca
from nimbusweb.setup.setuperrors import *
CONFIGSECTION = 'nimbussetup'
@@ -21,11 +21,13 @@
# relative to base directory
hostcert: var/hostcert.pem
hostkey: var/hostkey.pem
-
CA.dir: var/ca
gridmap: var/gridmap
+keystore: var/keystore.jks
+keystore.pass: changeit
+
debug: off
"""
@@ -234,6 +236,10 @@ def hostkey_path(self):
path = self.get_config('hostkey')
return self.resolve_path(path)
+ def keystore_path(self):
+ path = self.get_config('keystore')
+ return self.resolve_path(path)
+
def gridmap_path(self):
path = self.get_config('gridmap')
return self.resolve_path(path)
@@ -262,6 +268,7 @@ def perform_setup(self):
gtdir = self.gtdir_path()
hostcert = self.hostcert_path()
hostkey = self.hostkey_path()
+ keystore = self.keystore_path()
gridmap = self.gridmap_path()
# some potentially interactive queries
@@ -270,6 +277,12 @@ def perform_setup(self):
#TODO this may require interaction
checkssl.run(webdir, hostcert, hostkey, log, cadir=cadir,
hostname=hostname)
+
+ if not os.path.exists(keystore):
+ password = self.get_config('keystore.pass')
+ autoca.createKeystore(hostcert, hostkey, keystore, password,
+ webdir, log)
+
# then adjust the web config to point to these keys
View
2 web/lib/libnotes.txt
@@ -81,7 +81,7 @@ special, toplevel Nimbus dist command:
ant -f scripts/lib/gt4.0/dist/build.xml web-autocommon
-That commands needs the "bin" "autocommon" and "web" directories to coexist
+That commands needs the "scripts" "autocommon" and "web" directories to coexist
in the same top level directory (like they do in git).
Common development command from inside web/ directory if you are working on
View
BIN web/lib/nimbus-autocommon.tar.gz
Binary file not shown.
View
25 web/src/python/nimbusweb/setup/autoca.py
@@ -21,6 +21,7 @@
EXE_GET_HASHED_CERT_NAME="org.nimbustools.auto_common.ezpz_ca.CertFilenameHash"
EXE_GET_CERT_DN="org.nimbustools.auto_common.ezpz_ca.CertDN"
EXE_WRITE_SIGNING_POLICY="org.nimbustools.auto_common.ezpz_ca.SigningPolicy"
+EXE_KEYSTORE_FROM_PEM="org.nimbustools.auto_common.ezpz_ca.KeystoreFromPEM"
def createCert(CN, basedir, cadir, certtarget, keytarget, log,
allow_overwrite=False):
@@ -95,6 +96,30 @@ def createCert(CN, basedir, cadir, certtarget, keytarget, log,
return pub_DN
+def createKeystore(certpath, keypath, storepath, password, basedir, log):
+ """
+ Generates a Java keystore from PEM-encoded certificate and key
+ """
+
+ if not pathutil.check_path_exists(certpath):
+ msg = "Certificate file does not exist: " + certpath
+ raise IncompatibleEnvironment(msg)
+
+ if not pathutil.check_path_exists(keypath):
+ msg = "Private key file does not exist: " + keypath
+ raise IncompatibleEnvironment(msg)
+
+ if pathutil.check_path_exists(storepath):
+ msg = "Keystore file exists: " + keypath
+ raise IncompatibleEnvironment(msg)
+
+ args = [certpath, keypath, storepath, password]
+
+ (exitcode, stdout, stderr) = javautil.run(basedir, log,
+ EXE_KEYSTORE_FROM_PEM, args=args)
+ runutil.generic_bailout("Problem creating keystore",
+ exitcode, stdout, stderr)
+
def getCertDN(certpath, basedir, log):
if not pathutil.check_path_exists(certpath):

0 comments on commit e1e3ba2

Please sign in to comment.