Merge pull request #7 from relxd/create-javakeystore-for-mutual-tls-a…

…uth-certificate

Tests for certificate generation and javaKeyStoreService

.gitignore

@@ -19,3 +19,7 @@ hs_err_pid*
 target
 .gradle
 build
+
+*.idea
+.idea**
+

pom.xml

@@ -182,7 +182,19 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.2</version>
+                <configuration>
+                    <fork>true</fork>
+                    <compilerArgument>-XDignore.symbol.file</compilerArgument>
+                </configuration>
+            </plugin>
         </plugins>
+
+
+
     </build>
 
     <profiles>
@@ -279,6 +291,15 @@
             <version>${junit-version}</version>
             <scope>test</scope>
         </dependency>
+        <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on -->
+        <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on -->
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <version>1.66</version>
+        </dependency>
+
+
 
         <!--<dependency>
             <groupId>org.projectlombok</groupId>
@@ -320,4 +341,6 @@
         <junit-version>4.13</junit-version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
+
+
 </project>

src/main/java/org/relxd/lxd/auth/javakeystore/service/JavaKeyStoreService.java

@@ -0,0 +1,20 @@
+package org.relxd.lxd.auth.javakeystore.service;
+
+import java.io.IOException;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.Certificate;
+
+public interface JavaKeyStoreService {
+
+    void exportKeyPairToKeystoreFile(KeyPair keyPair, Certificate certificate, String alias, String fileName, String storeType, String storePass) throws Exception;
+
+    Certificate[] loadCertificateFromKeyStore(String alias, String filePath, String password);
+
+    void deleteKeyStore(String keystorePath) throws IOException;
+
+    void removeAllKeyStoreElements(KeyStore keyStore) throws KeyStoreException;
+
+    void removeKeyStoreElement(KeyStore keyStore, String secretKey) throws KeyStoreException;
+}

src/main/java/org/relxd/lxd/auth/javakeystore/service/JavaKeyStoreServiceImpl.java

@@ -0,0 +1,96 @@
+package org.relxd.lxd.auth.javakeystore.service;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.*;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.Certificate;
+import java.util.Enumeration;
+
+public class JavaKeyStoreServiceImpl implements JavaKeyStoreService{
+
+    private static final String BC_PROVIDER = "BC";
+
+    Logger logger = LoggerFactory.getLogger(JavaKeyStoreService.class);
+
+    public void exportKeyPairToKeystoreFile(KeyPair keyPair, Certificate certificate, String alias, String fileName, String storeType, String storePass) throws Exception {
+        KeyStore sslKeyStore = KeyStore.getInstance(storeType, BC_PROVIDER);
+        File file = new File(fileName);
+        if (!file.exists()) {
+            sslKeyStore.load(null, null);
+        }else {
+            InputStream readCert = new FileInputStream(file);
+            try {
+                sslKeyStore.load(readCert, storePass.toCharArray());
+            } finally {
+                readCert.close();
+            }
+        }
+
+        if (sslKeyStore.containsAlias(alias)){
+            throw new Exception("The keystore already contains alias :" + alias + ", try another one");
+        }
+
+        sslKeyStore.setKeyEntry(alias, keyPair.getPrivate(),null, new Certificate[]{certificate});
+        FileOutputStream keyStoreOs = new FileOutputStream(fileName);
+        sslKeyStore.store(keyStoreOs, storePass.toCharArray());
+    }
+
+    public Certificate[] loadCertificateFromKeyStore(String alias, String filePath, String password){
+
+        try{
+            File file = new File(filePath);
+            if (!file.exists()) {
+                throw new Exception("Keystore does not exist at path :"+ filePath);
+            }
+
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+
+
+            InputStream readStream = new FileInputStream(filePath);
+
+        try{
+            keyStore.load(readStream, password.toCharArray());
+        }finally {
+            readStream.close();
+        }
+            final Certificate[] certificateChain = keyStore.getCertificateChain(alias);
+            if (null == certificateChain) {
+                throw new Exception("There is no X.509 certificate chain under alias " + alias);
+            }else {
+                logger.info("FOUND CERTIFICATES ::>> {}", certificateChain.length);
+                return certificateChain;
+            }
+
+        }catch (Exception ex){
+            ex.printStackTrace();
+        }
+
+        return null;
+    }
+
+    public void deleteKeyStore(String keystorePath) throws IOException{
+
+        Files.delete(Paths.get(keystorePath));
+
+    }
+
+    public void removeAllKeyStoreElements(KeyStore keyStore) throws KeyStoreException {
+
+        Enumeration<String> aliases = keyStore.aliases();
+        while (aliases.hasMoreElements()) {
+            String alias = aliases.nextElement();
+            keyStore.deleteEntry(alias);
+        }
+    }
+
+    public void removeKeyStoreElement(KeyStore keyStore, String secretKey) throws KeyStoreException{
+        keyStore.deleteEntry(secretKey);
+    }
+
+}

src/main/java/org/relxd/lxd/auth/javakeystore/x509certificate/X509CertificateAndKeyPair.java

@@ -0,0 +1,35 @@
+package org.relxd.lxd.auth.javakeystore.x509certificate;
+
+import java.security.KeyPair;
+import java.security.cert.X509Certificate;
+
+public class X509CertificateAndKeyPair {
+
+    private X509Certificate x509Certificate;
+
+    private KeyPair keyPair;
+
+    public X509Certificate getX509Certificate() {
+        return x509Certificate;
+    }
+
+    public void setX509Certificate(X509Certificate x509Certificate) {
+        this.x509Certificate = x509Certificate;
+    }
+
+    public KeyPair getKeyPair() {
+        return keyPair;
+    }
+
+    public void setKeyPair(KeyPair keyPair) {
+        this.keyPair = keyPair;
+    }
+
+    @Override
+    public String toString() {
+        return "X509CertificateAndKeyPair{" +
+                "x509Certificate=" + x509Certificate +
+                ", keyPair=" + keyPair +
+                '}';
+    }
+}

src/main/java/org/relxd/lxd/auth/javakeystore/x509certificate/service/CertificateChainGenerationService.java

@@ -0,0 +1,16 @@
+package org.relxd.lxd.auth.javakeystore.x509certificate.service;
+
+import org.relxd.lxd.auth.javakeystore.x509certificate.X509CertificateAndKeyPair;
+
+import java.security.cert.Certificate;
+
+public interface CertificateChainGenerationService {
+
+    X509CertificateAndKeyPair generateX509Certificate(String issuedTo, String rootCertificateAlias, String issuedCertificateAliase) throws Exception;
+
+    void writeCertToFileBase64Encoded(Certificate certificate, String fileName) throws Exception;
+
+}
+
+
+