From c9be76aa5748caa7e04fd35386eb08b5c40d968a Mon Sep 17 00:00:00 2001
From: Yannick Lecaillez <ylecaillez@forgerock.com>
Date: Mon, 12 Oct 2015 09:34:55 +0000
Subject: [PATCH] OPENDJ-1959: Duplicated WARNING messages
---
opendj-server-legacy/src/main/java/org/opends/server/util/Platform.java | 100 ++++++++++++++++++++++++++++++++++----------------
1 files changed, 68 insertions(+), 32 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/util/Platform.java b/opendj-server-legacy/src/main/java/org/opends/server/util/Platform.java
index 2063bb5..0df5d19 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/util/Platform.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/util/Platform.java
@@ -94,19 +94,54 @@
IMPL = new DefaultPlatformIMPL();
}
+ /** Key size, key algorithm and signature algorithms used. */
+ public static enum KeyType
+ {
+ /** RSA key algorithm with 2048 bits size and SHA1withRSA signing algorithm. */
+ RSA("rsa", 2048, "SHA1WithRSA"),
+ /** Elliptic Curve key algorithm with 233 bits size and SHA1withECDSA signing algorithm. */
+ EC("ec", 233, "SHA1withECDSA");
+
+ /** Default key type used when none can be determined. */
+ public final static KeyType DEFAULT = RSA;
+
+ final String keyAlgorithm;
+ final int keySize;
+ final String signatureAlgorithm;
+
+ private KeyType(String keyAlgorithm, int keySize, String signatureAlgorithm)
+ {
+ this.keySize = keySize;
+ this.keyAlgorithm = keyAlgorithm;
+ this.signatureAlgorithm = signatureAlgorithm;
+ }
+
+ /**
+ * Get a KeyType based on the alias name.
+ *
+ * @param alias
+ * certificate alias
+ * @return KeyTpe deduced from the alias.
+ */
+ public static KeyType getTypeOrDefault(String alias)
+ {
+ try
+ {
+ return KeyType.valueOf(alias.substring(alias.lastIndexOf('-') + 1).toUpperCase());
+ }
+ catch (Exception e)
+ {
+ return KeyType.DEFAULT;
+ }
+ }
+ }
/**
* Platform base class. Performs all of the certificate management functions.
*/
private static abstract class PlatformIMPL
{
-
- /** Key size, key algorithm and signature algorithms used. */
- private static final int KEY_SIZE = 1024;
- private static final String KEY_ALGORITHM = "rsa";
- private static final String SIG_ALGORITHM = "SHA1WithRSA";
-
/** Time values used in validity calculations. */
private static final int SEC_IN_DAY = 24 * 60 * 60;
@@ -272,8 +307,8 @@
- private final KeyStore generateSelfSignedCertificate(KeyStore ks,
- String ksType, String ksPath, String alias, char[] pwd, String dn,
+ private static final KeyStore generateSelfSignedCertificate(KeyStore ks,
+ String ksType, String ksPath, KeyType keyType, String alias, char[] pwd, String dn,
int validity) throws KeyStoreException
{
try
@@ -288,26 +323,26 @@
LocalizableMessage msg = ERR_CERTMGR_ALIAS_ALREADY_EXISTS.get(alias);
throw new KeyStoreException(msg.toString());
}
- Object keypair = certKeyGenCons.newInstance(KEY_ALGORITHM,
- SIG_ALGORITHM);
- Object subject = X500NameCons.newInstance(dn);
- Method certAndKeyGenGenerate = certKeyGenClass.getMethod(
- GENERATE_METHOD, int.class);
- certAndKeyGenGenerate.invoke(keypair, KEY_SIZE);
- Method certAndKeyGetPrivateKey = certKeyGenClass
- .getMethod(GET_PRIVATE_KEY_METHOD);
- PrivateKey privatevKey = (PrivateKey) certAndKeyGetPrivateKey
- .invoke(keypair);
- Certificate[] certificateChain = new Certificate[1];
- Method getSelfCertificate = certKeyGenClass.getMethod(
- GET_SELFSIGNED_CERT_METHOD, X500NameClass, long.class);
- int days = validity * SEC_IN_DAY;
- certificateChain[0] = (Certificate) getSelfCertificate.invoke(keypair,
- subject, days);
- ks.setKeyEntry(alias, privatevKey, pwd, certificateChain);
- FileOutputStream fileOutStream = new FileOutputStream(ksPath);
- ks.store(fileOutStream, pwd);
- fileOutStream.close();
+
+ try (final FileOutputStream fileOutStream = new FileOutputStream(ksPath))
+ {
+ final Object keypair = certKeyGenCons.newInstance(keyType.keyAlgorithm, keyType.signatureAlgorithm);
+
+ final Method certAndKeyGenGenerate = certKeyGenClass.getMethod(GENERATE_METHOD, int.class);
+ certAndKeyGenGenerate.invoke(keypair, keyType.keySize);
+
+ final Method certAndKeyGetPrivateKey = certKeyGenClass.getMethod(GET_PRIVATE_KEY_METHOD);
+ final Certificate[] certificateChain = new Certificate[1];
+ final Method getSelfCertificate =
+ certKeyGenClass.getMethod(GET_SELFSIGNED_CERT_METHOD, X500NameClass, long.class);
+
+ final int days = validity * SEC_IN_DAY;
+ final Object subject = X500NameCons.newInstance(dn);
+ certificateChain[0] = (Certificate) getSelfCertificate.invoke(keypair, subject, days);
+ ks.setKeyEntry(alias , (PrivateKey) certAndKeyGetPrivateKey.invoke(keypair), pwd, certificateChain);
+
+ ks.store(fileOutStream, pwd);
+ }
}
catch (Exception e)
{
@@ -485,10 +520,12 @@
* @param ks
* The keystore to save the certificate in. May be null if it does
* not exist.
- * @param ksType
+ * @param keyType
* The keystore type to use if the keystore is created.
* @param ksPath
* The path to the keystore if the keystore is created.
+ * @param ksType
+ * Specify the key size, key algorithm and signature algorithms used.
* @param alias
* The alias to store the certificate under.
* @param pwd
@@ -501,11 +538,10 @@
* If the self-signed certificate cannot be generated.
*/
public static void generateSelfSignedCertificate(KeyStore ks, String ksType,
- String ksPath, String alias, char[] pwd, String dn, int validity)
+ String ksPath, KeyType keyType, String alias, char[] pwd, String dn, int validity)
throws KeyStoreException
{
- IMPL.generateSelfSignedCertificate(ks, ksType, ksPath, alias, pwd, dn,
- validity);
+ PlatformIMPL.generateSelfSignedCertificate(ks, ksType, ksPath, keyType, alias, pwd, dn, validity);
}
/**
--
Gitblit v1.10.0