1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
/*-
* ============LICENSE_START=======================================================
* ONAP
* ================================================================================
* Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.policy.common.utils.security;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.lang.ProcessBuilder.Redirect;
import java.nio.file.Files;
import java.util.concurrent.TimeUnit;
import lombok.Getter;
import org.onap.policy.common.utils.resources.ResourceUtils;
/**
* Keystore, containing a self-signed certificate, valid for one day (see the argument to
* the "-valid" flag below). For use in junit tests.
*/
public class SelfSignedKeyStore {
public static final String KEYSTORE_PASSWORD = "Pol1cy_0nap";
public static final String PRIVATE_KEY_PASSWORD = KEYSTORE_PASSWORD;
public static final String RELATIVE_PATH = "target/test-classes/policy-keystore";
/**
* File containing subject-alternative names (i.e., list of servers that may use this
* keystore).
*/
private static final String KEYSTORE_SAN = "keystore_san.txt";
@Getter
private final String keystoreName;
/**
* Generates the keystore, if it does not exist or if it's more than a few hours old.
*
* @throws IOException if an I/O error occurs
* @throws InterruptedException if an interrupt occurs
*/
public SelfSignedKeyStore() throws IOException, InterruptedException {
this(RELATIVE_PATH);
}
/**
* Generates the keystore, if it does not exist or if it's more than a few hours old.
*
* @param relativePath path to the keystore, relative to the "user.dir" system
* property
* @throws IOException if an I/O error occurs
* @throws InterruptedException if an interrupt occurs
*/
public SelfSignedKeyStore(String relativePath) throws IOException, InterruptedException {
keystoreName = System.getProperty("user.dir") + "/" + relativePath;
// use existing file if it isn't too old
File keystore = new File(keystoreName);
if (keystore.exists()) {
if (System.currentTimeMillis() < keystore.lastModified()
+ TimeUnit.MILLISECONDS.convert(5, TimeUnit.HOURS)) {
return;
}
Files.delete(keystore.toPath());
}
/*
* Read the list of subject-alternative names, joining the lines with commas, and
* dropping the trailing comma.
*/
String sanName = getKeystoreSanName();
String subAltNames = ResourceUtils.getResourceAsString(sanName);
if (subAltNames == null) {
throw new FileNotFoundException(sanName);
}
subAltNames = subAltNames.replace("\r", "").replace("\n", ",");
subAltNames = "SAN=" + subAltNames.substring(0, subAltNames.length() - 1);
// build up the "keytool" command
// @formatter:off
ProcessBuilder builder = new ProcessBuilder("keytool", "-genkeypair",
"-alias", "policy@policy.onap.org",
"-validity", "1",
"-keyalg", "RSA",
"-dname", "C=US, O=ONAP, OU=OSAAF, OU=policy@policy.onap.org:DEV, CN=policy",
"-keystore", keystoreName,
"-keypass", PRIVATE_KEY_PASSWORD,
"-storepass", KEYSTORE_PASSWORD,
"-ext", subAltNames);
// @formatter:on
Process proc = builder.redirectOutput(Redirect.INHERIT).redirectError(Redirect.INHERIT).start();
proc.waitFor();
int exitCode = proc.exitValue();
if (exitCode != 0) {
throw new IOException("keytool exited with " + exitCode);
}
}
// may be overridden by junit tests
protected String getKeystoreSanName() {
return KEYSTORE_SAN;
}
}
|