CreateSelfSignedTlsKeyAndCertificateInKeystore.java

/*
 * Copyright (C) 2012 Intel Corporation
 * All rights reserved.
 */
package com.intel.mtwilson.setup.cmd;

import com.intel.dcsg.cpg.crypto.RsaUtil;
import com.intel.dcsg.cpg.crypto.SimpleKeystore;
import com.intel.dcsg.cpg.x509.X509Builder;
import com.intel.dcsg.cpg.io.FileResource;
import com.intel.dcsg.cpg.console.AbstractCommand;
import java.io.File;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;

/**
 *
 * @author jbuhacoff
 */
public class CreateSelfSignedTlsKeyAndCertificateInKeystore extends AbstractCommand {
    
    @Override
    public void execute(String[] args) throws Exception {
        // options:   1) path to keystore file (if not provided, we will check javax.net.ssl.keyStore, and if empty we will use keystore.jks in current directory;  2) hostname/ip address to put in certificate (if not provided we will use 127.0.0.1)  3) the rest of the DN , including one CN with the same address
        String keystorePath = options.getString("keystore", System.getProperty("javax.net.ssl.keyStore", "keystore.jks"));
        String keystorePassword = options.getString("keystorePassword", System.getProperty("javax.net.ssl.keyStorePassword", "changeit"));
        String keyPassword = options.getString("keyPassword", System.getProperty("javax.net.ssl.keyPassword", keystorePassword));
        String alias = options.getString("alias", "mykey");
        String address = options.getString("addr", "127.0.0.1");
        String dn = options.getString("dn", "C=US,O=Data Center,OU=Trusted Computing,CN="+address);
        File keystoreFile = new File(keystorePath);
        KeyPair keypair = RsaUtil.generateRsaKeyPair(RsaUtil.MINIMUM_RSA_KEY_SIZE);
        X509Certificate cert = X509Builder.factory().selfSigned(dn, keypair).alternativeName(address).keyUsageDataEncipherment().keyUsageKeyEncipherment().extKeyUsageServerAuth().expires(3650, TimeUnit.DAYS).build();
        SimpleKeystore keystore = new SimpleKeystore(new FileResource(keystoreFile), keystorePassword);
        keystore.addKeyPairX509(keypair.getPrivate(), cert, alias, keyPassword);
        keystore.save();
        System.out.println("Subject: "+cert.getSubjectX500Principal().getName());
        System.out.println("Expires: "+cert.getNotAfter().toString());
        System.out.println("Keystore: "+keystoreFile.getAbsolutePath());
    }

    @Override
    protected void validate() {
        // here we are supposed to check that the options are good?
        //throw new UnsupportedOperationException("Not supported yet.");
    }
    

    
 
    
}