From d8a0f1e6e9d2420be31200cf0554336e84eec843 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 23 Nov 2012 10:38:38 -0500
Subject: [PATCH] Revised Gitblit GO certificate generation to use new X509 utility functions

---
 src/com/gitblit/MakeCertificate.java |   54 ++----------------------------------------------------
 1 files changed, 2 insertions(+), 52 deletions(-)

diff --git a/src/com/gitblit/MakeCertificate.java b/src/com/gitblit/MakeCertificate.java
index f2fc730..e3c39ff 100644
--- a/src/com/gitblit/MakeCertificate.java
+++ b/src/com/gitblit/MakeCertificate.java
@@ -29,8 +29,6 @@
 
 import javax.security.auth.x500.X500Principal;
 
-import org.bouncycastle.asn1.x500.X500NameBuilder;
-import org.bouncycastle.asn1.x500.style.BCStyle;
 import org.bouncycastle.cert.X509v3CertificateBuilder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
 import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
@@ -62,57 +60,9 @@
 			System.err.println(t.getMessage());
 			jc.usage();
 		}
-		File keystore = new File("keystore");
+		File keystore = new File("serverKeyStore.jks");
 		generateSelfSignedCertificate(params.hostname, keystore, params.storePassword,
 				params.subject);
-	}
-
-	public static void generateSelfSignedCertificate(String hostname, File keystore,
-			String keystorePassword) {
-		try {
-			Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
-
-			KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
-			kpGen.initialize(1024, new SecureRandom());
-			KeyPair pair = kpGen.generateKeyPair();
-
-			// Generate self-signed certificate
-			X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
-			builder.addRDN(BCStyle.OU, Constants.NAME);
-			builder.addRDN(BCStyle.O, Constants.NAME);
-			builder.addRDN(BCStyle.CN, hostname);
-
-			Date notBefore = new Date(System.currentTimeMillis() - TimeUtils.ONEDAY);
-			Date notAfter = new Date(System.currentTimeMillis() + 10 * TimeUtils.ONEYEAR);
-			BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
-
-			X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(),
-					serial, notBefore, notAfter, builder.build(), pair.getPublic());
-			ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
-					.setProvider(BC).build(pair.getPrivate());
-			X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC)
-					.getCertificate(certGen.build(sigGen));
-			cert.checkValidity(new Date());
-			cert.verify(cert.getPublicKey());
-
-			// Save to keystore
-			KeyStore store = KeyStore.getInstance("JKS");
-			if (keystore.exists()) {
-				FileInputStream fis = new FileInputStream(keystore);
-				store.load(fis, keystorePassword.toCharArray());
-				fis.close();
-			} else {
-				store.load(null);
-			}
-			store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(),
-					new java.security.cert.Certificate[] { cert });
-			FileOutputStream fos = new FileOutputStream(keystore);
-			store.store(fos, keystorePassword.toCharArray());
-			fos.close();
-		} catch (Throwable t) {
-			t.printStackTrace();
-			throw new RuntimeException("Failed to generate self-signed certificate!", t);
-		}
 	}
 
 	public static void generateSelfSignedCertificate(String hostname, File keystore,
@@ -120,7 +70,7 @@
 		try {
 			Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
 
-			KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
+			KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", BC);
 			kpGen.initialize(1024, new SecureRandom());
 			KeyPair pair = kpGen.generateKeyPair();
 

--
Gitblit v1.9.1