diff options
-rw-r--r-- | BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java | 32 | ||||
-rw-r--r-- | BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java | 36 |
2 files changed, 53 insertions, 15 deletions
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java index 551cf0af..db34198d 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java @@ -43,6 +43,9 @@ import java.net.URI; import java.net.URL; import java.security.GeneralSecurityException; import java.security.KeyStore; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; import java.util.Enumeration; import java.util.Iterator; import java.util.UUID; @@ -134,6 +137,11 @@ public class Configurator { zipOS.close(); updateConfig(configDir); } + if (caCertificateUpdateRequired()) { + log.info("Creating new CA certificate"); + createKeyStore(configDir); + certRenewed = true; + } } } else { initConfig(configDir); @@ -345,6 +353,30 @@ public class Configurator { return true; } + private static boolean caCertificateUpdateRequired() { + String configDir = System.getProperty("user.home") + '/' + CONFIG_DIR; + File keystoreFile = new File(configDir, KEYSTORE_FILE); + File passwdFile = new File(configDir, PASSWD_FILE); + String passwd; + try { + passwd = Container.readPassword(passwdFile); + } catch (IOException e) { + log.error("Error reading password file", e); + return true; + } + X509Certificate cert = (X509Certificate) Container.getCACertificate(keystoreFile, passwd.toCharArray()); + try { + cert.checkValidity(); + } catch (CertificateExpiredException e) { + log.warn("CA Certificate expired"); + return true; + } catch (CertificateNotYetValidException e) { + log.error("CA Certificate not yet valid"); + return true; + } + return false; + } + protected static void backup(File dir, URI relativeTo, ZipOutputStream zip, boolean doDelete) throws IOException { if (dir.isDirectory()) { File[] subDirs = dir.listFiles(); diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index ad589a59..3769629e 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -290,20 +290,26 @@ public class Container { server.join();
}
- private void loadCACertificate(File keystoreFile, char[] passwd) {
- try {
- if (log.isTraceEnabled()) {
- log.trace("local ca certificate from " + keystoreFile);
- }
- BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
- KeyStore sslKeyStore = KeyStore.getInstance("JKS");
- sslKeyStore.load(bis, passwd);
- Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
- caCertificate = sslChain[sslChain.length - 1];
- bis.close();
- } catch (Exception ex) {
- log.error("Failed to load local ca certificate", ex);
- log.warn("automated web certificate installation will not be available");
- }
+ private void loadCACertificate(File keystoreFile, char[] passwd) { + caCertificate = getCACertificate(keystoreFile, passwd); + if (caCertificate == null) + log.warn("automated web certificate installation will not be available"); + } + + protected static Certificate getCACertificate(File keystoreFile, char[] passwd) { + try { + if (log.isTraceEnabled()) { + log.trace("local ca certificate from " + keystoreFile); + } + BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile)); + KeyStore sslKeyStore = KeyStore.getInstance("JKS"); + sslKeyStore.load(bis, passwd); + Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS); + bis.close(); + return sslChain[sslChain.length - 1]; + } catch (Exception ex) { + log.error("Failed to load local ca certificate", ex); + return null; + } } }
|