summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java32
-rw-r--r--BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java36
2 files changed, 53 insertions, 15 deletions
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java
index 551cf0af..db34198d 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java
@@ -43,6 +43,9 @@ import java.net.URI;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.UUID;
@@ -134,6 +137,11 @@ public class Configurator {
zipOS.close();
updateConfig(configDir);
}
+ if (caCertificateUpdateRequired()) {
+ log.info("Creating new CA certificate");
+ createKeyStore(configDir);
+ certRenewed = true;
+ }
}
} else {
initConfig(configDir);
@@ -345,6 +353,30 @@ public class Configurator {
return true;
}
+ private static boolean caCertificateUpdateRequired() {
+ String configDir = System.getProperty("user.home") + '/' + CONFIG_DIR;
+ File keystoreFile = new File(configDir, KEYSTORE_FILE);
+ File passwdFile = new File(configDir, PASSWD_FILE);
+ String passwd;
+ try {
+ passwd = Container.readPassword(passwdFile);
+ } catch (IOException e) {
+ log.error("Error reading password file", e);
+ return true;
+ }
+ X509Certificate cert = (X509Certificate) Container.getCACertificate(keystoreFile, passwd.toCharArray());
+ try {
+ cert.checkValidity();
+ } catch (CertificateExpiredException e) {
+ log.warn("CA Certificate expired");
+ return true;
+ } catch (CertificateNotYetValidException e) {
+ log.error("CA Certificate not yet valid");
+ return true;
+ }
+ return false;
+ }
+
protected static void backup(File dir, URI relativeTo, ZipOutputStream zip, boolean doDelete) throws IOException {
if (dir.isDirectory()) {
File[] subDirs = dir.listFiles();
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
index ad589a59..3769629e 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
@@ -290,20 +290,26 @@ public class Container {
server.join();
}
- private void loadCACertificate(File keystoreFile, char[] passwd) {
- try {
- if (log.isTraceEnabled()) {
- log.trace("local ca certificate from " + keystoreFile);
- }
- BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
- KeyStore sslKeyStore = KeyStore.getInstance("JKS");
- sslKeyStore.load(bis, passwd);
- Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
- caCertificate = sslChain[sslChain.length - 1];
- bis.close();
- } catch (Exception ex) {
- log.error("Failed to load local ca certificate", ex);
- log.warn("automated web certificate installation will not be available");
- }
+ private void loadCACertificate(File keystoreFile, char[] passwd) {
+ caCertificate = getCACertificate(keystoreFile, passwd);
+ if (caCertificate == null)
+ log.warn("automated web certificate installation will not be available");
+ }
+
+ protected static Certificate getCACertificate(File keystoreFile, char[] passwd) {
+ try {
+ if (log.isTraceEnabled()) {
+ log.trace("local ca certificate from " + keystoreFile);
+ }
+ BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
+ KeyStore sslKeyStore = KeyStore.getInstance("JKS");
+ sslKeyStore.load(bis, passwd);
+ Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
+ bis.close();
+ return sslChain[sslChain.length - 1];
+ } catch (Exception ex) {
+ log.error("Failed to load local ca certificate", ex);
+ return null;
+ }
}
}