From 2a29339f0a02b0eac839f1a55ec6f9e2c34fbd46 Mon Sep 17 00:00:00 2001
From: tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Fri, 20 Dec 2013 17:28:32 +0000
Subject: Generate new CA Certificate when expired/not readable

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1270 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../java/at/gv/egiz/bku/webstart/Configurator.java | 32 ++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java')

diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java
index 551cf0af..db34198d 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java
@@ -43,6 +43,9 @@ import java.net.URI;
 import java.net.URL;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 import java.util.Iterator;
 import java.util.UUID;
@@ -134,6 +137,11 @@ public class Configurator {
           zipOS.close();
           updateConfig(configDir);
         }
+        if (caCertificateUpdateRequired()) {
+          log.info("Creating new CA certificate");
+          createKeyStore(configDir);
+          certRenewed = true;
+        }
       }
     } else {
       initConfig(configDir);
@@ -345,6 +353,30 @@ public class Configurator {
     return true;
   }
 
+  private static boolean caCertificateUpdateRequired() {
+    String configDir = System.getProperty("user.home") + '/' + CONFIG_DIR;
+    File keystoreFile = new File(configDir, KEYSTORE_FILE);
+    File passwdFile = new File(configDir, PASSWD_FILE);
+    String passwd;
+    try {
+      passwd = Container.readPassword(passwdFile);
+    } catch (IOException e) {
+      log.error("Error reading password file", e);
+      return true;
+    }
+    X509Certificate cert = (X509Certificate) Container.getCACertificate(keystoreFile, passwd.toCharArray());
+    try {
+      cert.checkValidity();
+    } catch (CertificateExpiredException e) {
+      log.warn("CA Certificate expired");
+      return true;
+    } catch (CertificateNotYetValidException e) {
+      log.error("CA Certificate not yet valid");
+      return true;
+    }
+    return false;
+  }
+
   protected static void backup(File dir, URI relativeTo, ZipOutputStream zip, boolean doDelete) throws IOException {
     if (dir.isDirectory()) {
       File[] subDirs = dir.listFiles();
-- 
cgit v1.2.3