Skip to content

Commit

Permalink
[ELY-2738] creating X509Certificate using CAGenerationTool.
Browse files Browse the repository at this point in the history
  • Loading branch information
@rsearls
rsearls committed May 28, 2024
1 parent 0dba5eb commit e2affb7
Show file tree
Hide file tree
Showing 6 changed files with 62 additions and 86 deletions.
5 changes: 5 additions & 0 deletions dynamic-ssl/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron-client</artifactId>
</dependency>
<dependency>
<groupId>org.wildfly.security</groupId>
<artifactId>wildfly-elytron-tests-common</artifactId>
<type>test-jar</type>
</dependency>
<dependency>
<groupId>org.kohsuke.metainf-services</groupId>
<artifactId>metainf-services</artifactId>
Expand Down
8 changes: 4 additions & 4 deletions dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLContextTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,7 +330,7 @@ public void testChangingAuthenticationContextsTest() throws NoSuchAlgorithmExcep
SSLSocketFactory socketFactory = dynamicSSLContext.getSocketFactory();

AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10001), () -> DynamicSSLTestUtils
.createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "secret")).run(() -> {
.createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "Elytron")).run(() -> {
try {
Socket clientSslSocket = socketFactory.createSocket("localhost", 10001);
checkOutputIsOK((SSLSocket) clientSslSocket);
Expand All @@ -341,7 +341,7 @@ public void testChangingAuthenticationContextsTest() throws NoSuchAlgorithmExcep
});

AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10002), () -> DynamicSSLTestUtils
.createSSLContext(RESOURCES + "client2.keystore.jks", RESOURCES + "client2.truststore.jks", "secret")).run(() -> {
.createSSLContext(RESOURCES + "client2.keystore.jks", RESOURCES + "client2.truststore.jks", "Elytron")).run(() -> {
try {
Socket clientSslSocket = socketFactory.createSocket("localhost", 10002);
checkOutputIsOK((SSLSocket) clientSslSocket);
Expand All @@ -352,7 +352,7 @@ public void testChangingAuthenticationContextsTest() throws NoSuchAlgorithmExcep
});

AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10003), () -> DynamicSSLTestUtils
.createSSLContext(RESOURCES + "client3.keystore.jks", RESOURCES + "client3.truststore.jks", "secret")).run(() -> {
.createSSLContext(RESOURCES + "client3.keystore.jks", RESOURCES + "client3.truststore.jks", "Elytron")).run(() -> {
try {
Socket clientSslSocket = socketFactory.createSocket("localhost", 10003);
checkOutputIsOK((SSLSocket) clientSslSocket);
Expand All @@ -371,7 +371,7 @@ public void testThrowAnExceptionWhenLoop() throws NoSuchAlgorithmException {
SSLContext previousDefaultSSLContext = SSLContext.getDefault();
SSLContext.setDefault(dynamicSSLContext);
AuthenticationContext.empty().withSsl(MatchRule.ALL.matchPort(10000), () -> DynamicSSLTestUtils
.createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "secret")).run(() -> {
.createSSLContext(RESOURCES + "client1.keystore.jks", RESOURCES + "client1.truststore.jks", "Elytron")).run(() -> {
try {
Socket clientSslSocket = socketFactory.createSocket("localhost", 12345);
checkOutputIsOK((SSLSocket) clientSslSocket);
Expand Down
91 changes: 31 additions & 60 deletions dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/DynamicSSLTestUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@
package org.wildfly.security.dynamic.ssl;

import org.junit.Assert;
import org.wildfly.security.x500.cert.BasicConstraintsExtension;
import org.wildfly.security.x500.cert.X509CertificateBuilder;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
Expand All @@ -33,17 +31,15 @@
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import org.wildfly.security.ssl.test.util.CAGenerationTool;
import org.wildfly.security.x500.cert.X509CertificateExtension;

/**
* Utility class for DynamicSSLContextTest class.
*
Expand All @@ -54,10 +50,9 @@ public class DynamicSSLTestUtils {
private static final String CLIENT_ALIAS = "client";
private static final String LOCALHOST_ALIAS = "localhost";
private static final String KEYSTORE_TYPE = "JKS";
private static final String SHA_1_WITH_RSA = "SHA1withRSA";
private static final String TLS_PROTOCOL_VERSION = "TLSv1.2";
public static final String KEY_MANAGER_FACTORY_ALGORITHM = "SunX509";
private static char[] PASSWORD = "secret".toCharArray();
private static char[] PASSWORD = "Elytron".toCharArray();
private static File KEYSTORES_DIR = new File("./target/keystores");

private static String CLIENT1_KEYSTORE_FILENAME = "client1.keystore.jks";
Expand Down Expand Up @@ -92,6 +87,7 @@ static SSLContext createSSLContext(String keystorePath, String truststorePath, S

KeyStore trustStore = KeyStore.getInstance(KEYSTORE_TYPE);
trustStore.load(new FileInputStream(truststorePath), password.toCharArray());

// Create trust manager
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KEY_MANAGER_FACTORY_ALGORITHM);
trustManagerFactory.init(trustStore);
Expand All @@ -112,6 +108,7 @@ static void createKeystores() throws KeyStoreException, CertificateException, No
if (!KEYSTORES_DIR.exists()) {
KEYSTORES_DIR.mkdirs();
}

generateTwoWaySSLKeystoresAndTruststores(CLIENT1_KEYSTORE_FILENAME, SERVER1_KEYSTORE_FILENAME, CLIENT1_TRUSTSTORE_FILENAME, SERVER1_TRUSTSTORE_FILENAME);
generateTwoWaySSLKeystoresAndTruststores(CLIENT2_KEYSTORE_FILENAME, SERVER2_KEYSTORE_FILENAME, CLIENT2_TRUSTSTORE_FILENAME, SERVER2_TRUSTSTORE_FILENAME);
generateTwoWaySSLKeystoresAndTruststores(CLIENT3_KEYSTORE_FILENAME, SERVER3_KEYSTORE_FILENAME, CLIENT3_TRUSTSTORE_FILENAME, SERVER3_TRUSTSTORE_FILENAME);
Expand All @@ -120,66 +117,40 @@ static void createKeystores() throws KeyStoreException, CertificateException, No

private static void generateTwoWaySSLKeystoresAndTruststores(String clientKeystoreFilename, String serverKeystoreFilename,
String clientTruststoreFilename, String serverTruststoreFilename) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
// Generates client certificate and keystore
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
KeyStore clientKeyStore = KeyStore.getInstance(KEYSTORE_TYPE);
clientKeyStore.load(null, null);

KeyPair clientKeyPair = keyPairGenerator.generateKeyPair();
PrivateKey signingKey = clientKeyPair.getPrivate();
PublicKey publicKey = clientKeyPair.getPublic();

X500Principal testClient10DN = new X500Principal("CN=" + CLIENT_ALIAS);
X509Certificate clientCertificate = new X509CertificateBuilder()
.setIssuerDn(testClient10DN)
.setSubjectDn(new X500Principal("OU=Elytron"))
.setSignatureAlgorithmName(SHA_1_WITH_RSA)
.setSigningKey(signingKey)
.setPublicKey(publicKey)
.setSerialNumber(new BigInteger("3"))
.addExtension(new BasicConstraintsExtension(false, false, -1))
.build();
clientKeyStore.setKeyEntry(CLIENT_ALIAS, signingKey, PASSWORD, new X509Certificate[]{clientCertificate});


// Generates server certificate and keystore
KeyStore serverKeyStore = KeyStore.getInstance(KEYSTORE_TYPE);
serverKeyStore.load(null, null);

KeyPair serverKeyPair = keyPairGenerator.generateKeyPair();
PrivateKey serverSigningKey = serverKeyPair.getPrivate();
PublicKey serverPublicKey = serverKeyPair.getPublic();

X500Principal testServer10DN = new X500Principal("CN=" + LOCALHOST_ALIAS);
X509Certificate serverCertificate = new X509CertificateBuilder()
.setIssuerDn(testServer10DN)
.setSubjectDn(new X500Principal("OU=Elytron"))
.setSignatureAlgorithmName(SHA_1_WITH_RSA)
.setSigningKey(serverSigningKey)
.setPublicKey(serverPublicKey)
.setSerialNumber(new BigInteger("4"))
.addExtension(new BasicConstraintsExtension(false, false, -1))
.build();
serverKeyStore.setKeyEntry(LOCALHOST_ALIAS, serverSigningKey, PASSWORD, new X509Certificate[]{serverCertificate});

File clientKeystoreFile = new File(KEYSTORES_DIR, clientKeystoreFilename);
try (FileOutputStream clientStream = new FileOutputStream(clientKeystoreFile)) {
clientKeyStore.store(clientStream, PASSWORD);
CAGenerationTool caGenerationTool = null;
try {
caGenerationTool = CAGenerationTool.builder()
.setBaseDir(KEYSTORES_DIR.getCanonicalPath())
.setRequestIdentities(CAGenerationTool.Identity.values())
.build();
} catch(Exception e) {
e.printStackTrace();
Assert.fail();
}

File serverKeystoreFile = new File(KEYSTORES_DIR, serverKeystoreFilename);
try (FileOutputStream serverStream = new FileOutputStream(serverKeystoreFile)) {
serverKeyStore.store(serverStream, PASSWORD);
}
// Generates client certificate
X509Certificate clientCertificate = caGenerationTool.createIdentity(CLIENT_ALIAS,
new X500Principal("OU=Elytron"),
clientKeystoreFilename,
CAGenerationTool.Identity.CA,
new X509CertificateExtension[]{});

// Generates server certificate
X509Certificate serverCertificate = caGenerationTool.createIdentity(LOCALHOST_ALIAS,
new X500Principal("OU=Elytron"),
serverKeystoreFilename,
CAGenerationTool.Identity.CA,
new X509CertificateExtension[]{});

// create truststores
KeyStore clientTrustStore = KeyStore.getInstance(KEYSTORE_TYPE);
clientTrustStore.load(null, null);

KeyStore serverTrustStore = KeyStore.getInstance(KEYSTORE_TYPE);
serverTrustStore.load(null, null);
clientTrustStore.setCertificateEntry(LOCALHOST_ALIAS, serverKeyStore.getCertificate(LOCALHOST_ALIAS));
serverTrustStore.setCertificateEntry(CLIENT_ALIAS, clientKeyStore.getCertificate(CLIENT_ALIAS) );

clientTrustStore.setCertificateEntry(LOCALHOST_ALIAS, serverCertificate);
serverTrustStore.setCertificateEntry(CLIENT_ALIAS, clientCertificate);

File clientTrustFile = new File(KEYSTORES_DIR, clientTruststoreFilename);
try (FileOutputStream clientStream = new FileOutputStream(clientTrustFile)) {
Expand Down
2 changes: 1 addition & 1 deletion dynamic-ssl/src/test/java/org/wildfly/security/dynamic/ssl/SSLServerSocketTestInstance.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ void setConfiguredEnabledCipherSuites(String[] configuredEnabledCipherSuite) {
}

public void run() {
String password = "secret";
String password = "Elytron";
SSLContext sslContext = DynamicSSLTestUtils.createSSLContext(this.keystorePath, this.truststorePath, password);
try {
SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory();
Expand Down
18 changes: 9 additions & 9 deletions ...ldfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test-without-default-sslcontext.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,27 +22,27 @@
<key-stores>
<key-store name="keystore1" type="JKS">
<file name="target/keystores/client1.keystore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="truststore1" type="JKS">
<file name="target/keystores/client1.truststore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="keystore2" type="JKS">
<file name="target/keystores/client2.keystore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="truststore2" type="JKS">
<file name="target/keystores/client2.truststore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="keystore3" type="JKS">
<file name="target/keystores//client3.keystore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="truststore3" type="JKS">
<file name="target/keystores/client3.truststore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>
</key-stores>
<ssl-contexts>
Expand All @@ -52,7 +52,7 @@
</providers>
<trust-store key-store-name="truststore1"/>
<key-store-ssl-certificate key-store-name="keystore1">
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store-ssl-certificate>
</ssl-context>
<ssl-context name="client-context2">
Expand All @@ -61,7 +61,7 @@
</providers>
<trust-store key-store-name="truststore2"/>
<key-store-ssl-certificate key-store-name="keystore2">
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store-ssl-certificate>
</ssl-context>
<ssl-context name="client-context3">
Expand All @@ -70,7 +70,7 @@
</providers>
<trust-store key-store-name="truststore3"/>
<key-store-ssl-certificate key-store-name="keystore3">
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store-ssl-certificate>
</ssl-context>
</ssl-contexts>
Expand Down
24 changes: 12 additions & 12 deletions ...l/src/test/resources/org/wildfly/security/dynamic/ssl/wildfly-config-dynamic-ssl-test.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,38 +22,38 @@
<key-stores>
<key-store name="default-keystore" type="JKS">
<file name="target/keystores/default-client.keystore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="default-truststore" type="JKS">
<file name="target/keystores/default-client.truststore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>

<key-store name="keystore1" type="JKS">
<file name="target/keystores/client1.keystore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="truststore1" type="JKS">
<file name="target/keystores/client1.truststore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>

<key-store name="keystore2" type="JKS">
<file name="target/keystores/client2.keystore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="truststore2" type="JKS">
<file name="target/keystores/client2.truststore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>

<key-store name="keystore3" type="JKS">
<file name="target/keystores/client3.keystore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>
<key-store name="truststore3" type="JKS">
<file name="target/keystores/client3.truststore.jks"/>
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store>
</key-stores>
<ssl-contexts>
Expand All @@ -63,7 +63,7 @@
</providers>
<trust-store key-store-name="default-truststore"/>
<key-store-ssl-certificate key-store-name="default-keystore">
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store-ssl-certificate>
</ssl-context>
<ssl-context name="client-context1">
Expand All @@ -72,7 +72,7 @@
</providers>
<trust-store key-store-name="truststore1"/>
<key-store-ssl-certificate key-store-name="keystore1">
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store-ssl-certificate>
</ssl-context>
<ssl-context name="client-context2">
Expand All @@ -81,7 +81,7 @@
</providers>
<trust-store key-store-name="truststore2"/>
<key-store-ssl-certificate key-store-name="keystore2">
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store-ssl-certificate>
</ssl-context>
<ssl-context name="client-context3">
Expand All @@ -90,7 +90,7 @@
</providers>
<trust-store key-store-name="truststore3"/>
<key-store-ssl-certificate key-store-name="keystore3">
<key-store-clear-password password="secret"/>
<key-store-clear-password password="Elytron"/>
</key-store-ssl-certificate>
</ssl-context>
</ssl-contexts>
Expand Down

0 comments on commit e2affb7

Please sign in to comment.