Closes #172
This commit is contained in:
kevgliss
parent
11db429bcc
commit
2896ce0dad
|
|
@ -52,6 +52,74 @@ def split_chain(chain):
|
||||||
return certs
|
return certs
|
||||||
|
|
||||||
|
|
||||||
|
def create_truststore(cert, chain, jks_tmp, alias, passphrase):
|
||||||
|
with mktempfile() as cert_tmp:
|
||||||
|
with open(cert_tmp, 'w') as f:
|
||||||
|
f.write(cert)
|
||||||
|
|
||||||
|
run_process([
|
||||||
|
"keytool",
|
||||||
|
"-importcert",
|
||||||
|
"-file", cert_tmp,
|
||||||
|
"-keystore", jks_tmp,
|
||||||
|
"-alias", "{0}_cert".format(alias),
|
||||||
|
"-storepass", passphrase,
|
||||||
|
"-noprompt"
|
||||||
|
])
|
||||||
|
|
||||||
|
# Import the entire chain
|
||||||
|
for idx, cert in enumerate(split_chain(chain)):
|
||||||
|
with mktempfile() as c_tmp:
|
||||||
|
with open(c_tmp, 'w') as f:
|
||||||
|
f.write(cert)
|
||||||
|
|
||||||
|
# Import signed cert in to JKS keystore
|
||||||
|
run_process([
|
||||||
|
"keytool",
|
||||||
|
"-importcert",
|
||||||
|
"-file", c_tmp,
|
||||||
|
"-keystore", jks_tmp,
|
||||||
|
"-alias", "{0}_cert_{1}".format(alias, idx),
|
||||||
|
"-storepass", passphrase,
|
||||||
|
"-noprompt"
|
||||||
|
])
|
||||||
|
|
||||||
|
|
||||||
|
def create_keystore(cert, jks_tmp, key, alias, passphrase):
|
||||||
|
with mktempfile() as key_tmp:
|
||||||
|
with open(key_tmp, 'w') as f:
|
||||||
|
f.write(key)
|
||||||
|
|
||||||
|
# Create PKCS12 keystore from private key and public certificate
|
||||||
|
with mktempfile() as cert_tmp:
|
||||||
|
with open(cert_tmp, 'w') as f:
|
||||||
|
f.write(cert)
|
||||||
|
|
||||||
|
with mktempfile() as p12_tmp:
|
||||||
|
run_process([
|
||||||
|
"openssl",
|
||||||
|
"pkcs12",
|
||||||
|
"-export",
|
||||||
|
"-name", alias,
|
||||||
|
"-in", cert_tmp,
|
||||||
|
"-inkey", key_tmp,
|
||||||
|
"-out", p12_tmp,
|
||||||
|
"-password", "pass:{}".format(passphrase)
|
||||||
|
])
|
||||||
|
|
||||||
|
# Convert PKCS12 keystore into a JKS keystore
|
||||||
|
run_process([
|
||||||
|
"keytool",
|
||||||
|
"-importkeystore",
|
||||||
|
"-destkeystore", jks_tmp,
|
||||||
|
"-srckeystore", p12_tmp,
|
||||||
|
"-srcstoretype", "PKCS12",
|
||||||
|
"-alias", alias,
|
||||||
|
"-srcstorepass", passphrase,
|
||||||
|
"-deststorepass", passphrase
|
||||||
|
])
|
||||||
|
|
||||||
|
|
||||||
class JavaExportPlugin(ExportPlugin):
|
class JavaExportPlugin(ExportPlugin):
|
||||||
title = 'Java'
|
title = 'Java'
|
||||||
slug = 'java-export'
|
slug = 'java-export'
|
||||||
|
|
@ -66,7 +134,7 @@ class JavaExportPlugin(ExportPlugin):
|
||||||
'name': 'type',
|
'name': 'type',
|
||||||
'type': 'select',
|
'type': 'select',
|
||||||
'required': True,
|
'required': True,
|
||||||
'available': ['Java Key Store (JKS)'],
|
'available': ['Truststore (JKS)', 'Keystore (JKS)'],
|
||||||
'helpMessage': 'Choose the format you wish to export',
|
'helpMessage': 'Choose the format you wish to export',
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -105,71 +173,23 @@ class JavaExportPlugin(ExportPlugin):
|
||||||
else:
|
else:
|
||||||
alias = "blah"
|
alias = "blah"
|
||||||
|
|
||||||
if not key:
|
type = self.get_option('type', options)
|
||||||
raise Exception("Unable to export, no private key found.")
|
|
||||||
|
|
||||||
with mktempfile() as cert_tmp:
|
with mktemppath() as jks_tmp:
|
||||||
with open(cert_tmp, 'w') as f:
|
if type == 'Truststore (JKS)':
|
||||||
f.write(body)
|
create_truststore(body, chain, jks_tmp, alias, passphrase)
|
||||||
|
|
||||||
with mktempfile() as key_tmp:
|
elif type == 'Keystore (JKS)':
|
||||||
with open(key_tmp, 'w') as f:
|
if not key:
|
||||||
f.write(key)
|
raise Exception("Unable to export, no private key found.")
|
||||||
|
|
||||||
# Create PKCS12 keystore from private key and public certificate
|
create_truststore(body, chain, jks_tmp, alias, passphrase)
|
||||||
with mktempfile() as p12_tmp:
|
create_keystore(body, jks_tmp, key, alias, passphrase)
|
||||||
run_process([
|
|
||||||
"openssl",
|
|
||||||
"pkcs12",
|
|
||||||
"-export",
|
|
||||||
"-name", alias,
|
|
||||||
"-in", cert_tmp,
|
|
||||||
"-inkey", key_tmp,
|
|
||||||
"-out", p12_tmp,
|
|
||||||
"-password", "pass:{}".format(passphrase)
|
|
||||||
])
|
|
||||||
|
|
||||||
# Convert PKCS12 keystore into a JKS keystore
|
else:
|
||||||
with mktemppath() as jks_tmp:
|
raise Exception("Unable to export, unsupported type: {0}".format(type))
|
||||||
run_process([
|
|
||||||
"keytool",
|
|
||||||
"-importkeystore",
|
|
||||||
"-destkeystore", jks_tmp,
|
|
||||||
"-srckeystore", p12_tmp,
|
|
||||||
"-srcstoretype", "PKCS12",
|
|
||||||
"-alias", alias,
|
|
||||||
"-srcstorepass", passphrase,
|
|
||||||
"-deststorepass", passphrase
|
|
||||||
])
|
|
||||||
|
|
||||||
# Import leaf cert in to JKS keystore
|
with open(jks_tmp, 'rb') as f:
|
||||||
run_process([
|
raw = f.read()
|
||||||
"keytool",
|
|
||||||
"-importcert",
|
|
||||||
"-file", cert_tmp,
|
|
||||||
"-keystore", jks_tmp,
|
|
||||||
"-alias", "{0}_cert".format(alias),
|
|
||||||
"-storepass", passphrase,
|
|
||||||
"-noprompt"
|
|
||||||
])
|
|
||||||
|
|
||||||
# Import the entire chain
|
return "jks", passphrase, raw
|
||||||
for idx, cert in enumerate(split_chain(chain)):
|
|
||||||
with mktempfile() as c_tmp:
|
|
||||||
with open(c_tmp, 'w') as f:
|
|
||||||
f.write(cert)
|
|
||||||
# Import signed cert in to JKS keystore
|
|
||||||
run_process([
|
|
||||||
"keytool",
|
|
||||||
"-importcert",
|
|
||||||
"-file", c_tmp,
|
|
||||||
"-keystore", jks_tmp,
|
|
||||||
"-alias", "{0}_cert_{1}".format(alias, idx),
|
|
||||||
"-storepass", passphrase,
|
|
||||||
"-noprompt"
|
|
||||||
])
|
|
||||||
|
|
||||||
with open(jks_tmp, 'rb') as f:
|
|
||||||
raw = f.read()
|
|
||||||
|
|
||||||
return "jks", passphrase, raw
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue