Skip to content

Commit

Permalink
Merge pull request #290 from kevgliss/289-java-export-intermediates
Browse files Browse the repository at this point in the history 
Fixes #289 and #275
  • Loading branch information
@kevgliss
kevgliss committed Apr 21, 2016
2 parents b463fcf + dbd1279 commit 2c6d494
Showing 1 changed file with 36 additions and 38 deletions.
74 changes: 36 additions & 38 deletions lemur/plugins/lemur_java/plugin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,11 @@

from flask import current_app

from cryptography.fernet import Fernet

from lemur.utils import mktempfile, mktemppath
from lemur.plugins.bases import ExportPlugin
from lemur.plugins import lemur_java as java
from lemur.common.utils import get_psuedo_random_string


def run_process(command):
Expand All @@ -29,6 +30,7 @@ def run_process(command):
if p.returncode != 0:
current_app.logger.debug(" ".join(command))
current_app.logger.error(stderr)
current_app.logger.error(stdout)
raise Exception(stderr)


Expand Down Expand Up @@ -85,39 +87,36 @@ def create_truststore(cert, chain, jks_tmp, alias, passphrase):
])


def create_keystore(cert, jks_tmp, key, alias, passphrase):
with mktempfile() as key_tmp:
with open(key_tmp, 'w') as f:
f.write(key)

# Create PKCS12 keystore from private key and public certificate
with mktempfile() as cert_tmp:
with open(cert_tmp, 'w') as f:
f.write(cert)

with mktempfile() as p12_tmp:
run_process([
"openssl",
"pkcs12",
"-export",
"-name", alias,
"-in", cert_tmp,
"-inkey", key_tmp,
"-out", p12_tmp,
"-password", "pass:{}".format(passphrase)
])

# Convert PKCS12 keystore into a JKS keystore
run_process([
"keytool",
"-importkeystore",
"-destkeystore", jks_tmp,
"-srckeystore", p12_tmp,
"-srcstoretype", "PKCS12",
"-alias", alias,
"-srcstorepass", passphrase,
"-deststorepass", passphrase
])
def create_keystore(cert, chain, jks_tmp, key, alias, passphrase):
# Create PKCS12 keystore from private key and public certificate
with mktempfile() as cert_tmp:
with open(cert_tmp, 'w') as f:
f.writelines([key + "\n", cert + "\n", chain + "\n"])

with mktempfile() as p12_tmp:
run_process([
"openssl",
"pkcs12",
"-export",
"-nodes",
"-name", alias,
"-in", cert_tmp,
"-out", p12_tmp,
"-password", "pass:{}".format(passphrase)
])

# Convert PKCS12 keystore into a JKS keystore
run_process([
"keytool",
"-importkeystore",
"-destkeystore", jks_tmp,
"-srckeystore", p12_tmp,
"-srcstoretype", "pkcs12",
"-deststoretype", "JKS",
"-alias", alias,
"-srcstorepass", passphrase,
"-deststorepass", passphrase
])


class JavaTruststoreExportPlugin(ExportPlugin):
Expand Down Expand Up @@ -165,7 +164,7 @@ def export(self, body, chain, key, options, **kwargs):
if self.get_option('passphrase', options):
passphrase = self.get_option('passphrase', options)
else:
passphrase = get_psuedo_random_string()
passphrase = Fernet.generate_key()

with mktemppath() as jks_tmp:
create_truststore(body, chain, jks_tmp, alias, passphrase)
Expand Down Expand Up @@ -215,7 +214,7 @@ def export(self, body, chain, key, options, **kwargs):
if self.get_option('passphrase', options):
passphrase = self.get_option('passphrase', options)
else:
passphrase = get_psuedo_random_string()
passphrase = Fernet.generate_key()

if self.get_option('alias', options):
alias = self.get_option('alias', options)
Expand All @@ -226,8 +225,7 @@ def export(self, body, chain, key, options, **kwargs):
if not key:
raise Exception("Unable to export, no private key found.")

create_truststore(body, chain, jks_tmp, alias, passphrase)
create_keystore(body, jks_tmp, key, alias, passphrase)
create_keystore(body, chain, jks_tmp, key, alias, passphrase)

with open(jks_tmp, 'rb') as f:
raw = f.read()
Expand Down

0 comments on commit 2c6d494

Please sign in to comment.