From dbd1279226ab0fe0196998069a3e644afa909af2 Mon Sep 17 00:00:00 2001 From: kevgliss Date: Thu, 21 Apr 2016 16:22:19 -0700 Subject: [PATCH] Fixes #289 and #275 --- lemur/plugins/lemur_java/plugin.py | 74 +++++++++++++++--------------- 1 file changed, 36 insertions(+), 38 deletions(-) diff --git a/lemur/plugins/lemur_java/plugin.py b/lemur/plugins/lemur_java/plugin.py index 873fbc284e..0617329e29 100644 --- a/lemur/plugins/lemur_java/plugin.py +++ b/lemur/plugins/lemur_java/plugin.py @@ -10,10 +10,11 @@ from flask import current_app +from cryptography.fernet import Fernet + from lemur.utils import mktempfile, mktemppath from lemur.plugins.bases import ExportPlugin from lemur.plugins import lemur_java as java -from lemur.common.utils import get_psuedo_random_string def run_process(command): @@ -29,6 +30,7 @@ def run_process(command): if p.returncode != 0: current_app.logger.debug(" ".join(command)) current_app.logger.error(stderr) + current_app.logger.error(stdout) raise Exception(stderr) @@ -85,39 +87,36 @@ def create_truststore(cert, chain, jks_tmp, alias, passphrase): ]) -def create_keystore(cert, jks_tmp, key, alias, passphrase): - with mktempfile() as key_tmp: - with open(key_tmp, 'w') as f: - f.write(key) - - # Create PKCS12 keystore from private key and public certificate - with mktempfile() as cert_tmp: - with open(cert_tmp, 'w') as f: - f.write(cert) - - with mktempfile() as p12_tmp: - run_process([ - "openssl", - "pkcs12", - "-export", - "-name", alias, - "-in", cert_tmp, - "-inkey", key_tmp, - "-out", p12_tmp, - "-password", "pass:{}".format(passphrase) - ]) - - # Convert PKCS12 keystore into a JKS keystore - run_process([ - "keytool", - "-importkeystore", - "-destkeystore", jks_tmp, - "-srckeystore", p12_tmp, - "-srcstoretype", "PKCS12", - "-alias", alias, - "-srcstorepass", passphrase, - "-deststorepass", passphrase - ]) +def create_keystore(cert, chain, jks_tmp, key, alias, passphrase): + # Create PKCS12 keystore from private key and public certificate + with mktempfile() as cert_tmp: + with open(cert_tmp, 'w') as f: + f.writelines([key + "\n", cert + "\n", chain + "\n"]) + + with mktempfile() as p12_tmp: + run_process([ + "openssl", + "pkcs12", + "-export", + "-nodes", + "-name", alias, + "-in", cert_tmp, + "-out", p12_tmp, + "-password", "pass:{}".format(passphrase) + ]) + + # Convert PKCS12 keystore into a JKS keystore + run_process([ + "keytool", + "-importkeystore", + "-destkeystore", jks_tmp, + "-srckeystore", p12_tmp, + "-srcstoretype", "pkcs12", + "-deststoretype", "JKS", + "-alias", alias, + "-srcstorepass", passphrase, + "-deststorepass", passphrase + ]) class JavaTruststoreExportPlugin(ExportPlugin): @@ -165,7 +164,7 @@ def export(self, body, chain, key, options, **kwargs): if self.get_option('passphrase', options): passphrase = self.get_option('passphrase', options) else: - passphrase = get_psuedo_random_string() + passphrase = Fernet.generate_key() with mktemppath() as jks_tmp: create_truststore(body, chain, jks_tmp, alias, passphrase) @@ -215,7 +214,7 @@ def export(self, body, chain, key, options, **kwargs): if self.get_option('passphrase', options): passphrase = self.get_option('passphrase', options) else: - passphrase = get_psuedo_random_string() + passphrase = Fernet.generate_key() if self.get_option('alias', options): alias = self.get_option('alias', options) @@ -226,8 +225,7 @@ def export(self, body, chain, key, options, **kwargs): if not key: raise Exception("Unable to export, no private key found.") - create_truststore(body, chain, jks_tmp, alias, passphrase) - create_keystore(body, jks_tmp, key, alias, passphrase) + create_keystore(body, chain, jks_tmp, key, alias, passphrase) with open(jks_tmp, 'rb') as f: raw = f.read()