Created
January 31, 2022 22:32
-
-
Save paulklinkenberg/0cef289a49c95dfdd558d739466b882c to your computer and use it in GitHub Desktop.
Lucee/CFML utility component for reading and storing certificates to a JKS Java keystore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
component { | |
public function addCertToStore(required string certBase64, required string keyStorePath, string keyStorePassword="insecure") { | |
if (not fileExists(keyStorePath)) { | |
throw(message='Path of [keyStorePath] does not exist!', detail="#keyStorePath#"); | |
} | |
local.ks = getKeyStore(keyStorePath, keyStorePassword); | |
local.tempPath = getTempDirectory() & createUUID() & ".tmp"; | |
fileWrite(local.tempPath, "-----BEGIN CERTIFICATE-----#chr(10)##certBase64##chr(10)#-----END CERTIFICATE-----"); | |
// https://docs.oracle.com/javase/7/docs/api/java/security/cert/CertificateFactory.html | |
local.fis = createObject('java', 'java.io.FileInputStream').init(local.tempPath); | |
local.cf = createObject('java', 'java.security.cert.CertificateFactory').getInstance("X.509"); | |
local.cert = cf.generateCertificate(fis); | |
// This method returns an error "java.lang.ClassNotFoundException: com/sun/security/cert/internal/x509/X509V1CertImpl" | |
// local.cert = createObject('java', 'javax.security.cert.X509Certificate').getInstance(toBinary(certBase64)); | |
local.alias = hash(local.cert.getIssuerDN().getOrganization()) & "-" & local.cert.getSerialNumber(); | |
if (not local.ks.containsAlias(local.alias)) | |
local.ks.setCertificateEntry(local.alias, local.cert); | |
local.file = createObject('java', 'java.io.File').init(keyStorePath); | |
local.out = createObject('java', 'java.io.FileOutputStream').init(local.file); | |
try { | |
local.ks.store(local.out, keyStorePassword.toCharArray()); | |
} catch(any e){ | |
local.out.close(); | |
rethrow; | |
} | |
local.out.close(); | |
/* | |
try { | |
writeDump(local.cert.getIssuerDN().getOrganization()); | |
writeDump(local.cert.getSerialNumber()); | |
writedump(local.alias); | |
writeDump(getKeyStoreInfo(keyStorePath, keyStorePassword)); | |
writeDump(local.cert.toString()); | |
writeDump(local.cert.getIssuerDN()); | |
abort; | |
} catch(any e){ | |
writeDump(e); abort; | |
} | |
*/ | |
} | |
public function getKeyStoreInfo(required string keyStorePath, string keyStorePassword="insecure") { | |
local.ks = getKeyStore(keyStorePath, keyStorePassword); | |
local.ret = {}; | |
local.enum = local.ks.aliases(); | |
while(local.enum.hasMoreElements()){ | |
local.alias = local.enum.nextElement(); | |
local.cert = local.ks.getCertificate(local.alias); | |
local.ret[local.alias] = { | |
certificate=local.cert.toString() | |
, type=local.cert.getType() | |
}; | |
} | |
return local.ret; | |
} | |
private function getKeyStore(required string keyStorePath, string keyStorePassword="insecure"){ | |
local.file = createObject('java', 'java.io.File').init(keyStorePath); | |
// System.out.println("Loading KeyStore " + file + "..."); | |
local.fis = createObject('java', 'java.io.FileInputStream').init(local.file); | |
try { | |
local.ks = createObject('java', 'java.security.KeyStore').getInstance("JKS"); | |
local.ks.load(local.fis, keyStorePassword.toCharArray()); | |
} catch(any e){ | |
fis.close(); | |
writeDump(e); | |
writeDump(arguments); abort; | |
rethrow; | |
} | |
fis.close(); | |
return local.ks; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment