KeyStoreLoader.java

/*
 * Copyright (c) 2021 the Eclipse Milo Authors
 *
 * This program and the accompanying materials are made
 * available under the terms of the Eclipse Public License 2.0
 * which is available at https://www.eclipse.org/legal/epl-2.0/
 *
 * SPDX-License-Identifier: EPL-2.0
 */

package de.dlr.bt.stc.opcuaserver;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.nio.file.Path;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Set;
import java.util.UUID;
import java.util.regex.Pattern;

import org.eclipse.milo.opcua.sdk.server.util.HostnameUtil;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateBuilder;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator;

import com.google.common.collect.Sets;

import lombok.extern.slf4j.Slf4j;

@Slf4j
class KeyStoreLoader {

	private static final Pattern IP_ADDR_PATTERN = Pattern
			.compile("^(([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.){3}([01]?\\d\\d?|2[0-4]\\d|25[0-5])$");

	private static final String SERVER_ALIAS = "server-ai";
	private static final char[] PASSWORD = "password".toCharArray();

	private X509Certificate[] serverCertificateChain;
	private X509Certificate serverCertificate;
	private KeyPair serverKeyPair;

	KeyStoreLoader load(Path baseDir) throws Exception {
		KeyStore keyStore = KeyStore.getInstance("PKCS12");

		File serverKeyStore = baseDir.resolve("example-server.pfx").toFile();

		log.info("Loading KeyStore at {}", serverKeyStore);

		if (!serverKeyStore.exists()) {
			keyStore.load(null, PASSWORD);

			KeyPair keyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048);

			String applicationUri = "urn:dlr:stc:server:" + UUID.randomUUID();

			SelfSignedCertificateBuilder builder = new SelfSignedCertificateBuilder(keyPair)
					.setCommonName("Shepard Timeseries Collector").setOrganization("DLR e.V.")
					.setOrganizationalUnit("BT").setLocalityName("Augsburg").setStateName("BY").setCountryCode("DE")
					.setApplicationUri(applicationUri);

			// Get as many hostnames and IP addresses as we can listed in the certificate.
			Set<String> hostnames = Sets.union(Sets.newHashSet(HostnameUtil.getHostname()),
					HostnameUtil.getHostnames("0.0.0.0", false));

			for (String hostname : hostnames) {
				if (IP_ADDR_PATTERN.matcher(hostname).matches()) {
					builder.addIpAddress(hostname);
				} else {
					builder.addDnsName(hostname);
				}
			}

			X509Certificate certificate = builder.build();

			keyStore.setKeyEntry(SERVER_ALIAS, keyPair.getPrivate(), PASSWORD, new X509Certificate[] { certificate });
			keyStore.store(new FileOutputStream(serverKeyStore), PASSWORD);
		} else {
			keyStore.load(new FileInputStream(serverKeyStore), PASSWORD);
		}

		Key serverPrivateKey = keyStore.getKey(SERVER_ALIAS, PASSWORD);
		if (serverPrivateKey instanceof PrivateKey) {
			serverCertificate = (X509Certificate) keyStore.getCertificate(SERVER_ALIAS);

			serverCertificateChain = Arrays.stream(keyStore.getCertificateChain(SERVER_ALIAS))
					.map(X509Certificate.class::cast).toArray(X509Certificate[]::new);

			PublicKey serverPublicKey = serverCertificate.getPublicKey();
			serverKeyPair = new KeyPair(serverPublicKey, (PrivateKey) serverPrivateKey);
		}

		return this;
	}

	X509Certificate getServerCertificate() {
		return serverCertificate;
	}

	public X509Certificate[] getServerCertificateChain() {
		return serverCertificateChain;
	}

	KeyPair getServerKeyPair() {
		return serverKeyPair;
	}

}
Created with JaCoCo 0.8.11.202310140853