package at.acdp.opcur.opc; /* * Copyright (c) 2016 Kevin Herron * * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * and Eclipse Distribution License v1.0 which accompany this distribution. * * The Eclipse Public License is available at * http://www.eclipse.org/legal/epl-v10.html * and the Eclipse Distribution License is available at * http://www.eclipse.org/org/documents/edl-v10.html. */ import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.Key; import java.security.KeyPair; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.UUID; import java.util.regex.Pattern; import org.eclipse.milo.opcua.sdk.server.util.HostnameUtil; import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateBuilder; import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; class KeyStoreLoader { private static final Pattern IP_ADDR_PATTERN = Pattern.compile( "^(([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.){3}([01]?\\d\\d?|2[0-4]\\d|25[0-5])$"); private static final String SERVER_ALIAS = "server-ai"; private static final char[] PASSWORD = "password".toCharArray(); private final Logger logger = LoggerFactory.getLogger(getClass()); private X509Certificate[] serverCertificateChain; private X509Certificate serverCertificate; private KeyPair serverKeyPair; KeyStoreLoader load(File baseDir) throws Exception { KeyStore keyStore = KeyStore.getInstance("PKCS12"); File serverKeyStore = baseDir.toPath().resolve("example-server.pfx").toFile(); logger.info("Loading KeyStore at {}", serverKeyStore); if (!serverKeyStore.exists()) { keyStore.load(null, PASSWORD); KeyPair keyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048); String applicationUri = "urn:eclipse:milo:examples:server:" + UUID.randomUUID(); SelfSignedCertificateBuilder builder = new SelfSignedCertificateBuilder(keyPair) .setCommonName("Eclipse Milo Example Server") .setOrganization("digitalpetri") .setOrganizationalUnit("dev") .setLocalityName("Folsom") .setStateName("CA") .setCountryCode("US") .setApplicationUri(applicationUri) .addDnsName("localhost") .addIpAddress("127.0.0.1"); // Get as many hostnames and IP addresses as we can listed in the certificate. for (String hostname : HostnameUtil.getHostnames("0.0.0.0")) { if (IP_ADDR_PATTERN.matcher(hostname).matches()) { builder.addIpAddress(hostname); } else { builder.addDnsName(hostname); } } X509Certificate certificate = builder.build(); keyStore.setKeyEntry(SERVER_ALIAS, keyPair.getPrivate(), PASSWORD, new X509Certificate[]{certificate}); keyStore.store(new FileOutputStream(serverKeyStore), PASSWORD); } else { keyStore.load(new FileInputStream(serverKeyStore), PASSWORD); } Key serverPrivateKey = keyStore.getKey(SERVER_ALIAS, PASSWORD); if (serverPrivateKey instanceof PrivateKey) { serverCertificate = (X509Certificate) keyStore.getCertificate(SERVER_ALIAS); serverCertificateChain = Arrays.stream(keyStore.getCertificateChain(SERVER_ALIAS)) .map(X509Certificate.class::cast) .toArray(X509Certificate[]::new); PublicKey serverPublicKey = serverCertificate.getPublicKey(); serverKeyPair = new KeyPair(serverPublicKey, (PrivateKey) serverPrivateKey); } return this; } X509Certificate getServerCertificate() { return serverCertificate; } public X509Certificate[] getServerCertificateChain() { return serverCertificateChain; } KeyPair getServerKeyPair() { return serverKeyPair; } }