Fixed programmatically using a Certificate object for HttpServer

2021-08-22 02:11:05 +02:00 · 2021-08-22 02:11:05 +02:00 · 2c019992fe
commit 2c019992fe
parent 3afb1e241e
4 changed files with 34 additions and 20 deletions
--- a/src/zutil/net/acme/AcmeClient.java
+++ b/src/zutil/net/acme/AcmeClient.java
@ -163,7 +163,8 @@ public class AcmeClient {
            }

            // Get the certificate
-            certificate = order.getCertificate().getCertificate();
+            Certificate certWrapper = order.getCertificate();
+            certificate = certWrapper.getCertificate();
            dataStore.storeCertificate(certificate);

            logger.info("Successfully created new certificate for domains: " + StringUtil.join(",", domains));
--- a/src/zutil/net/http/HttpServer.java
+++ b/src/zutil/net/http/HttpServer.java
@ -36,7 +36,8 @@ import java.io.IOException;
 import java.net.Socket;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
-import java.security.cert.Certificate;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.Executors;
@ -73,7 +74,7 @@ public class HttpServer extends ThreadedTCPNetworkServer{
    /**
     * Creates a new instance of the sever
     *
-     * @param   port    The port that the server should listen to
+     * @param   port    the port that the server should listen to
     */
    public HttpServer(int port) throws IOException {
        super(port);
@ -82,19 +83,20 @@ public class HttpServer extends ThreadedTCPNetworkServer{
    /**
     * Creates a new instance of the sever which accepts SSL connections
     *
-     * @param   port            The port that the server should listen to
-     * @param   certificate     The certificate that should be used for the servers SSL connections
+     * @param   port            the port that the server should listen to
+     * @param   privateKey      the private key for the certificate
+     * @param   certificate     the certificate that should be used for the servers SSL connections
     */
-    public HttpServer(int port, Certificate certificate) throws IOException, GeneralSecurityException {
-        super(port, certificate);
+    public HttpServer(int port, PrivateKey privateKey, X509Certificate certificate) throws IOException, GeneralSecurityException {
+        super(port, privateKey, certificate);
        initialize("HTTPS");
    }
    /**
     * Creates a new instance of the sever which accepts SSL connections
     *
-     * @param   port            The port that the server should listen to
-     * @param   keyStoreFile    The keyStore file containing the certificate to use for the servers SSL connections
-     * @param   keyStorePass    The password to unlock the key store.
+     * @param   port            the port that the server should listen to
+     * @param   keyStoreFile    the keyStore file containing the certificate to use for the servers SSL connections
+     * @param   keyStorePass    the password to unlock the key store.
     */
    public HttpServer(int port, File keyStoreFile, char[] keyStorePass) throws IOException, GeneralSecurityException {
        super(port, keyStoreFile, keyStorePass);
@ -103,9 +105,9 @@ public class HttpServer extends ThreadedTCPNetworkServer{
    /**
     * Creates a new instance of the sever which accepts SSL connections
     *
-     * @param   port            The port that the server should listen to
-     * @param   keyStore        The keyStore object containing the certificate to use for the servers SSL connections
-     * @param   keyStorePass    The password to unlock the key store.
+     * @param   port            the port that the server should listen to
+     * @param   keyStore        the keyStore object containing the certificate to use for the servers SSL connections
+     * @param   keyStorePass    the password to unlock the key store.
     */
    public HttpServer(int port, KeyStore keyStore, char[] keyStorePass) throws IOException, GeneralSecurityException {
        super(port, keyStore, keyStorePass);
--- a/src/zutil/net/threaded/ThreadedTCPNetworkServer.java
+++ b/src/zutil/net/threaded/ThreadedTCPNetworkServer.java
@ -36,7 +36,7 @@ import java.io.IOException;
 import java.net.ServerSocket;
 import java.net.Socket;
 import java.security.*;
-import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
 import java.util.concurrent.Executor;
 import java.util.concurrent.Executors;
 import java.util.logging.Level;
@ -68,10 +68,11 @@ public abstract class ThreadedTCPNetworkServer extends Thread {
     * Creates a new SSL instance of the sever.
     *
     * @param   port            the port that the server should listen to.
+     * @param   privateKey      the private key for the certificate
     * @param   certificate     the certificate for the server domain.
     */
-    public ThreadedTCPNetworkServer(int port, Certificate certificate) throws IOException, GeneralSecurityException {
-        this(port, getKeyStore(certificate), null);
+    public ThreadedTCPNetworkServer(int port, PrivateKey privateKey, X509Certificate certificate) throws IOException, GeneralSecurityException {
+        this(port, getKeyStore(privateKey, certificate), null);
    }
    /**
     * Creates a new SSL instance of the sever.
@ -98,13 +99,16 @@ public abstract class ThreadedTCPNetworkServer extends Thread {
    /**
     * Initiates a SSLServerSocket
     *
+     * @param   privateKey      the private key for the certificate
     * @param   certificate     the certificate for the server domain.
     * @return a SSLServerSocket object
     */
-    private static KeyStore getKeyStore(Certificate certificate) throws IOException, GeneralSecurityException {
+    private static KeyStore getKeyStore(PrivateKey privateKey, X509Certificate certificate) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null); // Create empty keystore
-        keyStore.setCertificateEntry("ssl_server_cert", certificate);
+
+        keyStore.setCertificateEntry("cert-alias", certificate);
+        keyStore.setKeyEntry("key-alias", privateKey, new char[0], new X509Certificate[]{certificate});

        return keyStore;
    }
--- a/test/zutil/net/http/page/HttpGuessTheNumber.java
+++ b/test/zutil/net/http/page/HttpGuessTheNumber.java
@ -24,6 +24,7 @@

 package zutil.net.http.page;

+import zutil.io.file.FileUtil;
 import zutil.log.CompactLogFormatter;
 import zutil.log.LogUtil;
 import zutil.net.http.HttpHeader;
@ -32,6 +33,8 @@ import zutil.net.http.HttpPrintStream;
 import zutil.net.http.HttpServer;

 import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.util.Map;
 import java.util.logging.Level;

@ -46,12 +49,16 @@ public class HttpGuessTheNumber implements HttpPage {
    private static final String COOKIE_KEY_HIGH    = "high";


-    public static void main(String[] args) throws IOException {
+    public static void main(String[] args) throws Exception {
        LogUtil.setGlobalLevel(Level.ALL);
        LogUtil.setGlobalFormatter(new CompactLogFormatter());

-        //HttpServer server = new HttpServer("localhost", 443, FileFinder.find("keySSL"), "rootroot");//SSL
+        // Run command to generate key store:
+        // keytool.exe -genkeypair -alias signFiles -keystore sslKeyStore -keyalg RSA
+        //HttpServer server = new HttpServer(443, FileUtil.find("sslKeyStore"), "password".toCharArray()); //SSL
+
        HttpServer server = new HttpServer(8080);
+
        server.setDefaultPage(new HttpGuessTheNumber());
        server.run();
    }