sdks/java/basys.sdk/src/main/java/org/eclipse/basyx/vab/protocol/opcua/server/KeyStoreLoaderClient.java - basyx/basyx - Git at Google

 /*******************************************************************************
  * Copyright (C) 2021 the Eclipse BaSyx Authors
  *
  * This program and the accompanying materials are made
  * available under the terms of the Eclipse Public License 2.0
  * which is available at https://www.eclipse.org/legal/epl-2.0/
  *
  * SPDX-License-Identifier: EPL-2.0
  ******************************************************************************/
 package org.eclipse.basyx.vab.protocol.opcua.server;

 import java.io.InputStream;
 import java.io.OutputStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.Key;
 import java.security.KeyPair;
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.regex.Pattern;

 import org.eclipse.milo.opcua.sdk.server.util.HostnameUtil;
 import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateBuilder;
 import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 public class KeyStoreLoaderClient {

     private static final Pattern IP_ADDR_PATTERN = Pattern
             .compile("^(([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.){3}([01]?\\d\\d?|2[0-4]\\d|25[0-5])$");

     private static final String CLIENT_ALIAS = "client-ai";
     private static final char[] PASSWORD = "password".toCharArray();

     private final Logger logger = LoggerFactory.getLogger(getClass());

     private X509Certificate clientCertificate;
     private KeyPair clientKeyPair;

     KeyStoreLoaderClient load(Path baseDir) throws Exception {
         KeyStore keyStore = KeyStore.getInstance("PKCS12");

         Path serverKeyStore = baseDir.resolve("example-client.pfx");

         logger.info("Loading KeyStore at {}", serverKeyStore);

         if (!Files.exists(serverKeyStore)) {
             keyStore.load(null, PASSWORD);

             KeyPair keyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048);

             SelfSignedCertificateBuilder builder = new SelfSignedCertificateBuilder(keyPair)
                     .setCommonName("Eclipse Milo Example Client").setOrganization("digitalpetri")
                     .setOrganizationalUnit("dev").setLocalityName("Folsom").setStateName("CA").setCountryCode("US")
                     .setApplicationUri("urn:eclipse:milo:examples:client").addDnsName("localhost")
                     .addIpAddress("127.0.0.1");

             // Get as many hostnames and IP addresses as we can listed in the certificate.
             for (String hostname : HostnameUtil.getHostnames("0.0.0.0")) {
                 if (IP_ADDR_PATTERN.matcher(hostname).matches()) {
                     builder.addIpAddress(hostname);
                 } else {
                     builder.addDnsName(hostname);
                 }
             }

             X509Certificate certificate = builder.build();

             keyStore.setKeyEntry(CLIENT_ALIAS, keyPair.getPrivate(), PASSWORD, new X509Certificate[] { certificate });
             try (OutputStream out = Files.newOutputStream(serverKeyStore)) {
                 keyStore.store(out, PASSWORD);
             }
         } else {
             try (InputStream in = Files.newInputStream(serverKeyStore)) {
                 keyStore.load(in, PASSWORD);
             }
         }

         Key serverPrivateKey = keyStore.getKey(CLIENT_ALIAS, PASSWORD);
         if (serverPrivateKey instanceof PrivateKey) {
             clientCertificate = (X509Certificate) keyStore.getCertificate(CLIENT_ALIAS);
             PublicKey serverPublicKey = clientCertificate.getPublicKey();
             clientKeyPair = new KeyPair(serverPublicKey, (PrivateKey) serverPrivateKey);
         }

         return this;
     }

     X509Certificate getClientCertificate() {
         return clientCertificate;
     }

     KeyPair getClientKeyPair() {
         return clientKeyPair;
     }

 }
	/*******************************************************************************
	* Copyright (C) 2021 the Eclipse BaSyx Authors
	*
	* This program and the accompanying materials are made
	* available under the terms of the Eclipse Public License 2.0
	* which is available at https://www.eclipse.org/legal/epl-2.0/
	*
	* SPDX-License-Identifier: EPL-2.0
	******************************************************************************/
	package org.eclipse.basyx.vab.protocol.opcua.server;

	import java.io.InputStream;
	import java.io.OutputStream;
	import java.nio.file.Files;
	import java.nio.file.Path;
	import java.security.Key;
	import java.security.KeyPair;
	import java.security.KeyStore;
	import java.security.PrivateKey;
	import java.security.PublicKey;
	import java.security.cert.X509Certificate;
	import java.util.regex.Pattern;

	import org.eclipse.milo.opcua.sdk.server.util.HostnameUtil;
	import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateBuilder;
	import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	public class KeyStoreLoaderClient {

	private static final Pattern IP_ADDR_PATTERN = Pattern
	.compile("^(([01]?\\d\\d?\|2[0-4]\\d\|25[0-5])\\.){3}([01]?\\d\\d?\|2[0-4]\\d\|25[0-5])$");

	private static final String CLIENT_ALIAS = "client-ai";
	private static final char[] PASSWORD = "password".toCharArray();

	private final Logger logger = LoggerFactory.getLogger(getClass());

	private X509Certificate clientCertificate;
	private KeyPair clientKeyPair;

	KeyStoreLoaderClient load(Path baseDir) throws Exception {
	KeyStore keyStore = KeyStore.getInstance("PKCS12");

	Path serverKeyStore = baseDir.resolve("example-client.pfx");

	logger.info("Loading KeyStore at {}", serverKeyStore);

	if (!Files.exists(serverKeyStore)) {
	keyStore.load(null, PASSWORD);

	KeyPair keyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048);

	SelfSignedCertificateBuilder builder = new SelfSignedCertificateBuilder(keyPair)
	.setCommonName("Eclipse Milo Example Client").setOrganization("digitalpetri")
	.setOrganizationalUnit("dev").setLocalityName("Folsom").setStateName("CA").setCountryCode("US")
	.setApplicationUri("urn:eclipse:milo:examples:client").addDnsName("localhost")
	.addIpAddress("127.0.0.1");

	// Get as many hostnames and IP addresses as we can listed in the certificate.
	for (String hostname : HostnameUtil.getHostnames("0.0.0.0")) {
	if (IP_ADDR_PATTERN.matcher(hostname).matches()) {
	builder.addIpAddress(hostname);
	} else {
	builder.addDnsName(hostname);
	}
	}

	X509Certificate certificate = builder.build();

	keyStore.setKeyEntry(CLIENT_ALIAS, keyPair.getPrivate(), PASSWORD, new X509Certificate[] { certificate });
	try (OutputStream out = Files.newOutputStream(serverKeyStore)) {
	keyStore.store(out, PASSWORD);
	}
	} else {
	try (InputStream in = Files.newInputStream(serverKeyStore)) {
	keyStore.load(in, PASSWORD);
	}
	}

	Key serverPrivateKey = keyStore.getKey(CLIENT_ALIAS, PASSWORD);
	if (serverPrivateKey instanceof PrivateKey) {
	clientCertificate = (X509Certificate) keyStore.getCertificate(CLIENT_ALIAS);
	PublicKey serverPublicKey = clientCertificate.getPublicKey();
	clientKeyPair = new KeyPair(serverPublicKey, (PrivateKey) serverPrivateKey);
	}

	return this;
	}

	X509Certificate getClientCertificate() {
	return clientCertificate;
	}

	KeyPair getClientKeyPair() {
	return clientKeyPair;
	}

	}