Issue #1673 - generate keystore when using test-keystore module

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>

jetty-home/pom.xml

@@ -776,6 +776,12 @@
       <version>${project.version}</version>
       <optional>true</optional>
     </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-test-keystore</artifactId>
+      <version>${project.version}</version>
+      <optional>true</optional>
+    </dependency>
     <!-- Demo Apps -->
     <dependency>
       <groupId>org.eclipse.jetty.demos</groupId>

jetty-test-keystore/pom.xml

@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <parent>
+    <artifactId>jetty-project</artifactId>
+    <groupId>org.eclipse.jetty</groupId>
+    <version>10.0.1-SNAPSHOT</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>jetty-test-keystore</artifactId>
+  <name>Jetty :: Test Keystore</name>
+  <description>Test keystore with self-signed SSL Certificate.</description>
+
+  <properties>
+    <bouncycastle-version>1.60</bouncycastle-version>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpkix-jdk15on</artifactId>
+      <version>${bouncycastle-version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk15on</artifactId>
+      <version>${bouncycastle-version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-util</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>

jetty-test-keystore/src/main/config/etc/jetty-test-keystore.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd">
+
+<Configure id="Server" class="org.eclipse.jetty.server.Server">
+  <Call class="org.eclipse.jetty.keystore.KeystoreGenerator" name="generateTestKeystore">
+    <Arg><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" default="etc/keystore.p12" /></Arg>
+    <Arg><Property name="jetty.sslContext.keyStorePassword" /></Arg>
+  </Call>
+</Configure>

jetty-test-keystore/src/main/config/modules/test-keystore.mod

@@ -1,5 +1,5 @@
 [description]
-Test keystore with test SSL Certificate.
+Test keystore with self-signed SSL Certificate.
 DO NOT USE IN PRODUCTION!!!
 
 [tags]
@@ -9,11 +9,16 @@ ssl
 [depend]
 ssl
 
-[files]
+[lib]
-basehome:modules/test-keystore/test-keystore.p12|etc/test-keystore.p12
+lib/jetty-test-keystore-${jetty.version}.jar
+
+[xml]
+etc/jetty-test-keystore.xml
 
 [ini]
 jetty.sslContext.keyStorePath?=etc/test-keystore.p12
-jetty.sslContext.trustStorePath?=etc/test-keystore.p12
 jetty.sslContext.keyStoreType?=PKCS12
 jetty.sslContext.keyStorePassword?=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
+jetty.sslContext.trustStorePath?=etc/test-keystore.p12
+jetty.sslContext.trustStoreType?=PKCS12
+jetty.sslContext.keyStorePassword?=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4

jetty-test-keystore/src/main/java/org/eclipse/jetty/keystore/KeystoreGenerator.java

@@ -0,0 +1,81 @@
+//
+// ========================================================================
+// Copyright (c) 1995-2020 Mort Bay Consulting Pty Ltd and others.
+//
+// This program and the accompanying materials are made available under the
+// terms of the Eclipse Public License v. 2.0 which is available at
+// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
+// which is available at https://www.apache.org/licenses/LICENSE-2.0.
+//
+// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
+// ========================================================================
+//
+
+package org.eclipse.jetty.keystore;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Date;
+
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.eclipse.jetty.util.security.Password;
+
+public class KeystoreGenerator
+{
+    public static void main(String[] args) throws Exception
+    {
+        generateTestKeystore("test-keystore.p12", "storepwd");
+    }
+
+    public static void generateTestKeystore(String location, String password) throws Exception
+    {
+        // Generate an RSA key pair.
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+        keyPairGenerator.initialize(2048);
+        KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+        // Create a self-signed certificate.
+        Instant now = Instant.now();
+        Date notBefore = Date.from(now);
+        Date notAfter = Date.from(now.plus(Duration.ofDays(365)));
+        BigInteger serial = BigInteger.valueOf(new SecureRandom().nextLong());
+        X500Name x500Name = new X500Name("C=US,ST=NE,L=Omaha,O=Webtide,OU=Jetty,CN=localhost");
+        X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(x500Name, serial, notBefore, notAfter, x500Name, keyPair.getPublic());
+        ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate());
+        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(certBuilder.build(contentSigner));
+
+        // Create a keystore using the self-signed certificate.
+        KeyStore keystore = KeyStore.getInstance("PKCS12");
+        char[] pwdCharArray = new Password(password).toString().toCharArray();
+        keystore.load(null, pwdCharArray);
+        keystore.setKeyEntry("jetty-test-keystore", keyPair.getPrivate(), pwdCharArray, new Certificate[]{certificate});
+
+        // Write keystore out to a file.
+        File keystoreFile = new File(location);
+        keystoreFile.deleteOnExit();
+        File parentFile = keystoreFile.getAbsoluteFile().getParentFile();
+        if (!parentFile.exists() && !parentFile.mkdirs())
+            throw new IOException("Could not create directory for test keystore file");
+        try (FileOutputStream fos = new FileOutputStream(keystoreFile))
+        {
+            keystore.store(fos, pwdCharArray);
+        }
+    }
+
+}

pom.xml

@@ -147,6 +147,7 @@
     <module>jetty-home</module>
     <module>jetty-bom</module>
     <module>jetty-documentation</module>
+    <module>jetty-test-keystore</module>
   </modules>
 
   <build>