datasharingframework · hhund · Jun 19, 2026 · Jun 18, 2026 · Jun 19, 2026
diff --git a/dsf-maven/dsf-maven-plugin/src/main/java/dev/dsf/maven/dev/AbstractGenerator.java b/dsf-maven/dsf-maven-plugin/src/main/java/dev/dsf/maven/dev/AbstractGenerator.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2018-2025 Heilbronn University of Applied Sciences
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package dev.dsf.maven.dev;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.PrivateKey;
+import java.util.Objects;
+import java.util.Optional;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import de.hsheilbronn.mi.utils.crypto.io.PemReader;
+import de.hsheilbronn.mi.utils.crypto.io.PemWriter;
+
+public class AbstractGenerator
+{
+	private static final Logger logger = LoggerFactory.getLogger(AbstractGenerator.class);
+
+	public static final String POSTFIX_PRIVATE_KEY = ".key";
+
+	private final Path baseDir;
+	private final char[] privateKeyPassword;
+
+	public AbstractGenerator(Path baseDir, char[] privateKeyPassword)
+	{
+		Objects.requireNonNull(baseDir, "baseDir");
+		Objects.requireNonNull(privateKeyPassword, "privateKeyPassword");
+
+		this.baseDir = baseDir;
+		this.privateKeyPassword = privateKeyPassword;
+	}
+
+	protected void writePrivateKey(String commonName, PrivateKey privateKey) throws RuntimeException
+	{
+		Path file = toPath(commonName, POSTFIX_PRIVATE_KEY);
+
+		try
+		{
+			PemWriter.writePrivateKey(privateKey).asPkcs8().encryptedAes128(privateKeyPassword).toFile(file);
+		}
+		catch (IOException e)
+		{
+			logger.error("Unable to write private-key {}: {} - {}", file.toAbsolutePath().normalize(),
+					e.getClass().getName(), e.getMessage());
+			throw new RuntimeException(e);
+		}
+	}
+
+	protected Optional<PrivateKey> readPrivateKey(String commonName) throws RuntimeException
+	{
+		Path file = toPath(commonName, POSTFIX_PRIVATE_KEY);
+
+		if (!Files.isReadable(file))
+			return Optional.empty();
+
+		try
+		{
+			return Optional.of(PemReader.readPrivateKey(file, privateKeyPassword));
+		}
+		catch (IOException e)
+		{
+			logger.error("Unable to read private-key {}: {} - {}", file.toAbsolutePath().normalize(),
+					e.getClass().getName(), e.getMessage());
+
+			throw new RuntimeException(e);
+		}
+	}
+
+	protected Path toPath(String id, String postFix)
+	{
+		return baseDir.resolve(id.replaceAll(" ", "_") + postFix);
+	}
+}
diff --git a/dsf-maven/dsf-maven-plugin/src/main/java/dev/dsf/maven/dev/AbstractIo.java b/dsf-maven/dsf-maven-plugin/src/main/java/dev/dsf/maven/dev/AbstractIo.java
@@ -16,17 +16,36 @@
 package dev.dsf.maven.dev;
 
 import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.PrivateKey;
+import java.util.Objects;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import de.hsheilbronn.mi.utils.crypto.io.PemWriter;
 import dev.dsf.maven.exception.RuntimeIOException;
 
 public abstract class AbstractIo
 {
+	private static final Logger logger = LoggerFactory.getLogger(AbstractIo.class);
+
 	protected static interface RunnableWithIoException
 	{
 		void run() throws IOException;
 	}
 
-	protected final void toRuntimeException(RunnableWithIoException runnable)
+	protected final Path projectBasedir;
+	protected final char[] privateKeyPassword;
+
+	public AbstractIo(Path projectBasedir, char[] privateKeyPassword)
+	{
+		this.projectBasedir = Objects.requireNonNull(projectBasedir, "projectBasedir");
+		this.privateKeyPassword = privateKeyPassword;
+	}
+
+	protected final void toRuntimeException(RunnableWithIoException runnable) throws RuntimeIOException
 	{
 		try
 		{
@@ -37,4 +56,25 @@ protected final void toRuntimeException(RunnableWithIoException runnable)
 			throw new RuntimeIOException(e);
 		}
 	}
+
+	protected void writePrivateKey(String type, String id, PrivateKey privateKey, Path target) throws IOException
+	{
+		logger.info("Writing private-key encrypted ({}: {}) to {}", type, id, projectBasedir.relativize(target));
+
+		PemWriter.writePrivateKey(privateKey).asPkcs8().encryptedAes128(privateKeyPassword).toFile(target);
+	}
+
+	protected void writePrivateKeyPlain(String type, String id, PrivateKey privateKey, Path target) throws IOException
+	{
+		logger.info("Writing private-key unencrypted ({}: {}) to {}", type, id, projectBasedir.relativize(target));
+
+		PemWriter.writePrivateKey(privateKey).asPkcs8().notEncrypted().toFile(target);
+	}
+
+	protected final void writePassword(String type, String id, Path target) throws IOException
+	{
+		logger.info("Writing key password ({}: {}) to {}", type, id, projectBasedir.relativize(target));
+
+		Files.writeString(target, new String(privateKeyPassword));
+	}
 }
diff --git a/dsf-maven/dsf-maven-plugin/src/main/java/dev/dsf/maven/dev/CertificateGenerator.java b/dsf-maven/dsf-maven-plugin/src/main/java/dev/dsf/maven/dev/CertificateGenerator.java
@@ -53,7 +53,7 @@
 import de.hsheilbronn.mi.utils.crypto.io.PemWriter;
 import de.hsheilbronn.mi.utils.crypto.keypair.KeyPairValidator;
 
-public class CertificateGenerator
+public class CertificateGenerator extends AbstractGenerator
 {
 	private static final Logger logger = LoggerFactory.getLogger(CertificateGenerator.class);
 
@@ -109,7 +109,6 @@ public CertificateAndPrivateKey sign(CertificateAuthority ca)
 		}
 	}
 
-	public static final String POSTFIX_PRIVATE_KEY = ".key";
 	public static final String POSTFIX_CERTIFICATE = ".crt";
 
 	private static final String SUBJECT_C = "DE";
@@ -121,8 +120,6 @@ public CertificateAndPrivateKey sign(CertificateAuthority ca)
 	private static final CertificationRequestConfig CERTIFICATION_REQUEST_ISSUING_CA = new CertificationRequestConfig(
 			CertificateAuthority::signClientServerIssuingCaCertificate, SUBJECT_CN_ISSUING_CA, null);
 
-	private final Path certDir;
-	private final char[] privateKeyPassword;
 	private final List<CertificationRequestConfig> certificationRequestConfigs = new ArrayList<>();
 
 	private CertificateAuthority rootCa;
@@ -132,11 +129,7 @@ public CertificateAndPrivateKey sign(CertificateAuthority ca)
 	public CertificateGenerator(Path certDir, char[] privateKeyPassword,
 			List<CertificationRequestConfig> certificationRequestConfigs)
 	{
-		Objects.requireNonNull(certDir, "certDir");
-		Objects.requireNonNull(privateKeyPassword, "privateKeyPassword");
-
-		this.certDir = certDir;
-		this.privateKeyPassword = privateKeyPassword;
+		super(certDir, privateKeyPassword);
 
 		if (certificationRequestConfigs != null)
 			this.certificationRequestConfigs.addAll(certificationRequestConfigs);
@@ -216,11 +209,6 @@ private String toHexThumbprint(X509Certificate certificate)
 		}
 	}
 
-	private Path toPath(String commonName, String postFix)
-	{
-		return certDir.resolve(commonName.replaceAll(" ", "_") + postFix);
-	}
-
 	private Optional<X509Certificate> readCertificate(String commonName)
 	{
 		Path file = toPath(commonName, POSTFIX_CERTIFICATE);
@@ -241,26 +229,6 @@ private Optional<X509Certificate> readCertificate(String commonName)
 		}
 	}
 
-	private Optional<PrivateKey> readPrivateKey(String commonName)
-	{
-		Path file = toPath(commonName, POSTFIX_PRIVATE_KEY);
-
-		if (!Files.isReadable(file))
-			return Optional.empty();
-
-		try
-		{
-			return Optional.of(PemReader.readPrivateKey(file, privateKeyPassword));
-		}
-		catch (IOException e)
-		{
-			logger.error("Unable to read private-key {}: {} - {}", file.toAbsolutePath().normalize(),
-					e.getClass().getName(), e.getMessage());
-
-			throw new RuntimeException(e);
-		}
-	}
-
 	private Optional<CertificateAndPrivateKey> readCertificateAndPrivateKey(String commonName)
 	{
 		Optional<X509Certificate> crt = readCertificate(commonName);
@@ -333,21 +301,6 @@ private void writeCertificate(String commonName, X509Certificate crt)
 		}
 	}
 
-	private void writePrivateKey(String commonName, PrivateKey privateKey)
-	{
-		Path file = toPath(commonName, POSTFIX_PRIVATE_KEY);
-
-		try
-		{
-			PemWriter.writePrivateKey(privateKey).asPkcs8().encryptedAes128(privateKeyPassword).toFile(file);
-		}
-		catch (IOException e)
-		{
-			logger.error("Unable to write private-key {}: {} - {}", file.toAbsolutePath().normalize(),
-					e.getClass().getName(), e.getMessage());
-			throw new RuntimeException(e);
-		}
-	}
 
 	private void writeCertificateAndPrivateKey(String commonName, CertificateAndPrivateKey certificateAndPrivateKey)
 	{