https代理服务器(四)java动态签发【失败】
2024-10-14 09:27:11
https://zhuanlan.zhihu.com/p/355241710?utm_id=0
http://t.zoukankan.com/xiaxj-p-8961131.html
https://www.cnblogs.com/cwjcsu/archive/2012/10/05/8433078.html
https://www.iteye.com/blog/zhuyuehua-1102143
https://www.cnblogs.com/cwjcsu/archive/2012/10/05/8433079.html
sslcontxt
https://www.codenong.com/11143360/
https://blog.csdn.net/shuxiaohua/article/details/118463065
始终搞不定,算了,用mkcert,因为这一块Security本身就是jdk jre强相关,可移植性可部署性也没比mkcert强到哪里:
package com.jds.test.httpproxy.miniserver; import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.InputAEADDecryptor;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import java.io.*;
import java.math.BigInteger;
import java.security.cert.Certificate;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List; /**
* Created by mac on 2022/12/19.
*/
public class CAServer {
public static void main(String[] args) throws KeyStoreException,
NoSuchAlgorithmException, CertificateException,
FileNotFoundException, IOException, UnrecoverableEntryException {
//读取CA证书的JKS文件
KeyStore store = KeyStore.getInstance("PKCS12");
// File file = new File("/Users/mac/Downloads/rootCA.txt");
InputStream inputStream = CAServer.class.getClassLoader().getResourceAsStream("rootCA.p12");
store.load(inputStream, "hhh123".toCharArray()); KeyStore.PrivateKeyEntry ke = (KeyStore.PrivateKeyEntry) store.getEntry("1",
new KeyStore.PasswordProtection("hhh123".toCharArray()));
String subject = "C=cn,ST=sh,L=sh,O=mkcert development certificate,OU=mac@macdeMacBook.local,CN=myhost.com,E=sh";
//给alice签发证书并存为xxx-alice.jks的文件
gen(ke, subject, "myhost.com"); } //用KeyEntry形式存储一个私钥以及对应的证书,并把CA证书加入到它的信任证书列表里面。
public static void store(PrivateKey key, Certificate cert,
Certificate caCert, String name) throws KeyStoreException,
NoSuchAlgorithmException, CertificateException, IOException {
KeyStore store = KeyStore.getInstance("JKS");
store.load(null, null);
store.setKeyEntry(name, key, "".toCharArray(), new Certificate[] {
cert, caCert });
File file = new File("/Users/mac/Downloads/jdk.jks");
if (file.exists() || file.createNewFile()) {
store.store(new FileOutputStream(file), ("_"+name).toCharArray());
}
} //用ke所代表的CA给subject签发证书,并存储到名称为name的jks文件里面。
public static void gen(KeyStore.PrivateKeyEntry ke, String subject, String name) {
try {
X509Certificate caCert = (X509Certificate) ke.getCertificate();
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048);
KeyPair keyPair = kpg.generateKeyPair(); KeyStore store = KeyStore.getInstance("JKS");
store.load(null, null);
String issuer = caCert.getIssuerDN().toString();
Certificate cert = generateV3(issuer, subject,
BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - 1000
* 60 * 60 * 24),
new Date(System.currentTimeMillis() + 1000L * 60 * 60 * 24
* 365 * 2), keyPair.getPublic(),//待签名的公钥
ke.getPrivateKey()//CA的私钥
, null);
store(keyPair.getPrivate(), cert, ke.getCertificate(), name);
} catch (Exception e) {
e.printStackTrace();
}
} public static Certificate generateV3(String issuer, String subject,
BigInteger serial, Date notBefore, Date notAfter,
PublicKey publicKey, PrivateKey privKey, List<Extension> extensions)
throws OperatorCreationException, CertificateException, IOException { X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
new X500Name(issuer), serial, notBefore, notAfter,
new X500Name(subject), publicKey);
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
.setProvider("BC").build(privKey);
//privKey是CA的私钥,publicKey是待签名的公钥,那么生成的证书就是被CA签名的证书。
GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.dNSName, "myhost.com"));
builder.addExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
X509CertificateHolder holder = builder.build(sigGen);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream is1 = new ByteArrayInputStream(holder.toASN1Structure()
.getEncoded());
X509Certificate theCert = (X509Certificate) cf.generateCertificate(is1);
is1.close();
return theCert;
}
}
最新文章
- 自定义控件之 圆形 / 圆角 ImageView
- [LeetCode] Path Sum III 二叉树的路径和之三
- codevs1409 拦截导弹2
- 本周psp(11月17-23)
- CRM Xrm.Page 的对象层次结构
- PHP static关键字
- Effective Java 18 Prefer interfaces to abstract classes
- JTable的DefaultModel方法getValueAt(a,row)
- webstorm快捷方式
- windows下配置lamp环境(1)---安装Apache服务器2.2.25
- 豆瓣api之OAuth认证
- pyinstaller打包py文件成exe文件时,出现ImportError: No module named 'pefile'错误解决办法!
- C语言第一次博客作业——输入输出格式
- Solr 05 - Solr Web管理界面的基本使用
- jQuery操作复选框checkbox技巧总结 ---- 设置选中、取消选中、获取被选中的值、判断是否选中等
- C#获取H5页面上传图片代码
- LVS负载均衡下session共享的实现方式-持久化连接
- HDU1789时间贪心
- Maven 项目报告插件
- C# 读取Excel表格内容,以及NPOI的使用