public boolean createSelfSignedKeystore(
String cn,
String keystoreFile,
String keystorePassword,
String privateKeyPassword,
String privateKeyAlias) {
KeyStore ks = null;
try {
ks = KeyStore.getInstance("JKS");
ks.load(null, null);
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
keyGen.initialize(1024, new SecureRandom());
KeyPair keypair = keyGen.generateKeyPair();
PrivateKey privkey = keypair.getPrivate();
PublicKey pubkey = keypair.getPublic();
Hashtable<DERObjectIdentifier, String> attrs = new Hashtable<DERObjectIdentifier, String>();
Vector<DERObjectIdentifier> ordering = new Vector<DERObjectIdentifier>();
ordering.add(X509Name.CN);
attrs.put(X509Name.CN, cn);
X509Name issuerDN = new X509Name(ordering, attrs);
X509Name subjectDN = new X509Name(ordering, attrs);
Date validFrom = new Date();
validFrom.setTime(validFrom.getTime() - (10 * 60 * 1000));
Date validTo = new Date();
validTo.setTime(validTo.getTime() + (20 * (24 * 60 * 60 * 1000)));
X509V3CertificateGenerator x509 = new X509V3CertificateGenerator();
x509.setSignatureAlgorithm("SHA1withDSA");
x509.setIssuerDN(issuerDN);
x509.setSubjectDN(subjectDN);
x509.setPublicKey(pubkey);
x509.setNotBefore(validFrom);
x509.setNotAfter(validTo);
x509.setSerialNumber(new BigInteger(128, new Random()));
X509Certificate[] cert = new X509Certificate[1];
cert[0] = x509.generate(privkey, "BC");
java.security.cert.Certificate[] chain = new java.security.cert.Certificate[1];
chain[0] = cert[0];
ks.setKeyEntry(privateKeyAlias, privkey, privateKeyPassword.toCharArray(), cert);
ks.setKeyEntry(privateKeyAlias, privkey, privateKeyPassword.toCharArray(), chain);
ks.store(new FileOutputStream(keystoreFile), keystorePassword.toCharArray());
String IDP_RFC_CERT = "WEB-INF/guanxi_idp/keystore/guanxi_idp_cert.txt";
PEMWriter pemWriter = new PEMWriter(new FileWriter(servletContext.getRealPath(IDP_RFC_CERT)));
pemWriter.writeObject(cert[0]);
pemWriter.close();
return true;
} catch (Exception se) {
return false;
}
}
private static void saveKeyStore() {
try {
ByteArrayOutputStream bout = new ByteArrayOutputStream();
keystore.store(bout, KEY_STORE_PASSWORD.toCharArray());
File keyStoreFile = new File(KEY_STORE_FILENAME);
logger.trace("Saving key store to file [" + keyStoreFile + "]");
FileOutputStream fileOutputStream = null;
try {
fileOutputStream = new FileOutputStream(keyStoreFile);
fileOutputStream.write(bout.toByteArray());
} finally {
if (fileOutputStream != null) {
fileOutputStream.close();
}
}
keyStoreFile.deleteOnExit();
} catch (Exception e) {
throw new RuntimeException("Exception while saving KeyStore", e);
}
}
