/**
* Step 1,创建CA
*
* @throws KeyPairException
* @throws CertificateException
*/
public void initCA() throws KeyPairException, CertificateException {
ca = new CAManager();
X509Attrs principals = new X509Attrs();
principals.setCommonName("私享家CA根证书");
principals.setCountryCode("AU");
ca.init(keystore, certstore, principals);
}
public void createIntermediateCert() throws StorageException, CertificateException {
PEMFileStore<PKCS10CertificationRequest> interrequeststore =
new PEMFileStore<PKCS10CertificationRequest>("D:\\certs\\inter.req");
PEMFileStore<X509Certificate> intercertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\inter.crt");
PKCS10CertificationRequest request = interrequeststore.read();
X509Certificate parentcert = certstore.read();
KeyPair parentkey = keystore.read();
X509Certificate certificate = ca.issueCertificate(request, 365, parentcert, parentkey, true);
intercertstore.save(certificate, null);
}
/**
* Step 4,利用中间证书签发客户证书
*
* @throws StorageException
* @throws CertificateException
*/
public void createClientCert() throws StorageException, CertificateException {
PEMFileStore<PKCS10CertificationRequest> clientrequeststore =
new PEMFileStore<PKCS10CertificationRequest>("D:\\certs\\client.req");
PEMFileStore<KeyPair> serverkeystore = new PEMFileStore<KeyPair>("D:\\certs\\server.key");
PEMFileStore<X509Certificate> servercertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\server.crt");
PEMFileStore<X509Certificate> clientcertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\client.crt");
PKCS10CertificationRequest request = clientrequeststore.read();
X509Certificate parentcert = servercertstore.read();
KeyPair parentkey = serverkeystore.read();
X509Certificate certificate = ca.issueCertificate(request, 365, parentcert, parentkey, true);
clientcertstore.save(certificate, null);
}
public void createEmployeeCert() throws StorageException, CertificateException {
PEMFileStore<PKCS10CertificationRequest> employeerequeststore =
new PEMFileStore<PKCS10CertificationRequest>("D:\\certs\\employee.req");
PEMFileStore<X509Certificate> employeecertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\employee.crt");
PEMFileStore<X509Certificate> clientcertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\client.crt");
PEMFileStore<KeyPair> clientkeystore = new PEMFileStore<KeyPair>("D:\\certs\\client.key");
PKCS10CertificationRequest request = employeerequeststore.read();
X509Certificate parentcert = clientcertstore.read();
KeyPair parentkey = clientkeystore.read();
X509Certificate certificate = ca.issueCertificate(request, 365, parentcert, parentkey, false);
employeecertstore.save(certificate, null);
}
public void createServerPfx() throws StorageException, CertificateException {
PEMFileStore<X509Certificate> intercertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\inter.crt");
PEMFileStore<X509Certificate> servercertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\server.crt");
X509Certificate cacert = certstore.read();
X509Certificate intercert = intercertstore.read();
X509Certificate servercert = servercertstore.read();
X509Certificate[] chain = new X509Certificate[3];
chain[0] = (servercert);
chain[1] = (intercert);
chain[2] = (cacert);
KeyPair serverkey = new PEMFileStore<KeyPair>("D:\\certs\\server.key").read();
KeyStore pkcs12 = ca.generatePKCS12(chain, serverkey);
new PfxStore("D://certs//server.pfx").save(pkcs12, "123456");
}
/**
* Step 5,生成PKCS12
*
* @throws StorageException
* @throws KeyStoreException
* @throws NoSuchProviderException
* @throws NoSuchAlgorithmException
* @throws java.security.cert.CertificateException
* @throws IOException
*/
public void createClientPfx() throws CertificateException, StorageException {
PEMFileStore<X509Certificate> intercertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\inter.crt");
PEMFileStore<X509Certificate> servercertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\server.crt");
PEMFileStore<X509Certificate> clientcertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\client.crt");
PEMFileStore<KeyPair> clientkeystore = new PEMFileStore<KeyPair>("D:\\certs\\client.key");
PfxStore pfxstore = new PfxStore("D:\\certs\\client.pfx");
X509Certificate cacert = certstore.read();
X509Certificate intercert = intercertstore.read();
X509Certificate servercert = servercertstore.read();
X509Certificate clientcert = clientcertstore.read();
X509Certificate[] chain = new X509Certificate[4];
chain[0] = (clientcert);
chain[1] = (servercert);
chain[2] = (intercert);
chain[3] = (cacert);
KeyPair clientkey = clientkeystore.read();
KeyStore pkcs12 = ca.generatePKCS12(chain, clientkey);
pfxstore.save(pkcs12, "123456");
}
public void createEmployeePfx() throws StorageException, CertificateException {
PEMFileStore<X509Certificate> intercertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\inter.crt");
PEMFileStore<X509Certificate> servercertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\server.crt");
PEMFileStore<X509Certificate> clientcertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\client.crt");
PEMFileStore<X509Certificate> employeecertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\employee.crt");
X509Certificate cacert = certstore.read();
X509Certificate intercert = intercertstore.read();
X509Certificate servercert = servercertstore.read();
X509Certificate clientcert = clientcertstore.read();
X509Certificate employeecert = employeecertstore.read();
X509Certificate[] chain = new X509Certificate[5];
chain[0] = (employeecert);
chain[1] = (clientcert);
chain[2] = (servercert);
chain[3] = (intercert);
chain[4] = (cacert);
KeyPair employeekey = new PEMFileStore<KeyPair>("D:\\certs\\employee.key").read();
KeyStore pkcs12 = ca.generatePKCS12(chain, employeekey);
new PfxStore("D://certs//employee.pfx").save(pkcs12, "123456");
}
