コード例 #1
0
ファイル: Bootstrap.java プロジェクト: guanxi/guanxi-idp
  public boolean createSelfSignedKeystore(
      String cn,
      String keystoreFile,
      String keystorePassword,
      String privateKeyPassword,
      String privateKeyAlias) {
    KeyStore ks = null;

    try {
      ks = KeyStore.getInstance("JKS");
      ks.load(null, null);

      KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
      keyGen.initialize(1024, new SecureRandom());
      KeyPair keypair = keyGen.generateKeyPair();
      PrivateKey privkey = keypair.getPrivate();
      PublicKey pubkey = keypair.getPublic();

      Hashtable<DERObjectIdentifier, String> attrs = new Hashtable<DERObjectIdentifier, String>();
      Vector<DERObjectIdentifier> ordering = new Vector<DERObjectIdentifier>();
      ordering.add(X509Name.CN);
      attrs.put(X509Name.CN, cn);
      X509Name issuerDN = new X509Name(ordering, attrs);
      X509Name subjectDN = new X509Name(ordering, attrs);

      Date validFrom = new Date();
      validFrom.setTime(validFrom.getTime() - (10 * 60 * 1000));
      Date validTo = new Date();
      validTo.setTime(validTo.getTime() + (20 * (24 * 60 * 60 * 1000)));

      X509V3CertificateGenerator x509 = new X509V3CertificateGenerator();
      x509.setSignatureAlgorithm("SHA1withDSA");
      x509.setIssuerDN(issuerDN);
      x509.setSubjectDN(subjectDN);
      x509.setPublicKey(pubkey);
      x509.setNotBefore(validFrom);
      x509.setNotAfter(validTo);
      x509.setSerialNumber(new BigInteger(128, new Random()));

      X509Certificate[] cert = new X509Certificate[1];
      cert[0] = x509.generate(privkey, "BC");
      java.security.cert.Certificate[] chain = new java.security.cert.Certificate[1];
      chain[0] = cert[0];

      ks.setKeyEntry(privateKeyAlias, privkey, privateKeyPassword.toCharArray(), cert);
      ks.setKeyEntry(privateKeyAlias, privkey, privateKeyPassword.toCharArray(), chain);
      ks.store(new FileOutputStream(keystoreFile), keystorePassword.toCharArray());

      String IDP_RFC_CERT = "WEB-INF/guanxi_idp/keystore/guanxi_idp_cert.txt";

      PEMWriter pemWriter = new PEMWriter(new FileWriter(servletContext.getRealPath(IDP_RFC_CERT)));
      pemWriter.writeObject(cert[0]);
      pemWriter.close();

      return true;
    } catch (Exception se) {
      return false;
    }
  }
コード例 #2
0
 private static void saveKeyStore() {
   try {
     ByteArrayOutputStream bout = new ByteArrayOutputStream();
     keystore.store(bout, KEY_STORE_PASSWORD.toCharArray());
     File keyStoreFile = new File(KEY_STORE_FILENAME);
     logger.trace("Saving key store to file [" + keyStoreFile + "]");
     FileOutputStream fileOutputStream = null;
     try {
       fileOutputStream = new FileOutputStream(keyStoreFile);
       fileOutputStream.write(bout.toByteArray());
     } finally {
       if (fileOutputStream != null) {
         fileOutputStream.close();
       }
     }
     keyStoreFile.deleteOnExit();
   } catch (Exception e) {
     throw new RuntimeException("Exception while saving KeyStore", e);
   }
 }