/**
* Step 3,生成证书请求
*
* @throws KeyPairException
* @throws CertificateException
* @throws StorageException
*/
public void createClientCSR() throws KeyPairException, CertificateException, StorageException {
PEMFileStore<KeyPair> clientkeystore = new PEMFileStore<KeyPair>("D:\\certs\\client.key");
PEMFileStore<PKCS10CertificationRequest> clientrequeststore =
new PEMFileStore<PKCS10CertificationRequest>("D:\\certs\\client.req");
KeyPair keypair = KeyPairManager.generateRSAKeyPair();
clientkeystore.save(keypair, null);
X509Attrs principals = new X509Attrs();
principals.setCommonName("CRM平台根证书");
principals.setCountryCode("AU");
PKCS10CertificationRequest csr = CSRManager.generateCSR(keypair, principals);
clientrequeststore.save(csr, null);
}
/**
* Step 6,生成证书请求
*
* @throws KeyPairException
* @throws CertificateException
* @throws StorageException
*/
public void createServerCSR() throws KeyPairException, CertificateException, StorageException {
PEMFileStore<KeyPair> serverkeystore = new PEMFileStore<KeyPair>("D:\\certs\\server.key");
PEMFileStore<PKCS10CertificationRequest> serverrequeststore =
new PEMFileStore<PKCS10CertificationRequest>("D:\\certs\\server.req");
KeyPair keypair = KeyPairManager.generateRSAKeyPair();
serverkeystore.save(keypair, null);
X509Attrs principals = new X509Attrs();
principals.setCommonName("*.zijincaifu.com");
principals.setCountryCode("CN");
PKCS10CertificationRequest csr = CSRManager.generateCSR(keypair, principals);
serverrequeststore.save(csr, null);
}
public void createEmployeeCSR() throws KeyPairException, StorageException, CertificateException {
KeyPair keypair = KeyPairManager.generateRSAKeyPair();
PublicKey public1 = keypair.getPublic();
PEMFileStore<PublicKey> publicstore = new PEMFileStore<PublicKey>("D:\\certs\\employee.pub");
publicstore.save(public1, null);
PEMFileStore<KeyPair> employeekeystore = new PEMFileStore<KeyPair>("D:\\certs\\employee.key");
employeekeystore.save(keypair, null);
X509Attrs principals = new X509Attrs();
principals.setCommonName("CRM测试员工");
principals.setCountryCode("AU");
principals.setGiveName("E00001");
PKCS10CertificationRequest csr = CSRManager.generateCSR(keypair, principals);
PEMFileStore<PKCS10CertificationRequest> employeerequeststore =
new PEMFileStore<PKCS10CertificationRequest>("D:\\certs\\employee.req");
employeerequeststore.save(csr, null);
}
public void createIntermediateCert() throws StorageException, CertificateException {
PEMFileStore<PKCS10CertificationRequest> interrequeststore =
new PEMFileStore<PKCS10CertificationRequest>("D:\\certs\\inter.req");
PEMFileStore<X509Certificate> intercertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\inter.crt");
PKCS10CertificationRequest request = interrequeststore.read();
X509Certificate parentcert = certstore.read();
KeyPair parentkey = keystore.read();
X509Certificate certificate = ca.issueCertificate(request, 365, parentcert, parentkey, true);
intercertstore.save(certificate, null);
}
/**
* Step 4,利用中间证书签发客户证书
*
* @throws StorageException
* @throws CertificateException
*/
public void createClientCert() throws StorageException, CertificateException {
PEMFileStore<PKCS10CertificationRequest> clientrequeststore =
new PEMFileStore<PKCS10CertificationRequest>("D:\\certs\\client.req");
PEMFileStore<KeyPair> serverkeystore = new PEMFileStore<KeyPair>("D:\\certs\\server.key");
PEMFileStore<X509Certificate> servercertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\server.crt");
PEMFileStore<X509Certificate> clientcertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\client.crt");
PKCS10CertificationRequest request = clientrequeststore.read();
X509Certificate parentcert = servercertstore.read();
KeyPair parentkey = serverkeystore.read();
X509Certificate certificate = ca.issueCertificate(request, 365, parentcert, parentkey, true);
clientcertstore.save(certificate, null);
}
public void createEmployeeCert() throws StorageException, CertificateException {
PEMFileStore<PKCS10CertificationRequest> employeerequeststore =
new PEMFileStore<PKCS10CertificationRequest>("D:\\certs\\employee.req");
PEMFileStore<X509Certificate> employeecertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\employee.crt");
PEMFileStore<X509Certificate> clientcertstore =
new PEMFileStore<X509Certificate>("D:\\certs\\client.crt");
PEMFileStore<KeyPair> clientkeystore = new PEMFileStore<KeyPair>("D:\\certs\\client.key");
PKCS10CertificationRequest request = employeerequeststore.read();
X509Certificate parentcert = clientcertstore.read();
KeyPair parentkey = clientkeystore.read();
X509Certificate certificate = ca.issueCertificate(request, 365, parentcert, parentkey, false);
employeecertstore.save(certificate, null);
}