/** * Step 1,创建CA * * @throws KeyPairException * @throws CertificateException */ public void initCA() throws KeyPairException, CertificateException { ca = new CAManager(); X509Attrs principals = new X509Attrs(); principals.setCommonName("私享家CA根证书"); principals.setCountryCode("AU"); ca.init(keystore, certstore, principals); }
public void createIntermediateCert() throws StorageException, CertificateException { PEMFileStore<PKCS10CertificationRequest> interrequeststore = new PEMFileStore<PKCS10CertificationRequest>("D:\\certs\\inter.req"); PEMFileStore<X509Certificate> intercertstore = new PEMFileStore<X509Certificate>("D:\\certs\\inter.crt"); PKCS10CertificationRequest request = interrequeststore.read(); X509Certificate parentcert = certstore.read(); KeyPair parentkey = keystore.read(); X509Certificate certificate = ca.issueCertificate(request, 365, parentcert, parentkey, true); intercertstore.save(certificate, null); }
/** * Step 4,利用中间证书签发客户证书 * * @throws StorageException * @throws CertificateException */ public void createClientCert() throws StorageException, CertificateException { PEMFileStore<PKCS10CertificationRequest> clientrequeststore = new PEMFileStore<PKCS10CertificationRequest>("D:\\certs\\client.req"); PEMFileStore<KeyPair> serverkeystore = new PEMFileStore<KeyPair>("D:\\certs\\server.key"); PEMFileStore<X509Certificate> servercertstore = new PEMFileStore<X509Certificate>("D:\\certs\\server.crt"); PEMFileStore<X509Certificate> clientcertstore = new PEMFileStore<X509Certificate>("D:\\certs\\client.crt"); PKCS10CertificationRequest request = clientrequeststore.read(); X509Certificate parentcert = servercertstore.read(); KeyPair parentkey = serverkeystore.read(); X509Certificate certificate = ca.issueCertificate(request, 365, parentcert, parentkey, true); clientcertstore.save(certificate, null); }
public void createEmployeeCert() throws StorageException, CertificateException { PEMFileStore<PKCS10CertificationRequest> employeerequeststore = new PEMFileStore<PKCS10CertificationRequest>("D:\\certs\\employee.req"); PEMFileStore<X509Certificate> employeecertstore = new PEMFileStore<X509Certificate>("D:\\certs\\employee.crt"); PEMFileStore<X509Certificate> clientcertstore = new PEMFileStore<X509Certificate>("D:\\certs\\client.crt"); PEMFileStore<KeyPair> clientkeystore = new PEMFileStore<KeyPair>("D:\\certs\\client.key"); PKCS10CertificationRequest request = employeerequeststore.read(); X509Certificate parentcert = clientcertstore.read(); KeyPair parentkey = clientkeystore.read(); X509Certificate certificate = ca.issueCertificate(request, 365, parentcert, parentkey, false); employeecertstore.save(certificate, null); }
public void createServerPfx() throws StorageException, CertificateException { PEMFileStore<X509Certificate> intercertstore = new PEMFileStore<X509Certificate>("D:\\certs\\inter.crt"); PEMFileStore<X509Certificate> servercertstore = new PEMFileStore<X509Certificate>("D:\\certs\\server.crt"); X509Certificate cacert = certstore.read(); X509Certificate intercert = intercertstore.read(); X509Certificate servercert = servercertstore.read(); X509Certificate[] chain = new X509Certificate[3]; chain[0] = (servercert); chain[1] = (intercert); chain[2] = (cacert); KeyPair serverkey = new PEMFileStore<KeyPair>("D:\\certs\\server.key").read(); KeyStore pkcs12 = ca.generatePKCS12(chain, serverkey); new PfxStore("D://certs//server.pfx").save(pkcs12, "123456"); }
/** * Step 5,生成PKCS12 * * @throws StorageException * @throws KeyStoreException * @throws NoSuchProviderException * @throws NoSuchAlgorithmException * @throws java.security.cert.CertificateException * @throws IOException */ public void createClientPfx() throws CertificateException, StorageException { PEMFileStore<X509Certificate> intercertstore = new PEMFileStore<X509Certificate>("D:\\certs\\inter.crt"); PEMFileStore<X509Certificate> servercertstore = new PEMFileStore<X509Certificate>("D:\\certs\\server.crt"); PEMFileStore<X509Certificate> clientcertstore = new PEMFileStore<X509Certificate>("D:\\certs\\client.crt"); PEMFileStore<KeyPair> clientkeystore = new PEMFileStore<KeyPair>("D:\\certs\\client.key"); PfxStore pfxstore = new PfxStore("D:\\certs\\client.pfx"); X509Certificate cacert = certstore.read(); X509Certificate intercert = intercertstore.read(); X509Certificate servercert = servercertstore.read(); X509Certificate clientcert = clientcertstore.read(); X509Certificate[] chain = new X509Certificate[4]; chain[0] = (clientcert); chain[1] = (servercert); chain[2] = (intercert); chain[3] = (cacert); KeyPair clientkey = clientkeystore.read(); KeyStore pkcs12 = ca.generatePKCS12(chain, clientkey); pfxstore.save(pkcs12, "123456"); }
public void createEmployeePfx() throws StorageException, CertificateException { PEMFileStore<X509Certificate> intercertstore = new PEMFileStore<X509Certificate>("D:\\certs\\inter.crt"); PEMFileStore<X509Certificate> servercertstore = new PEMFileStore<X509Certificate>("D:\\certs\\server.crt"); PEMFileStore<X509Certificate> clientcertstore = new PEMFileStore<X509Certificate>("D:\\certs\\client.crt"); PEMFileStore<X509Certificate> employeecertstore = new PEMFileStore<X509Certificate>("D:\\certs\\employee.crt"); X509Certificate cacert = certstore.read(); X509Certificate intercert = intercertstore.read(); X509Certificate servercert = servercertstore.read(); X509Certificate clientcert = clientcertstore.read(); X509Certificate employeecert = employeecertstore.read(); X509Certificate[] chain = new X509Certificate[5]; chain[0] = (employeecert); chain[1] = (clientcert); chain[2] = (servercert); chain[3] = (intercert); chain[4] = (cacert); KeyPair employeekey = new PEMFileStore<KeyPair>("D:\\certs\\employee.key").read(); KeyStore pkcs12 = ca.generatePKCS12(chain, employeekey); new PfxStore("D://certs//employee.pfx").save(pkcs12, "123456"); }