示例#1
0
 private static void loadKeyStore(File keyStoreFile) {
   try {
     FileInputStream fileInputStream = null;
     try {
       fileInputStream = new FileInputStream(KEY_STORE_FILENAME);
       logger.trace("Loading key store from file [" + keyStoreFile + "]");
       keystore = KeyStore.getInstance(KeyStore.getDefaultType());
       keystore.load(fileInputStream, KEY_STORE_PASSWORD.toCharArray());
     } finally {
       if (fileInputStream != null) {
         fileInputStream.close();
       }
     }
   } catch (Exception e) {
     throw new RuntimeException(
         "Exception while loading KeyStore from " + keyStoreFile.getAbsolutePath(), e);
   }
 }
示例#2
0
  /**
   * Create KeyStore and add a self-signed X.509 Certificate
   *
   * @param dname the X.509 Distinguished Name, eg "CN=www.google.co.uk, O=\"Google Inc\",
   *     L=\"Mountain View\", S=California, C=US"
   * @param keyAlgorithmName the key algorithm, eg "RSA"
   */
  private static KeyStore generateCertificate(
      String alias,
      char[] keyStorePassword,
      KeyAlgorithmName keyAlgorithmName,
      String dname,
      String... sanDomains)
      throws GeneralSecurityException, IOException {

    CertAndKeyGen certAndKeyGen =
        new CertAndKeyGen(
            keyAlgorithmName.name(), keyAlgorithmName.signatureAlgorithmName, "SunCertificates");
    certAndKeyGen.generate(keyAlgorithmName.keySize);

    PrivateKey privateKey = certAndKeyGen.getPrivateKey();
    X509CertInfo info = new X509CertInfo();
    Date from = new Date();
    Date to = new Date(from.getTime() + TimeUnit.DAYS.toMillis(360));
    CertificateValidity interval = new CertificateValidity(from, to);
    BigInteger sn = new BigInteger(64, new SecureRandom());
    X500Name owner = new X500Name(dname);

    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    info.set(X509CertInfo.KEY, new CertificateX509Key(certAndKeyGen.getPublicKey()));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(
        X509CertInfo.ALGORITHM_ID,
        new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid)));

    // add subject alternative names
    GeneralNames generalNames = new GeneralNames();
    for (String sanDomain : sanDomains) {
      generalNames.add(new GeneralName(new DNSName(sanDomain)));
    }
    if (generalNames.size() > 0) {
      CertificateExtensions certificateExtensions =
          (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
      if (certificateExtensions == null) certificateExtensions = new CertificateExtensions();
      certificateExtensions.set(
          SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(generalNames));
      info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
    }

    // Sign the certificate to identify the algorithm that's used.
    X509CertImpl x509Certificate = new X509CertImpl(info);
    x509Certificate.sign(privateKey, keyAlgorithmName.signatureAlgorithmName);

    // update the algorithm, and resign.
    info.set(
        CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM,
        x509Certificate.get(X509CertImpl.SIG_ALG));
    x509Certificate = new X509CertImpl(info);
    x509Certificate.sign(privateKey, keyAlgorithmName.signatureAlgorithmName);

    // add to new key store
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, keyStorePassword);
    keyStore.setKeyEntry(
        alias, privateKey, keyStorePassword, new X509Certificate[] {x509Certificate});

    return keyStore;
  }