private static void loadKeyStore(File keyStoreFile) { try { FileInputStream fileInputStream = null; try { fileInputStream = new FileInputStream(KEY_STORE_FILENAME); logger.trace("Loading key store from file [" + keyStoreFile + "]"); keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(fileInputStream, KEY_STORE_PASSWORD.toCharArray()); } finally { if (fileInputStream != null) { fileInputStream.close(); } } } catch (Exception e) { throw new RuntimeException( "Exception while loading KeyStore from " + keyStoreFile.getAbsolutePath(), e); } }
private static void saveKeyStore() { try { ByteArrayOutputStream bout = new ByteArrayOutputStream(); keystore.store(bout, KEY_STORE_PASSWORD.toCharArray()); File keyStoreFile = new File(KEY_STORE_FILENAME); logger.trace("Saving key store to file [" + keyStoreFile + "]"); FileOutputStream fileOutputStream = null; try { fileOutputStream = new FileOutputStream(keyStoreFile); fileOutputStream.write(bout.toByteArray()); } finally { if (fileOutputStream != null) { fileOutputStream.close(); } } keyStoreFile.deleteOnExit(); } catch (Exception e) { throw new RuntimeException("Exception while saving KeyStore", e); } }
/** * Create KeyStore and add a self-signed X.509 Certificate * * @param dname the X.509 Distinguished Name, eg "CN=www.google.co.uk, O=\"Google Inc\", * L=\"Mountain View\", S=California, C=US" * @param keyAlgorithmName the key algorithm, eg "RSA" */ private static KeyStore generateCertificate( String alias, char[] keyStorePassword, KeyAlgorithmName keyAlgorithmName, String dname, String... sanDomains) throws GeneralSecurityException, IOException { CertAndKeyGen certAndKeyGen = new CertAndKeyGen( keyAlgorithmName.name(), keyAlgorithmName.signatureAlgorithmName, "SunCertificates"); certAndKeyGen.generate(keyAlgorithmName.keySize); PrivateKey privateKey = certAndKeyGen.getPrivateKey(); X509CertInfo info = new X509CertInfo(); Date from = new Date(); Date to = new Date(from.getTime() + TimeUnit.DAYS.toMillis(360)); CertificateValidity interval = new CertificateValidity(from, to); BigInteger sn = new BigInteger(64, new SecureRandom()); X500Name owner = new X500Name(dname); info.set(X509CertInfo.VALIDITY, interval); info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn)); info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner)); info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner)); info.set(X509CertInfo.KEY, new CertificateX509Key(certAndKeyGen.getPublicKey())); info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); info.set( X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid))); // add subject alternative names GeneralNames generalNames = new GeneralNames(); for (String sanDomain : sanDomains) { generalNames.add(new GeneralName(new DNSName(sanDomain))); } if (generalNames.size() > 0) { CertificateExtensions certificateExtensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS); if (certificateExtensions == null) certificateExtensions = new CertificateExtensions(); certificateExtensions.set( SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(generalNames)); info.set(X509CertInfo.EXTENSIONS, certificateExtensions); } // Sign the certificate to identify the algorithm that's used. X509CertImpl x509Certificate = new X509CertImpl(info); x509Certificate.sign(privateKey, keyAlgorithmName.signatureAlgorithmName); // update the algorithm, and resign. info.set( CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, x509Certificate.get(X509CertImpl.SIG_ALG)); x509Certificate = new X509CertImpl(info); x509Certificate.sign(privateKey, keyAlgorithmName.signatureAlgorithmName); // add to new key store KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, keyStorePassword); keyStore.setKeyEntry( alias, privateKey, keyStorePassword, new X509Certificate[] {x509Certificate}); return keyStore; }