📄 selfsign.java
字号:
/*
Name: SelfSign.java
Licensing: LGPL
API: Sun (http://java.sun.com) JCE 1.2.2 API (cleanroom implementation by Bouncy Castle)
Provider: Bouncy Castle (http://www.bouncycastle.org)
Disclaimer:
COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE
IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE
RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE
PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR)
ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY
CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED
HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
*/
package net.sourceforge.jcetaglib.taglib.x509;
import net.sourceforge.jcetaglib.lib.CertTools;
import net.sourceforge.jcetaglib.lib.Clean;
import net.sourceforge.jcetaglib.lib.X509Cert;
import net.sourceforge.jcetaglib.tools.KeyTools;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.tagext.TagSupport;
import java.io.FileOutputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.X509Certificate;
/**
* JSP tag used for generating self-signed X.509 certificates
*
* @jsp.tag
* name="selfsign"
* display-name="SelfSign"
* body-content="empty"
* example="<%-- Create a self-signed certificate --%>
* 	<jce:selfsign
* 	subjectdn=
* 		\"C=BE,
* 		O=NET,
* 		OU=Sourceforge,
* 		CN=CertAuthority,
* 		EmailAddress=info@certauthority.org\"
* 	fingerprint=\"fp\"
* 	serialnumber=\"sn\"
*
* 	storefile=\"C:/keystores/ca.p12\"
* 	storeentry=\"ca\"
* 	storepassword=\"&t;%= new StringBuffer(\"password\") %>\"/>"
*
* description="JSP tag used for generating self-signed X.509 certificates"
*
* @author Gert Van Ham
* @author hamgert@users.sourceforge.net
* @author http://jcetaglib.sourceforge.net
* @version $Id: SelfSign.java,v 1.5 2004/04/15 07:28:36 hamgert Exp $
*/
public class SelfSign extends TagSupport {
private static final String PAGE = "page";
private static final String REQUEST = "request";
private static final String SESSION = "session";
private static final String APPLICATION = "application";
private String keypairalgorithm = "RSA"; // tag attribute
private int keylength = 1024; // tag attribute
private String signaturealgorithm = "MD5WithRSAEncryption"; // tag attribute
private String subjectdn;
private long validity = 365;
private boolean isca = true;
private String netscapeextensions;
// return info
private int scope = PageContext.PAGE_SCOPE;
private String serialnumber;
private String fingerprint;
// return certificates...
// ...P12 keystore...
private String storefile; // tag attribute
private String storeentry; // tag attribute
private StringBuffer storepassword; // tag attribute
// ... OR variables
private String certificate;
private String privatekey;
private StringBuffer pkey;
public static int getScope(String scope) {
int ret = PageContext.PAGE_SCOPE; // default
if (REQUEST.equalsIgnoreCase(scope))
ret = PageContext.REQUEST_SCOPE;
else if (SESSION.equalsIgnoreCase(scope))
ret = PageContext.SESSION_SCOPE;
else if (APPLICATION.equalsIgnoreCase(scope))
ret = PageContext.APPLICATION_SCOPE;
else if (PAGE.equalsIgnoreCase(scope))
ret = PageContext.PAGE_SCOPE;
return ret;
} //getScope()
public int doEndTag() throws JspException {
// Add Bouncy Castle provider
Security.addProvider(new BouncyCastleProvider());
try {
// generate keypair
KeyPair p = X509Cert.generateKeyPair(keypairalgorithm, keylength, null);
// generate certificate
X509Certificate cert = X509Cert.selfsign(p.getPrivate()
, p.getPublic()
, signaturealgorithm
, validity
, subjectdn
, isca
, netscapeextensions);
if (storefile == null || storefile == "") {
// Return certificate as string
byte output[] = cert.getEncoded();
byte certB64[] = Base64.encode(output);
pageContext.setAttribute(certificate, "-----BEGIN CERTIFICATE-----\n" + new String(certB64) + "\n-----END CERTIFICATE-----", scope);
// Return private key as string
byte keyoutput[] = p.getPrivate().getEncoded();
byte keyB64[] = Base64.encode(keyoutput);
pkey = new StringBuffer("-----BEGIN PRIVATE KEY-----\n");
pkey.append(new String(keyB64));
pkey.append("\n-----END PRIVATE KEY-----");
pageContext.setAttribute(privatekey, pkey, scope);
Clean.blank(keyoutput);
Clean.blank(keyB64);
} else {
// Store certificate in PKCS#12 store
KeyStore store = KeyStore.getInstance("PKCS12", "BC");
store = KeyTools.createP12(storeentry, p.getPrivate(), cert, cert);
store.store(new FileOutputStream(storefile), storepassword.toString().toCharArray());
}
// return serialnumber and fingerprint
pageContext.setAttribute(serialnumber, cert.getSerialNumber().toString(), scope);
pageContext.setAttribute(fingerprint, CertTools.getFingerprintAsString(cert), scope);
} catch (Exception e) {
throw new JspException("JCE Exception: Unable to generate certificate: "
+ e.getMessage(), e);
}
return EVAL_PAGE;
} // doEndTag()
public void release() {
// Cleanup all sensitive information
Clean.blank(pkey);
Clean.blank(storepassword);
super.release();
} //release()
/**
* @jsp.attribute
* description="Keypair algorithm. 'RSA', 'DSA' or 'EC-DSA'. Default is 'RSA'"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setKeypairalgorithm(String keypairalgorithm) {
this.keypairalgorithm = keypairalgorithm;
}
/**
* @jsp.attribute
* description="Key length. 512, 1024 or 2048. Default is 1024. Please note that not all products support key lengths greater than 1024"
* type="java.lang.Integer"
* required="false"
* rtexprvalue="true"
*/
public void setKeylength(int keylength) {
this.keylength = keylength;
}
/**
* @jsp.attribute
* description="Signature algorithm. Default is 'MD5WithRSAEncryption'"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setSignaturealgorithm(String signaturealgorithm) {
this.signaturealgorithm = signaturealgorithm;
}
/**
* @jsp.attribute
* description="The subject DN string. e.g. 'C=BE, O=NET, OU=Sourceforge, CN=CertAuthority, E=info@certauthority.org' Important: if you want to use the certificate for SSL server purposes you must specify the full server & domain name as the 'CN' entry (e.g. '... CN=www.oracle.com ...')"
* type="java.lang.String"
* required="true"
* rtexprvalue="true"
*/
public void setSubjectdn(String subjectdn) {
this.subjectdn = subjectdn;
}
/**
* @jsp.attribute
* description="The validity of the certificate in days. Default is 365"
* type="java.lang.Long"
* required="false"
* rtexprvalue="true"
*/
public void setValidity(long validity) {
this.validity = validity;
}
/**
* @jsp.attribute
* description="Defines this certificate as a CA (Certificate Authority). Default is false. If you want to use this certificate as intermediate certificate, you have to set this parameter to true"
* type="java.lang.Boolean"
* required="false"
* rtexprvalue="true"
*/
public void setIsca(boolean isca) {
this.isca = isca;
}
/**
* @jsp.attribute
* description="Adds Netscape certificate extensions to the certificate. If this certificate must work with Netscape products (or Mozilla), you have to specify one of the following parameters:
* 'CA': this certificate can be used as SSL Certificate Authority, Email Signer and Object Signer
* 'SERVER': this certificate can be used as SSL Server.
* 'CLIENT': this certificate can be used as SSL Client, Email Recipient and Object Signer
* 'ALL': this certificate can be used for all above purposes."
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setNetscapeextensions(String netscapeextensions) {
this.netscapeextensions = netscapeextensions;
}
/**
* @jsp.attribute
* description="Scope of the return variables. Can be 'page', 'session', 'request' or 'application'. Default is 'page'"
* type="java.lang.String"
* required="false"
* rtexprvalue="false"
*/
public void setScope(String scope) {
this.scope = getScope(scope);
}
/**
* @jsp.attribute
* description="Variable to store the certificate serial number"
* type="java.lang.String"
* required="true"
* rtexprvalue="false"
*/
public void setSerialnumber(String serialnumber) {
this.serialnumber = serialnumber;
}
public String getSerialnumber() {
return serialnumber;
}
/**
* @jsp.attribute
* description="Variable to store the certificate fingerprint (SHA-1)"
* type="java.lang.String"
* required="true"
* rtexprvalue="false"
*/
public void setFingerprint(String fingerprint) {
this.fingerprint = fingerprint;
}
public String getFingerprint() {
return fingerprint;
}
/**
* @jsp.attribute
* description="The PKCS#12 (P12) keystore to store the certificate"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setStorefile(String storefile) {
this.storefile = storefile;
}
/**
* @jsp.attribute
* description="The PKCS#12 (P12) keystore entry name for this certificate"
* type="java.lang.String"
* required="false"
* rtexprvalue="true"
*/
public void setStoreentry(String storeentry) {
this.storeentry = storeentry;
}
/**
* @jsp.attribute
* description="The PKCS#12 (P12) keystore password"
* type="java.lang.StringBuffer"
* required="false"
* rtexprvalue="true"
*/
public void setStorepassword(StringBuffer storepassword) {
this.storepassword = storepassword;
}
/**
* @jsp.attribute
* description="Variable to store the certificate as a PEM formatted string"
* type="java.lang.String"
* required="false"
* rtexprvalue="false"
*/
public void setCertificate(String certificate) {
this.certificate = certificate;
}
public String getCertificate() {
return certificate;
}
/**
* @jsp.attribute
* description="Variable to store the private key as a PEM formatted StringBuffer"
* type="java.lang.String"
* required="false"
* rtexprvalue="false"
*/
public void setPrivatekey(String privatekey) {
this.privatekey = privatekey;
}
public String getPrivatekey() {
return privatekey;
}
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -