📄 jcr.txt
字号:
JSSE+bouncycastle开发包+jabacats.jar开发包
1:制作企业根证书
package com.javasecurity;
import es.sing.util.*;
//Soporte de E/S
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Date;
//Soporte para BigInteger
import java.math.BigInteger;
//Soporte para colecciones, stringtokenizer y fechas
import java.util.StringTokenizer;
import java.security.KeyStore;
import java.security.Security;
import java.security.KeyPair;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.*;
import java.security.Key;
//Bouncycastle provider
import org.bouncycastle.jce.provider.*;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.asn1.x509.*;
/**
*
* <p>Title: </p>
* <p>Description: </p>
* <p>Copyright: Copyright (c) 2003</p>
* <p>Company: </p>
* @author unascribed
* @version 1.0
*/
public class MakeCA {
public MakeCA() {
}
public static void main(String[] args) {
MakeCA makeCA1 = new MakeCA();
makeCA1.generCA();
}
public void generCA(){
try {
KeyPair parClavesCA =null;
X509Certificate caCer =null;
PrivateKey caPrivKey =null;
PublicKey caPubKey =null;
String caIssue=null;
String signAlgorithm=null;
int duracionMesesCACertificate=365;
signAlgorithm="MD5WithRSA";
caIssue="C=cn,ST=xinjiang,L=wulumuqi,O=sit,OU=soft,CN=sailing,EMAILADDRESS=sit@sit.com";//"C="+"CN"+", ST="+"xinjiang"+", L= "+"wulumuqi"+", O="+"sailing"+", OU="+"soft"+", CN="+"wangjn" + ", EmailAddress="+"wjn0567@sina.com";
caIssue=X509Subject.decodeX509Subject(caIssue);
//改变系统安全算法(sun-------BouncyCastle)
Security.addProvider(new BouncyCastleProvider());
parClavesCA = GeneraClaves.generaParClaves(1024,"RSA");
caPrivKey = parClavesCA.getPrivate(); //产生CA私钥
caPubKey = parClavesCA.getPublic() ; //产生CA公钥
caCer = CertificateUtils.crearCertMaestro(caPubKey, caPrivKey, caIssue,duracionMesesCACertificate,signAlgorithm);
System.out.println("产生根证书!!!");
FileOutputStream caCerOut = new FileOutputStream("d:\\ca\\caCer.cer");
caCerOut.write(caCer.getEncoded());
caCerOut.close();
//初始化CA证书链
Certificate[] caCadPfx = new Certificate[2];
caCadPfx[1] = caCer;
caCadPfx[0] = caCer;
//初始化内存密钥库P12格式
KeyStore caStore = KeyStore.getInstance("PKCS12", "BC");
caStore.load(null, null);
caStore.setCertificateEntry("CA",caCer);
caStore.setKeyEntry("CApriv", caPrivKey, null, caCadPfx);
FileOutputStream caPfxOut = new FileOutputStream("d:\\ca\\ca.pfx");
String pass=new String("zhs0567".getBytes(),"Cp852");
caStore.store(caPfxOut,pass.toCharArray());
caPfxOut.close();
}catch (Exception ex) {
ex.printStackTrace();
}
}
}
2:制作服务器端证书
package com.javasecurity;
import es.sing.util.*;
//Soporte de E/S
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
//Soporte para BigInteger
import java.math.BigInteger;
//Soporte para colecciones, stringtokenizer y fechas
import java.util.StringTokenizer;
import java.security.KeyStore;
import java.security.Security;
import java.security.KeyPair;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.*;
import java.security.Key;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Hashtable;
import java.util.Vector;
//Bouncycastle provider
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERInputStream;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.X509V1CertificateGenerator;
import org.bouncycastle.jce.X509V3CertificateGenerator;
import org.bouncycastle.jce.provider.*;
import javax.swing.*;
public class MakeServerCert {
PrivateKey userPrivKey=null;
PublicKey userPubKey =null;
X509Certificate userCer=null;
X509Certificate caCer=null;
int nserie=0;
String nombre=null;
private JTextPane jTextPane1 = new JTextPane();
private JTextPane jTextPane2 = new JTextPane();
public MakeServerCert() {
}
public static void main(String[] args) {
MakeServerCert makeServerCert1 = new MakeServerCert();
// makeServerCert1.getAdminCert();
makeServerCert1.getServerCert();
}
/**
*建立系统管理员用户证书
*/
public boolean getAdminCert(){
try {
//修改安全通道设置
Security.addProvider(new BouncyCastleProvider());
PublicKey caPubKey =null;
PrivateKey caPrivKey =null;
String caIssue=null;
String userIssue=null;
int duracionMesesUserCertificate=365;
String signAlgorithm="MD5WithRSA";
java.util.Random usercertserial=new java.util.Random();
this.nserie=usercertserial.nextInt();
this.nombre=new String("admin".getBytes(),"Cp852");
//声明CA证书实体
//用户DN
userIssue="C=CN,ST=xinjiang,L=wulumuqi,O=sailing,OU=soft,CN=admin,EmailAddress=admin@sailing.com";
userIssue=X509Subject.decodeX509Subject(userIssue);
KeyStore keystoreCA = KeyStore.getInstance("PKCS12", "BC");
String pass=new String("zhs0567".getBytes(),"Cp852");
//读取CA根证书
keystoreCA.load(new FileInputStream("d:\\ca\\ca.pfx"), pass.toCharArray());
//获取CA私钥
caPrivKey = (PrivateKey)(keystoreCA.getKey("CApriv", null));
//获取CA证书
this.caCer = (X509Certificate)(keystoreCA.getCertificate("CA"));
//获取CA公钥
caPubKey=caCer.getPublicKey();
//获取CA公钥
caIssue=caCer.getSubjectDN().toString();
caIssue=X509Subject.decodeX509Subject(caIssue);
String algorithm="RSA";
//用RSA算法产生用户密钥对
KeyPair userParClaves = GeneraClaves.generaParClaves(1024,algorithm);
this.userPrivKey = userParClaves.getPrivate();
this.userPubKey = userParClaves.getPublic();
//产生客户端证书
this.userCer=CertificateUtils.crearCert(userPubKey,caPrivKey,caPubKey,caIssue,userIssue,this.nserie,200,signAlgorithm);
//产生pfx格式CA签名证书
Certificate[] userCadPfx = new Certificate[2];
userCadPfx[1] = caCer;
userCadPfx[0] = userCer;
KeyStore userStore = KeyStore.getInstance("PKCS12", "BC");
userStore.load(null, null);
userStore.setKeyEntry(nombre, userPrivKey, null, userCadPfx);
FileOutputStream userPfxOut = new FileOutputStream("d:\\client\\admin.pfx");
userStore.store(userPfxOut,"admin".toCharArray());
userPfxOut.close();
return true;
}catch (Exception ex) {
ex.printStackTrace();
return false;
}
}
/**
*用CA根证书签发服务器端根证书
*/
public void getServerCert(){
try {
Security.addProvider(new BouncyCastleProvider());
PublicKey caPubKey =null;
PrivateKey caPrivKey =null;
String nombre=null;
String caIssue=null;
String serverIssue=null;
long nserie= 0;
int duracionMesesUserCertificate=365;
String signAlgorithm="MD5WithRSA";
nserie=123456789;
//私钥保护
nombre=new String("server".getBytes(),"Cp852");
X509Certificate caCer =null;//声明CA证书实体
//用户DN
serverIssue="C="+"CN"+", ST="+"Beijing"+", L= "+"Beijing"+", O="+"company"+", OU="+"department"+", CN="+"localhost" + ", EmailAddress="+"zhs0567@sina.com";
serverIssue=X509Subject.decodeX509Subject(serverIssue);
KeyStore keystoreCA = KeyStore.getInstance("PKCS12", "BC");
String pass=new String("zhs0567".getBytes(),"Cp852");
//读取CA根证书
keystoreCA.load(new FileInputStream("d:\\ca\\ca.pfx"), pass.toCharArray());
System.out.println("读取ca证书内容");
//获取CA私钥
caPrivKey = (PrivateKey)(keystoreCA.getKey("CApriv", null));
//获取CA证书
caCer = (X509Certificate)(keystoreCA.getCertificate("CA"));
//获取CA公钥
caPubKey=caCer.getPublicKey();
//获取CA公钥
caIssue=caCer.getSubjectDN().toString();
caIssue=X509Subject.decodeX509Subject(caIssue);
System.out.println("********************1");
String algorithm="RSA";
//用RSA算法产生用户密钥对
KeyPair userParClaves = GeneraClaves.generaParClaves(1024,algorithm);
PrivateKey userPrivKey = userParClaves.getPrivate(); //Clave privada del usuario
PublicKey userPubKey = userParClaves.getPublic();
//产生服务器端证书
X509Certificate serverCer=CertificateUtils.crearCert(userPubKey,caPrivKey,caPubKey,caIssue,serverIssue,12,200,signAlgorithm);
//转换CA证书与用户证书类型为标准格式
java.security.cert.Certificate cac=(Certificate)caCer;
java.security.cert.Certificate clientc=(Certificate)serverCer;
//形成证书链
java.security.cert.Certificate[] cchain={clientc,cac};
//保存服务器端签名证书至密钥库
KeyStore ks=KeyStore.getInstance("JKS");
ks.load(null,null);
ks.setKeyEntry("server_signed",userPrivKey,"newpass".toCharArray(),cchain);
FileOutputStream out4=new FileOutputStream("d:\\ca\\server_keystore1");
ks.store(out4,"newpass".toCharArray());
out4.close();
}
catch (Exception ex) {
ex.printStackTrace();
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -