java - 如何从 Java 生成、签署和导入 SSL 证书

标签 java ssl certificate self-signed keytool

<分区>

Possible Duplicate:
Generate certificates, public and private keys with Java

我需要在运行时生成一个自签名证书,对它们签名并导入到 Java keystore 。我可以通过以下方式从命令行使用“keytool”和“openssl”来做到这一点:

keytool -import -alias root -keystore keystore.txt -file cacert.pem
keytool -genkey -keyalg RSA -keysize 1024 -alias www.cia.gov -keystore keystore.txt
keytool -keystore keystore.txt -certreq -alias www.cia.gov -file req.pem
openssl x509 -req -days 3650 -in req.pem -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out reqsigned.pem 
keytool -import -alias www.cia.gov -keystore keystore.txt -trustcacerts  -file reqsigned.pem

当然,我可以使用 keytool 和 openssl 二进制文件发布我的应用程序,并从 Java 执行上述命令,但我正在寻找一种更简洁的方法,让我可以使用纯 Java 完成上述所有操作。

我可以使用任何库吗?

最佳答案 

import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Date;

// import sun.security.tools.keytool.CertAndKeyGen; // Use this for Java 8 and above
import sun.security.x509.CertAndKeyGen;
import sun.security.x509.X500Name;

public class UseKeyTool {

    private static final int keysize = 1024;
    private static final String commonName = "www.test.de";
    private static final String organizationalUnit = "IT";
    private static final String organization = "test";
    private static final String city = "test";
    private static final String state = "test";
    private static final String country = "DE";
    private static final long validity = 1096; // 3 years
    private static final String alias = "tomcat";
    private static final char[] keyPass = "changeit".toCharArray();

    // copied most ideas from sun.security.tools.KeyTool.java

    @SuppressWarnings("restriction")
    public static void main(String[] args) throws Exception {

        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);

        CertAndKeyGen keypair = new CertAndKeyGen("RSA", "SHA1WithRSA", null);

        X500Name x500Name = new X500Name(commonName, organizationalUnit, organization, city, state, country);

        keypair.generate(keysize);
        PrivateKey privKey = keypair.getPrivateKey();

        X509Certificate[] chain = new X509Certificate[1];

        chain[0] = keypair.getSelfCertificate(x500Name, new Date(), (long) validity * 24 * 60 * 60);

        keyStore.setKeyEntry(alias, privKey, keyPass, chain);

        keyStore.store(new FileOutputStream(".keystore"), keyPass);



    }
}

关于java - 如何从 Java 生成、签署和导入 SSL 证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4634124/

上一篇:java - 在 Java 中指向整数的指针

下一篇:java - ServerSocket accept() 方法

相关文章:

java - TestNG:确定下一步是哪些测试方法

java - Jena API规则测试: how many and what are the methods to write rules in Jena?

ssl - 带有自签名证书的 SSL 上的 MySQL

ssl - 将www。*域添加到certbot证书

ssl - 通过 https 和 http 加载的不同页面

php - 如何将 PHP5 SoapClient::SoapClient() 与客户端证书一起使用?

ios - Apple Developers Program "Certificates, Identifiers & Profiles"- 为空

java - 使用单词作为分隔符分割字符串

java - Maven 原型(prototype) : Sub-package names

python - pip ssl证书错误OSX安装scrapy

©2024 IT工具网  联系我们