| | |
|---|
| | |
|
|---|
| | | import javax.security.auth.x500.X500Principal;
|
|---|
| | |
|
|---|
| | | import org.bouncycastle.asn1.x500.X500NameBuilder;
|
|---|
| | | import org.bouncycastle.asn1.x500.style.BCStyle;
|
|---|
| | | import org.bouncycastle.cert.X509v3CertificateBuilder;
|
|---|
| | | import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
|
|---|
| | | import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
|
|---|
| | |
|---|
| | | System.err.println(t.getMessage());
|
|---|
| | | jc.usage();
|
|---|
| | | }
|
|---|
| | | File keystore = new File("keystore");
|
|---|
| | | File keystore = new File("serverKeyStore.jks");
|
|---|
| | | generateSelfSignedCertificate(params.hostname, keystore, params.storePassword,
|
|---|
| | | params.subject);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | public static void generateSelfSignedCertificate(String hostname, File keystore,
|
|---|
| | | String keystorePassword) {
|
|---|
| | | try {
|
|---|
| | | Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
|
|---|
| | |
|
|---|
| | | KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
|
|---|
| | | kpGen.initialize(1024, new SecureRandom());
|
|---|
| | | KeyPair pair = kpGen.generateKeyPair();
|
|---|
| | |
|
|---|
| | | // Generate self-signed certificate
|
|---|
| | | X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE);
|
|---|
| | | builder.addRDN(BCStyle.OU, Constants.NAME);
|
|---|
| | | builder.addRDN(BCStyle.O, Constants.NAME);
|
|---|
| | | builder.addRDN(BCStyle.CN, hostname);
|
|---|
| | |
|
|---|
| | | Date notBefore = new Date(System.currentTimeMillis() - TimeUtils.ONEDAY);
|
|---|
| | | Date notAfter = new Date(System.currentTimeMillis() + 10 * TimeUtils.ONEYEAR);
|
|---|
| | | BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
|
|---|
| | |
|
|---|
| | | X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(builder.build(),
|
|---|
| | | serial, notBefore, notAfter, builder.build(), pair.getPublic());
|
|---|
| | | ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption")
|
|---|
| | | .setProvider(BC).build(pair.getPrivate());
|
|---|
| | | X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC)
|
|---|
| | | .getCertificate(certGen.build(sigGen));
|
|---|
| | | cert.checkValidity(new Date());
|
|---|
| | | cert.verify(cert.getPublicKey());
|
|---|
| | |
|
|---|
| | | // Save to keystore
|
|---|
| | | KeyStore store = KeyStore.getInstance("JKS");
|
|---|
| | | if (keystore.exists()) {
|
|---|
| | | FileInputStream fis = new FileInputStream(keystore);
|
|---|
| | | store.load(fis, keystorePassword.toCharArray());
|
|---|
| | | fis.close();
|
|---|
| | | } else {
|
|---|
| | | store.load(null);
|
|---|
| | | }
|
|---|
| | | store.setKeyEntry(hostname, pair.getPrivate(), keystorePassword.toCharArray(),
|
|---|
| | | new java.security.cert.Certificate[] { cert });
|
|---|
| | | FileOutputStream fos = new FileOutputStream(keystore);
|
|---|
| | | store.store(fos, keystorePassword.toCharArray());
|
|---|
| | | fos.close();
|
|---|
| | | } catch (Throwable t) {
|
|---|
| | | t.printStackTrace();
|
|---|
| | | throw new RuntimeException("Failed to generate self-signed certificate!", t);
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | public static void generateSelfSignedCertificate(String hostname, File keystore,
|
|---|
| | |
|---|
| | | try {
|
|---|
| | | Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
|
|---|
| | |
|
|---|
| | | KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
|
|---|
| | | KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", BC);
|
|---|
| | | kpGen.initialize(1024, new SecureRandom());
|
|---|
| | | KeyPair pair = kpGen.generateKeyPair();
|
|---|
| | |
|
|---|
