package test;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
/**
* 测试keytool 生成公钥私钥
*
* @author dh jboss SSL java中Keytool的使用总结
* http://blog.chinaunix.net/uid-17102734-id-2830223.html
*
* localhost:bin dh$ cd
* /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/bin
*
* localhost:bin dh$ ./keytool -genkey -alias tc-ssl -keyalg RSA
* -keystore server.keystore -validity 3650
*
* Enter keystore password: Dongh12!
*
* Re-enter new password: Dongh12!
*
* What is your first and last name?
*
* [Unknown]: localhost
*
* What is the name of your organizational unit?
*
* [Unknown]: dh
*
* What is the name of your organization?
*
* [Unknown]: dh
*
* What is the name of your City or Locality?
*
* [Unknown]: beijing
*
* What is the name of your State or Province?
*
* [Unknown]: beijing
*
* What is the two-letter country code for this unit?
*
* [Unknown]: CN
*
* Is CN=localhost, OU=dh, O=dh, L=beijing, ST=beijing, C=CN correct?
*
* [no]: yes
*
*
*
* Enter key password for <tc-ssl>
*
* (RETURN if same as keystore password):
*
* localhost:bin dh$ ls
*
* server.keystore
*
* 2.导出 localhost:bin dh$ ./keytool -export -alias tc-ssl -keystore
* server.keystore -file server.crt -storepass Dongh12!
*
* 3.拷贝到jboss
*
* localhost:bin dh$ cp server.keystore
* /Users/dh/app/jboss-5.1.0.GA/server/default/conf
*
* 4.修改jboss配置
*
* localhost:jbossweb.sar dh$ vim
* /Users/dh/app/jboss-5.1.0.GA/server/default/deploy/jbossweb.sar/
* server.xml 修改
* <Connector protocol="HTTP/1.1" SSLEnabled="true" port="8443" address=
* "${jboss.bind.address}" scheme="https" secure="true" clientAuth=
* "true" keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
* keystorePass="Dongh12!" sslProtocol = "TLS" />
*/
public class KeyTool {
public static void main(String[] args) {
try {
KeyTool t = new KeyTool();
String p = t.getClass().getClassLoader().getResource(".").getPath();
System.out.println(p);
String PASSWORD = "Dongh12!";
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(p + "server.keystore"), PASSWORD.toCharArray());
String alias = (String) ks.aliases().nextElement();
PrivateKey myPrivateKey = (PrivateKey) ks.getKey(alias, PASSWORD.toCharArray());
// Certificate[] chain = ks.getCertificateChain(alias);
// 通过证书,获取公钥
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream in = new FileInputStream(p + "server.crt");
// 生成一个证书对象并使用从输入流 inStream 中读取的数据对它进行初始化。
Certificate c = cf.generateCertificate(in);
PublicKey publicKey = c.getPublicKey();
// 通过下面这段代码提取的私钥是否正确
String before = "abc";
byte[] plainText = before.getBytes("UTF-8");
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
// 用公钥进行加密,返回一个字节流
byte[] cipherText = cipher.doFinal(plainText);
cipher.init(Cipher.DECRYPT_MODE, myPrivateKey);
// 用私钥进行解密,返回一个字节流
byte[] newPlainText = cipher.doFinal(cipherText);
System.out.println(new String(newPlainText, "UTF-8"));
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
}
}
}
运行结果为: abc
注意:生成server.keystore 使用但jdk版本,和测试工程使用的jdk版本相同
我生成server.keystore使用的是jdk1.6
所以设置工程properties