第一步:
生成JKS文件
配置环境 JAVA_HOME: C:\bea\jdk150_10
Path: C:\bea\jdk150_10\bin
运行一下脚本
keytool -genkey -keyalg RSA -alias jbosskey -keystore jbosskey.jks
得到下图
-keyalg RSA 算法是RSA
-alias jbosskey 别名jbosskey
-keystore jbosskey.jks生成的JKS名字
上面的步骤完成后可在C:\Documents and Settings\yz45177 下生成jbosskey.jks文件.
第二步:
导出证书
keytool -export -alias jbosskey -file jbosskey.cer -keystore jbosskey.jks
-alias jbosskey---jks的别名
-file jbosskey.cer---导出的cer文件名
-keystore jbosskey.jks--jks文件
password--生成jks文件时的密码
第三步:
查看jks文件的详情
keytool -list -keystore jbosskey.jks
第四步:
生成数字签名:
直接运行下面的代码.
package com.zhuyang.test;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.util.HashMap;
import java.util.Map;
import sun.misc.BASE64Encoder;
public class DigitalSignatureTest {
private static String alias="jbosskey";
private static String keystoretype="jks";
private static String certPath="C:\\workspace1\\digital_signature\\jbosskey.cer";
private static String keystorePath="C:\\workspace1\\digital_signature\\jbosskey.jks";
private static String password="1qazxsw2";
private static byte[] testData = "Hello, this is Young from SH".getBytes();
private static byte[] validateTest = "Hello, this is Young from SH".getBytes();
public static Map initial ()throws Exception{
Map map = new HashMap();
KeyStore keystore = KeyStore.getInstance("jks");
keystore.load(new FileInputStream(keystorePath), password.toCharArray());
PrivateKey senderKey = (PrivateKey) keystore.getKey(alias, password.toCharArray());
Certificate cert = (Certificate) keystore.getCertificate(alias);
System.out.println("Algorithm===>"+senderKey.getAlgorithm());
map.put("senderKey", senderKey);
map.put("cert", cert);
return map;
}
public static byte[] getSignature(Map map)throws Exception{
PrivateKey senderKey = (PrivateKey) map.get("senderKey");
Certificate cert = (Certificate) map.get("cert");
System.out.println(cert.getType());
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initSign(senderKey);
sig.update(testData);
byte [] result = sig.sign();
return result;
}
public static boolean varifySignature() throws Exception{
boolean ret=false;
Map map = initial();
byte [] signature = getSignature(map);
Certificate cert = (Certificate) map.get("cert");
PublicKey pk = (PublicKey) cert.getPublicKey();
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(pk);
sig.update(validateTest);
ret =sig.verify(signature);
System.out.println(ret);
return ret;
}
public static void main(String[] args) throws Exception {
Map map = initial();
byte[] signature =getSignature(map);
BASE64Encoder encoder = new BASE64Encoder();
String DIGITAL_SIGNATURE = encoder.encodeBuffer(signature);
DIGITAL_SIGNATURE=DIGITAL_SIGNATURE.replaceAll("\\n", "").replaceAll("\\r", "");
System.out.println("DIGITAL_SIGNATURE====>"+DIGITAL_SIGNATURE);
varifySignature();
}
}
如何配置JBOSS的SSL
我用的是jboss-5.0.1.GA
第一步:
拷贝jks和cer文件到C:\zhuyang\jboss-5.0.1.GA\jboss-5.0.1.GA\server\default\conf
第二步:
编辑文件C:\zhuyang\jboss-5.0.1.GA\jboss-5.0.1.GA\server\default\deploy\jbossweb.sar\server.xml
添加下面内容
<!-- SSL/TLS Connector configuration using the admin devl guide keystore--> <Connector protocol="HTTP/1.1" SSLEnabled="true" port="8443" address="${jboss.bind.address}" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/jbosskey.jks" keystorePass="1qazxsw2" sslProtocol = "TLS" />
keystorePass="1qazxsw2"这是你jks的密码
keystoreFile这是jks文件目录
port="8443"https访问的时候的短裤
这样http和https都能访问了.
HTTP
HTTPS
好像已经狠详细了哦...