All Downloads are FREE. Search and download functionalities are using the official Maven repository.

koncept.http.jce.SecurityUtil Maven / Gradle / Ivy

package koncept.http.jce;

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Date;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

import sun.security.x509.CertAndKeyGen;
import sun.security.x509.X500Name;

public class SecurityUtil {
	private SecurityUtil(){}
	
//	//https://www.mayrhofer.eu.org/create-x509-certs-in-java
//	public static Object[] makeKeypair() throws Exception {
//		KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
//        keyGen.initialize(1024, new SecureRandom());
//        KeyPair keypair = keyGen.generateKeyPair();
//        PrivateKey privKey = keypair.getPrivate();
//        PublicKey pubKey = keypair.getPublic();
//        return new Object[]{privKey, pubKey};
//	}
	
	//http://stackoverflow.com/questions/4634124/how-to-generate-sign-and-import-ssl-certificate-from-java
	public static KeyStoreDetails makeKeyStore() throws Exception {
		return makeKeyStore(new CertificateDetails());
	}
	
	public static KeyStoreDetails makeKeyStore(CertificateDetails certificateDetails) throws Exception {
		if (certificateDetails == null)
			certificateDetails = new CertificateDetails();
		else
			certificateDetails = certificateDetails.clone();
		
		KeyStoreDetails ksd = new KeyStoreDetails();
		ksd.certificateDetails = certificateDetails;

		ksd.keyStore = KeyStore.getInstance("JKS");
		ksd.keyStore.load(null, null);

        CertAndKeyGen keypair = new CertAndKeyGen("RSA", "SHA1WithRSA", null);

        X500Name x500Name = new X500Name(
        		certificateDetails.commonName,
        		certificateDetails.organizationalUnit,
        		certificateDetails.organization,
        		certificateDetails.city,
        		certificateDetails.state,
        		certificateDetails.country);

        keypair.generate(certificateDetails.keysize);
        ksd.privateKey = keypair.getPrivateKey();
        ksd.publicKey = keypair.getPublicKey();

        X509Certificate[] chain = new X509Certificate[1];

        chain[0] = keypair.getSelfCertificate(x500Name, new Date(), (long) certificateDetails.validityDays * 24 * 60 * 60);

        ksd.keyStore.setKeyEntry(certificateDetails.alias, ksd.privateKey, certificateDetails.keyPass, chain);

//        keyStore.store(new FileOutputStream(".keystore"), keyPass);
        return ksd;
    }
	
	public static SSLContext makeSSLContext() throws Exception {
		return makeSSLContext(makeKeyStore());
	}
	
	public static SSLContext makeSSLContext(KeyStoreDetails ksd) throws Exception {
		KeyStore ks = ksd.keyStore;
		
		KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
		kmf.init(ks, ksd.certificateDetails.keyPass);
		
		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
		tmf.init(ks);
		
		SSLContext sslContext = SSLContext.getInstance("TLS");
		
		SecureRandom random = new SecureRandom();
		sslContext.init(
				kmf.getKeyManagers(),
				tmf.getTrustManagers(),
				random);
		return sslContext;
	}
	
	
	
	
	
	
	
	
	public static class CertificateDetails implements Cloneable {
		public int keysize = 1024;
		public String commonName = "localhost";
	    public String organizationalUnit = "IT";
	    public String organization = "test";
	    public String city = "London";
	    public String state = "none";
	    public String country = "UK";
	    public long validityDays = 365; //in days
	    public String alias = "kncept";
	    public char[] keyPass = "changeit".toCharArray();
	    
	    @Override
	    public CertificateDetails clone() throws CloneNotSupportedException {
	    	CertificateDetails details = (CertificateDetails)super.clone();
	    	//deep copy array
	    	details.keyPass = new char[keyPass.length];
	    	System.arraycopy(keyPass, 0, details.keyPass, 0, keyPass.length);
	    	return details;
	    }
	}
	
	public static class KeyStoreDetails {
		public CertificateDetails certificateDetails;
		public PrivateKey privateKey;
		public PublicKey publicKey;
		public KeyStore keyStore;
		
	}
	
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy