JKS生成数字签名+JBOSS配置SSL

KDF000 2013-02-20

第一步:

生成JKS文件

配置环境  JAVA_HOME: C:\bea\jdk150_10

                Path: C:\bea\jdk150_10\bin

运行一下脚本

keytool -genkey -keyalg RSA -alias jbosskey -keystore jbosskey.jks

得到下图
JKS生成数字签名+JBOSS配置SSL

-keyalg RSA  算法是RSA

-alias jbosskey 别名jbosskey

-keystore jbosskey.jks生成的JKS名字

上面的步骤完成后可在C:\Documents and Settings\yz45177 下生成jbosskey.jks文件.

第二步:

导出证书

keytool -export -alias jbosskey -file jbosskey.cer -keystore jbosskey.jks


JKS生成数字签名+JBOSS配置SSL
-alias jbosskey---jks的别名

-file jbosskey.cer---导出的cer文件名

-keystore jbosskey.jks--jks文件

password--生成jks文件时的密码

第三步:

查看jks文件的详情

keytool -list -keystore jbosskey.jks


JKS生成数字签名+JBOSS配置SSL
 

第四步:

生成数字签名:

直接运行下面的代码.

package com.zhuyang.test;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.util.HashMap;
import java.util.Map;

import sun.misc.BASE64Encoder;

public class DigitalSignatureTest {

	private static String alias="jbosskey";
	private static String keystoretype="jks";
	private static String certPath="C:\\workspace1\\digital_signature\\jbosskey.cer";
	private static String keystorePath="C:\\workspace1\\digital_signature\\jbosskey.jks";
	private static String password="1qazxsw2";
	private static byte[] testData = "Hello, this is Young from SH".getBytes();
	private static byte[] validateTest = "Hello, this is Young from SH".getBytes();
	 
	public static Map initial ()throws Exception{
		Map map = new HashMap();
		KeyStore keystore = KeyStore.getInstance("jks");
		keystore.load(new FileInputStream(keystorePath), password.toCharArray());
		PrivateKey senderKey = (PrivateKey) keystore.getKey(alias, password.toCharArray()); 
		Certificate cert = (Certificate) keystore.getCertificate(alias);
		System.out.println("Algorithm===>"+senderKey.getAlgorithm());
		map.put("senderKey", senderKey);
		map.put("cert", cert);
		return map;
	}
	public static byte[] getSignature(Map map)throws Exception{
		PrivateKey senderKey = (PrivateKey) map.get("senderKey");
		Certificate cert = (Certificate) map.get("cert");
		System.out.println(cert.getType());
		Signature sig = Signature.getInstance("SHA1withRSA");
		sig.initSign(senderKey);
		sig.update(testData);
		byte [] result = sig.sign();
		return result;
	}
	public static boolean varifySignature() throws Exception{
		boolean ret=false;
		Map map = initial();
		byte [] signature = getSignature(map);
		Certificate cert = (Certificate) map.get("cert");
		PublicKey pk = (PublicKey) cert.getPublicKey();
		Signature sig = Signature.getInstance("SHA1withRSA");
		sig.initVerify(pk);
		sig.update(validateTest);
		ret =sig.verify(signature);
		System.out.println(ret);
		return ret;
	}
	public static void main(String[] args) throws Exception {
		Map map = initial();
		byte[] signature =getSignature(map);
		BASE64Encoder encoder = new BASE64Encoder();
		String DIGITAL_SIGNATURE = encoder.encodeBuffer(signature);
		DIGITAL_SIGNATURE=DIGITAL_SIGNATURE.replaceAll("\\n", "").replaceAll("\\r", "");
		System.out.println("DIGITAL_SIGNATURE====>"+DIGITAL_SIGNATURE);
		varifySignature();
	}

}

如何配置JBOSS的SSL

我用的是jboss-5.0.1.GA

第一步:

拷贝jks和cer文件到C:\zhuyang\jboss-5.0.1.GA\jboss-5.0.1.GA\server\default\conf

第二步:

编辑文件C:\zhuyang\jboss-5.0.1.GA\jboss-5.0.1.GA\server\default\deploy\jbossweb.sar\server.xml

添加下面内容

<!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
      <Connector protocol="HTTP/1.1" SSLEnabled="true" 
           port="8443" address="${jboss.bind.address}"
           scheme="https" secure="true" clientAuth="false" 
           keystoreFile="${jboss.server.home.dir}/conf/jbosskey.jks"
           keystorePass="1qazxsw2" sslProtocol = "TLS" />
keystorePass="1qazxsw2"这是你jks的密码
keystoreFile这是jks文件目录
port="8443"https访问的时候的短裤

这样http和https都能访问了.

HTTP


JKS生成数字签名+JBOSS配置SSL
 

HTTPS


JKS生成数字签名+JBOSS配置SSL
 


JKS生成数字签名+JBOSS配置SSL
 

好像已经狠详细了哦...

相关推荐