JKS生成数字签名+JBOSS配置SSL
第一步:
生成JKS文件
配置环境 JAVA_HOME: C:\bea\jdk150_10
Path: C:\bea\jdk150_10\bin
运行一下脚本
keytool -genkey -keyalg RSA -alias jbosskey -keystore jbosskey.jks
得到下图
-keyalg RSA 算法是RSA
-alias jbosskey 别名jbosskey
-keystore jbosskey.jks生成的JKS名字
上面的步骤完成后可在C:\Documents and Settings\yz45177 下生成jbosskey.jks文件.
第二步:
导出证书
keytool -export -alias jbosskey -file jbosskey.cer -keystore jbosskey.jks
-alias jbosskey---jks的别名
-file jbosskey.cer---导出的cer文件名
-keystore jbosskey.jks--jks文件
password--生成jks文件时的密码
第三步:
查看jks文件的详情
keytool -list -keystore jbosskey.jks
第四步:
生成数字签名:
直接运行下面的代码.
package com.zhuyang.test; import java.io.FileInputStream; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.cert.Certificate; import java.util.HashMap; import java.util.Map; import sun.misc.BASE64Encoder; public class DigitalSignatureTest { private static String alias="jbosskey"; private static String keystoretype="jks"; private static String certPath="C:\\workspace1\\digital_signature\\jbosskey.cer"; private static String keystorePath="C:\\workspace1\\digital_signature\\jbosskey.jks"; private static String password="1qazxsw2"; private static byte[] testData = "Hello, this is Young from SH".getBytes(); private static byte[] validateTest = "Hello, this is Young from SH".getBytes(); public static Map initial ()throws Exception{ Map map = new HashMap(); KeyStore keystore = KeyStore.getInstance("jks"); keystore.load(new FileInputStream(keystorePath), password.toCharArray()); PrivateKey senderKey = (PrivateKey) keystore.getKey(alias, password.toCharArray()); Certificate cert = (Certificate) keystore.getCertificate(alias); System.out.println("Algorithm===>"+senderKey.getAlgorithm()); map.put("senderKey", senderKey); map.put("cert", cert); return map; } public static byte[] getSignature(Map map)throws Exception{ PrivateKey senderKey = (PrivateKey) map.get("senderKey"); Certificate cert = (Certificate) map.get("cert"); System.out.println(cert.getType()); Signature sig = Signature.getInstance("SHA1withRSA"); sig.initSign(senderKey); sig.update(testData); byte [] result = sig.sign(); return result; } public static boolean varifySignature() throws Exception{ boolean ret=false; Map map = initial(); byte [] signature = getSignature(map); Certificate cert = (Certificate) map.get("cert"); PublicKey pk = (PublicKey) cert.getPublicKey(); Signature sig = Signature.getInstance("SHA1withRSA"); sig.initVerify(pk); sig.update(validateTest); ret =sig.verify(signature); System.out.println(ret); return ret; } public static void main(String[] args) throws Exception { Map map = initial(); byte[] signature =getSignature(map); BASE64Encoder encoder = new BASE64Encoder(); String DIGITAL_SIGNATURE = encoder.encodeBuffer(signature); DIGITAL_SIGNATURE=DIGITAL_SIGNATURE.replaceAll("\\n", "").replaceAll("\\r", ""); System.out.println("DIGITAL_SIGNATURE====>"+DIGITAL_SIGNATURE); varifySignature(); } }
如何配置JBOSS的SSL
我用的是jboss-5.0.1.GA
第一步:
拷贝jks和cer文件到C:\zhuyang\jboss-5.0.1.GA\jboss-5.0.1.GA\server\default\conf
第二步:
编辑文件C:\zhuyang\jboss-5.0.1.GA\jboss-5.0.1.GA\server\default\deploy\jbossweb.sar\server.xml
添加下面内容
<!-- SSL/TLS Connector configuration using the admin devl guide keystore--> <Connector protocol="HTTP/1.1" SSLEnabled="true" port="8443" address="${jboss.bind.address}" scheme="https" secure="true" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/jbosskey.jks" keystorePass="1qazxsw2" sslProtocol = "TLS" />
keystorePass="1qazxsw2"这是你jks的密码
keystoreFile这是jks文件目录
port="8443"https访问的时候的短裤
这样http和https都能访问了.
HTTP
HTTPS
好像已经狠详细了哦...