我在StackOverflow和其他多个论坛上搜索了好几个月,我不知道还能做什么。我知道有些问题是类似的,但每当我尝试从这些代码编写或尝试从其他来源实施它总是会失败,所以请你能帮我解决我错过的内容吗?
我们正在从Linux迁移到Windows,我无法找到运行openssl的方法,所以看看BouncyCastle和JavaKeyTool函数似乎是要走的路,我愿意接受建议。我们需要根证书保持不变,它已经在100的PC上,这是为动态代理生成的证书,用于帮助弱势群体,这是有充分理由的。 (我也试过在GitHub上查看LittleProxy,我仍然无法让它工作)。
我目前的计划是:
// Generate key
Functions.RunInTerminal("sudo openssl genrsa -out ./ssl_ca_gen/private/" + filename + ".key 1024");
// Create CSR
Functions.RunInTerminal("sudo openssl req -new -config ./ssl_ca_gen/conf/openssl_cust_tmp" + tmp_ext + ".cnf -out ./ssl_ca_gen/" + filename + ".csr -key ./ssl_ca_gen/private/" + filename + ".key -subj \"/C=US/ST=SOMESTATE/L=SOMECITY/O=OURCOMPANYNAME/OU=OURUNIT/CN=" + domain + "\" ");
// Sign CSR
Functions.RunInTerminal("sudo openssl ca -batch -config ./ssl_ca_gen/conf/openssl_ca_tmp" + tmp_ext + ".cnf -in ./ssl_ca_gen/" + filename + ".csr -out ./ssl_ca_gen/" + filename + ".crt -extensions v3_req -extfile ./ssl_ca_gen/conf/openssl_ca_tmp" + tmp_ext + ".cnf");
// Convert cert
Functions.RunInTerminal("sudo openssl pkcs12 -export -in ./ssl_ca_gen/" + filename + ".crt -inkey ./ssl_ca_gen/private/" + filename + ".key -certfile ./ssl_ca_gen/public/root.pem > ./ssl_ca_gen/" + filename + ".p12 -passin pass:" + password + " -passout pass:" + password + "");
// Import into keystore
Functions.RunInTerminal("keytool -importkeystore -noprompt -srckeystore ./ssl_ca_gen/" + filename + ".p12 -destkeystore ./ssl_ca_gen/serverkeys_" + filename + " -srcstorepass " + password + " -deststorepass " + password + " -srcstoretype pkcs12");
可能会有所帮助的额外事项:
String filename = domain.replaceAll("\\.", "_");
if (renew || !new File("./ssl_ca_gen/serverkeys_" + filename).exists()) {
// Check index and serial exist
if (!new File("./ssl_ca_gen/conf/serial").exists()) {
Functions.RunInTerminal("echo \"01\" > ./ssl_ca_gen/conf/serial");
Functions.RunInTerminal("touch ./ssl_ca_gen/conf/index");
}
// Create temp ca_conf
String ca_temp = TextFile.ReadAll("./ssl_ca_gen/conf/openssl_ca.cnf", "\n");
ca_temp = ca_temp.replaceAll("%domain%", domain);
String tmp = "./ssl_ca_gen/conf/openssl_ca_tmp" + tmp_ext + ".cnf";
TextFile.QuickWrite(tmp, ca_temp);
if (!new File(tmp).exists()) {
throw new RuntimeException("Unable to create file " + tmp);
}
// Create temp cust_conf
String cust_temp = TextFile.ReadAll("./ssl_ca_gen/conf/openssl_cust.cnf", "\n");
cust_temp = cust_temp.replaceAll("%password%", password);
cust_temp = cust_temp.replaceAll("%domain%", domain);
TextFile.QuickWrite("./ssl_ca_gen/conf/openssl_cust_tmp" + tmp_ext + ".cnf", cust_temp);
// INSERT CURRENT PROGRAM (^ Functions.RunInTerminal("sudo... etc ^)
}
我们仍然可以使用nativeCall在我正在编写的新类上运行keytool:
private static String nativeCall(final String... commands) {
Logger.info("Running '" + Arrays.asList(commands) + "'");
final ProcessBuilder pb = new ProcessBuilder(commands);
try {
final Process process = pb.start();
final InputStream is = process.getInputStream();
byte[] data = ByteStreams.toByteArray(is);
String dataAsString = new String(data);
Logger.info("Completed native call: '" + Arrays.asList(commands) + "'");
Logger.info("Response: '" + dataAsString + "'");
return dataAsString;
} catch (final IOException e) {
Logger.error("Error running commands: " + Arrays.asList(commands));
e.printStackTrace();
return "";
}
}