【发布时间】:2012-07-24 08:24:55
【问题描述】:
如何以编程方式创建私钥并在 SSL 套接字中使用它?
我在下面放了一个注释异常,我试图将密钥添加到密钥库,但我没有证书链。
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024, new SecureRandom());
KeyPair keypair = keyGen.generateKeyPair();
System.setProperty("javax.net.ssl.keyStore", System.getProperty("user.home")
+ File.separator +
+ "/keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "xyz");
KeyManagerFactory keyManagerFactory = KeyManagerFactory
.getInstance("SunX509");
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, "xyz".toCharArray());
//setKeyEntry parameter 3 can not be null:
//IllegalArgumentException: Private key must be accompanied by certificate chain
keyStore.setKeyEntry("alias", keypair.getPrivate(),
"xyz".toCharArray(), null);
keyManagerFactory.init(keyStore, "xyz".toCharArray());
// keyStore.load
SSLContext context = SSLContext.getInstance("TLS");// "SSLv3"
context.init(keyManagerFactory.getKeyManagers(), null,
new SecureRandom());
ServerSocketFactory socketFactory = context.getServerSocketFactory();
ServerSocket ssocket = socketFactory.createServerSocket(1443);
Socket socket = ssocket.accept();
【问题讨论】:
-
我差不多有了(keyStore.setKeyEntry("alias", keypair.getPrivate(), "xyz".toCharArray(), null)) 但是,最后一个参数是必需的证书链,但是我没有证书链。 ...我不想要额外的 JAR,但我可能必须包含 bouncycastle 才能做到这一点:blog.thilinamb.com/2010/01/how-to-generate-self-signed.html
-
HI Alen,问题是:如何以编程方式创建私钥并在 SSL 套接字中使用它?