setting ssl keystore at runtime in Jetty

前端 未结 5 1534
盖世英雄少女心
盖世英雄少女心 2021-02-13 14:47

Is it possible to change keystore at runtime? Currently I am setting up SSL before I do a server.start() -

sslContextFactory.setTrustStore(ks);
sslContextFactor         


        
5条回答
  •  傲寒
    傲寒 (楼主)
    2021-02-13 15:28

    I'm not an expert in java's security packages but to my knowledge there is no straight forward way to create the keypair from public API.

    However, I is possible if you could allow your code do an import from sun's restricted packages like:

    import sun.security.x509.*;
    

    Here is an outline of code you are looking for:

    PrivateKey privkey = pair.getPrivate();
    X509CertInfo info = new X509CertInfo();
    Date from = new Date();
    //Validity for next one year
    Date to = new Date(from.getTime() + (365) * 86400000l);
    
    CertificateValidity interval = new CertificateValidity(from, to);
    
    BigInteger sn = new BigInteger(64, new SecureRandom());
    X500Name owner = new X500Name(dn);
    
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    
    // Sign the cert
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);
    
    //cert object is ready to use
    

    Hope this helps

提交回复
热议问题