| 提交 | 用户 | 时间 | ||
| e4c3b0 | 1 | package com.jcdm.main.da.opcuaconfig.cert; |
| Y | 2 | |
| 3 | import org.eclipse.milo.opcua.sdk.server.util.HostnameUtil; | |
| 4 | import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateBuilder; | |
| 5 | import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator; | |
| 6 | import org.slf4j.Logger; | |
| 7 | import org.slf4j.LoggerFactory; | |
| 8 | import org.springframework.stereotype.Component; | |
| 9 | ||
| 10 | import java.io.InputStream; | |
| 11 | import java.io.OutputStream; | |
| 12 | import java.nio.file.Files; | |
| 13 | import java.nio.file.Path; | |
| 14 | import java.security.*; | |
| 15 | import java.security.cert.X509Certificate; | |
| 16 | import java.util.regex.Pattern; | |
| 17 | ||
| 18 | /** | |
| 19 | * @ClassName: KeyStoreLoader | |
| 20 | * @Description: KeyStoreLoader | |
| 21 | * @author yyt | |
| 22 | * @date 2023年10月13日 | |
| 23 | */ | |
| 24 | @Component | |
| 25 | public class KeyStoreLoader { | |
| 26 | ||
| 27 | private static final Pattern IP_ADDR_PATTERN = Pattern | |
| 28 | .compile("^(([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.){3}([01]?\\d\\d?|2[0-4]\\d|25[0-5])$"); | |
| 29 | ||
| 30 | // 证书别名 | |
| 31 | private static final String CLIENT_ALIAS = "jlclient-ai"; | |
| 32 | // 获取私钥的密码 | |
| 33 | private static final char[] PASSWORD = "yyt@8888888888".toCharArray(); | |
| 34 | ||
| 35 | private final Logger logger = LoggerFactory.getLogger(getClass()); | |
| 36 | ||
| 37 | // 证书对象 | |
| 38 | private X509Certificate clientCertificate; | |
| 39 | // 密钥对对象 | |
| 40 | private KeyPair clientKeyPair; | |
| 41 | ||
| 42 | /** | |
| 43 | * @MethodName: load | |
| 44 | * @Description: load | |
| 45 | * @param baseDir | |
| 46 | * @return | |
| 47 | * @throws Exception | |
| 48 | * @CreateTime 2023年10月13日 | |
| 49 | */ | |
| 50 | public KeyStoreLoader load(Path baseDir) throws Exception { | |
| 51 | // 创建一个使用`PKCS12`加密标准的KeyStore。KeyStore在后面将作为读取和生成证书的对象。 | |
| 52 | KeyStore keyStore = KeyStore.getInstance("PKCS12"); | |
| 53 | ||
| 54 | // PKCS12的加密标准的文件后缀是.pfx,其中包含了公钥和私钥。 | |
| 55 | // 而其他如.der等的格式只包含公钥,私钥在另外的文件中。 | |
| 56 | Path serverKeyStore = baseDir.resolve("OPCUA-client.pfx"); | |
| 57 | ||
| 58 | logger.info("Loading KeyStore at {}", serverKeyStore); | |
| 59 | ||
| 60 | // 如果文件不存在则创建.pfx证书文件。 | |
| 61 | if (!Files.exists(serverKeyStore)) { | |
| 62 | keyStore.load(null, PASSWORD); | |
| 63 | ||
| 64 | // 用2048位的RAS算法。`SelfSignedCertificateGenerator`为Milo库的对象。 | |
| 65 | KeyPair keyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048); | |
| 66 | ||
| 67 | // `SelfSignedCertificateBuilder`也是Milo库的对象,用来生成证书。 | |
| 68 | // 中间所设置的证书属性可以自行修改。 | |
| 69 | SelfSignedCertificateBuilder builder = new SelfSignedCertificateBuilder(keyPair) | |
| 70 | .setCommonName("UaClient@Jellyleo") | |
| 71 | .setOrganization("JL") | |
| 72 | .setOrganizationalUnit("per") | |
| 73 | .setLocalityName("jl") | |
| 74 | .setStateName("JiangSu") | |
| 75 | .setCountryCode("CN") | |
| 76 | .setApplicationUri("urn:Yyt_PC:UnifiedAutomation:UaExpert") | |
| 77 | .addDnsName("Yyt_PC") | |
| 78 | .addIpAddress("127.0.0.1"); | |
| 79 | ||
| 80 | // Get as many hostnames and IP addresses as we can listed in the certificate. | |
| 81 | for (String hostname : HostnameUtil.getHostnames("0.0.0.0")) { | |
| 82 | if (IP_ADDR_PATTERN.matcher(hostname).matches()) { | |
| 83 | builder.addIpAddress(hostname); | |
| 84 | } else { | |
| 85 | builder.addDnsName(hostname); | |
| 86 | } | |
| 87 | } | |
| 88 | // 创建证书 | |
| 89 | X509Certificate certificate = builder.build(); | |
| 90 | ||
| 91 | // 设置对应私钥的别名,密码,证书链 | |
| 92 | keyStore.setKeyEntry(CLIENT_ALIAS, keyPair.getPrivate(), PASSWORD, new X509Certificate[] { certificate }); | |
| 93 | try (OutputStream out = Files.newOutputStream(serverKeyStore)) { | |
| 94 | // 保存证书到输出流 | |
| 95 | keyStore.store(out, PASSWORD); | |
| 96 | } | |
| 97 | } else { | |
| 98 | try (InputStream in = Files.newInputStream(serverKeyStore)) { | |
| 99 | // 如果文件存在则读取 | |
| 100 | keyStore.load(in, PASSWORD); | |
| 101 | } | |
| 102 | } | |
| 103 | ||
| 104 | // 用密码获取对应别名的私钥。 | |
| 105 | Key serverPrivateKey = keyStore.getKey(CLIENT_ALIAS, PASSWORD); | |
| 106 | if (serverPrivateKey instanceof PrivateKey) { | |
| 107 | // 获取对应别名的证书对象。 | |
| 108 | clientCertificate = (X509Certificate) keyStore.getCertificate(CLIENT_ALIAS); | |
| 109 | // 获取公钥 | |
| 110 | PublicKey serverPublicKey = clientCertificate.getPublicKey(); | |
| 111 | // 创建Keypair对象。 | |
| 112 | clientKeyPair = new KeyPair(serverPublicKey, (PrivateKey) serverPrivateKey); | |
| 113 | } | |
| 114 | ||
| 115 | return this; | |
| 116 | } | |
| 117 | ||
| 118 | // 返回证书 | |
| 119 | public X509Certificate getClientCertificate() { | |
| 120 | return clientCertificate; | |
| 121 | } | |
| 122 | ||
| 123 | // 返回密钥对 | |
| 124 | public KeyPair getClientKeyPair() { | |
| 125 | return clientKeyPair; | |
| 126 | } | |
| 127 | } | |
