提交 | 用户 | 时间
|
487b2f
|
1 |
package cn.stylefeng.guns.opcua.cert; |
YY |
2 |
|
|
3 |
import java.io.InputStream; |
|
4 |
import java.io.OutputStream; |
|
5 |
import java.nio.file.Files; |
|
6 |
import java.nio.file.Path; |
|
7 |
import java.security.Key; |
|
8 |
import java.security.KeyPair; |
|
9 |
import java.security.KeyStore; |
|
10 |
import java.security.PrivateKey; |
|
11 |
import java.security.PublicKey; |
|
12 |
import java.security.cert.X509Certificate; |
|
13 |
import java.util.regex.Pattern; |
|
14 |
|
|
15 |
import org.eclipse.milo.opcua.sdk.server.util.HostnameUtil; |
|
16 |
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateBuilder; |
|
17 |
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator; |
|
18 |
import org.slf4j.Logger; |
|
19 |
import org.slf4j.LoggerFactory; |
|
20 |
import org.springframework.stereotype.Component; |
|
21 |
|
|
22 |
/** |
|
23 |
* @ClassName: KeyStoreLoader |
|
24 |
* @Description: KeyStoreLoader |
|
25 |
* @author yyt |
|
26 |
* @date 2023年10月13日 |
|
27 |
*/ |
|
28 |
@Component |
|
29 |
public class KeyStoreLoader { |
|
30 |
|
|
31 |
private static final Pattern IP_ADDR_PATTERN = Pattern |
|
32 |
.compile("^(([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.){3}([01]?\\d\\d?|2[0-4]\\d|25[0-5])$"); |
|
33 |
|
|
34 |
// 证书别名 |
|
35 |
private static final String CLIENT_ALIAS = "jlclient-ai"; |
|
36 |
// 获取私钥的密码 |
|
37 |
private static final char[] PASSWORD = "yyt@8888888888".toCharArray(); |
|
38 |
|
|
39 |
private final Logger logger = LoggerFactory.getLogger(getClass()); |
|
40 |
|
|
41 |
// 证书对象 |
|
42 |
private X509Certificate clientCertificate; |
|
43 |
// 密钥对对象 |
|
44 |
private KeyPair clientKeyPair; |
|
45 |
|
|
46 |
/** |
|
47 |
* @MethodName: load |
|
48 |
* @Description: load |
|
49 |
* @param baseDir |
|
50 |
* @return |
|
51 |
* @throws Exception |
|
52 |
* @CreateTime 2023年10月13日 |
|
53 |
*/ |
|
54 |
public KeyStoreLoader load(Path baseDir) throws Exception { |
|
55 |
// 创建一个使用`PKCS12`加密标准的KeyStore。KeyStore在后面将作为读取和生成证书的对象。 |
|
56 |
KeyStore keyStore = KeyStore.getInstance("PKCS12"); |
|
57 |
|
|
58 |
// PKCS12的加密标准的文件后缀是.pfx,其中包含了公钥和私钥。 |
|
59 |
// 而其他如.der等的格式只包含公钥,私钥在另外的文件中。 |
|
60 |
Path serverKeyStore = baseDir.resolve("OPCUA-client.pfx"); |
|
61 |
|
|
62 |
logger.info("Loading KeyStore at {}", serverKeyStore); |
|
63 |
|
|
64 |
// 如果文件不存在则创建.pfx证书文件。 |
|
65 |
if (!Files.exists(serverKeyStore)) { |
|
66 |
keyStore.load(null, PASSWORD); |
|
67 |
|
|
68 |
// 用2048位的RAS算法。`SelfSignedCertificateGenerator`为Milo库的对象。 |
|
69 |
KeyPair keyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048); |
|
70 |
|
|
71 |
// `SelfSignedCertificateBuilder`也是Milo库的对象,用来生成证书。 |
|
72 |
// 中间所设置的证书属性可以自行修改。 |
|
73 |
SelfSignedCertificateBuilder builder = new SelfSignedCertificateBuilder(keyPair) |
|
74 |
.setCommonName("UaClient@Jellyleo") |
|
75 |
.setOrganization("JL") |
|
76 |
.setOrganizationalUnit("per") |
|
77 |
.setLocalityName("jl") |
|
78 |
.setStateName("JiangSu") |
|
79 |
.setCountryCode("CN") |
|
80 |
.setApplicationUri("urn:Yyt_PC:UnifiedAutomation:UaExpert") |
|
81 |
.addDnsName("Yyt_PC") |
|
82 |
.addIpAddress("127.0.0.1"); |
|
83 |
|
|
84 |
// Get as many hostnames and IP addresses as we can listed in the certificate. |
|
85 |
for (String hostname : HostnameUtil.getHostnames("0.0.0.0")) { |
|
86 |
if (IP_ADDR_PATTERN.matcher(hostname).matches()) { |
|
87 |
builder.addIpAddress(hostname); |
|
88 |
} else { |
|
89 |
builder.addDnsName(hostname); |
|
90 |
} |
|
91 |
} |
|
92 |
// 创建证书 |
|
93 |
X509Certificate certificate = builder.build(); |
|
94 |
|
|
95 |
// 设置对应私钥的别名,密码,证书链 |
|
96 |
keyStore.setKeyEntry(CLIENT_ALIAS, keyPair.getPrivate(), PASSWORD, new X509Certificate[] { certificate }); |
|
97 |
try (OutputStream out = Files.newOutputStream(serverKeyStore)) { |
|
98 |
// 保存证书到输出流 |
|
99 |
keyStore.store(out, PASSWORD); |
|
100 |
} |
|
101 |
} else { |
|
102 |
try (InputStream in = Files.newInputStream(serverKeyStore)) { |
|
103 |
// 如果文件存在则读取 |
|
104 |
keyStore.load(in, PASSWORD); |
|
105 |
} |
|
106 |
} |
|
107 |
|
|
108 |
// 用密码获取对应别名的私钥。 |
|
109 |
Key serverPrivateKey = keyStore.getKey(CLIENT_ALIAS, PASSWORD); |
|
110 |
if (serverPrivateKey instanceof PrivateKey) { |
|
111 |
// 获取对应别名的证书对象。 |
|
112 |
clientCertificate = (X509Certificate) keyStore.getCertificate(CLIENT_ALIAS); |
|
113 |
// 获取公钥 |
|
114 |
PublicKey serverPublicKey = clientCertificate.getPublicKey(); |
|
115 |
// 创建Keypair对象。 |
|
116 |
clientKeyPair = new KeyPair(serverPublicKey, (PrivateKey) serverPrivateKey); |
|
117 |
} |
|
118 |
|
|
119 |
return this; |
|
120 |
} |
|
121 |
|
|
122 |
// 返回证书 |
|
123 |
public X509Certificate getClientCertificate() { |
|
124 |
return clientCertificate; |
|
125 |
} |
|
126 |
|
|
127 |
// 返回密钥对 |
|
128 |
public KeyPair getClientKeyPair() { |
|
129 |
return clientKeyPair; |
|
130 |
} |
|
131 |
} |