基于Java代码实现证书生成
前阵子学习了Apache的openssl生成签名证书,通过一个简单的Web项目实现的,框架使用的是: struts2+spring+hibernate maven工程
1. 包结构:
2. Pojo(证书文件):
public class ServerCSR {
private String countryName;
private String provinceName;
private String localityName;
private String organizationName;
private String organizadionUnitName;
private String commonName;
public String getCountryName() {
return countryName;
}
public void setCountryName(String countryName) {
this.countryName = countryName;
}
public String getProvinceName() {
return provinceName;
}
public void setProvinceName(String provinceName) {
this.provinceName = provinceName;
}
public String getLocalityName() {
return localityName;
}
public void setLocalityName(String localityName) {
this.localityName = localityName;
}
public String getOrganizationName() {
return organizationName;
}
public void setOrganizationName(String organizationName) {
this.organizationName = organizationName;
}
public String getOrganizadionUnitName() {
return organizadionUnitName;
}
public void setOrganizadionUnitName(String organizadionUnitName) {
this.organizadionUnitName = organizadionUnitName;
}
public String getCommonName() {
return commonName;
}3. Service(具体生成证书的业务逻辑代码):
public interface IServerCrtsService {
public boolean makeCRT(ServerCSR serverCSR);
}@Service
public class ServerCrtServiceImpl implements IServerCrtsService{
@Override
public boolean makeCRT(ServerCSR serverCSR) {
try {
String cmd = "cmd.exe /c CD D:\\Apache\\Apache\\bin && "
+ "openssl genrsa -out server.key 1024 && "
+ "openssl req -new -key server.key -out server.csr "
+ "-subj \"/C="+serverCSR.getCountryName()+"/ST="+serverCSR.getProvinceName()+"/L="+serverCSR.getLocalityName()+"/O="+serverCSR.getOrganizationName()+"/OU="+serverCSR.getOrganizadionUnitName()+"/CN="+serverCSR.getCommonName()+"\" "
+ "&& openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650";
Process process=Runtime.getRuntime().exec(cmd);
Thread.sleep(1000);
} catch (Exception e) {
e.printStackTrace();
}
if(new File("D:\\Apache\\Apache\\bin\\server.crt").exists()){
return true;
}else{
return false;
}
}
}4. Action的实现类:
@Controller
public class Action extends ActionSupport{
private InputStream inputStream;
private String fileName;
private ServerCSR serverCSR;
private String tip;
private IServerCrtsService serverCrtsService;
public IServerCrtsService getServerCrtsService() {
return serverCrtsService;
}
public void setServerCrtsService(IServerCrtsService serverCrtsService) {
this.serverCrtsService = serverCrtsService;
}
public String registCRT(){
if(serverCSR==null||"".equals(serverCSR)){
return ERROR;
}else{
if(serverCrtsService.makeCRT(serverCSR)){
setTip("证书成功生成!");
return SUCCESS;
}else{
return ERROR;
}
}
}
public String downloadCRT(){
//找到下载文件,然后存写到inputStream
File file=new File("D:\\Apache\\Apache\\bin\\server.crt");
fileName=file.getName();
try{
inputStream =new FileInputStream(file);
}catch(Exception e){
e.printStackTrace();
}
//进行下载
return "download";
}
public InputStream getInputStream() {
return inputStream;
}
public void setInputStream(InputStream inputStream) {
this.inputStream = inputStream;
}
public String getFileName() {
return fileName;
}
public void setFileName(String fileName) {
this.fileName = fileName;
}
public ServerCSR getServerCSR() {
return serverCSR;
}
public void setServerCSR(ServerCSR serverCSR) {
this.serverCSR = serverCSR;
}
public String getTip() {
return tip;
}
public void setTip(String tip) {
this.tip = tip;
}
}5. 就简单的实现,没有去连接数据库,所以没有DAO层,一些配置文件也就不放出来了,这些都可以网上找,ssh框架的配置文件一大堆
6. 简单的前端页面:
regist.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags" prefix="s" %>
注册证书
注册证书
download.jsp<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags" prefix="s" %>
下载证书
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
My JSP 'index.jsp' starting page
success.jsp<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@taglib prefix="s" uri="/struts-tags"%>
成功页面
操作完成,error.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@taglib prefix="s" uri="/struts-tags"%>
错误页面
生成失败!
welcome.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@taglib prefix="s" uri="/struts-tags"%>
错误页面
欢迎登陆!
/success.jsp
/error.jsp
inputStream
attachment;filename="${fileName}"
application/octet-stream
1024
下面就是实现Apache反向代理到Tomcat服务器,实现访问页面由http转换成基于ssl协议的https:
1. 找到httpd.conf和httpd-ssl.conf文件进行修改:
httpd.conf:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
#以上2行是开启ssl
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
#以上2行是为了https给转发tomcat httpd-ssl.conf:
在中插入如下代码
SSLProxyEngine on
ProxyRequests off
#sys
ProxyPass /finance-https/ http://localhost:8080/finance-https/
ProxyPassReverse /finance-https/ http://localhost:8080/finance-https/ 最后的效果图如下:<装证书,提示证书错误,然后下载证书并安装,就ok了:上述若有不对,欢迎指出!
