Example 1 with CertificateRole
use of com.jd.blockchain.ca.CertificateRole in project jdchain-core by blockchain-jd-com.
the class CATestPlus method run.
@Override
public void run() {
File caHome = new File(caCli.getCaHome());
if (!caHome.exists()) {
caHome.mkdirs();
}
try {
if (StringUtils.isEmpty(password)) {
password = caCli.scanValue("password for all private keys");
}
Security.removeProvider("SunEC");
PrivKey issuerPrivKey = null;
PrivateKey issuerPrivateKey = null;
X509Certificate issuerCrt = null;
File trustStoreFile = new File(caCli.getTlsHome() + File.separator + "trust.jks");
for (int i = 0; i < nodes + users + gws + 1; i++) {
String name;
CertificateRole ou;
if (i == 0) {
name = "root";
ou = CertificateRole.ROOT;
} else if (i <= nodes) {
name = "peer" + (i - 1);
ou = CertificateRole.PEER;
} else if (i <= nodes + gws) {
name = "gw" + (i - nodes - 1);
ou = CertificateRole.GW;
} else {
name = "user" + (i - nodes - gws - 1);
ou = CertificateRole.USER;
}
algorithm = algorithm.toUpperCase();
AsymmetricKeypair keypair = Crypto.getSignatureFunction(algorithm).generateKeypair();
String pubkey = KeyGenUtils.encodePubKey(keypair.getPubKey());
String base58pwd = KeyGenUtils.encodePasswordAsBase58(password);
String privkey = KeyGenUtils.encodePrivKey(keypair.getPrivKey(), base58pwd);
FileUtils.writeText(pubkey, new File(caCli.getKeysHome() + File.separator + name + ".pub"));
FileUtils.writeText(privkey, new File(caCli.getKeysHome() + File.separator + name + ".priv"));
FileUtils.writeText(base58pwd, new File(caCli.getKeysHome() + File.separator + name + ".pwd"));
if (i == 0) {
issuerPrivKey = keypair.getPrivKey();
issuerPrivateKey = CertificateUtils.retrievePrivateKey(issuerPrivKey);
}
X500Name subject = caCli.buildRDN(organization, ou, country, province, locality, name, email);
X509Certificate certificate = caCli.genCert(CertificateUsage.SIGN, algorithm, name, subject, ou, CertificateUtils.retrievePublicKey(keypair.getPubKey()), issuerPrivateKey, issuerCrt);
if (i == 0) {
FileUtils.writeText(CertificateUtils.toPEMString(certificate), new File(caCli.getCaHome() + File.separator + name + ".crt"));
issuerCrt = certificate;
caCli.trustStore(trustStoreFile, name, password, certificate);
} else {
FileUtils.writeText(CertificateUtils.toPEMString(certificate), new File(caCli.getSignHome() + File.separator + name + ".crt"));
String ip = "127.0.0.1";
switch(ou) {
case PEER:
if (nodeIPs.length >= i) {
ip = nodeIPs[i - 1];
}
break;
case GW:
if (gwIPs.length >= i - nodes) {
ip = gwIPs[i - nodes - 1];
}
break;
case USER:
if (gwIPs.length >= i - nodes - gws) {
ip = userIPs[i - nodes - gws - 1];
}
break;
default:
break;
}
PrivateKey privateKey = CertificateUtils.retrievePrivateKey(keypair.getPrivKey(), keypair.getPubKey());
FileUtils.writeText(CertificateUtils.toPEMString(algorithm, privateKey), new File(caCli.getKeysHome() + File.separator + name + ".key"));
if (!algorithm.equalsIgnoreCase("SM2")) {
subject = caCli.buildRDN(organization, ou, country, province, locality, ip, email);
X509Certificate tlsCertificate = caCli.genCert(CertificateUsage.TLS, algorithm, ip, subject, ou, CertificateUtils.retrievePublicKey(keypair.getPubKey()), issuerPrivateKey, issuerCrt);
FileUtils.writeText(CertificateUtils.toPEMString(tlsCertificate), new File(caCli.getTlsHome() + File.separator + name + ".crt"));
caCli.keyStore(privateKey, name, password, tlsCertificate, issuerCrt);
caCli.trustStore(trustStoreFile, name, password, tlsCertificate);
} else {
AsymmetricKeypair signKeypair = Crypto.getSignatureFunction(algorithm).generateKeypair();
subject = caCli.buildRDN(organization, ou, country, province, locality, ip, email);
X509Certificate signCertificate = caCli.genCert(CertificateUsage.TLS_SIGN, algorithm, ip, subject, ou, CertificateUtils.retrievePublicKey(signKeypair.getPubKey()), issuerPrivateKey, issuerCrt);
FileUtils.writeText(CertificateUtils.toPEMString(signCertificate), new File(caCli.getTlsHome() + File.separator + name + ".sign.crt"));
PrivateKey signPrivateKey = CertificateUtils.retrievePrivateKey(signKeypair.getPrivKey(), signKeypair.getPubKey());
FileUtils.writeText(CertificateUtils.toPEMString(signPrivateKey), new File(caCli.getKeysHome() + File.separator + name + ".sign.key"));
caCli.keyStore(signPrivateKey, name + ".sign", password, signCertificate, issuerCrt);
AsymmetricKeypair encKeypair = Crypto.getSignatureFunction(algorithm).generateKeypair();
X509Certificate encCertificate = caCli.genCert(CertificateUsage.TLS_ENC, algorithm, ip, subject, ou, CertificateUtils.retrievePublicKey(encKeypair.getPubKey()), issuerPrivateKey, issuerCrt);
FileUtils.writeText(CertificateUtils.toPEMString(encCertificate), new File(caCli.getTlsHome() + File.separator + name + ".enc.crt"));
PrivateKey encPrivateKey = CertificateUtils.retrievePrivateKey(encKeypair.getPrivKey(), encKeypair.getPubKey());
FileUtils.writeText(CertificateUtils.toPEMString(encPrivateKey), new File(caCli.getKeysHome() + File.separator + name + ".enc.key"));
caCli.keyStore(encPrivateKey, name + ".enc", password, encCertificate, issuerCrt);
caCli.doubleKeysStore(name, signPrivateKey, encPrivateKey, password, signCertificate, encCertificate, issuerCrt);
caCli.trustStore(trustStoreFile, name + ".sign", password, signCertificate);
caCli.trustStore(trustStoreFile, name + ".enc", password, encCertificate);
}
}
}
System.out.println("create test certificates in [" + caCli.getCaHome() + "] success");
} catch (Exception e) {
e.printStackTrace();
}
}
Also used :
PrivateKey(java.security.PrivateKey)
X500Name(org.bouncycastle.asn1.x500.X500Name)
CertificateRole(com.jd.blockchain.ca.CertificateRole)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
CertificateRole (com.jd.blockchain.ca.CertificateRole)1
PrivateKey (java.security.PrivateKey)1
X509Certificate (java.security.cert.X509Certificate)1
X500Name (org.bouncycastle.asn1.x500.X500Name)1
