Search in sources :

Example 1 with CertificateRole

use of com.jd.blockchain.ca.CertificateRole in project jdchain-core by blockchain-jd-com.

the class CATestPlus method run.

@Override
public void run() {
    File caHome = new File(caCli.getCaHome());
    if (!caHome.exists()) {
        caHome.mkdirs();
    }
    try {
        if (StringUtils.isEmpty(password)) {
            password = caCli.scanValue("password for all private keys");
        }
        Security.removeProvider("SunEC");
        PrivKey issuerPrivKey = null;
        PrivateKey issuerPrivateKey = null;
        X509Certificate issuerCrt = null;
        File trustStoreFile = new File(caCli.getTlsHome() + File.separator + "trust.jks");
        for (int i = 0; i < nodes + users + gws + 1; i++) {
            String name;
            CertificateRole ou;
            if (i == 0) {
                name = "root";
                ou = CertificateRole.ROOT;
            } else if (i <= nodes) {
                name = "peer" + (i - 1);
                ou = CertificateRole.PEER;
            } else if (i <= nodes + gws) {
                name = "gw" + (i - nodes - 1);
                ou = CertificateRole.GW;
            } else {
                name = "user" + (i - nodes - gws - 1);
                ou = CertificateRole.USER;
            }
            algorithm = algorithm.toUpperCase();
            AsymmetricKeypair keypair = Crypto.getSignatureFunction(algorithm).generateKeypair();
            String pubkey = KeyGenUtils.encodePubKey(keypair.getPubKey());
            String base58pwd = KeyGenUtils.encodePasswordAsBase58(password);
            String privkey = KeyGenUtils.encodePrivKey(keypair.getPrivKey(), base58pwd);
            FileUtils.writeText(pubkey, new File(caCli.getKeysHome() + File.separator + name + ".pub"));
            FileUtils.writeText(privkey, new File(caCli.getKeysHome() + File.separator + name + ".priv"));
            FileUtils.writeText(base58pwd, new File(caCli.getKeysHome() + File.separator + name + ".pwd"));
            if (i == 0) {
                issuerPrivKey = keypair.getPrivKey();
                issuerPrivateKey = CertificateUtils.retrievePrivateKey(issuerPrivKey);
            }
            X500Name subject = caCli.buildRDN(organization, ou, country, province, locality, name, email);
            X509Certificate certificate = caCli.genCert(CertificateUsage.SIGN, algorithm, name, subject, ou, CertificateUtils.retrievePublicKey(keypair.getPubKey()), issuerPrivateKey, issuerCrt);
            if (i == 0) {
                FileUtils.writeText(CertificateUtils.toPEMString(certificate), new File(caCli.getCaHome() + File.separator + name + ".crt"));
                issuerCrt = certificate;
                caCli.trustStore(trustStoreFile, name, password, certificate);
            } else {
                FileUtils.writeText(CertificateUtils.toPEMString(certificate), new File(caCli.getSignHome() + File.separator + name + ".crt"));
                String ip = "127.0.0.1";
                switch(ou) {
                    case PEER:
                        if (nodeIPs.length >= i) {
                            ip = nodeIPs[i - 1];
                        }
                        break;
                    case GW:
                        if (gwIPs.length >= i - nodes) {
                            ip = gwIPs[i - nodes - 1];
                        }
                        break;
                    case USER:
                        if (gwIPs.length >= i - nodes - gws) {
                            ip = userIPs[i - nodes - gws - 1];
                        }
                        break;
                    default:
                        break;
                }
                PrivateKey privateKey = CertificateUtils.retrievePrivateKey(keypair.getPrivKey(), keypair.getPubKey());
                FileUtils.writeText(CertificateUtils.toPEMString(algorithm, privateKey), new File(caCli.getKeysHome() + File.separator + name + ".key"));
                if (!algorithm.equalsIgnoreCase("SM2")) {
                    subject = caCli.buildRDN(organization, ou, country, province, locality, ip, email);
                    X509Certificate tlsCertificate = caCli.genCert(CertificateUsage.TLS, algorithm, ip, subject, ou, CertificateUtils.retrievePublicKey(keypair.getPubKey()), issuerPrivateKey, issuerCrt);
                    FileUtils.writeText(CertificateUtils.toPEMString(tlsCertificate), new File(caCli.getTlsHome() + File.separator + name + ".crt"));
                    caCli.keyStore(privateKey, name, password, tlsCertificate, issuerCrt);
                    caCli.trustStore(trustStoreFile, name, password, tlsCertificate);
                } else {
                    AsymmetricKeypair signKeypair = Crypto.getSignatureFunction(algorithm).generateKeypair();
                    subject = caCli.buildRDN(organization, ou, country, province, locality, ip, email);
                    X509Certificate signCertificate = caCli.genCert(CertificateUsage.TLS_SIGN, algorithm, ip, subject, ou, CertificateUtils.retrievePublicKey(signKeypair.getPubKey()), issuerPrivateKey, issuerCrt);
                    FileUtils.writeText(CertificateUtils.toPEMString(signCertificate), new File(caCli.getTlsHome() + File.separator + name + ".sign.crt"));
                    PrivateKey signPrivateKey = CertificateUtils.retrievePrivateKey(signKeypair.getPrivKey(), signKeypair.getPubKey());
                    FileUtils.writeText(CertificateUtils.toPEMString(signPrivateKey), new File(caCli.getKeysHome() + File.separator + name + ".sign.key"));
                    caCli.keyStore(signPrivateKey, name + ".sign", password, signCertificate, issuerCrt);
                    AsymmetricKeypair encKeypair = Crypto.getSignatureFunction(algorithm).generateKeypair();
                    X509Certificate encCertificate = caCli.genCert(CertificateUsage.TLS_ENC, algorithm, ip, subject, ou, CertificateUtils.retrievePublicKey(encKeypair.getPubKey()), issuerPrivateKey, issuerCrt);
                    FileUtils.writeText(CertificateUtils.toPEMString(encCertificate), new File(caCli.getTlsHome() + File.separator + name + ".enc.crt"));
                    PrivateKey encPrivateKey = CertificateUtils.retrievePrivateKey(encKeypair.getPrivKey(), encKeypair.getPubKey());
                    FileUtils.writeText(CertificateUtils.toPEMString(encPrivateKey), new File(caCli.getKeysHome() + File.separator + name + ".enc.key"));
                    caCli.keyStore(encPrivateKey, name + ".enc", password, encCertificate, issuerCrt);
                    caCli.doubleKeysStore(name, signPrivateKey, encPrivateKey, password, signCertificate, encCertificate, issuerCrt);
                    caCli.trustStore(trustStoreFile, name + ".sign", password, signCertificate);
                    caCli.trustStore(trustStoreFile, name + ".enc", password, encCertificate);
                }
            }
        }
        System.out.println("create test certificates in [" + caCli.getCaHome() + "] success");
    } catch (Exception e) {
        e.printStackTrace();
    }
}
Also used : PrivateKey(java.security.PrivateKey) X500Name(org.bouncycastle.asn1.x500.X500Name) CertificateRole(com.jd.blockchain.ca.CertificateRole) X509Certificate(java.security.cert.X509Certificate)

Aggregations

CertificateRole (com.jd.blockchain.ca.CertificateRole)1 PrivateKey (java.security.PrivateKey)1 X509Certificate (java.security.cert.X509Certificate)1 X500Name (org.bouncycastle.asn1.x500.X500Name)1