use of iaik.asn1.ObjectID in project apjp by jvansteirteghem.
the class HTTPS method createSSLServerSocket.
public static synchronized SSLServerSocket createSSLServerSocket(String remoteAddress, int remotePort) throws HTTPSException {
try {
KeyStore defaultKeyStore = getDefaultKeyStore();
PrivateKey privateKey = (PrivateKey) defaultKeyStore.getKey("APJP", "APJP".toCharArray());
Certificate certificateAuthority = defaultKeyStore.getCertificate("APJP");
String certificateAlias;
if (remotePort == 443) {
certificateAlias = remoteAddress;
} else {
certificateAlias = remoteAddress + ":" + remotePort;
}
Certificate certificate = defaultKeyStore.getCertificate(certificateAlias);
if (certificate == null) {
X509Certificate x509CertificateAuthority = new X509Certificate(certificateAuthority.getEncoded());
X509Certificate x509Certificate = new X509Certificate();
Name name = new Name();
//CN
name.addRDN(new ObjectID("2.5.4.3"), certificateAlias);
// O
name.addRDN(new ObjectID("2.5.4.10"), "APJP");
// OU
name.addRDN(new ObjectID("2.5.4.11"), "APJP");
x509Certificate.setSubjectDN(name);
x509Certificate.setIssuerDN(x509CertificateAuthority.getIssuerDN());
x509Certificate.setValidNotBefore(new Date(new Date().getTime() - 1 * (1000L * 60 * 60 * 24 * 365)));
x509Certificate.setValidNotAfter(new Date(new Date().getTime() + 10 * (1000L * 60 * 60 * 24 * 365)));
x509Certificate.setSerialNumber(BigInteger.valueOf(new Date().getTime()));
x509Certificate.setPublicKey(x509CertificateAuthority.getPublicKey());
// SHA1_WITH_RSA_ENCRYPTION
x509Certificate.sign(new AlgorithmID(new ObjectID("1.2.840.113549.1.1.5")), privateKey);
X509Certificate[] x509CertificateArray = new X509Certificate[2];
x509CertificateArray[0] = x509Certificate;
x509CertificateArray[1] = x509CertificateAuthority;
defaultKeyStore.setCertificateEntry(certificateAlias, x509Certificate);
defaultKeyStore.setKeyEntry(certificateAlias, privateKey, "APJP".toCharArray(), x509CertificateArray);
certificate = x509Certificate;
}
Certificate[] certificateArray = new Certificate[2];
certificateArray[0] = certificate;
certificateArray[1] = certificateAuthority;
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, "APJP".toCharArray());
keyStore.setCertificateEntry("APJP", certificate);
keyStore.setKeyEntry("APJP", privateKey, "APJP".toCharArray(), certificateArray);
SSLContext sslContext = SSLContext.getInstance("TLS");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "APJP".toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
SSLServerSocketFactory sslServerSocketFactory = (SSLServerSocketFactory) sslContext.getServerSocketFactory();
return (SSLServerSocket) sslServerSocketFactory.createServerSocket();
} catch (Exception e) {
logger.log(2, "HTTPS/CREATE_SSL_SERVER_SOCKET: EXCEPTION", e);
throw new HTTPSException("HTTPS/CREATE_SSL_SERVER_SOCKET", e);
}
}
Aggregations