【java】在springboot中实现证书双向验证

发布于:2025-06-07 ⋅ 阅读:(19) ⋅ 点赞:(0)

证书生成

public static void main(String[] args) throws Exception {
    // 生成密钥对
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
    keyPairGenerator.initialize(2048);
    KeyPair keyPair = keyPairGenerator.generateKeyPair();
    // 获取私钥和公钥
    PrivateKey privateKey = keyPair.getPrivate();
    PublicKey publicKey = keyPair.getPublic();
    // 打印私钥和公钥
    System.out.println("Private Key (Base64): " + Base64.getEncoder().encodeToString(privateKey.getEncoded()));
    System.out.println("Public Key (Base64): " + Base64.getEncoder().encodeToString(publicKey.getEncoded()));
    // 生成证书
    X500Name subject = new X500Name("CN=localhosttt, O=demo1, L=City, ST=State, C=US");
    X500Name issuer = subject;
    BigInteger serialNumber = new BigInteger(64, new SecureRandom());
    Date notBefore = new Date(System.currentTimeMillis() - 10000);
    Date notAfter = new Date(System.currentTimeMillis() + 365L * 24 * 60 * 60 * 1000);
    JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(
        issuer, serialNumber, notBefore, notAfter, subject, keyPair.getPublic());
    ContentSigner signer = new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate());
    X509Certificate cert = new JcaX509CertificateConverter().getCertificate(certBuilder.build(signer));

    // 将证书和私钥存入 KeyStore
    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(null, null);
    keyStore.setCertificateEntry("mycert", cert);
    keyStore.setKeyEntry("mykey", keyPair.getPrivate(), "password".toCharArray(), new Certificate[]{cert});

    // 保存到文件
    try (FileOutputStream fos = new FileOutputStream("keystore.jks")) {
        keyStore.store(fos, "password".toCharArray());
    }
    // 导出为 CRT 文件(证书文件)
    try (PEMWriter pemWriter = new PEMWriter(new FileWriter("certificate.crt"))) {
        pemWriter.writeObject(cert);
    }
    // 导出为 KEY 文件(私钥文件)
    try (PEMWriter pemWriter = new PEMWriter(new FileWriter("private.key"))) {
        pemWriter.writeObject(keyPair.getPrivate());
    }
    // 导出为 CER 文件(证书文件)
    try (FileOutputStream fos = new FileOutputStream("certificate.cer")) {
        fos.write(cert.getEncoded());  // 通过getEncoded()方法直接获取证书的编码
    }
}

证书强制验证

在spring boot中强制验证证书,在application.yml中添加如下配置

server.port=
server.ssl.enabled=true
server.ssl.key-store=classpath:server.jks
server.ssl.key-store-password=your_password
server.ssl.trust-store=classpath:localhost.jks
server.ssl.trust-store-password=your_password
server.ssl.client-auth=need

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布