Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
suliangchun
dbeaver
提交
d7c3fb8b
D
dbeaver
项目概览
suliangchun
/
dbeaver
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dbeaver
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
d7c3fb8b
编写于
10月 04, 2021
作者:
S
ShadelessFox
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
#11360 Generate self-signed certificate using Bouncy Castle
上级
db626f48
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
21 addition
and
36 deletion
+21
-36
features/org.jkiss.dbeaver.runtime.feature/feature.xml
features/org.jkiss.dbeaver.runtime.feature/feature.xml
+3
-0
plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/impl/app/CertificateGenHelper.java
...rg/jkiss/dbeaver/model/impl/app/CertificateGenHelper.java
+18
-34
pom.xml
pom.xml
+0
-2
未找到文件。
features/org.jkiss.dbeaver.runtime.feature/feature.xml
浏览文件 @
d7c3fb8b
...
...
@@ -45,4 +45,7 @@
<plugin
id=
"org.apache.commons.jexl"
download-size=
"0"
install-size=
"0"
version=
"0.0.0"
unpack=
"false"
/>
<plugin
id=
"com.google.gson"
download-size=
"0"
install-size=
"0"
version=
"0.0.0"
/>
<!-- Bouncycastle -->
<plugin
id=
"org.bouncycastle.bcpkix"
download-size=
"0"
install-size=
"0"
version=
"0.0.0"
unpack=
"false"
/>
<plugin
id=
"org.bouncycastle.bcprov"
download-size=
"0"
install-size=
"0"
version=
"0.0.0"
unpack=
"false"
/>
</feature>
plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/impl/app/CertificateGenHelper.java
浏览文件 @
d7c3fb8b
package
org.jkiss.dbeaver.model.impl.app
;
import
sun.security.x509.*
;
import
org.bouncycastle.asn1.x500.X500Name
;
import
org.bouncycastle.cert.X509CertificateHolder
;
import
org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
;
import
org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder
;
import
org.bouncycastle.operator.ContentSigner
;
import
org.bouncycastle.operator.OperatorCreationException
;
import
org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
;
import
javax.net.ssl.TrustManager
;
import
javax.net.ssl.X509TrustManager
;
import
java.io.IOException
;
import
java.math.BigInteger
;
import
java.security.*
;
import
java.security.cert.Certificate
;
import
java.security.cert.X509Certificate
;
import
java.time.Instant
;
import
java.time.temporal.ChronoUnit
;
import
java.util.Date
;
/**
...
...
@@ -42,47 +49,24 @@ public class CertificateGenHelper {
* @param algorithm the signing algorithm, eg "SHA1withRSA"
*/
public
static
Certificate
generateCertificate
(
String
dn
,
KeyPair
pair
,
int
days
,
String
algorithm
)
throws
GeneralSecurityException
,
IO
Exception
throws
GeneralSecurityException
,
OperatorCreation
Exception
{
PrivateKey
privkey
=
pair
.
getPrivate
();
X509CertInfo
info
=
new
X509CertInfo
();
Date
from
=
new
Date
();
Date
to
=
new
Date
(
from
.
getTime
()
+
days
*
86400000
l
);
CertificateValidity
interval
=
new
CertificateValidity
(
from
,
to
);
Instant
from
=
Instant
.
now
();
Instant
until
=
from
.
plus
(
days
,
ChronoUnit
.
DAYS
);
BigInteger
sn
=
new
BigInteger
(
64
,
new
SecureRandom
());
X500Name
owner
=
new
X500Name
(
dn
);
info
.
set
(
X509CertInfo
.
VALIDITY
,
interval
);
info
.
set
(
X509CertInfo
.
SERIAL_NUMBER
,
new
CertificateSerialNumber
(
sn
));
try
{
info
.
set
(
X509CertInfo
.
SUBJECT
,
new
CertificateSubjectName
(
owner
));
}
catch
(
Exception
e
)
{
info
.
set
(
X509CertInfo
.
SUBJECT
,
owner
);
}
try
{
info
.
set
(
X509CertInfo
.
ISSUER
,
new
CertificateIssuerName
(
owner
));
}
catch
(
Exception
e
)
{
info
.
set
(
X509CertInfo
.
ISSUER
,
owner
);
}
info
.
set
(
X509CertInfo
.
KEY
,
new
CertificateX509Key
(
pair
.
getPublic
()));
info
.
set
(
X509CertInfo
.
VERSION
,
new
CertificateVersion
(
CertificateVersion
.
V3
));
AlgorithmId
algo
=
AlgorithmId
.
get
(
"MD5withRSA"
);
info
.
set
(
X509CertInfo
.
ALGORITHM_ID
,
new
CertificateAlgorithmId
(
algo
));
// Sign the cert to identify the algorithm that's used.
X509CertImpl
cert
=
new
X509CertImpl
(
info
);
cert
.
sign
(
privkey
,
algorithm
);
JcaX509v3CertificateBuilder
builder
=
new
JcaX509v3CertificateBuilder
(
owner
,
sn
,
Date
.
from
(
from
),
Date
.
from
(
until
),
owner
,
pair
.
getPublic
());
ContentSigner
signer
=
new
JcaContentSignerBuilder
(
algorithm
).
build
(
pair
.
getPrivate
());
X509CertificateHolder
holder
=
builder
.
build
(
signer
);
X509Certificate
cert
=
new
JcaX509CertificateConverter
().
getCertificate
(
holder
);
cert
.
verify
(
pair
.
getPublic
());
// Update the algorith, and resign.
algo
=
(
AlgorithmId
)
cert
.
get
(
X509CertImpl
.
SIG_ALG
);
info
.
set
(
CertificateAlgorithmId
.
NAME
+
"."
+
CertificateAlgorithmId
.
ALGORITHM
,
algo
);
cert
=
new
X509CertImpl
(
info
);
cert
.
sign
(
privkey
,
algorithm
);
return
cert
;
}
public
static
Certificate
generateCertificate
(
String
dn
)
throws
GeneralSecurityException
,
IO
Exception
throws
GeneralSecurityException
,
OperatorCreation
Exception
{
KeyPairGenerator
keyPairGenerator
=
KeyPairGenerator
.
getInstance
(
"RSA"
);
KeyPair
keyPair
=
keyPairGenerator
.
generateKeyPair
();
...
...
pom.xml
浏览文件 @
d7c3fb8b
...
...
@@ -110,8 +110,6 @@
<compilerArg>
--add-exports
</compilerArg>
<compilerArg>
java.base/sun.security.util=ALL-UNNAMED
</compilerArg>
<compilerArg>
--add-exports
</compilerArg>
<compilerArg>
java.base/sun.security.x509=ALL-UNNAMED
</compilerArg>
</compilerArgs>
</configuration>
</plugin>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录