keytool -genkey 叩き台
X500Nameとか見てたら、公開パッケージのみに作り直すの面倒くさくなってきた。。。
つーわけでKeyToolクラスからパクってきて少しいじった下記の非公開パッケージ使用版コードを、一昨日作ったKeyStoreWrapperに組み込む方向で。
import java.io.*; import java.security.*; import java.security.cert.*; import sun.security.x509.*; public class GenKey { public static void main(String[] args) throws Exception { String keyStore = System.getProperty("user.home") + File.separator + ".keystore"; KeyStoreWrapper ks = new KeyStoreWrapper(new File(keyStore),"changeit"); genkey( ks.getKeyStore() , "changeit" , "key_alias" ,new GenKeyParams("www.oreore.com" ,"OreOre CA Services" ,"OreOre Japan K.K." ,"Shinagawa" ,"Tokyo" ,"JP" ) ); ks.save(); } public static X509Certificate[] genkey( KeyStore keyStore , String keyPass , String alias , GenKeyParams params ) throws NoSuchAlgorithmException , NoSuchProviderException , KeyStoreException , IOException , InvalidKeyException , CertificateException , SignatureException { if (keyStore.containsAlias(alias)) throw new KeyStoreException("alias <" + alias + "> already exists"); if( keyPass == null || keyPass.length() < 6 ) throw new InvalidKeyException("keyPass '" + keyPass + "'"); CertAndKeyGen keypair = new CertAndKeyGen( params.keyAlgName, params.sigAlgName, null); X500Name x500Name = new X500Name( params.commonName , params.organizationUnit , params.organizationName , params.localityName , params.stateName , params.country); keypair.generate(params.keySize); PrivateKey privKey = keypair.getPrivateKey(); X509Certificate[] chain = new X509Certificate[1]; chain[0] = keypair.getSelfCertificate(x500Name, (long) params.validity); keyStore.setKeyEntry(alias, privKey, keyPass.toCharArray(), chain); return chain; } static class GenKeyParams { private String commonName; // cn private String organizationUnit; // ou private String organizationName; // o private String localityName; // l private String stateName; // st private String country; // c private long validity = 90 * 24 * 60 * 60; // 90 days private String keyAlgName = "DSA"; private int keySize = 1024; private String sigAlgName = "SHA1WithDSA"; public GenKeyParams( String commonName , String organizationUnit , String organizationName , String localityName , String stateName , String country) { this.commonName = commonName; this.organizationUnit = organizationUnit; this.organizationName = organizationName; this.localityName = localityName; this.stateName = stateName; this.country = country; } public void setKeyAlgName(String keyAlgName) throws NoSuchAlgorithmException { this.keyAlgName = keyAlgName; if (sigAlgName == null) { if (keyAlgName.equalsIgnoreCase("DSA")) { sigAlgName = "SHA1WithDSA"; } else if (keyAlgName.equalsIgnoreCase("RSA")) { sigAlgName = "MD5WithRSA"; } else { throw new NoSuchAlgorithmException("Cannot derive signature algorithm='" + keyAlgName + "'"); } } } public void setSigAlgName(String sigAlgName) { this.sigAlgName = sigAlgName; } } }