Created
January 15, 2021 00:38
-
-
Save johnou/d9118891ada6791717ea322242cd497a to your computer and use it in GitHub Desktop.
Example of generating private key and certificates for Netty server context builder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.FileInputStream; | |
import java.io.FileNotFoundException; | |
import java.io.IOException; | |
import java.security.*; | |
import java.security.cert.Certificate; | |
import java.security.cert.CertificateException; | |
import java.security.cert.X509Certificate; | |
import java.util.ArrayList; | |
import java.util.List; | |
public class KeyMain { | |
/** | |
* openssl req -newkey rsa:4096 -nodes -keyout key.pem -x509 -days 365000 -subj "/CN=atomix.io" -out certificate.pem -passout pass:"temporarypassword" | |
* openssl pkcs12 -export -in certificate.pem -inkey key.pem -out atomix.pk12 -name "atomix" -password pass:temporarypassword | |
* keytool -importkeystore -srckeystore atomix.pk12 -destkeystore atomix.p12 -srcstoretype PKCS12 -deststoretype pkcs12 -srcstorepass temporarypassword -deststorepass kpchangemenow -destkeypass kpchangemenow | |
* | |
* @param args | |
* @throws KeyStoreException | |
* @throws FileNotFoundException | |
*/ | |
public static void main(String[] args) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException { | |
String certAlias = "atomix"; | |
char[] ksPassword = "kpchangemenow".toCharArray(); | |
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); | |
keystore.load(new FileInputStream("/home/johno/tmp/atomix.p12"), ksPassword); | |
final Certificate[] certificateChain = keystore.getCertificateChain(certAlias); | |
final List<X509Certificate> x509Certificates = new ArrayList<>(certificateChain.length); | |
for (Certificate certificate : certificateChain) { | |
if (certificate instanceof X509Certificate) { | |
x509Certificates.add((X509Certificate) certificate); | |
} else { | |
System.out.println("Unexpected certificate for alias " + certAlias); | |
} | |
} | |
PrivateKey key = (PrivateKey) keystore.getKey(certAlias, "kpchangemenow".toCharArray()); | |
System.out.println("ok"); | |
// SslContextBuilder.forServer(key, x509Certificates) | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment