79430209

Date: 2025-02-11 13:57:54
Score: 0.5
Natty:
Report link
import java.io.*;
import java.security.*;
import java.security.cert.*;
import java.security.cert.Certificate;
import java.util.Arrays;
import javax.net.ssl.*;

public class SSLManager {

    
    public static void main(String[] args) throws Exception {
        String keystorePassword = "changeit"; // Change as needed
        String alias = "server";

        // Load Root CA
        KeyStore rootKeyStore = KeyStore.getInstance("PKCS12");
        try (FileInputStream fis = new FileInputStream("rootCA.p12")) {
            rootKeyStore.load(fis, keystorePassword.toCharArray());
        }
        
        PrivateKey rootPrivateKey = (PrivateKey) rootKeyStore.getKey("rootCA", keystorePassword.toCharArray());
        Certificate rootCACert = rootKeyStore.getCertificate("rootCA");

        // Generate Server KeyPair
        KeyPair serverKeyPair = generateKeyPair();

        // Generate and Sign Server Certificate
        X509Certificate serverCert = generateSignedCertificate(serverKeyPair, (X509Certificate) rootCACert, rootPrivateKey);

        // Store Server Key and Certificate Chain in Keystore
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null); // Create empty keystore
        keyStore.setKeyEntry(alias, serverKeyPair.getPrivate(), keystorePassword.toCharArray(), 
                             new Certificate[]{serverCert, rootCACert});

        // Save Keystore to File
        try (FileOutputStream fos = new FileOutputStream("server_keystore.p12")) {
            keyStore.store(fos, keystorePassword.toCharArray());
        }

        // Load Keystore into SSLContext
        SSLContext sslContext = initSSLContext("server_keystore.p12", keystorePassword);
        System.out.println("SSLContext Initialized Successfully!");
    }

    private static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
        keyGen.initialize(2048);
        return keyGen.generateKeyPair();
    }

    private static X509Certificate generateSignedCertificate(KeyPair serverKeyPair, X509Certificate rootCert, PrivateKey rootPrivateKey)
            throws Exception {
        // This method should implement certificate signing using BouncyCastle or Java APIs.
        // For brevity, assuming an existing method that returns a signed X509Certificate.
        return CertificateGenerator.signCertificate(serverKeyPair, rootCert, rootPrivateKey);
    }

    private static SSLContext initSSLContext(String keystorePath, String keystorePassword) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        try (FileInputStream fis = new FileInputStream(keystorePath)) {
            keyStore.load(fis, keystorePassword.toCharArray());
        }

        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, keystorePassword.toCharArray());

        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
        return sslContext;
    }
}

ashokit

Reasons:
  • Probably link only (1):
  • Long answer (-1):
  • Has code block (-0.5):
  • Low reputation (1):
Posted by: Akshay Giram