since.2006  

最近要做一个登录时数字证书验证的功能,在用户登录时除了效验用户名密码,还需验证其数字证书。

相关资源:IBM developerWroks中国中的tomcat4中使用SSLjavaeye中的Acegi X.509双向认证

异同之处
tomcat4中使用SSL中的异同:jdk1.4中已经包含JSSE。
AcegiX.509双向认证中的异同:tomcat6配置文件多了SSLEnabled="true"属性。

实现方法

  • 生成CA证书。目前不使用第三方权威机构的CA来认证,自己充当CA的角色。

1.创建私钥:
C:\OpenSSL\apps>openssl genrsa -out root/root-key.pem 1024
2.创建证书请求:
C:\OpenSSL\apps>openssl req -new -out root/root-req.csr -key root/root-key.pem
3.自签署证书:
C:\OpenSSL\apps>openssl x509 -req -in root/root-req.csr -out root/root-cert.pem -signkey root/root-key.pem -days 3650
4.将证书导出成浏览器支持的.p12格式:
C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in root/root-cert.pem -inkey root/root-key.pem -out root/root.p12

  • 生成server证书

1.创建私钥:
C:\OpenSSL\apps>openssl genrsa -out server/server-key.pem 1024
2.创建证书请求:
C:\OpenSSL\apps>openssl req -new -out server/server-req.csr -key server/server-key.pem
3.自签署证书:
C:\OpenSSL\apps>openssl x509 -req -in server/server-req.csr -out server/server-cert.pem -signkey server/server-key.pem -CA root/root-cert.pem -CAkey root/root-key.pem -CAcreateserial -days 3650
4.将证书导出成浏览器支持的.p12格式:
C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in server/server-cert.pem -inkey server/server-key.pem -out server/server.p12

  • 生成client证书

1.创建私钥:
C:\OpenSSL\apps>openssl genrsa -out client/client-key.pem 1024
2.创建证书请求:
C:\OpenSSL\apps>openssl req -new -out client/client-req.csr -key client/client-key.pem
3.自签署证书:
C:\OpenSSL\apps>openssl x509 -req -in client/client-req.csr -out client/client-cert.pem -signkey client/client-key.pem -CA root/root-cert.pem -CAkey root/root-key.pem -CAcreateserial -days 3650
4.将证书导出成浏览器支持的.p12格式:
C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in client/client-cert.pem -inkey client/client-key.pem -out client/client.p12

  • 根据root证书生成jks文件
C:\OpenSSL\apps\root>keytool -import -v -trustcacerts -storepass password -alias root -file root-cert.pem -keystore root.jks
  • 配置tomcat使用SSL

修改conf/server.xml,tomcat6中多了SSLEnabled="true"属性。keystorefile, truststorefile设置为你正确的相关路径

<CONNECTOR truststorepass="123456" truststoretype="JKS" truststorefile="d:/path/bin/x509/root.jks"  
keystorepass="123456" keystoretype="PKCS12" keystorefile="d:/path/bin/x509/server.p12" clientauth="true"  
sslprotocol="TLS" acceptcount="100" disableuploadtimeout="true" enablelookups="false" maxsparethreads="75"  
minsparethreads="25" maxthreads="150" maxhttpheadersize="8192" sslenabled="true" port="8443" protocol="HTTP/1.1"  
scheme="https" secure="true" />
  • 将root.p12,client.p12分别导入到IE中去(IE->;Internet选项->内容->证书)

root.p12导入至受信任的根证书颁发机构,client.p12导入至个人

  • 访问你的应用http://ip:8443,如果配置正确的话会出现请求你数字证书的对话框。
  • 在jsp中取得符合x.509格式的证书
<%    
    //获得certificate chain    
    X509Certificate[] ca = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");    
    if (ca == null) {    
        out.println("No cert info!");    
    } else {    
        String serial = ca[0].getSerialNumber().toString();    
        String DN = ca[0].getSubjectDN().toString();    
    }    
%> 
Posted by hee at 06:09 AM | Permalink | 评论(2)
  • 使用ant启动和关闭tomcat,在build.xml中加入下面代码片段

使用这种方法要先设置好环境变量CATALINA_HOME=tomcat的安装路径
如果有时你不想重启整个应用,而只操作tomcat下某一个项目

<property name="tomcat.home" value="you tomcat home directory here."></property>   
   
<TARGET name="start-tomcat" depends="stop-tomcat">   
    <ECHO message="Start Tomcat" />   
    <JAVA dir=/bin/ fork="true" jar="/bin/bootstrap.jar">   
        <ARG value="start" />   
    </JAVA>   
</TARGET>   
   
<TARGET name="stop-tomcat">   
    <ECHO message="Stop Tomcat" />   
    <JAVA dir=/bin/ fork="true" jar="/bin/bootstrap.jar">   
        <ARG value="stop" />   
    </JAVA>   
</TARGET>
  • 使用ant操作tomcat启动/停止/重新装载(等等)某一项目

(1) 将%TOMCAT_HOME%\server\lib\catalina-ant.jar文件复制到类路径下

(2) 新建tomcatTasks.properties文件
#这些值就是catalina-ant.jar中的类文件,用来扩展ant的功能
start=org.apache.catalina.ant.StartTask
reload=org.apache.catalina.ant.ReloadTask
stop=org.apache.catalina.ant.StopTask

(3) 在build.xml中加入下面代码片段

<TASKDEF file="tomcatTasks.properties">   
    <CLASSPATH>   
        <PATHELEMENT path="/server/lib/catalina-ant.jar" />   
    </CLASSPATH>   
</TASKDEF>   
   
<TARGET name="启动当前项目">   
    <START path="/projectName" password="adminpasswd" username="admin" url="http://localhost:8080/manager" />   
</TARGET>   
   
<TARGET name="重新装载当前项目">   
    <RELOAD path="/projectName" password="adminpasswd" username="admin" url="http://localhost:8080/manager" />   
</TARGET>   
   
<TARGET name="停止当前项目">   
    <STOP path="/projectName" password="adminpasswd" username="admin" url="http://localhost:8080/manager" />   
</TARGET>

# url就是在默认首页的Tomcat Manager进去的那功能页面
# username/password就是在conf/tomcat-user.xml中配置的用户名密码,注意这个用户要有manager权限
# /projectName就是你是管理的项目的名称

配置好后,就可以使用通过ant脚本来启动,重新装载,停止某一项目了。

Posted by hee at 17:01 PM | Permalink | 评论(0)

JIRAAtlassian 公司开发的一款商业问题跟踪工具(开源项目经过申请可以免费使用,须提交源代码),可以对各种类型的问题进行跟踪管理,包括缺陷、需求变更、评审记录等。

安装及破解过程(MYSQL):

  • 下载atlassian-jira-enterprise-3.6.3-standalone.zip版本,其中已经包括tomcat5.x服务器
  • 下载mysql,偶使用的是mysql-5.0.22-win32解压版
  • 下载mysql jdbc驱动,JIRA默认使用的是hsql。网上有教程说要使用mysql-connector-java-3.1.12-bin.jar版本,偶本机正好有这个版本,没去试别的版本的jdbc驱动会不会出问题
  • 下载jira-jars-tomcat5.zip
  • 确保JDK1.5环境看安成功,在CMD下java -version试试 :)
  • 打开atlassian-jira-enterprise-3.6.3-standalone\atlassian-jira\WEB- INF\classes\entityengine.xml,搜索field-type-name,修改为field-type-name="mysql"
  • 将mysql-connector-java-3.1.12-bin.jar拷贝到atlassian-jira-enterprise-3.6.3-standalone\common\lib
  • 将jira-jars-tomcat5.zip拷贝到atlassian-jira-enterprise-3.6.3-standalone\common\lib
  • 修改atlassian-jira-enterprise-3.6.3-standalone\conf\server.xml,将下面大段修改为:
<RESOURCE name="jdbc/JiraDS" type="javax.sql.DataSource" password="" username="root"  
url="jdbc:mysql://localhost/jiradbautoReconnect=true&useUnicode=true&characterEncoding=UTF8&mysqlEncoding=utf8" 
maxActive="20" timeBetweenEvictionRunsMillis="5000" minEvictableIdleTimeMillis="4000" 
driverClassName="com.mysql.jdbc.Driver" auth="Container" />
  • 运行安装,打开 http://localhost:8080 进行安装

注册机源代码

import com.atlassian.license.LicensePair;    
   
import java.io.*;    
import java.security.KeyFactory;    
import java.security.Signature;    
import java.security.spec.PKCS8EncodedKeySpec;    
   
public class keygen {    
   
    public keygen() {    
    }    
   
    public static void main(String args[])    
            throws IOException {    
        try {    
            long l = 267L;    
            long l1 = System.currentTimeMillis();    
            long l2 = System.currentTimeMillis();    
            String s = "";    
            System.out.println("Keygen for JIRA Enterprise Edition.");    
            System.out.print("created by mydaj[ROR].");    
            do {    
                System.out.print("\nEnter your organization name: ");    
                for (int i = System.in.read(); i != 10 && i != 13; i = System.in.read())    
                    s = s + (char) i;    
   
            } while (s == "");    
            try {    
                PKCS8EncodedKeySpec pkcs8encodedkeyspec = new PKCS8EncodedKeySpec(EncodedPrvKey);    
                KeyFactory keyfactory = KeyFactory.getInstance("DSA", "SUN");    
                java.security.PrivateKey privatekey = keyfactory.generatePrivate(pkcs8encodedkeyspec);    
                String s1 = Long.toString(l, 10);    
                s1 = s1 + "^^";    
                s1 = s1 + Long.toString(l1, 10);    
                s1 = s1 + "^^";    
                s1 = s1 + Long.toString(l2, 10);    
                s1 = s1 + "^^";    
                s1 = s1 + s;    
                byte abyte0[] = s1.getBytes();    
                Signature signature = Signature.getInstance("SHA1withDSA");    
                signature.initSign(privatekey);    
                signature.update(abyte0);    
                byte abyte1[] = signature.sign();    
                LicensePair licensepair = null;    
                try {    
                    licensepair = new LicensePair(abyte0, abyte1);    
                }    
                catch (Exception exception1) {    
                    exception1.printStackTrace();    
                }    
                System.out.println(s1);    
                System.out.println("Your license key is: ");    
                System.out.println(licensepair.toString());    
            }    
            catch (Exception exception) {    
                exception.printStackTrace();    
            }    
        }    
        catch (IOException ioexception) {    
        }    
    }    
   
    static byte EncodedPrvKey[] = {    
            48, -126, 1, 75, 2, 1, 0, 48, -126, 1,    
            44, 6, 7, 42, -122, 72, -50, 56, 4, 1,    
            48, -126, 1, 31, 2, -127, -127, 0, -3, 127,    
            83, -127, 29, 117, 18, 41, 82, -33, 74, -100,    
            46, -20, -28, -25, -10, 17, -73, 82, 60, -17,    
            68, 0, -61, 30, 63, -128, -74, 81, 38, 105,    
            69, 93, 64, 34, 81, -5, 89, 61, -115, 88,    
            -6, -65, -59, -11, -70, 48, -10, -53, -101, 85,    
            108, -41, -127, 59, -128, 29, 52, 111, -14, 102,    
            96, -73, 107, -103, 80, -91, -92, -97, -97, -24,    
            4, 123, 16, 34, -62, 79, -69, -87, -41, -2,    
            -73, -58, 27, -8, 59, 87, -25, -58, -88, -90,    
            21, 15, 4, -5, -125, -10, -45, -59, 30, -61,    
            2, 53, 84, 19, 90, 22, -111, 50, -10, 117,    
            -13, -82, 43, 97, -41, 42, -17, -14, 34, 3,    
            25, -99, -47, 72, 1, -57, 2, 21, 0, -105,    
            96, 80, -113, 21, 35, 11, -52, -78, -110, -71,    
            -126, -94, -21, -124, 11, -16, 88, 28, -11, 2,    
            -127, -127, 0, -9, -31, -96, -123, -42, -101, 61,    
            -34, -53, -68, -85, 92, 54, -72, 87, -71, 121,    
            -108, -81, -69, -6, 58, -22, -126, -7, 87, 76,    
            11, 61, 7, -126, 103, 81, 89, 87, -114, -70,    
            -44, 89, 79, -26, 113, 7, 16, -127, -128, -76,    
            73, 22, 113, 35, -24, 76, 40, 22, 19, -73,    
            -49, 9, 50, -116, -56, -90, -31, 60, 22, 122,    
            -117, 84, 124, -115, 40, -32, -93, -82, 30, 43,    
            -77, -90, 117, -111, 110, -93, 127, 11, -6, 33,    
            53, 98, -15, -5, 98, 122, 1, 36, 59, -52,    
            -92, -15, -66, -88, 81, -112, -119, -88, -125, -33,    
            -31, 90, -27, -97, 6, -110, -117, 102, 94, -128,    
            123, 85, 37, 100, 1, 76, 59, -2, -49, 73,    
            42, 4, 22, 2, 20, 42, 50, -88, 30, 125,    
            -37, 118, -50, 20, -82, -63, 0, 8, -36, 106,    
            -9, -110, 124, 107, 68   
    };    
   
}
Posted by hee at 11:08 AM | Permalink | 评论(0)