最近要做一个登录时数字证书验证的功能,在用户登录时除了效验用户名密码,还需验证其数字证书。
相关资源:IBM developerWroks中国中的tomcat4中使用SSL,javaeye中的Acegi X.509双向认证
异同之处
与tomcat4中使用SSL中的异同:jdk1.4中已经包含JSSE。
与AcegiX.509双向认证中的异同:tomcat6配置文件多了SSLEnabled="true"属性。
实现方法
1.创建私钥:
C:\OpenSSL\apps>openssl genrsa -out root/root-key.pem 1024
2.创建证书请求:
C:\OpenSSL\apps>openssl req -new -out root/root-req.csr -key root/root-key.pem
3.自签署证书:
C:\OpenSSL\apps>openssl x509 -req -in root/root-req.csr -out root/root-cert.pem -signkey root/root-key.pem -days 3650
4.将证书导出成浏览器支持的.p12格式:
C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in root/root-cert.pem -inkey root/root-key.pem -out root/root.p12
1.创建私钥:
C:\OpenSSL\apps>openssl genrsa -out server/server-key.pem 1024
2.创建证书请求:
C:\OpenSSL\apps>openssl req -new -out server/server-req.csr -key server/server-key.pem
3.自签署证书:
C:\OpenSSL\apps>openssl x509 -req -in server/server-req.csr -out server/server-cert.pem -signkey server/server-key.pem -CA root/root-cert.pem -CAkey root/root-key.pem -CAcreateserial -days 3650
4.将证书导出成浏览器支持的.p12格式:
C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in server/server-cert.pem -inkey server/server-key.pem -out server/server.p12
1.创建私钥:
C:\OpenSSL\apps>openssl genrsa -out client/client-key.pem 1024
2.创建证书请求:
C:\OpenSSL\apps>openssl req -new -out client/client-req.csr -key client/client-key.pem
3.自签署证书:
C:\OpenSSL\apps>openssl x509 -req -in client/client-req.csr -out client/client-cert.pem -signkey client/client-key.pem -CA root/root-cert.pem -CAkey root/root-key.pem -CAcreateserial -days 3650
4.将证书导出成浏览器支持的.p12格式:
C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in client/client-cert.pem -inkey client/client-key.pem -out client/client.p12
修改conf/server.xml,tomcat6中多了SSLEnabled="true"属性。keystorefile, truststorefile设置为你正确的相关路径
<CONNECTOR truststorepass="123456" truststoretype="JKS" truststorefile="d:/path/bin/x509/root.jks"
keystorepass="123456" keystoretype="PKCS12" keystorefile="d:/path/bin/x509/server.p12" clientauth="true"
sslprotocol="TLS" acceptcount="100" disableuploadtimeout="true" enablelookups="false" maxsparethreads="75"
minsparethreads="25" maxthreads="150" maxhttpheadersize="8192" sslenabled="true" port="8443" protocol="HTTP/1.1"
scheme="https" secure="true" />
root.p12导入至受信任的根证书颁发机构,client.p12导入至个人
<%
//获得certificate chain
X509Certificate[] ca = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
if (ca == null) {
out.println("No cert info!");
} else {
String serial = ca[0].getSerialNumber().toString();
String DN = ca[0].getSubjectDN().toString();
}
%>
使用这种方法要先设置好环境变量CATALINA_HOME=tomcat的安装路径
如果有时你不想重启整个应用,而只操作tomcat下某一个项目
<property name="tomcat.home" value="you tomcat home directory here."></property>
<TARGET name="start-tomcat" depends="stop-tomcat">
<ECHO message="Start Tomcat" />
<JAVA dir=/bin/ fork="true" jar="/bin/bootstrap.jar">
<ARG value="start" />
</JAVA>
</TARGET>
<TARGET name="stop-tomcat">
<ECHO message="Stop Tomcat" />
<JAVA dir=/bin/ fork="true" jar="/bin/bootstrap.jar">
<ARG value="stop" />
</JAVA>
</TARGET>
(1) 将%TOMCAT_HOME%\server\lib\catalina-ant.jar文件复制到类路径下
(2) 新建tomcatTasks.properties文件
#这些值就是catalina-ant.jar中的类文件,用来扩展ant的功能
start=org.apache.catalina.ant.StartTask
reload=org.apache.catalina.ant.ReloadTask
stop=org.apache.catalina.ant.StopTask
(3) 在build.xml中加入下面代码片段
<TASKDEF file="tomcatTasks.properties">
<CLASSPATH>
<PATHELEMENT path="/server/lib/catalina-ant.jar" />
</CLASSPATH>
</TASKDEF>
<TARGET name="启动当前项目">
<START path="/projectName" password="adminpasswd" username="admin" url="http://localhost:8080/manager" />
</TARGET>
<TARGET name="重新装载当前项目">
<RELOAD path="/projectName" password="adminpasswd" username="admin" url="http://localhost:8080/manager" />
</TARGET>
<TARGET name="停止当前项目">
<STOP path="/projectName" password="adminpasswd" username="admin" url="http://localhost:8080/manager" />
</TARGET>
# url就是在默认首页的Tomcat Manager进去的那功能页面
# username/password就是在conf/tomcat-user.xml中配置的用户名密码,注意这个用户要有manager权限
# /projectName就是你是管理的项目的名称
配置好后,就可以使用通过ant脚本来启动,重新装载,停止某一项目了。
JIRA是 Atlassian 公司开发的一款商业问题跟踪工具(开源项目经过申请可以免费使用,须提交源代码),可以对各种类型的问题进行跟踪管理,包括缺陷、需求变更、评审记录等。
安装及破解过程(MYSQL):
<RESOURCE name="jdbc/JiraDS" type="javax.sql.DataSource" password="" username="root"
url="jdbc:mysql://localhost/jiradbautoReconnect=true&useUnicode=true&characterEncoding=UTF8&mysqlEncoding=utf8"
maxActive="20" timeBetweenEvictionRunsMillis="5000" minEvictableIdleTimeMillis="4000"
driverClassName="com.mysql.jdbc.Driver" auth="Container" />
注册机源代码
import com.atlassian.license.LicensePair;
import java.io.*;
import java.security.KeyFactory;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
public class keygen {
public keygen() {
}
public static void main(String args[])
throws IOException {
try {
long l = 267L;
long l1 = System.currentTimeMillis();
long l2 = System.currentTimeMillis();
String s = "";
System.out.println("Keygen for JIRA Enterprise Edition.");
System.out.print("created by mydaj[ROR].");
do {
System.out.print("\nEnter your organization name: ");
for (int i = System.in.read(); i != 10 && i != 13; i = System.in.read())
s = s + (char) i;
} while (s == "");
try {
PKCS8EncodedKeySpec pkcs8encodedkeyspec = new PKCS8EncodedKeySpec(EncodedPrvKey);
KeyFactory keyfactory = KeyFactory.getInstance("DSA", "SUN");
java.security.PrivateKey privatekey = keyfactory.generatePrivate(pkcs8encodedkeyspec);
String s1 = Long.toString(l, 10);
s1 = s1 + "^^";
s1 = s1 + Long.toString(l1, 10);
s1 = s1 + "^^";
s1 = s1 + Long.toString(l2, 10);
s1 = s1 + "^^";
s1 = s1 + s;
byte abyte0[] = s1.getBytes();
Signature signature = Signature.getInstance("SHA1withDSA");
signature.initSign(privatekey);
signature.update(abyte0);
byte abyte1[] = signature.sign();
LicensePair licensepair = null;
try {
licensepair = new LicensePair(abyte0, abyte1);
}
catch (Exception exception1) {
exception1.printStackTrace();
}
System.out.println(s1);
System.out.println("Your license key is: ");
System.out.println(licensepair.toString());
}
catch (Exception exception) {
exception.printStackTrace();
}
}
catch (IOException ioexception) {
}
}
static byte EncodedPrvKey[] = {
48, -126, 1, 75, 2, 1, 0, 48, -126, 1,
44, 6, 7, 42, -122, 72, -50, 56, 4, 1,
48, -126, 1, 31, 2, -127, -127, 0, -3, 127,
83, -127, 29, 117, 18, 41, 82, -33, 74, -100,
46, -20, -28, -25, -10, 17, -73, 82, 60, -17,
68, 0, -61, 30, 63, -128, -74, 81, 38, 105,
69, 93, 64, 34, 81, -5, 89, 61, -115, 88,
-6, -65, -59, -11, -70, 48, -10, -53, -101, 85,
108, -41, -127, 59, -128, 29, 52, 111, -14, 102,
96, -73, 107, -103, 80, -91, -92, -97, -97, -24,
4, 123, 16, 34, -62, 79, -69, -87, -41, -2,
-73, -58, 27, -8, 59, 87, -25, -58, -88, -90,
21, 15, 4, -5, -125, -10, -45, -59, 30, -61,
2, 53, 84, 19, 90, 22, -111, 50, -10, 117,
-13, -82, 43, 97, -41, 42, -17, -14, 34, 3,
25, -99, -47, 72, 1, -57, 2, 21, 0, -105,
96, 80, -113, 21, 35, 11, -52, -78, -110, -71,
-126, -94, -21, -124, 11, -16, 88, 28, -11, 2,
-127, -127, 0, -9, -31, -96, -123, -42, -101, 61,
-34, -53, -68, -85, 92, 54, -72, 87, -71, 121,
-108, -81, -69, -6, 58, -22, -126, -7, 87, 76,
11, 61, 7, -126, 103, 81, 89, 87, -114, -70,
-44, 89, 79, -26, 113, 7, 16, -127, -128, -76,
73, 22, 113, 35, -24, 76, 40, 22, 19, -73,
-49, 9, 50, -116, -56, -90, -31, 60, 22, 122,
-117, 84, 124, -115, 40, -32, -93, -82, 30, 43,
-77, -90, 117, -111, 110, -93, 127, 11, -6, 33,
53, 98, -15, -5, 98, 122, 1, 36, 59, -52,
-92, -15, -66, -88, 81, -112, -119, -88, -125, -33,
-31, 90, -27, -97, 6, -110, -117, 102, 94, -128,
123, 85, 37, 100, 1, 76, 59, -2, -49, 73,
42, 4, 22, 2, 20, 42, 50, -88, 30, 125,
-37, 118, -50, 20, -82, -63, 0, 8, -36, 106,
-9, -110, 124, 107, 68
};
}