Sep 02, 2007
最近要做一个登录时数字证书验证的功能,在用户登录时除了效验用户名密码,还需验证其数字证书。
相关资源:IBM developerWroks中国中的tomcat4中使用SSL,javaeye中的Acegi X.509双向认证
异同之处
与tomcat4中使用SSL中的异同:jdk1.4中已经包含JSSE。
与AcegiX.509双向认证中的异同:tomcat6配置文件多了SSLEnabled="true"属性。
实现方法
- 生成CA证书。目前不使用第三方权威机构的CA来认证,自己充当CA的角色。
1.创建私钥:
C:\OpenSSL\apps>openssl genrsa -out root/root-key.pem 1024
2.创建证书请求:
C:\OpenSSL\apps>openssl req -new -out root/root-req.csr -key root/root-key.pem
3.自签署证书:
C:\OpenSSL\apps>openssl x509 -req -in root/root-req.csr -out root/root-cert.pem -signkey root/root-key.pem -days 3650
4.将证书导出成浏览器支持的.p12格式:
C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in root/root-cert.pem -inkey root/root-key.pem -out root/root.p12
1.创建私钥:
C:\OpenSSL\apps>openssl genrsa -out server/server-key.pem 1024
2.创建证书请求:
C:\OpenSSL\apps>openssl req -new -out server/server-req.csr -key server/server-key.pem
3.自签署证书:
C:\OpenSSL\apps>openssl x509 -req -in server/server-req.csr -out server/server-cert.pem -signkey server/server-key.pem -CA root/root-cert.pem -CAkey root/root-key.pem -CAcreateserial -days 3650
4.将证书导出成浏览器支持的.p12格式:
C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in server/server-cert.pem -inkey server/server-key.pem -out server/server.p12
1.创建私钥:
C:\OpenSSL\apps>openssl genrsa -out client/client-key.pem 1024
2.创建证书请求:
C:\OpenSSL\apps>openssl req -new -out client/client-req.csr -key client/client-key.pem
3.自签署证书:
C:\OpenSSL\apps>openssl x509 -req -in client/client-req.csr -out client/client-cert.pem -signkey client/client-key.pem -CA root/root-cert.pem -CAkey root/root-key.pem -CAcreateserial -days 3650
4.将证书导出成浏览器支持的.p12格式:
C:\OpenSSL\apps>openssl pkcs12 -export -clcerts -in client/client-cert.pem -inkey client/client-key.pem -out client/client.p12
C:\OpenSSL\apps\root>keytool -import -v -trustcacerts -storepass password -alias root -file root-cert.pem -keystore root.jks
修改conf/server.xml,tomcat6中多了SSLEnabled="true"属性。keystorefile, truststorefile设置为你正确的相关路径
- <CONNECTOR truststorepass="123456" truststoretype="JKS" truststorefile="d:/path/bin/x509/root.jks"
- keystorepass="123456" keystoretype="PKCS12" keystorefile="d:/path/bin/x509/server.p12" clientauth="true"
- sslprotocol="TLS" acceptcount="100" disableuploadtimeout="true" enablelookups="false" maxsparethreads="75"
- minsparethreads="25" maxthreads="150" maxhttpheadersize="8192" sslenabled="true" port="8443" protocol="HTTP/1.1"
- scheme="https" secure="true" />
- 将root.p12,client.p12分别导入到IE中去(IE->;Internet选项->内容->证书)
root.p12导入至受信任的根证书颁发机构,client.p12导入至个人
- <%
-
- X509Certificate[] ca = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
- if (ca == null) {
- out.println("No cert info!");
- } else {
- String serial = ca[0].getSerialNumber().toString();
- String DN = ca[0].getSubjectDN().toString();
- }
- %>
Jan 16, 2007
- 使用ant启动和关闭tomcat,在build.xml中加入下面代码片段
使用这种方法要先设置好环境变量CATALINA_HOME=tomcat的安装路径
如果有时你不想重启整个应用,而只操作tomcat下某一个项目
- <property name="tomcat.home" value="you tomcat home directory here."></property>
-
- <TARGET name="start-tomcat" depends="stop-tomcat">
- <ECHO message="Start Tomcat" />
- <JAVA dir=/bin/ fork="true" jar="/bin/bootstrap.jar">
- <ARG value="start" />
- </JAVA>
- </TARGET>
-
- <TARGET name="stop-tomcat">
- <ECHO message="Stop Tomcat" />
- <JAVA dir=/bin/ fork="true" jar="/bin/bootstrap.jar">
- <ARG value="stop" />
- </JAVA>
- </TARGET>
- 使用ant操作tomcat启动/停止/重新装载(等等)某一项目
(1) 将%TOMCAT_HOME%\server\lib\catalina-ant.jar文件复制到类路径下
(2) 新建tomcatTasks.properties文件
#这些值就是catalina-ant.jar中的类文件,用来扩展ant的功能
start=org.apache.catalina.ant.StartTask
reload=org.apache.catalina.ant.ReloadTask
stop=org.apache.catalina.ant.StopTask
(3) 在build.xml中加入下面代码片段
- <TASKDEF file="tomcatTasks.properties">
- <CLASSPATH>
- <PATHELEMENT path="/server/lib/catalina-ant.jar" />
- </CLASSPATH>
- </TASKDEF>
-
- <TARGET name="启动当前项目">
- <START path="/projectName" password="adminpasswd" username="admin" url="http://localhost:8080/manager" />
- </TARGET>
-
- <TARGET name="重新装载当前项目">
- <RELOAD path="/projectName" password="adminpasswd" username="admin" url="http://localhost:8080/manager" />
- </TARGET>
-
- <TARGET name="停止当前项目">
- <STOP path="/projectName" password="adminpasswd" username="admin" url="http://localhost:8080/manager" />
- </TARGET>
# url就是在默认首页的Tomcat Manager进去的那功能页面
# username/password就是在conf/tomcat-user.xml中配置的用户名密码,注意这个用户要有manager权限
# /projectName就是你是管理的项目的名称
配置好后,就可以使用通过ant脚本来启动,重新装载,停止某一项目了。
Aug 12, 2006
JIRA是 Atlassian 公司开发的一款商业问题跟踪工具(开源项目经过申请可以免费使用,须提交源代码),可以对各种类型的问题进行跟踪管理,包括缺陷、需求变更、评审记录等。
安装及破解过程(MYSQL):
- 下载atlassian-jira-enterprise-3.6.3-standalone.zip版本,其中已经包括tomcat5.x服务器
- 下载mysql,偶使用的是mysql-5.0.22-win32解压版
- 下载mysql jdbc驱动,JIRA默认使用的是hsql。网上有教程说要使用mysql-connector-java-3.1.12-bin.jar版本,偶本机正好有这个版本,没去试别的版本的jdbc驱动会不会出问题
- 下载jira-jars-tomcat5.zip
- 确保JDK1.5环境看安成功,在CMD下java -version试试 :)
- 打开atlassian-jira-enterprise-3.6.3-standalone\atlassian-jira\WEB- INF\classes\entityengine.xml,搜索field-type-name,修改为field-type-name="mysql"
- 将mysql-connector-java-3.1.12-bin.jar拷贝到atlassian-jira-enterprise-3.6.3-standalone\common\lib
- 将jira-jars-tomcat5.zip拷贝到atlassian-jira-enterprise-3.6.3-standalone\common\lib
- 修改atlassian-jira-enterprise-3.6.3-standalone\conf\server.xml,将下面大段修改为:
- <RESOURCE name="jdbc/JiraDS" type="javax.sql.DataSource" password="" username="root"
- url="jdbc:mysql://localhost/jiradbautoReconnect=true&useUnicode=true&characterEncoding=UTF8&mysqlEncoding=utf8"
- maxActive="20" timeBetweenEvictionRunsMillis="5000" minEvictableIdleTimeMillis="4000"
- driverClassName="com.mysql.jdbc.Driver" auth="Container" />
- 运行安装,打开 http://localhost:8080 进行安装
注册机源代码
- import com.atlassian.license.LicensePair;
-
- import java.io.*;
- import java.security.KeyFactory;
- import java.security.Signature;
- import java.security.spec.PKCS8EncodedKeySpec;
-
- public class keygen {
-
- public keygen() {
- }
-
- public static void main(String args[])
- throws IOException {
- try {
- long l = 267L;
- long l1 = System.currentTimeMillis();
- long l2 = System.currentTimeMillis();
- String s = "";
- System.out.println("Keygen for JIRA Enterprise Edition.");
- System.out.print("created by mydaj[ROR].");
- do {
- System.out.print("\nEnter your organization name: ");
- for (int i = System.in.read(); i != 10 && i != 13; i = System.in.read())
- s = s + (char) i;
-
- } while (s == "");
- try {
- PKCS8EncodedKeySpec pkcs8encodedkeyspec = new PKCS8EncodedKeySpec(EncodedPrvKey);
- KeyFactory keyfactory = KeyFactory.getInstance("DSA", "SUN");
- java.security.PrivateKey privatekey = keyfactory.generatePrivate(pkcs8encodedkeyspec);
- String s1 = Long.toString(l, 10);
- s1 = s1 + "^^";
- s1 = s1 + Long.toString(l1, 10);
- s1 = s1 + "^^";
- s1 = s1 + Long.toString(l2, 10);
- s1 = s1 + "^^";
- s1 = s1 + s;
- byte abyte0[] = s1.getBytes();
- Signature signature = Signature.getInstance("SHA1withDSA");
- signature.initSign(privatekey);
- signature.update(abyte0);
- byte abyte1[] = signature.sign();
- LicensePair licensepair = null;
- try {
- licensepair = new LicensePair(abyte0, abyte1);
- }
- catch (Exception exception1) {
- exception1.printStackTrace();
- }
- System.out.println(s1);
- System.out.println("Your license key is: ");
- System.out.println(licensepair.toString());
- }
- catch (Exception exception) {
- exception.printStackTrace();
- }
- }
- catch (IOException ioexception) {
- }
- }
-
- static byte EncodedPrvKey[] = {
- 48, -126, 1, 75, 2, 1, 0, 48, -126, 1,
- 44, 6, 7, 42, -122, 72, -50, 56, 4, 1,
- 48, -126, 1, 31, 2, -127, -127, 0, -3, 127,
- 83, -127, 29, 117, 18, 41, 82, -33, 74, -100,
- 46, -20, -28, -25, -10, 17, -73, 82, 60, -17,
- 68, 0, -61, 30, 63, -128, -74, 81, 38, 105,
- 69, 93, 64, 34, 81, -5, 89, 61, -115, 88,
- -6, -65, -59, -11, -70, 48, -10, -53, -101, 85,
- 108, -41, -127, 59, -128, 29, 52, 111, -14, 102,
- 96, -73, 107, -103, 80, -91, -92, -97, -97, -24,
- 4, 123, 16, 34, -62, 79, -69, -87, -41, -2,
- -73, -58, 27, -8, 59, 87, -25, -58, -88, -90,
- 21, 15, 4, -5, -125, -10, -45, -59, 30, -61,
- 2, 53, 84, 19, 90, 22, -111, 50, -10, 117,
- -13, -82, 43, 97, -41, 42, -17, -14, 34, 3,
- 25, -99, -47, 72, 1, -57, 2, 21, 0, -105,
- 96, 80, -113, 21, 35, 11, -52, -78, -110, -71,
- -126, -94, -21, -124, 11, -16, 88, 28, -11, 2,
- -127, -127, 0, -9, -31, -96, -123, -42, -101, 61,
- -34, -53, -68, -85, 92, 54, -72, 87, -71, 121,
- -108, -81, -69, -6, 58, -22, -126, -7, 87, 76,
- 11, 61, 7, -126, 103, 81, 89, 87, -114, -70,
- -44, 89, 79, -26, 113, 7, 16, -127, -128, -76,
- 73, 22, 113, 35, -24, 76, 40, 22, 19, -73,
- -49, 9, 50, -116, -56, -90, -31, 60, 22, 122,
- -117, 84, 124, -115, 40, -32, -93, -82, 30, 43,
- -77, -90, 117, -111, 110, -93, 127, 11, -6, 33,
- 53, 98, -15, -5, 98, 122, 1, 36, 59, -52,
- -92, -15, -66, -88, 81, -112, -119, -88, -125, -33,
- -31, 90, -27, -97, 6, -110, -117, 102, 94, -128,
- 123, 85, 37, 100, 1, 76, 59, -2, -49, 73,
- 42, 4, 22, 2, 20, 42, 50, -88, 30, 125,
- -37, 118, -50, 20, -82, -63, 0, 8, -36, 106,
- -9, -110, 124, 107, 68
- };
-
- }
