package com.qianwen.mdc.service.opcua;
|
|
import java.io.InputStream;
|
import java.io.OutputStream;
|
import java.nio.file.Files;
|
import java.nio.file.Path;
|
import java.security.Key;
|
import java.security.KeyPair;
|
import java.security.KeyStore;
|
import java.security.PrivateKey;
|
import java.security.PublicKey;
|
import java.security.cert.Certificate;
|
import java.security.cert.X509Certificate;
|
import java.util.regex.Pattern;
|
import org.eclipse.milo.opcua.sdk.server.util.HostnameUtil;
|
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateBuilder;
|
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator;
|
import org.slf4j.Logger;
|
import org.slf4j.LoggerFactory;
|
import org.springframework.stereotype.Component;
|
|
@Component
|
public class KeyStoreLoader {
|
public KeyStoreLoader load(Path baseDir) throws Exception {
|
KeyStore keyStore = KeyStore.getInstance("PKCS12");
|
Path serverKeyStore = baseDir.resolve("opcua-client.pfx");
|
this.logger.info("Loading KeyStore at {}", serverKeyStore);
|
if (!Files.exists(serverKeyStore, new java.nio.file.LinkOption[0])) {
|
keyStore.load(null, PASSWORD);
|
KeyPair keyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048);
|
SelfSignedCertificateBuilder builder = (new SelfSignedCertificateBuilder(keyPair)).setCommonName("mdc").setOrganization("hx").setOrganizationalUnit("Kx").setLocalityName("Terran").setStateName("Shanghai").setCountryCode("CN").setApplicationUri("urn:eclipse:milo:examples:client").addDnsName("localhost").addIpAddress("127.0.0.1");
|
for (String hostname : HostnameUtil.getHostnames("0.0.0.0")) {
|
if (IP_ADDR_PATTERN.matcher(hostname).matches()) {
|
builder.addIpAddress(hostname);
|
continue;
|
}
|
builder.addDnsName(hostname);
|
}
|
X509Certificate certificate = builder.build();
|
keyStore.setKeyEntry("hx-mdc", keyPair.getPrivate(), PASSWORD, (Certificate[])new X509Certificate[] { certificate });
|
try (OutputStream out = Files.newOutputStream(serverKeyStore, new java.nio.file.OpenOption[0])) {
|
keyStore.store(out, PASSWORD);
|
}
|
} else {
|
try (InputStream in = Files.newInputStream(serverKeyStore, new java.nio.file.OpenOption[0])) {
|
keyStore.load(in, PASSWORD);
|
}
|
}
|
Key serverPrivateKey = keyStore.getKey("hx-mdc", PASSWORD);
|
if (serverPrivateKey instanceof PrivateKey) {
|
this.clientCertificate = (X509Certificate)keyStore.getCertificate("hx-mdc");
|
PublicKey serverPublicKey = this.clientCertificate.getPublicKey();
|
this.clientKeyPair = new KeyPair(serverPublicKey, (PrivateKey)serverPrivateKey);
|
}
|
return this;
|
}
|
|
public X509Certificate getClientCertificate() {
|
return this.clientCertificate;
|
}
|
|
public KeyPair getClientKeyPair() {
|
return this.clientKeyPair;
|
}
|
|
private static final Pattern IP_ADDR_PATTERN = Pattern.compile("^(([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.){3}([01]?\\d\\d?|2[0-4]\\d|25[0-5])$");
|
|
private static final String CLIENT_ALIAS = "hx-mdc";
|
|
private static final char[] PASSWORD = "12345678".toCharArray();
|
|
private final Logger logger = LoggerFactory.getLogger(getClass());
|
|
private X509Certificate clientCertificate;
|
|
private KeyPair clientKeyPair;
|
}
|
