用netty造一個簡易的fiddler ( 一 生成證書重慶幸運農場 )
因此才有這個念頭.造一個簡單的輪子-簡易的fiddler
Fiddler是一個http協議調試代理工具重慶幸運農場 QQ2952777280【話仙源碼論壇】hxforum.com【木瓜源碼論壇】papayabbs.com,它能夠記錄並檢查所有你的電腦和互聯網之間的http通訊,設置斷點,查看所有的“進出”Fiddler的數據。摘自百度百科.
用過上面的工具都知道,捕獲https請求都要安裝證書的.本篇內容:生成證書
網上很多都是使用openssl生成證書的.其實用java完全可以生成的.
復制代碼
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.59</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<version>2.6</version>
</dependency>
復制代碼
復制代碼
Security.addProvider(new BouncyCastleProvider());
KeyPairGenerator keyPairGenerator=KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(2048, new SecureRandom());
X500NameBuilder builder = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.C, "C");
builder.addRDN(BCStyle.L, "L").addRDN(BCStyle.O, "O").addRDN(BCStyle.ST, "ST");
X500Name x500Name=builder.addRDN(BCStyle.OU, "OU").addRDN(BCStyle.CN, "CN").build();
Date notBefore = new Date(System.currentTimeMillis());
Date notAfter = new Date(System.currentTimeMillis() + 730 48 3600000L);//two year
X509v3CertificateBuilder xcBuilder = new JcaX509v3CertificateBuilder(
x500Name, BigInteger.valueOf(1), notBefore, notAfter, x500Name, keyPair.getPublic());
xcBuilder.addExtension(Extension.basicConstraints, false, new BasicConstraints(true));
xcBuilder.addExtension(Extension.subjectKeyIdentifier, false, new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic()));
xcBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic()));
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider("BC").build(keyPair.getPrivate());
X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(xcBuilder.build(signer));
String caPath="d:\ca.crt";
String privateKeyPath="d:\private.der";
saveX509Certificate(certificate.getEncoded(), caPath);
savePrivateKey(new File(privateKeyPath), keyPair.getPrivate(),null);
復制代碼
復制代碼
public static void saveX509Certificate(byte[] content, String caPath) throws IOException, URISyntaxException {
PemWriter pemWriter = null;
try {
pemWriter = new PemWriter(new OutputStreamWriter(new FileOutputStream(new File(caPath))));
pemWriter.writeObject(new PemObject("CERTIFICATE", content));
} finally {
try {
if (pemWriter != null) {
pemWriter.close();
}
} catch (IOException ignore) {
}
}
}
public static void savePrivateKey(File file, PrivateKey privateKey, OutputEncryptor encryptor) throws IOException {
JcaPKCS8Generator jcaPKCS8Generator = new JcaPKCS8Generator(privateKey, encryptor);
StringWriter stringWriter = new StringWriter();
try (JcaPEMWriter pw = new JcaPEMWriter(stringWriter)) {
pw.writeObject(jcaPKCS8Generator.generate());
}
FileUtils.writeByteArrayToFile(file, stringWriter.toString().getBytes());
}
復制代碼
運行上面代碼都產生2個文件(ca.crt 是根證書 , private.der 是私鑰).雙擊ca.crt,再點詳細信息,就能看到下圖右邊那塊了.下圖是解釋上面代碼
至此,我們已經生成好了ca 證書和私鑰,下面是windows安裝圖解
ps.2-3 步之間要點擊下一步才行的.需要說明的是 openssl 和jdk 自帶的 keytool 也是可以生成證書的.再次強調證書是要花錢買的.當然也有免費的
用netty造一個簡易的fiddler ( 一 生成證書重慶幸運農場 )