javassl通訊

神棍先生發表於2017-09-06
Java

版權宣告:本文可能為博主原創文章,若標明出處可隨便轉載。 https://blog.csdn.net/Jailman/article/details/77865216

生成ssl證照請參考如下:

http://blog.csdn.net/u014410763/article/details/50555902

參考文章:

https://yq.aliyun.com/articles/40408

客戶端私鑰與證照匯出(java需要特定格式)

openssl pkcs12 -export -clcerts -name
foobar -inkey client.key -in client.crt
-out client.keystore

伺服器端私鑰與證照匯出

openssl pkcs12 -export -clcerts -name
foobar -inkey server.key -in server.crt
-out server.keystore

受信任CA證照匯出

keytool -importcert -trustcacerts -alias foobar -file ca.crt -keystore ca-trust.keystore

注意程式碼中的密碼,可能你設定的各個證照的不同

伺服器端程式碼

package online.geekgalaxy.test;

import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManagerFactory;


public class sslServer {

    private SSLServerSocket sslServerSocket;

    public static void main(String[] args) throws Exception {

        sslServer server = new sslServer();

        server.init();

        System.out.println("SSLServer initialized.");

        server.process();

    }



    //伺服器端將要使用到server.keystore和ca-trust.keystore

    private void init() throws Exception {

        int port = 1234;

        String keystorePath = "certs/server.keystore";

        String trustKeystorePath = "certs/ca-trust.keystore";

        String keystorePassword = "";
        String caPassword = "111111";

        SSLContext context = SSLContext.getInstance("SSL");



        //客戶端證照庫

        KeyStore keystore = KeyStore.getInstance("pkcs12");

        FileInputStream keystoreFis = new FileInputStream(keystorePath);

        keystore.load(keystoreFis, keystorePassword.toCharArray());

        //信任證照庫

        KeyStore trustKeystore = KeyStore.getInstance("jks");

        FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath);

        trustKeystore.load(trustKeystoreFis, caPassword.toCharArray());



        //金鑰庫

        KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");

        kmf.init(keystore, keystorePassword.toCharArray());


        //信任庫

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509");

        tmf.init(trustKeystore);



        //初始化SSL上下文

        context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

        //初始化SSLSocket

        sslServerSocket = (SSLServerSocket)context.getServerSocketFactory().createServerSocket(port);

        //設定這個SSLServerSocket需要授權的客戶端訪問

        sslServerSocket.setNeedClientAuth(true);

    }



    private void process() throws Exception {

        String bye = "Bye!";

        byte[] buffer = new byte[50];

        while(true) {

            Socket socket = sslServerSocket.accept();

            InputStream in = socket.getInputStream();

            in.read(buffer);

            System.out.println("Received: " + new String(buffer));

            OutputStream out = socket.getOutputStream();

            out.write(bye.getBytes());

            out.flush();

        }

    }
}

客戶端程式碼

package online.geekgalaxy.test;

import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;


public class sslClient {

    private SSLSocket sslSocket;

    public static void main(String[] args) throws Exception {

        sslClient client = new sslClient();

        client.init();

        System.out.println("SSLClient initialized.");

        client.process();

    }



    //客戶端將要使用到client.keystore和ca-trust.keystore

    private void init() throws Exception {

        String host = "127.0.0.1";

        int port = 1234;

        String keystorePath = "certs/client.keystore";

        String trustKeystorePath = "certs/ca-trust.keystore";

        String keystorePassword = "";
        String caPassword = "111111";

        SSLContext context = SSLContext.getInstance("SSL");

        //客戶端證照庫

        KeyStore clientKeystore = KeyStore.getInstance("pkcs12");

        FileInputStream keystoreFis = new FileInputStream(keystorePath);

        clientKeystore.load(keystoreFis, keystorePassword.toCharArray());

        //信任證照庫

        KeyStore trustKeystore = KeyStore.getInstance("jks");

        FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath);

        trustKeystore.load(trustKeystoreFis, caPassword.toCharArray());



        //金鑰庫

        KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");

        kmf.init(clientKeystore, keystorePassword.toCharArray());


        //信任庫

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509");

        tmf.init(trustKeystore);



        //初始化SSL上下文

        context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);



        sslSocket = (SSLSocket)context.getSocketFactory().createSocket(host, port);

    }



    private void process() throws Exception {

        //往SSLSocket中寫入資料

        String hello = "hello boy!";

        OutputStream out = sslSocket.getOutputStream();

        out.write(hello.getBytes(), 0, hello.getBytes().length);

        out.flush();



        //從SSLSocket中讀取資料

        InputStream in = sslSocket.getInputStream();

        byte[] buffer = new byte[50];

        in.read(buffer);

        System.out.println(new String(buffer));

    }
}


相關文章