通信端无需向对方证明自己的身份,则称该端处于“客户模式”,否则称其处于“服务器模式”,无论是客户端还是服务器端,都可处于“客户模式”或者“服务器模式”,但是对于通信双方来说,只能有一方处于“服务模式”,而另一方则必须处于“客户模式”
一,证书部分
首先使用java自带的keytool工具生成所需的证书:
1,创建服务端keystore
keytool -genkey -keystore c:\sean_app\server.jks -storepass 1234sp -keyalg RSA -keypass 1234kp
2,创建客户端keystore
keytool -genkey -keystore c:\sean_app\client.jks -storepass 1234sp -keyalg RSA -keypass 1234kp
3,导出服务端证书
keytool -export -keystore c:\sean_app\server.jks -storepass 1234sp -file c:\sean_app\server.cer
4,导出客户端证书
keytool -export -keystore c:\sean_app\client.jks -storepass 1234sp -file c:\sean_app\client.cer
5,将服务端证书导入到客户端trustkeystroe
keytool -import -keystore c:\sean_app\clientTrust.jks -storepass 1234sp -file c:\sean_app\server.cer
6,将客户端证书导入到服务端trustkeystroe
keytool -import -keystore c:\sean_app\serverTrust.jks -storepass 1234sp -file c:\sean_app\client.cer
二,代码部分
使用JDK1.5.0_22和JDK1.6.0_45测试单向认证和双向认证均通过,唯一需要引入的包为log4j-1.2.14.jar,用来记录日志
代码结构如下:
客户端认证:
package com.test.client.auth;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import com.test.server.config.Configuration;
public class Auth {
private static SSLContext sslContext;
public static SSLContext getSSLContext() throws Exception{
Properties p = Configuration.getConfig();
String protocol = p.getProperty("protocol");
String clientTrustCerFile = p.getProperty("clientTrustCer");
String clientTrustCerPwd = p.getProperty("clientTrustCerPwd");
//Trust Key Store
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(clientTrustCerFile),
clientTrustCerPwd.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
trustManagerFactory.init(keyStore);
TrustManager[] tms = trustManagerFactory.getTrustManagers();
KeyManager[] kms = null;
if(Configuration.getConfig().getProperty("authority").equals("2")){
String clientCerFile = p.getProperty("clientCer");
String clientCerPwd = p.getProperty("clientCerPwd");
String clientKeyPwd = p.getProperty("clientKeyPwd");
//Key Store
keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(clientCerFile),
clientCerPwd.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, clientKeyPwd.toCharArray());
kms = keyManagerFactory.getKeyManagers();
}
sslContext = SSLContext.getInstance(protocol);
sslContext.init(kms, tms, null);
return sslContext;
}
}
客户端主程序:
package com.test.client;
import java.io.DataInputStream;
import