关闭

java自定义证书管理器

226人阅读 评论(0) 收藏 举报
分类:
package com.xiuye.security.keymanager;

import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

import javax.net.ssl.X509KeyManager;

public class UserDefinedSSLKeyManager implements X509KeyManager{

	
	private String m_alias;
	private KeyStore m_keystore;
	private char []m_storepass;
	private char []m_keypass;
	private String m_type;
	private String m_issuer;
	
	
	public UserDefinedSSLKeyManager(KeyStore keyStore,
			String s,char []storepass,char []keypass
			) {

		this.m_keystore = keyStore;
		this.m_alias = s;
		this.m_storepass = storepass;
		this.m_keypass = keypass;
		try {
			Certificate c = keyStore.getCertificate(s);
			this.m_type = c.getPublicKey().getAlgorithm();
			System.out.println("m_type := "+m_type);
			this.m_issuer = ((X509Certificate)c).getIssuerX500Principal().getName();
			System.out.println("m_issuer := " + this.m_issuer);
			
		} catch (KeyStoreException e) {
			e.printStackTrace();
		}
		
		
		
		
	}
	
	@Override
	public String chooseClientAlias(String[] keyType, Principal[] issuers,
			Socket socket) {
		if(this.m_type == null){
			return null;
		}
		int i;
		for(i = 0;i< keyType.length;i++){
			if(m_type.equals(keyType[i])){
				i = -1;
				break;
			}
			
		}
		if(i != -1){
			return null;
		}
		if(issuers == null){
			return m_alias;
		}
		for(i=0;i<issuers.length;i++){
			if(m_issuer.equals(issuers.equals(issuers[i].getName()))){
				return m_alias;
			}
		}
		return null;
	}

	@Override
	public String chooseServerAlias(String keyType, Principal[] issuers,
			Socket socket) {
		
		return this.chooseClientAlias(new String[]{keyType}, issuers, socket);
	}

	@Override
	public X509Certificate[] getCertificateChain(String alias) {
		
		try {
			Certificate []c = m_keystore.getCertificateChain(alias);
			System.out.println("chain := "+c.length);
			if(c == null){
				return null;
			}
			if(c.length == 0){
				return null;
			}
			X509Certificate []xc = new X509Certificate[c.length];
			System.arraycopy(c, 0, xc, 0, c.length);
			return xc;
			
		} catch (KeyStoreException e) {
			e.printStackTrace();
		}
		
		
		return null;
	}

	@Override
	public String[] getClientAliases(String keyType, Principal[] issuers) {
		String []s;
		String alias = this.chooseServerAlias(keyType, issuers, null);
		if(alias == null){
			return null;
		}
		else{
			s = new String[1];
			s[0] = alias;
		}
		return s;
	}

	@Override
	public PrivateKey getPrivateKey(String alias) {
		try {
			return ((PrivateKey)m_keystore.getKey(alias, m_keypass));
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		}
		return null;
	}

	@Override
	public String[] getServerAliases(String keyType, Principal[] issuers) {
		
		return getClientAliases(keyType, issuers);
	}

}

package com.xiuye.security.keymanager.factory;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactorySpi;
import javax.net.ssl.ManagerFactoryParameters;

import com.xiuye.security.keymanager.UserDefinedSSLKeyManager;

public class UserDefinedSSLKeyManagerFactory extends KeyManagerFactorySpi{

	private String m_alias;
	private KeyStore m_keystore;
	private char []m_storepass;
	private char []m_keypass;
	
	public UserDefinedSSLKeyManagerFactory() {
		this.m_alias = System.getProperty("Self.alias");
		this.m_keypass = System.getProperty("Self.keypass").toCharArray();
	}
	public UserDefinedSSLKeyManagerFactory(String alias,char []keypass){
		this.m_alias = alias;
		this.m_keypass = keypass;
	}
	@Override
	protected KeyManager[] engineGetKeyManagers() {
		UserDefinedSSLKeyManager []managers = new UserDefinedSSLKeyManager[1];
		managers[0] = new UserDefinedSSLKeyManager(this.m_keystore,this.m_alias,this.m_storepass,this.m_keypass);
		
		return managers;
	}

	@Override
	protected void engineInit(ManagerFactoryParameters arg0)
			throws InvalidAlgorithmParameterException {
		
	}

	@Override
	protected void engineInit(KeyStore ks, char[] password)
			throws KeyStoreException, NoSuchAlgorithmException,
			UnrecoverableKeyException {
		this.m_keystore = ks;
		this.m_storepass = password;
	}

	

	
	
}

package com.xiuye.security.keymanager.provider;

import java.security.Provider;

public class UserDefinedSSLKeyManagerFactoryProvider extends Provider{

	/**
	 * 
	 */
	private static final long serialVersionUID = 7189087537286747050L;

	public UserDefinedSSLKeyManagerFactoryProvider(String name,
			double version, String info) {
		super(name, version, info);
	}
	
	public UserDefinedSSLKeyManagerFactoryProvider(){
		super("Self",1,"Self Provider 1.1");
		this.put("KeyManagerFactory.Self", "com.xiuye.security.keymanager.factory.UserDefinedSSLKeyManagerFactory");
	}
	
	
	
	
}

package com.xiuye.socket;

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;

import com.xiuye.security.keymanager.provider.UserDefinedSSLKeyManagerFactoryProvider;

public class UserDefinedSSLServerSocket {

	public UserDefinedSSLServerSocket() throws NoSuchAlgorithmException,
			KeyStoreException, CertificateException, FileNotFoundException,
			IOException, UnrecoverableKeyException, KeyManagementException {

		System.setProperty("Self.alias", "xiuye");
		System.setProperty("Self.keypass", "123456");

		Security.addProvider(new UserDefinedSSLKeyManagerFactoryProvider());
		SSLContext sc = SSLContext.getInstance("SSL");
		KeyStore ks = KeyStore.getInstance("JKS");
		char password[] = "123456".toCharArray();
		ks.load(new FileInputStream("xiuye.keystore"), password);
		KeyManagerFactory factory = KeyManagerFactory.getInstance("Self");
		factory.init(ks, password);
		sc.init(factory.getKeyManagers(), null, null);
		SSLServerSocketFactory ssf = sc.getServerSocketFactory();
		SSLServerSocket server = (SSLServerSocket) ssf.createServerSocket(8888);
		int i = 0;
		while (true) {
			System.out.println("[" + (++i) + "]: 等待来自客户端的连接......");
			Socket s = server.accept();
			PrintWriter pw = new PrintWriter(s.getOutputStream());
			InetAddress sa = s.getInetAddress();
			InetAddress ca = s.getLocalAddress();
			System.out.println("服务器端向客户端发送发送信息:");
			String str;
			str = "来自" + ca.getHostAddress() + "(" + s.getLocalPort() + ")向"
					+ sa.getHostAddress() + "(" + s.getPort() + ")发出问候.";
			System.out.println(str);
			pw.println(str);
			pw.flush();
			System.out.println("服务器端接收到客户端信息:");
			BufferedReader br = new BufferedReader(new InputStreamReader(
					s.getInputStream()));
			str = br.readLine();
			System.out.println(str);
			br.close();
			pw.close();
			s.close();

		}

	}

}

package com.xiuye.socket;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;

import javax.net.ssl.SSLSocketFactory;

public class UserDefinedClientSocket {

	public UserDefinedClientSocket() throws UnknownHostException, IOException {

		System.setProperty("javax.net.ssl.trustStore", "trust.keystore");
		SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
		
		Socket s = factory.createSocket("localhost", 8888);
		InetAddress sa = s.getInetAddress();
		InetAddress ca = s.getLocalAddress();
		System.out.println("客户端收到服务器端消息:");
		BufferedReader br = new BufferedReader(new InputStreamReader(s.getInputStream()));
		String str = br.readLine();
		System.out.println(str);
		System.out.println("客户端向服务器端发送消息:");
		PrintWriter pw = new PrintWriter(s.getOutputStream());
		str = "客户端"+ca.getHostAddress()+ "("+s.getLocalPort()+")应答服务器"+sa.getHostAddress()+"("+s.getPort()+").";
		System.out.println(str);
		pw.println(str);
		pw.flush();
		pw.close();
		br.close();
		s.close();
		
		
		
	}
	
}

package com.xiuye.test;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;

import com.xiuye.socket.UserDefinedSSLServerSocket;

public class SSLTestMain {

	public static void main(String[] args) {
		
		try {
			UserDefinedSSLServerSocket server = new UserDefinedSSLServerSocket();
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		} catch (KeyManagementException e) {
			
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			
			e.printStackTrace();
		} catch (KeyStoreException e) {
			
			e.printStackTrace();
		} catch (CertificateException e) {
			
			e.printStackTrace();
		} catch (FileNotFoundException e) {
			
			e.printStackTrace();
		} catch (IOException e) {
			
			e.printStackTrace();
		}
		
	}
	
}

package com.xiuye.test;

import java.io.IOException;
import java.net.UnknownHostException;

import com.xiuye.socket.UserDefinedClientSocket;

public class Client {

	public static void main(String[] args) {

		try {
			UserDefinedClientSocket client = new UserDefinedClientSocket();
		} catch (UnknownHostException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
		
	}

}

m_type := DSA
m_issuer := CN=xiuye,OU=xiuye,O=xiuye,L=xiuye,ST=xiuye,C=xiuye
[1]: 等待来自客户端的连接......
chain := 1
服务器端向客户端发送发送信息:
来自127.0.0.1(8888)向127.0.0.1(38899)发出问候.
chain := 1
服务器端接收到客户端信息:
客户端127.0.0.1(38899)应答服务器127.0.0.1(8888).
[2]: 等待来自客户端的连接......
服务器端向客户端发送发送信息:
来自127.0.0.1(8888)向127.0.0.1(38981)发出问候.
chain := 1
服务器端接收到客户端信息:
客户端127.0.0.1(38981)应答服务器127.0.0.1(8888).
[3]: 等待来自客户端的连接......
服务器端向客户端发送发送信息:
来自127.0.0.1(8888)向127.0.0.1(38993)发出问候.
chain := 1
服务器端接收到客户端信息:
客户端127.0.0.1(38993)应答服务器127.0.0.1(8888).
[4]: 等待来自客户端的连接......
服务器端向客户端发送发送信息:
来自127.0.0.1(8888)向127.0.0.1(39001)发出问候.
chain := 1
服务器端接收到客户端信息:
客户端127.0.0.1(39001)应答服务器127.0.0.1(8888).
[5]: 等待来自客户端的连接......
服务器端向客户端发送发送信息:
来自127.0.0.1(8888)向127.0.0.1(39002)发出问候.
chain := 1
服务器端接收到客户端信息:
客户端127.0.0.1(39002)应答服务器127.0.0.1(8888).
[6]: 等待来自客户端的连接......

客户端收到服务器端消息:
来自127.0.0.1(8888)向127.0.0.1(39002)发出问候.
客户端向服务器端发送消息:
客户端127.0.0.1(39002)应答服务器127.0.0.1(8888).




0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:151580次
    • 积分:4687
    • 等级:
    • 排名:第6465名
    • 原创:314篇
    • 转载:97篇
    • 译文:0篇
    • 评论:18条
    文章分类
    最新评论