一直调查SSL的问题,毫无进展,头疼,先把手头搞定的资料整理下:
网上的资料很多,偷懒一下把。
服务器端代码:
package com.ricoh.rits.bct.ssl;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import com.sun.net.ssl.KeyManagerFactory;
import com.sun.net.ssl.SSLContext;
public class SSLServer {
public static final int PORT = 8888;
public static SSLServerSocket server;
public SSLServer() {}
@SuppressWarnings("deprecation")
public static SSLServerSocket getServerSocket(int port){
SSLServerSocket s = null;
try {
String key = "E:\\others\\ssl\\SSLKey";
char keyStorePass[] = "rst200233".toCharArray();
char keyPassword[] = "rst200233".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(key),keyStorePass);
//create Manager Secret Key Library of JKS
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keyPassword);
SSLContext sslContext = SSLContext.getInstance("SSLv3");
//init SSL context,second agrument tell JSSE the CA where from
//set null means get CA from the javax.net.ssl.trustStore
//third argument is the JSSE ramdonly generated,while this agrument will affect the security of the system
//it is good chioce to set its value null,can ensure the JSSE security.
sslContext.init(kmf.getKeyManagers(), null, null);
//according to the privious configuration on SSLContext to create SSLServerSocketFactory,different with common method
SSLServerSocketFactory factory = sslContext.getServerSocketFactory();
s = (SSLServerSocket) factory.createServerSocket(port);
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
return (s);
}
public static void main(String[] args) {
try {
server = getServerSocket(PORT);
System.out.println("Waiting for connection... on port " + PORT);
while(true){
SSLSocket socket = (SSLSocket) server.accept();
new CreateThread(socket);
}
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
class CreateThread extends Thread{
static BufferedReader in;
static PrintWriter out;
static Socket s;
public CreateThread(Socket socket) {
try {
s = socket;
in = new BufferedReader(new InputStreamReader(s.getInputStream(),"UTF-8"));
out = new PrintWriter(s.getOutputStream(),true);
start();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
@Override
public void run() {
String msg;
StringBuilder builder = new StringBuilder();
try {
msg = in.readLine();
builder.append(msg);
System.out.println(builder.toString());
out.println(builder.toString());
s.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
其实只要在浏览器Type :https://localhost:8888也可以访问,输出的内容如下:
GET / HTTP/1.1
但是,把服务器的线程内容稍作修改的话,
msg = in.readLine();
builder.append(msg);
while(msg != null){
msg = in.readLine();
builder.append(msg);
}
会出现一个问题:
不知为何,一致阻塞在哪里,百思不得其解。
或者在IDE如下
客户端代码:
package com.ricoh.rits.bct.ssl;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.Socket;
import java.net.UnknownHostException;
import javax.net.ssl.SSLSocketFactory;
public class SSLClient {
static int port = 8888;
public static void main(String[] args) {
System.out.println(System.getProperty("java.home"));
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
try {
Socket s = factory.createSocket("localhost", port);
PrintWriter out = new PrintWriter(s.getOutputStream(),true);
out.println("你好,我叫何剑!!!");
out.close();
s.close();
} catch (UnknownHostException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
参考资料:
http://fishhappy365.iteye.com/blog/963876
http://java.chinaitlab.com/JavaSecurity/792540.html
http://www.51testing.com/?uid-202848-action-viewspace-itemid-134594
下面的命令来检测是否已经正确完成了授权。
keytool -list -v -keystore SSLKey(生成的证书名称)