原文源自:https://www.jianshu.com/p/5fcc6a219c8b
问题3:单向认证,即只确认服务端是否真实可靠的话,要做什么?以SSLSocket举例。
public class TestSSLSocketClient {
private static String path = "e:\\keytool\\sslclient.keystore";
private static char[] password = "aaaaaaa".toCharArray();
/**
* @param args
*/
public static void main(String[] args) {
SSLContext context = null;
try {
KeyStore ts = KeyStore.getInstance("JKS");
ts.load(new FileInputStream(path), password);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
TrustManager [] tm = tmf.getTrustManagers();
context = SSLContext.getInstance("SSL");
context.init(null, tm, null);
} catch (...... e) { //省略捕获的异常信息
e.printStackTrace();
}
SSLSocketFactory ssf = context.getSocketFactory();
try {
SSLSocket ss = (SSLSocket) ssf.createSocket("localhost", 8000);
System.out.println("客户端就绪。");
ObjectInputStream br = new ObjectInputStream(ss.getInputStream());
try {
System.out.println(br.readObject());
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
br.close();
ss.close();
System.out.println("客户端测试ok");
} catch (UnknownHostException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
可以从代码看到,对于SSLContext,在做单向认证时,只需要TrustManagerFactory即可,context.init(null, tm, null);
TrustManagerFactory是使用了服务端的证书的,即只使用了公钥来加密数据。
问题4:可以看到SSLContext.init()的参数有KeyManager和TrustManager,它俩的差异是?
KeyManager是服务端用的,用于在客户端请求时发送证书及其公钥。可以看这个链接:
https://stackoverflow.com/questions/13997419/difference-between-keystore-and-keymanager-trustmanager