1. 什么是Https,SSL, TLS
Https全称是Hypertext Transfer Protocol over Secure Socket Layer即基于SSL(Secure Socket Layer)的Http协议,也就是http的安全版本。
SSL(Secure Socket Layer)即安全套接层
TLS(Transport Layer Security)即传输层安全协议
Https协议在http协议与TCP协议增加一层安全层,所有请求和响应数据在经过网络传之前,都会先进行加密,然后进行传输,防止数据在网络传输过程被拦截。
2.什么是SSLSocket
JDK文档指出,SSLSocket扩展Socket并提供使用SSL或TLS协议的安全套接字。
这种套接字是正常的流套接字,但是它们在基础网络传输协议(如TCP)上添加了安全保护层。
3.生成服务端、客户端以及信任证书
参考http://szlxh002.iteye.com/blog/2277307
4.SSLSocket相关类
(1)SSLContext: 此类的实例表示安全套接字协议的实现, 它是SSLSocketFactory、SSLServerSocketFactory和SSLEngine的工厂。
(2)SSLSocket: 扩展自Socket
(3)SSLServerSocket: 扩展自ServerSocket
(4)SSLSocketFactory: 抽象类,扩展自SocketFactory, SSLSocket的工厂
(5)SSLServerSocketFactory: 抽象类,扩展自ServerSocketFactory, SSLServerSocket的工厂
(6)KeyStore: 表示密钥和证书的存储设施
(7)KeyManager: 接口,JSSE密钥管理器
(8)TrustManager: 接口,信任管理器(?翻译得很拗口)
(9)X590TrustedManager: TrustManager的子接口,管理X509证书,验证远程安全套接字
5.Java例子
(1)SSLSocketClient
package com.ssl;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
/**
* Created by xiaohong on 2016/2/19.
*/
public class SSLSocketClient {
private SSLSocket sslSocket;
//初始化
public void init() throws Exception {
String host = "127.0.0.1";
int port = 1234;
//包含客户端的私钥和服务端信任的证书
String keystorePath = "d:\\keystore\\client.p12";
String trustKeystorePath = "d:\\keystore\\ca-trust.p12";
String keystorePassword = "12345678";
SSLContext sslContext = SSLContext.getInstance("SSL");
//密钥库
KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");
//信任库
TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509");
KeyStore keyStroe = KeyStore.getInstance("pkcs12");
KeyStore trustKeyStore = KeyStore.getInstance("jks");
FileInputStream keystoreFis = new FileInputStream(keystorePath);
keyStroe.load(keystoreFis, keystorePassword.toCharArray());
FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath);
trustKeyStore.load(trustKeystoreFis, keystorePassword.toCharArray());
kmf.init(keyStroe,keystorePassword.toCharArray());
tmf.init(trustKeyStore);
//上下文初始化
sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null);
sslSocket = (SSLSocket)sslContext.getSocketFactory().createSocket(host,port);
}
//通信
private void process() throws Exception{
String hello = "Hello lai";
OutputStream output = sslSocket.getOutputStream();
output.write(hello.getBytes(),0,hello.getBytes().length);
output.flush();
byte[] inputBytes = new byte[20];
InputStream input = sslSocket.getInputStream();
input.read(inputBytes);
System.out.println("From server:" + new String(inputBytes));
}
public static void main(String[] args) throws Exception{
SSLSocketClient client = new SSLSocketClient();
client.init();
client.process();
}
}
(2)SSLSocketServer
package com.ssl;
import javax.net.ssl.*;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyStore;
/**
* Created by xiaohong on 2016/2/19.
*/
public class SSLSocketServer {
private SSLServerSocket sslServerSocket;
//初始化
public void init() throws Exception {
int port = 1234;
//包含客户端的私钥和服务端信任的证书
String keystorePath = "d:\\keystore\\server.p12";
String trustKeystorePath = "d:\\keystore\\ca-trust.p12";
String keystorePassword = "12345678";
SSLContext sslContext = SSLContext.getInstance("SSL");
//密钥库
KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");
//信任库
TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509");
KeyStore keyStroe = KeyStore.getInstance("pkcs12");
KeyStore trustKeyStore = KeyStore.getInstance("jks");
FileInputStream keystoreFis = new FileInputStream(keystorePath);
keyStroe.load(keystoreFis, keystorePassword.toCharArray());
FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath);
trustKeyStore.load(trustKeystoreFis, keystorePassword.toCharArray());
kmf.init(keyStroe,keystorePassword.toCharArray());
tmf.init(trustKeyStore);
//上下文初始化
sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null);
sslServerSocket = (SSLServerSocket)sslContext.getServerSocketFactory().createServerSocket(port);
sslServerSocket.setNeedClientAuth(true);
}
//通信
private void process() throws Exception{
String bye = "bye bye";
System.out.println("Listen....");
Socket socket = sslServerSocket.accept();
byte[] inputBytes = new byte[20];
InputStream input = socket.getInputStream();
input.read(inputBytes);
System.out.println("From client:" + new String(inputBytes));
OutputStream output = socket.getOutputStream();
output.write(bye.getBytes(),0,bye.getBytes().length);
output.flush();
}
public static void main(String[] args) throws Exception{
SSLSocketServer server = new SSLSocketServer();
server.init();
server.process();
}
}