keytool操作步骤:
1. 分别生成客户端和服务器端密钥库
keytool -genkey -alias server1 -keysize 2048 -validity 3650 -keyalg RSA -dname "CN=ABC, OU=BetterWood CA, O=ABC Inc, L=BeiJing, S=BeiJing, C=CN" -keypass abcdef1 -storepass 2014server -keystore e:/keystore/server1.jks
keytool -genkey -alias client1 -keysize 2048 -validity 3650 -keyalg RSA -dname "CN=ABC, OU=BetterWood CA, O=ABC Inc, L=BeiJing, S=BeiJing, C=CN" -keypass abcdef2 -storepass 2014client -keystore e:/keystore/client1.jks
2将服务器和客户端的公钥导出成证书
keytool -exportcert -alias server1 -file e:\keystore\ssl_1.cer -keystore e:\keystore\server1.jks -storepass 2014server
keytool -exportcert -alias client1 -file e:\keystore\ssl_2.cer -keystore e:\keystore\client1.jks -storepass 2014client
3 交换证书,导入到各自的密钥库
keytool -importcert -alias server1 -file e:\keystore\ssl_1.cer -keystore e:\keystore\client1.jks -storepass 2014client -keypass abcdef2
keytool -importcert -alias client1 -file e:\keystore\ssl_2.cer -keystore e:\keystore\server1.jks -storepass 2014server -keypass abcdef1
服务端代码:
package com.keystore;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.net.Socket;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManagerFactory;
/**
* 双向SSL认证: 服务器端
*/
public class BothwayServer {
public static void main(String[] args) {
try {
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("e:/keystore/server1.jks"),
"2014server".toCharArray());
kmf.init(ks, "abcdef1".toCharArray());
KeyStore tks = KeyStore.getInstance("JKS");
tks.load(new FileInputStream("e:/keystore/server1.jks"),
"2014server".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory
.getInstance("SunX509");
tmf.init(tks);
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLServerSocket serverSocket = (SSLServerSocket) ctx
.getServerSocketFactory().createServerSocket(26666);
serverSocket.setNeedClientAuth(true);
Socket ssls = serverSocket.accept();
// 以下代码同socket通讯实例中的代码
BufferedReader socketIn = new BufferedReader(new InputStreamReader(
ssls.getInputStream()));
BufferedReader userIn = new BufferedReader(new InputStreamReader(
System.in));
PrintStream socketOut = new PrintStream(ssls.getOutputStream());
String s;
while (true) {
System.out.println("等待客户端的请求数据..");
System.out.println("");
s = socketIn.readLine().trim();
if (s != null && !s.equals("")) {
System.out.println("客户端发来的消息: " + s);
if (s.trim().equalsIgnoreCase("BYE")) {
break;
}
}
System.out.print("服务器发出去的消息............ ");
s = userIn.readLine();
if (s != null && !s.equals("")) {
socketOut.println(s);
if (s.trim().equalsIgnoreCase("BYE")) {
break;
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
客户端代码:
package com.keystore;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
/**
* 双向SSL通信
*/
public class BothwayClient {
public static void main(String[] args) {
try {
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("e:/keystore/client1.jks"),
"2014client".toCharArray());
kmf.init(ks, "abcdef2".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory
.getInstance("SunX509");
KeyStore tks = KeyStore.getInstance("JKS");
tks.load(new FileInputStream("e:/keystore/client1.jks"),
"2014client".toCharArray());
tmf.init(tks);
SSLContext context = SSLContext.getInstance("SSL");
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLSocket csocket = (SSLSocket) context.getSocketFactory()
.createSocket("localhost", 26666);
System.out.println("Client OK~");
System.out.println("===============");
System.out.println("");
// 以下代码同socket通讯实例中的代码
BufferedReader socketIn = new BufferedReader(new InputStreamReader(
csocket.getInputStream()));// 接受到的信息
PrintStream socketOut = new PrintStream(csocket.getOutputStream());// 要发送的信息
BufferedReader userIn = new BufferedReader(new InputStreamReader(
System.in));// 用户输入信息
String s;
while (true) {
System.out.print("客户端发出去的消息: ");
s = userIn.readLine();
if (s != null && !s.equals("")) {
socketOut.println(s);
if (s.trim().equalsIgnoreCase("BYE")) {
break;
} else {
System.out.println("Please wait Server Message..");
System.out.println("");
}
}
s = socketIn.readLine();
if (s != null && !s.equals("")) {
System.out.println("服务器发过来的消息: " + s);
if (s.trim().equalsIgnoreCase("BYE")) {
break;
}
}
}
socketIn.close();
socketOut.close();
userIn.close();
csocket.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}