一.双向验证
1.服务端
<span style="font-size:18px;">public class SSLServer extends Thread{
private static final int SERVER_PORT = 10002;
private static final String SERVER_KEYSTORE_PWD = "12345678";
private static final String SERVER_TRUST_KEYSTORE_PWD = "12345678";
private SSLServerSocket serverSocket;
public SSLServer() {
// Initialize SSLServer
try {
//Load KeyStore And TrustKeyStore
KeyStore keyStore = KeyStore.getInstance("JKS");
KeyStore trustKeyStore = KeyStore.getInstance("JKS");
try {
//服务端私钥
keyStore.load(new FileInputStream(
"./src/keyOfServer.keystore"),
SERVER_KEYSTORE_PWD.toCharArray());
//服务端信任列表,其中包括客户端证书
trustKeyStore.load(new FileInputStream(
"./src/trustOfServer.keystore"),
SERVER_TRUST_KEYSTORE_PWD.toCharArray());
} catch (CertificateException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
//Initialize KeyStore Factory 创建用于管理JKS密钥库的X.509密钥管理器
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance("SunX509");
try {
keyManagerFactory.init(keyStore, SERVER_KEYSTORE_PWD.toCharArray());
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
}
trustManagerFactory.init(trustKeyStore);
//Initialize SSLContext
SSLContext context = SSLContext.getInstance("SSL");
try {
//授权的密钥管理器,用来授权验证,
context.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(), null);
} catch (KeyManagementException e) {
e.printStackTrace();
}
//Set up Server Socket
try {
serverSocket = (SSLServerSocket) context.
getServerSocketFactory().createServerSocket(SERVER_PORT);
} catch (IOException e) {
e.printStackTrace();
}
serverSocket.setNeedClientAuth(true); //验证客户端证书
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
}
}
@Override
public void run() {
if(serverSocket == null){
System.out.println("Null server socket");
return;
}
while(true){
try {
Socket socket = serverSocket.accept();
//Response To Client
OutputStream output = socket.getOutputStream();
BufferedOutputStream bufferedOutput = new BufferedOutputStream(output);
bufferedOutput.write("Server Response: Hello".getBytes());
bufferedOutput.flush();
//Receive From Client
InputStream input = socket.getInputStream();
System.out.println("------Receive------");
//use byte array to initializ