JSSE(Java Security Socket Extension)是Sun公司为了解决互联网信息安全传输提出的一个解决方案,它实现了SSL和TSL协议,包含了数据加密、服务器验证、消息完整性和客户端验证等技术。通过使用JSSE简洁的API,可以在客户端和服务器端之间通过SSL/TSL协议安全地传输数据。
———《大型分布式网站架构设计与实践》的第3.5.2章节——SSL/TLS
简单来说SSLSocket通信就是需要服务端和客户端进行证书验证的socket通信
服务端:
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.Socket;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManagerFactory;
public class SSLServer {
private SSLServerSocket sslServerSocket;
//服务端将要使用到server.keystore和root.keystore
public void init() throws Exception {
int port = 2016;
String keystorePath = "D:/file/certificate/server.keystore";
String trustKeystorePath = "D:/file/certificate/root.keystore";
String keystorePassword = "11111qqqqq";
SSLContext context = SSLContext.getInstance("SSL");
//服务端证书库
KeyStore keystore = KeyStore.getInstance("pkcs12");
FileInputStream keystoreFis = new FileInputStream(keystorePath);
keystore.load(keystoreFis, keystorePassword.toCharArray());
//信任证书库
KeyStore trustKeystore = KeyStore.getInstance("jks");
FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath);
trustKeystore.load(trustKeystoreFis, keystorePassword.toCharArray());
//密钥库
KeyManagerFactory kmf = KeyMa