这里的代码主要是和mqtt一起连用,使用的证书是mqttserver.crt、client-cert.crt、client-key-pkc8.pem
public static final String CA_PATH = "mqttserver.crt";
public static final String CRT_PATH = "client-cert.crt";
public static final String KEY_PATH = "client-key-pkcs8.pem";
public SSLSocketFactory getSSLSocktetBidirectional() throws Exception {
// CA certificate is used to authenticate server
CertificateFactory cAf = CertificateFactory.getInstance("X.509");
FileInputStream caIn = new FileInputStream(CA_PATH);
X509Certificate ca = (X509Certificate) cAf.generateCertificate(caIn);
KeyStore caKs = KeyStore.getInstance("JKS");
caKs.load(null, null);
caKs.setCertificateEntry("ca-certificate", ca);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(caKs);
// client key and certificates are sent to server so it can authenticate us
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream crtIn = new FileInputStream(CRT_PATH);
X509Certificate caCert = (X509Certificate) cf.generateCertificate(crtIn);
crtIn.close();
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null);
ks.setCertificateEntry("certificate", caCert);
ks.setKeyEntry("private-key", getPrivateKey( KEY_PATH), PASSWORD.toCharArray(), new java.security.cert.Certificate[] { caCert });
KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
kmf.init(ks, PASSWORD.toCharArray());
// finally, create SSL socket factory
SSLContext context = SSLContext.getInstance("TLSv1");
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
return context.getSocketFactory();
}
private PrivateKey getPrivateKey(String path) throws Exception {
//byte[] buffer = Base64.getDecoder().decode(getPem(path));
Base64 base64 = new Base64();
byte[] buffer = base64.decode(getPem(path));
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePrivate(keySpec);
}
private String getPem(String path) throws Exception {
FileInputStream fin = new FileInputStream(path);
BufferedReader br = new BufferedReader(new InputStreamReader(fin));
String readLine = null;
StringBuilder sb = new StringBuilder();
while ((readLine = br.readLine()) != null) {
if (readLine.charAt(0) == '-') {
continue;
} else {
sb.append(readLine);
sb.append('\r');
}
}
fin.close();
return sb.toString();
}
mqtt使用SSL认证代码:
public void mqttTest(){
MqttConnectOptions conOpt = new MqttConnectOptions();
//网址:https://www.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.javadoc.doc/WMQMQxrClasses/org/eclipse/paho/client/mqttv3/MqttConnectOptions.html
//是否自动重新连接
conOpt.setAutomaticReconnect(false);
//设置服务器是否应该在重新连接时记住客户端的状态。
conOpt.setCleanSession(this.cleanSession);
if (password != null) {
//设置用于连接的账户
conOpt.setPassword(this.password.toCharArray());
}
if (userName != null) {
//设置用于连接的密码
conOpt.setUserName(this.userName);
}
//设置保持活跃间隔(心跳时间,单位秒)
conOpt.setKeepAliveInterval(60);
//设置超时时间
conOpt.setConnectionTimeout(30);
//设置要使用的socketFactory;这允许应用程序围绕创建网路套接字应用自己的策略,如果使用SSL连接,则可以使用SSLSocketFactory提供特定于应用程序的安全策略。
conOpt.setSocketFactory(getSSLSocket());
}
接口MqttCallback解析网址:http://www.eclipse.org/paho/files/javadoc/org/eclipse/paho/client/mqttv3/MqttCallback.html