启动ssl socket的配置读取方式有几种
- 通过jar包启动命令java -jar -Djavax.net.ssl.keyStore=xxxx指定,不太灵活,不能使用相对路径
- 通过System.setProperties设置,这里可以使用相对或绝对路径,如果启动报错“can not pen xxx.jvm.cfg”,可尝试在jdk bin命令进行启动,仍然会启动失败
Caused by: java.io.FileNotFoundException: file:\E:\test\demo2\target\demo2-0.0.1
-SNAPSHOT.jar!\BOOT-INF\classes!\ssl\sslserverkeys (文件名、目录名或卷标语法不正
确。)
@SpringBootApplication
public class DemoApplication {
static {
ClassLoader classLoader = DemoApplication.class.getClassLoader();
System.setProperty("javax.net.ssl.keyStore",classLoader.getResource("ssl/sslserverkeys").getPath());//格式如/E:/test/demo2/target/classes/ssl/sslserverkeys
System.setProperty("javax.net.ssl.keyStorePassword","123456");
System.setProperty("javax.net.ssl.trustStore",classLoader.getResource("ssl/sslservertrust").getPath());
System.setProperty("javax.net.ssl.trustStorePassword","123456");
}
public static void main(String[] args) throws Exception {
SSLServerSocketFactory socketFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket serverSocket = (SSLServerSocket)socketFactory.createServerSocket(7070);
serverSocket.setSoTimeout(100200);//连接阻塞时间,即等待client连接的时间,也就是accept()超时时间
Socket socket = serverSocket.accept();//accept()这里阻塞10S,如果这段时间内没client连接上来则报错“accept time out”
System.out.println(socket);
System.out.println(socket.getKeepAlive());
System.out.println(socket.getChannel());
socket.setSoTimeout(50000);//读取client 的输入流读取超时时间,即while循环内的input.readline()
BufferedReader input = new BufferedReader(new InputStreamReader(socket.getInputStream()));
PrintStream out = new PrintStream(socket.getOutputStream());
while (true) {
Thread.sleep(3000);
String fromclient = input.readLine();//这里阻塞5S,1.在这段时间没读到client的信息即报错“Read timed out”;2.阻塞时如果client断开,报错“Connection reset”;3.如果client socket如果调用close,这里直接读到null,不会报错
System.out.println("from client:" + fromclient);
String now = LocalDateTime.now().format(DateTimeFormatter.ISO_DATE_TIME);
out.println(now);
//socket.close();
}
}
}
- 通过参数指定配置文件路径有各种问题,只能考虑以文件流的方式指定SSL配置,这里通过自定义SSLContenxt完成,这种方式就很灵活咯
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) throws Exception {
KeyStore keyStoreContainingTheCertificate = KeyStore.getInstance("JKS");
KeyStore trustStoreContainingTheCertificate = KeyStore.getInstance("JKS");
ClassLoader classLoader = DemoApplication.class.getClassLoader();
trustStoreContainingTheCertificate.load(classLoader.getResourceAsStream("ssl/sslclientkeys"), "123456".toCharArray());
keyStoreContainingTheCertificate.load(classLoader.getResourceAsStream("ssl/sslserverkeys"), "123456".toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStoreContainingTheCertificate);
keyManagerFactory.init(keyStoreContainingTheCertificate,"123456".toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
//这里的sccketFactory通过自定义的sslContext获取,而是使用default
SSLServerSocketFactory socketFactory = sslContext.getServerSocketFactory();
SSLServerSocket serverSocket = (SSLServerSocket)socketFactory.createServerSocket(7070);
serverSocket.setSoTimeout(100200);//连接阻塞时间,即等待client连接的时间,也就是accept()超时时间
Socket socket = serverSocket.accept();//accept()这里阻塞10S,如果这段时间内没client连接上来则报错“accept time out”
System.out.println(socket);
System.out.println(socket.getKeepAlive());
System.out.println(socket.getChannel());
socket.setSoTimeout(50000);//读取client 的输入流读取超时时间,即while循环内的input.readline()
BufferedReader input = new BufferedReader(new InputStreamReader(socket.getInputStream()));
PrintStream out = new PrintStream(socket.getOutputStream());
while (true) {
Thread.sleep(3000);
String fromclient = input.readLine();//这里阻塞5S,1.在这段时间没读到client的信息即报错“Read timed out”;2.阻塞时如果client断开,报错“Connection reset”;3.如果client socket如果调用close,这里直接读到null,不会报错
System.out.println("from client:" + fromclient);
String now = LocalDateTime.now().format(DateTimeFormatter.ISO_DATE_TIME);
out.println(now);
//socket.close();
}
}
}