sslsocket-https

最新推荐文章于 2024-04-12 04:33:14 发布

gold_zwj

最新推荐文章于 2024-04-12 04:33:14 发布

阅读量1.5k

点赞数

分类专栏： java

本文链接：https://blog.csdn.net/zwjyyy1203/article/details/82773298

版权

java 专栏收录该内容

114 篇文章 0 订阅

订阅专栏

private static final String defaultProtocol = "TLS";

private static final int defaultSessionCacheSize = 0;
private static final int defaultSessionTimeout = 86400;

public static void main(String[] args) throws Exception {


    /***
     * 客户端SSLSocket
     */
    final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    InputStream  keyFile=null;
    keyStore.load(keyFile, "password".toCharArray());

    final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(keyStore, "password".toCharArray());
    final SSLContext context = SSLContext.getInstance(defaultProtocol);

    final KeyManager[] kms = kmf.getKeyManagers();

    context.init(kms,null,null);

    final Socket socket = context.getSocketFactory().createSocket(SocketFactory.getDefault().createSocket(),"host",8999,true);
    final SSLSocket sslSocket = SSLSocket.class.cast(socket);

    sslSocket.startHandshake();


    /***
     * 服务端SSLSocket
     */

    final KeyStore serverKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());

    InputStream serverInputStream=null;
    serverKeyStore.load(serverInputStream, "changeit".toCharArray());

    final KeyManagerFactory serverKmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    serverKmf.init(serverKeyStore, "changeit".toCharArray());

    final SSLContext serverSSLContext = SSLContext.getInstance(defaultProtocol);
    serverSSLContext.init(serverKmf.getKeyManagers(), null, null);


    final SSLSessionContext serverSessionContext = serverSSLContext.getServerSessionContext();
    serverSessionContext.setSessionCacheSize(defaultSessionCacheSize);
    serverSessionContext.setSessionTimeout(defaultSessionTimeout);

    final SSLServerSocketFactory sslProxy = serverSSLContext.getServerSocketFactory();


    final ServerSocket serverSocket = sslProxy.createServerSocket(8999, 200);

    final SSLServerSocket sslServerSocket = SSLServerSocket.class.cast(serverSocket);
    sslServerSocket.setEnabledCipherSuites(new String[]{"enabledCiphers"});
    sslServerSocket.setEnabledProtocols(new String[]{"protocols"});

}

private void checkConfig() throws IOException {
    // Create an unbound server socket
    ServerSocket socket = sslProxy.createServerSocket();
    initServerSocket(socket);

    try {
        // Set the timeout to 1ms as all we care about is if it throws an
        // SSLException on accept.
        socket.setSoTimeout(1);

        socket.accept();
        // Will never get here - no client can connect to an unbound port
    } catch (SSLException ssle) {
        // SSL configuration is invalid. Possibly cert doesn't match ciphers
        IOException ioe = new IOException(sm.getString(
                "jsse.invalid_ssl_conf", ssle.getMessage()));
        ioe.initCause(ssle);
        throw ioe;
    } catch (Exception e) {
        /*
         * Possible ways of getting here
         * socket.accept() throws a SecurityException
         * socket.setSoTimeout() throws a SocketException
         * socket.accept() throws some other exception (after a JDK change)
         *      In these cases the test won't work so carry on - essentially
         *      the behaviour before this patch
         * socket.accept() throws a SocketTimeoutException
         *      In this case all is well so carry on
         */
    } finally {
        // Should be open here but just in case
        if (!socket.isClosed()) {
            socket.close();
        }
    }

}