上次写了如何配置smack和openfire之间SSL的配置。接着我们就想把SSL的工作推到F5上去做。这样的好处不言而喻。
F5配置SSL有很多方法了:
1) 用自己签的证书和key
2) 用openssl签的证书和key,然后导入到F5
3) 掏钱买
我用的是第一种。 具体的F5操作就不贴了。创建证书选择“self”。
F5创建完毕后,把生成的证书导出到客户端的目录下。
客户端的配置如下:
1)用keytool生成keystore文件
2)把F5的证书用keytool导入到client的truststore文件里。
然后就在client的代码。这段代码参考了网上的一个实现。不记得网址了。如果有人看着眼熟或者就是你写的。可以告诉我。我会把你的连接贴上。
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
public class SSLSocketExampel {
private static final String DEFAULT_HOST = "your_ip_addr";
private static final int DEFAULT_PORT = 5222;
private static final String CLIENT_KEY_STORE_PASSWORD = "123456";
private static final String CLIENT_TRUST_KEY_STORE_PASSWORD = "123456";
private SSLSocket sslSocket;
/**
* 启动客户端程序
*
* @param args
*/
public static void main(String[] args) {
SSLSocketExampel client = new SSLSocketExampel();
client.init();
client.process();
}
public void process() {
if (sslSocket == null) {
System.out.println("ERROR");
return;
}
try {
InputStream input = sslSocket.getInputStream();
OutputStream output = sslSocket.getOutputStream();
BufferedInputStream bis = new BufferedInputStream(input);
BufferedOutputStream bos = new BufferedOutputStream(output);
String content = "<stream:stream to=\"your_ip_addr\" " +
"xmlns=\"jabber:client\" xmlns:stream=\"http://etherx.jabber.org/streams\" version=\"1.0\">" +
"</stream:stream>";
bos.write(content.getBytes());
bos.flush();
byte[] buffer = new byte[1024];
bis.read(buffer);
System.out.println(new String(buffer));
sslSocket.close();
} catch (IOException e) {
System.out.println(e);
}
}
public void init() {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore tks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("client.keystore"), CLIENT_KEY_STORE_PASSWORD.toCharArray());
tks.load(new FileInputStream("client.truststore"), CLIENT_TRUST_KEY_STORE_PASSWORD.toCharArray());
kmf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray());
tmf.init(tks);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
sslSocket = (SSLSocket) ctx.getSocketFactory().createSocket(DEFAULT_HOST, DEFAULT_PORT);
} catch (Exception e) {
System.out.println(e);
}
}
}