1.建立密钥库:
keytool -genkey -v -keyalg RSA -alias test -keystore sslkeystore
其中;-keyalg RSA表示密钥算法RSA,-alias test 表示别名test,-keystore sslkeystore 表示密钥库名为sslkeystore
2. 制作 证书文件:制作证书是从密钥库输出特定别名的证书,保存到证书文件test.cer中。
keytool -export -alias test -file test.cer -keystore sslkeystore
3.将证书文件test.cer导入自己的密钥库test:
keytool -import -alias test -file test.cer -keystore test
4.SSL服务端程序:
SSLServerExample.java
package com.cjq.save;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.ServerSocket;
import java.net.Socket;
import javax.net.ssl.SSLServerSocketFactory;
//SSL服务器端程序
public class SSLServerExample {
public static void main(String[] args) throws IOException{
System.setProperty("javax.net.ssl.keyStore","sslkeystore");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");
//创建SSLServerSocketFactory类对象。利用getDefault()方法建立一个强制转换成的SSLServerSocketFactory类对象
SSLServerSocketFactory sslsf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
//建立服务器套接口ServerSocket类对象,其端口8080
ServerSocket ss = sslsf.createServerSocket(8080);
System.out.println("Waiting for connection...");
while(true){
Socket s= ss.accept();
System.out.println("Client connection made");
//
PrintWriter out = new PrintWriter(s.getOutputStream());
out.println("HI");
System.out.println("HI is sent to client");
out.close();
s.close();
}
}
}
5.SSL客户端程序:
SSLClientExample.java:
package com.cjq.save;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.Socket;
import javax.net.ssl.SSLSocketFactory;
//SSL客户端程序
public class SSLClientExample {
public static void main(String[] args) throws IOException{
//
System.setProperty("javax.net.ssl.trustStore", "test");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");
SSLSocketFactory sslsf = (SSLSocketFactory)SSLSocketFactory.getDefault();
Socket s = sslsf.createSocket("127.0.0.1",8080);
System.out.println("the connection is ok");
BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
System.out.println(in.readLine());
in.close();
s.close();
System.out.println("the connection is close");
}
}
6.运行程序:
cmd窗口运行,且程序中System.setProperty(..,...)的代码是不存在的时候:
java -Djavax.net.ssl.keyStore=sslkeystore -Djava.net.ssl.keyStorePassword=123456 SSLClientExample
则会出现错误:
Exception in thread "main" java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at javax.net.ssl.DefaultSSLServerSocketFactory.throwException(Unknown Source)
at javax.net.ssl.DefaultSSLServerSocketFactory.createServerSocket(Unknown Source)
at com.cjq.save.SSLServerExample.main(SSLServerExample.java:16)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at javax.net.ssl.SSLContext.getInstance(Unknown Source)
at javax.net.ssl.SSLContext.getDefault(Unknown Source)
at javax.net.ssl.SSLServerSocketFactory.getDefault(Unknown Source)
at com.cjq.save.SSLServerExample.main(SSLServerExample.java:14)
Caused by: java.security.UnrecoverableKeyException: Password must not be null
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.(Unknown Source)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(Unknown Source)
at javax.net.ssl.KeyManagerFactory.init(Unknown Source)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(Unknown Source)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
... 7 more
原因是密码为空,但实际上参数中有“-Djava.net.ssl.keyStorePassword=123456”这个,密码不应该为空, 却报空, 目前不解。
但将java 之后两个参数写在程序中:
System.setProperty("javax.net.ssl.keyStore","sslkeystore");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");则正常运行。