java安全通信,JSSE 包中主要包括以下一些部分:
安全套接字(secure socket)和安全服务器端套接字
非阻塞式 SSL/TLS 数据处理引擎(SSLEngine)
套接字创建工厂 , 用来产生 SSL 套接字和服务器端套接字
套接字上下文 , 用来保存用于创建和数据引擎处理过程中的信息
符合 X.509 规范密码匙和安全管理接口
制作证书:
1. 创建一个服务器端keystore文件
keytool-genkey-v-aliasserver-keyalg RSA-keystore c:\server.jks-dname"CN=server,OU=nice,O=nice,L=BJ,ST=BJ,C=CN" -storepass12345678 -keypass12345678 -validity3650
2. 将客户端keystore文件导出成证书格式
keytool-export -aliasserver-keystore c:\server.jks-storepass12345678 -file c:\server.cer
3. 创建一个客户端keystore文件
keytool-genkey-v-aliasclient-keyalg RSA-keystore c:\client.jks-dname"CN=client,OU=nice,O=nice,L=BJ,ST=BJ,C=CN" -storepass12345678 -keypass12345678 -validity3650
4. 将服务器端keystore文件导出成证书格式
keytool-export -aliasclient-keystore c:\client.jks-storepass12345678 -file c:\client.cer
5. 将服务器端证书导入到客户端受信任的keystore中
keytool-import -aliasserver-file c:\server.cer-keystore c:\sslclienttrust-storepass12345678
6. 将客户端证书导入到服务器端受信任的keystore中
keytool-import -aliasclient-file c:\client.cer-keystore c:\sslservertrust-storepass12345678
7. 查看
keytool-list-keystore c:\sslservertrust-storepass12345678
keytool-list-keystore c:\sslclienttrust-storepass12345678
package ssl;
import java.io.*;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
public class SSLServer {
// 服务器端授权的用户名和密码
private static final String USER_NAME = "principal";
private static final String PASSWORD = "credential";
// 服务器端保密内容
private static final String SECRET_CONTENT = "This is confidential content from server X, for your eye!";
private SSLServerSocket serverSocket = null;
public SSLServer() throws Exception {
// 通过套接字工厂,获取一个服务器端套接字
SSLServerSocketFactory socketFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
serverSocket = (SSLServerSocket) socketFactory.createServerSocket(7443);
}
private void runServer() {
while (true) {
try {
System.out.println("Waiting for connection...");
// 服务器端套接字进入阻塞状态,等待来自客户端的连接请求
SSLSocket socket = (SSLSocket) serverSocket.accept();
// 获取服务器端套接字输入流
BufferedReader input = new BufferedReader(new InputStreamReader(socket.getInputStream()));
// 从输入流中读取客户端用户名和密码
String userName = input.readLine();
String password = input.readLine();
// 获取服务器端套接字输出流
PrintWriter output = new PrintWriter(new OutputStreamWriter(socket.getOutputStream()));
// 对请求进行认证,如果通过则将保密内容发送给客户端
if (userName.equals(USER_NAME) && password.equals(PASSWORD)) {
output.println("Welcome, " + userName);
output.println(SECRET_CONTENT);
} else {
output.println("Authentication failed, you have no access to server X...");
}
// 关闭流资源和套接字资源
output.close();
input.close();
socket.close();
} catch (IOException ioException) {
ioException.printStackTrace();
}
}
}
public static void main(String args[]) throws Exception {
System.setProperty("javax.net.ssl.keyStore","c:/server.jks");
System.setProperty("javax.net.ssl.keyStorePassword","12345678");
System.setProperty("javax.net.ssl.trustStore","c:/sslservertrust");
System.setProperty("javax.net.ssl.trustStorePassword","12345678");
SSLServer server = new SSLServer();
server.runServer();
}
}
package ssl;
import java.io.*;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class SSLClient {
private SSLSocket socket = null;
public SSLClient() throws IOException {
// 通过套接字工厂,获取一个客户端套接字
SSLSocketFactory socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
socket = (SSLSocket) socketFactory.createSocket("127.0.0.1", 7443);
}
public void connect() {
try {
// 获取客户端套接字输出流
PrintWriter output = new PrintWriter(new OutputStreamWriter(socket.getOutputStream()));
// 将用户名和密码通过输出流发送到服务器端
String userName = "principal";
output.println(userName);
String password = "credential";
output.println(password);
output.flush();
// 获取客户端套接字输入流
BufferedReader input = new BufferedReader(new InputStreamReader(socket.getInputStream()));
// 从输入流中读取服务器端传送的数据内容,并打印出来
String response = input.readLine();
response += "\n " + input.readLine();
System.out.println(response);
// 关闭流资源和套接字资源
output.close();
input.close();
socket.close();
} catch (IOException ioException) {
ioException.printStackTrace();
} finally {
System.exit(0);
}
}
public static void main(String args[]) throws IOException {
System.setProperty("javax.net.ssl.keyStore","c:/client.jks");
System.setProperty("javax.net.ssl.keyStorePassword","12345678");
System.setProperty("javax.net.ssl.trustStore","c:/sslclienttrust");
System.setProperty("javax.net.ssl.trustStorePassword","12345678");
new SSLClient().connect();
}
}