Java-JSSE-SSL/TLS编程代码实例-单向认证
来源:互联网 发布:java代码调用ant脚本 编辑:程序博客网 时间:2024/05/16 23:35
前一篇介绍了SSL/TLS双向认证的代码实例。
也可以选择使用单向认证,这种情况下client侧不需要提供证书。所以,
server侧只需要自己的keystore文件,不需要truststore文件
client侧不需要自己的keystore文件,只需要truststore文件(其中包含server的公钥)。
此外server侧需要在创建SSLServerSocket之后设定不需要客户端证书:setNeedClientAuth(false)
server代码
package learning.net.ssl;import java.io.BufferedReader;import java.io.FileInputStream;import java.io.IOException;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.Socket;import java.security.KeyStore;import java.security.cert.X509Certificate;import javax.net.ssl.HandshakeCompletedEvent;import javax.net.ssl.HandshakeCompletedListener;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLPeerUnverifiedException;import javax.net.ssl.SSLServerSocket;import javax.net.ssl.SSLServerSocketFactory;import javax.net.ssl.SSLSocket;public class CatServerNoClientAuth implements Runnable, HandshakeCompletedListener { public static final int SERVER_PORT = 11123; private final Socket _s; public CatServerNoClientAuth(Socket s) { _s = s; } public static void main(String[] args) throws Exception { String serverKeyStoreFile = "c:\\_tmp\\catserver.keystore"; String serverKeyStorePwd = "catserverks"; String catServerKeyPwd = "catserver"; KeyStore serverKeyStore = KeyStore.getInstance("JKS"); serverKeyStore.load(new FileInputStream(serverKeyStoreFile), serverKeyStorePwd.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(serverKeyStore, catServerKeyPwd.toCharArray()); SSLContext sslContext = SSLContext.getInstance("TLSv1"); sslContext.init(kmf.getKeyManagers(), null, null); SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(SERVER_PORT); sslServerSocket.setNeedClientAuth(false); while (true) { SSLSocket s = (SSLSocket)sslServerSocket.accept(); CatServerNoClientAuth cs = new CatServerNoClientAuth(s); s.addHandshakeCompletedListener(cs); new Thread(cs).start(); } } @Override public void run() { try { BufferedReader reader = new BufferedReader(new InputStreamReader(_s.getInputStream())); PrintWriter writer = new PrintWriter(_s.getOutputStream(), true); writer.println("Welcome~, enter exit to leave."); String s; while ((s = reader.readLine()) != null && !s.trim().equalsIgnoreCase("exit")) { writer.println("Echo: " + s); } writer.println("Bye~"); } catch (Exception e) { e.printStackTrace(); } finally { try { _s.close(); } catch (IOException e) { e.printStackTrace(); } } } @Override public void handshakeCompleted(HandshakeCompletedEvent event) { try { X509Certificate cert = (X509Certificate) event.getPeerCertificates()[0]; } catch (SSLPeerUnverifiedException ex) { System.out.println("handshakeCompleted, SSLPeerUnverified."); } }}
client代码
package learning.net.ssl;import java.io.BufferedReader;import java.io.FileInputStream;import java.io.IOException;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.Socket;import java.security.KeyStore;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLSocketFactory;import javax.net.ssl.TrustManagerFactory;public class FoxClientNoClientAuth { public static void main(String[] args) throws Exception { String clientTrustKeyStoreFile = "c:\\_tmp\\foxclienttrust.keystore"; String clientTrustKeyStorePwd = "foxclienttrustks"; KeyStore clientTrustKeyStore = KeyStore.getInstance("JKS"); clientTrustKeyStore.load(new FileInputStream(clientTrustKeyStoreFile), clientTrustKeyStorePwd.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(clientTrustKeyStore); SSLContext sslContext = SSLContext.getInstance("TLSv1"); sslContext.init(null, tmf.getTrustManagers(), null); SSLSocketFactory socketFactory = sslContext.getSocketFactory(); Socket socket = socketFactory.createSocket("localhost", CatServer.SERVER_PORT); PrintWriter out = new PrintWriter(socket.getOutputStream(), true); BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream())); send("hello", out); send("exit", out); receive(in); socket.close(); } public static void send(String s, PrintWriter out) throws IOException { System.out.println("Sending: " + s); out.println(s); } public static void receive(BufferedReader in) throws IOException { String s; while ((s = in.readLine()) != null) { System.out.println("Reveived: " + s); } }}
1 0
- Java-JSSE-SSL/TLS编程代码实例-单向认证
- Java-JSSE-SSL/TLS编程代码实例-双向认证
- Java-JSSE-SSL/TLS编程代码实例-双向认证
- Java-JSSE-SSL/TLS编程代码实例-双向认证
- SSL/TLS的Java实现--JSSE
- SSL/TLS的Java实现--JSSE
- SSL/TLS的Java实现--JSSE
- SSL/TLS单向认证实现(JAVA、TOMCAT)
- SSL/TLS单向双向认证原理
- Java中使用JSSE实现SSL/TLS安全协议
- SSL/TLS 单双向认证代码示例
- SSL单向认证Java实现 Tomcat篇
- 使用wireshark观察SSL/TLS握手过程--双向认证/单向认证
- 利用tomcat服务器配置https双向认证、https单向认证-ssl、tls
- HTTPS--使用wireshark观察SSL/TLS握手过程--双向认证/单向认证
- 使用wireshark观察SSL/TLS握手过程--双向认证/单向认证
- 利用tomcat服务器配置https双向认证、https单向认证-ssl、tls
- HTTPS--使用wireshark观察SSL/TLS握手过程--双向认证/单向认证
- 多个文件的链接详解
- 1-11-6 - 输出10000以内的可逆素数
- SQL中declare申明变量
- 链表知识点(十三)【判断两个链表是否相等】
- HTML/CSS慕课网学习笔记之标签
- Java-JSSE-SSL/TLS编程代码实例-单向认证
- poi excel报表生成的流程和例子
- 获取信息版本1
- 第11周项目1函数版字母图
- 数据仓库_OLAP
- 156 含n个元素的整数数组至少存在一个重复数,在 O(n)时间内找出其中任意一个重复数
- APACHE 2.2.8+TOMCAT6.0.14配置负载均衡
- XTEMPLATE介绍
- POJ3616 Milking Time 【DP】