SSL介绍与Java实例
来源:互联网 发布:旅游好去处知乎 编辑:程序博客网 时间:2024/05/16 19:22
有关SSL的原理和介绍在网上已经有不少,对于Java下使用keytool生成证书,配置SSL通信的教程也非常多。但如果我们不能够亲自动手做一个SSL Sever和SSL Client,可能就永远也不能深入地理解Java环境下,SSL的通信是如何实现的。对SSL中的各种概念的认识也可能会仅限于可以使用的程度。本文通过构造一个简单的SSL Server和SSL Client来讲解Java环境下SSL的通信原理。
首先我们先回顾一下常规的Java Socket编程。在Java下写一个Socket服务器和客户端的例子还是比较简单的。以下是服务端的代码:
客户端也非常简单:向服务端发起请求,发送一个"hello"字串,然后获得服务端的返回。把服务端运行起来后,执行客户端,我们将得到"hello"的返回。
首先我们先回顾一下常规的Java Socket编程。在Java下写一个Socket服务器和客户端的例子还是比较简单的。以下是服务端的代码:
package org.bluedash.tryssl; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; import java.io.PrintWriter; import java.net.ServerSocket; import java.net.Socket; public class Server extends Thread { private Socket socket; public Server(Socket socket) { this.socket = socket; } public void run() { try { BufferedReader reader = new BufferedReader(new InputStreamReader(socket.getInputStream())); PrintWriter writer = new PrintWriter(socket.getOutputStream()); String data = reader.readLine(); writer.println(data); writer.close(); socket.close(); } catch (IOException e) { } } public static void main(String[] args) throws Exception { while (true) { new Server((new ServerSocket(8080)).accept()).start(); } } }
服务端很简单:侦听8080端口,并把客户端发来的字符串返回去。
下面是客户端的代码:
package org.bluedash.tryssl; import java.io.BufferedReader; import java.io.InputStreamReader; import java.io.PrintWriter; import java.net.Socket; public class Client { public static void main(String[] args) throws Exception { Socket s = new Socket("localhost", 8080); PrintWriter writer = new PrintWriter(s.getOutputStream()); BufferedReader reader = new BufferedReader(new InputStreamReader(s.getInputStream())); writer.println("hello"); writer.flush(); System.out.println(reader.readLine()); s.close(); } }
客户端也非常简单:向服务端发起请求,发送一个"hello"字串,然后获得服务端的返回。把服务端运行起来后,执行客户端,我们将得到"hello"的返回。
就是这样一套简单的网络通信的代码,我们来把它改造成使用SSL通信。在SSL通信协议中,我们都知道首先服务端必须有一个数字证书,当客户端连接到服务端时,会得到这个证书,然后客户端会判断这个证书是否是可信的,如果是,则交换信道加密密钥,进行通信。如果不信任这个证书,则连接失败。
改造后的服务端代码:
package org.bluedash.tryssl;import java.io.BufferedReader;import java.io.FileInputStream;import java.io.IOException;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.ServerSocket;import java.net.Socket;import java.security.KeyStore;import javax.net.ServerSocketFactory;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLServerSocket;public class SSLServer extends Thread {private Socket socket;public SSLServer(Socket socket) {this.socket = socket;}public void run() {try {BufferedReader reader = new BufferedReader(new InputStreamReader(socket.getInputStream()));PrintWriter writer = new PrintWriter(socket.getOutputStream());String data = reader.readLine();writer.println(data);writer.close();socket.close();} catch (IOException e) {}}private static String SERVER_KEY_STORE = "/Users/liweinan/projs/ssl/src/main/resources/META-INF/server_ks";private static String SERVER_KEY_STORE_PASSWORD = "123123";public static void main(String[] args) throws Exception {System.setProperty("javax.net.ssl.trustStore", SERVER_KEY_STORE);SSLContext context = SSLContext.getInstance("TLS");KeyStore ks = KeyStore.getInstance("jceks");ks.load(new FileInputStream(SERVER_KEY_STORE), null);KeyManagerFactory kf = KeyManagerFactory.getInstance("SunX509");kf.init(ks, SERVER_KEY_STORE_PASSWORD.toCharArray());context.init(kf.getKeyManagers(), null, null);ServerSocketFactory factory = context.getServerSocketFactory();ServerSocket _socket = factory.createServerSocket(8443);((SSLServerSocket) _socket).setNeedClientAuth(false);while (true) {new SSLServer(_socket.accept()).start();}}}
package org.bluedash.tryssl;import java.io.BufferedReader;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.Socket;import javax.net.SocketFactory;import javax.net.ssl.SSLSocketFactory;public class SSLClient {private static String CLIENT_KEY_STORE = "/Users/liweinan/projs/ssl/src/main/resources/META-INF/client_ks";public static void main(String[] args) throws Exception {// Set the key store to use for validating the server cert.System.setProperty("javax.net.ssl.trustStore", CLIENT_KEY_STORE);System.setProperty("javax.net.debug", "ssl,handshake");SSLClient client = new SSLClient();Socket s = client.clientWithoutCert();PrintWriter writer = new PrintWriter(s.getOutputStream());BufferedReader reader = new BufferedReader(new InputStreamReader(s.getInputStream()));writer.println("hello");writer.flush();System.out.println(reader.readLine());s.close();}private Socket clientWithoutCert() throws Exception {SocketFactory sf = SSLSocketFactory.getDefault();Socket s = sf.createSocket("localhost", 8443);return s;}}
双向认证的服务端代码:
很简单,只要在单向认证的服务端代码中改动这一句即可
((SSLServerSocket) _socket).setNeedClientAuth(true);
package org.bluedash.tryssl;import java.io.BufferedReader;import java.io.FileInputStream;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.Socket;import java.security.KeyStore;import javax.net.SocketFactory;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLSocketFactory;public class SSLClient {private static String CLIENT_KEY_STORE = "/Users/liweinan/projs/ssl/src/main/resources/META-INF/client_ks";private static String CLIENT_KEY_STORE_PASSWORD = "456456";public static void main(String[] args) throws Exception {// Set the key store to use for validating the server cert.System.setProperty("javax.net.ssl.trustStore", CLIENT_KEY_STORE);System.setProperty("javax.net.debug", "ssl,handshake");SSLClient client = new SSLClient();Socket s = client.clientWithCert();PrintWriter writer = new PrintWriter(s.getOutputStream());BufferedReader reader = new BufferedReader(new InputStreamReader(s.getInputStream()));writer.println("hello");writer.flush();System.out.println(reader.readLine());s.close();}private Socket clientWithCert() throws Exception {SSLContext context = SSLContext.getInstance("TLS");KeyStore ks = KeyStore.getInstance("jceks");ks.load(new FileInputStream(CLIENT_KEY_STORE), null);KeyManagerFactory kf = KeyManagerFactory.getInstance("SunX509");kf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray());context.init(kf.getKeyManagers(), null, null);SocketFactory factory = context.getSocketFactory();Socket s = factory.createSocket("localhost", 8443);return s;}}
本文转自:
http://www.iteye.com/topic/1125183
0 0
- SSL介绍与Java实例
- SSL介绍与JAVA实例
- SSL介绍与Java实例
- SSL介绍与Java实例
- SSL介绍与Java实例
- SSL介绍与Java实例
- SSL介绍与Java实例
- SSL介绍与Java实例
- Java Servlet 介绍与实例
- Java Servlet介绍与实例
- [转]SSL与OpenSSL介绍
- https、SSL与数字证书介绍
- HTTPS、SSL与数字证书介绍
- https、SSL与数字证书介绍
- 【编程语言-Java】ThreadPoolExecutor介绍与实例
- java网络编程介绍与实例
- JAVA反射实例详解与介绍
- SSL/TLS 协议简介与实例分析
- AndroidManfest.xml分析
- URIEncoding与useBodyEncodingForURI 在tomcat中文乱码处理上的区别
- HDU3160 Rooks
- 友坚科技4412开发板Linux平台下UT4412BV03裸机开发指南(十二)查询方式检测按键
- MAC下SVNX的使用
- SSL介绍与Java实例
- 2个比较经典的PHP加密解密函数分享
- abap 指针使用的一个小例子
- IOS ui基础 uibutton
- 关于后盾网yii框架的学习小结(6)--数据库连接配置与模型定义与后台登陆验
- python3.4 + Django1.7.7 表单的一些问题
- 趣味导学Python——类与对象(一)
- cocos2dx 学习笔记
- php与memcached服务器交互的分布式实现源码分析