java自定义证书管理器

package com.xiuye.security.keymanager;import java.net.Socket;import java.security.KeyStore;import java.security.KeyStoreException;import java.security.NoSuchAlgorithmException;import java.security.Principal;import java.security.PrivateKey;import java.security.UnrecoverableKeyException;import java.security.cert.Certificate;import java.security.cert.X509Certificate;import javax.net.ssl.X509KeyManager;public class UserDefinedSSLKeyManager implements X509KeyManager{private String m_alias;private KeyStore m_keystore;private char []m_storepass;private char []m_keypass;private String m_type;private String m_issuer;public UserDefinedSSLKeyManager(KeyStore keyStore,String s,char []storepass,char []keypass) {this.m_keystore = keyStore;this.m_alias = s;this.m_storepass = storepass;this.m_keypass = keypass;try {Certificate c = keyStore.getCertificate(s);this.m_type = c.getPublicKey().getAlgorithm();System.out.println("m_type := "+m_type);this.m_issuer = ((X509Certificate)c).getIssuerX500Principal().getName();System.out.println("m_issuer := " + this.m_issuer);} catch (KeyStoreException e) {e.printStackTrace();}}@Overridepublic String chooseClientAlias(String[] keyType, Principal[] issuers,Socket socket) {if(this.m_type == null){return null;}int i;for(i = 0;i< keyType.length;i++){if(m_type.equals(keyType[i])){i = -1;break;}}if(i != -1){return null;}if(issuers == null){return m_alias;}for(i=0;i<issuers.length;i++){if(m_issuer.equals(issuers.equals(issuers[i].getName()))){return m_alias;}}return null;}@Overridepublic String chooseServerAlias(String keyType, Principal[] issuers,Socket socket) {return this.chooseClientAlias(new String[]{keyType}, issuers, socket);}@Overridepublic X509Certificate[] getCertificateChain(String alias) {try {Certificate []c = m_keystore.getCertificateChain(alias);System.out.println("chain := "+c.length);if(c == null){return null;}if(c.length == 0){return null;}X509Certificate []xc = new X509Certificate[c.length];System.arraycopy(c, 0, xc, 0, c.length);return xc;} catch (KeyStoreException e) {e.printStackTrace();}return null;}@Overridepublic String[] getClientAliases(String keyType, Principal[] issuers) {String []s;String alias = this.chooseServerAlias(keyType, issuers, null);if(alias == null){return null;}else{s = new String[1];s[0] = alias;}return s;}@Overridepublic PrivateKey getPrivateKey(String alias) {try {return ((PrivateKey)m_keystore.getKey(alias, m_keypass));} catch (UnrecoverableKeyException e) {e.printStackTrace();} catch (KeyStoreException e) {e.printStackTrace();} catch (NoSuchAlgorithmException e) {e.printStackTrace();}return null;}@Overridepublic String[] getServerAliases(String keyType, Principal[] issuers) {return getClientAliases(keyType, issuers);}}

package com.xiuye.security.keymanager.factory;import java.security.InvalidAlgorithmParameterException;import java.security.KeyStore;import java.security.KeyStoreException;import java.security.NoSuchAlgorithmException;import java.security.UnrecoverableKeyException;import javax.net.ssl.KeyManager;import javax.net.ssl.KeyManagerFactorySpi;import javax.net.ssl.ManagerFactoryParameters;import com.xiuye.security.keymanager.UserDefinedSSLKeyManager;public class UserDefinedSSLKeyManagerFactory extends KeyManagerFactorySpi{private String m_alias;private KeyStore m_keystore;private char []m_storepass;private char []m_keypass;public UserDefinedSSLKeyManagerFactory() {this.m_alias = System.getProperty("Self.alias");this.m_keypass = System.getProperty("Self.keypass").toCharArray();}public UserDefinedSSLKeyManagerFactory(String alias,char []keypass){this.m_alias = alias;this.m_keypass = keypass;}@Overrideprotected KeyManager[] engineGetKeyManagers() {UserDefinedSSLKeyManager []managers = new UserDefinedSSLKeyManager[1];managers[0] = new UserDefinedSSLKeyManager(this.m_keystore,this.m_alias,this.m_storepass,this.m_keypass);return managers;}@Overrideprotected void engineInit(ManagerFactoryParameters arg0)throws InvalidAlgorithmParameterException {}@Overrideprotected void engineInit(KeyStore ks, char[] password)throws KeyStoreException, NoSuchAlgorithmException,UnrecoverableKeyException {this.m_keystore = ks;this.m_storepass = password;}}

package com.xiuye.security.keymanager.provider;import java.security.Provider;public class UserDefinedSSLKeyManagerFactoryProvider extends Provider{/** *  */private static final long serialVersionUID = 7189087537286747050L;public UserDefinedSSLKeyManagerFactoryProvider(String name,double version, String info) {super(name, version, info);}public UserDefinedSSLKeyManagerFactoryProvider(){super("Self",1,"Self Provider 1.1");this.put("KeyManagerFactory.Self", "com.xiuye.security.keymanager.factory.UserDefinedSSLKeyManagerFactory");}}

package com.xiuye.socket;import java.io.BufferedReader;import java.io.FileInputStream;import java.io.FileNotFoundException;import java.io.IOException;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.InetAddress;import java.net.Socket;import java.security.KeyManagementException;import java.security.KeyStore;import java.security.KeyStoreException;import java.security.NoSuchAlgorithmException;import java.security.Security;import java.security.UnrecoverableKeyException;import java.security.cert.CertificateException;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLServerSocket;import javax.net.ssl.SSLServerSocketFactory;import com.xiuye.security.keymanager.provider.UserDefinedSSLKeyManagerFactoryProvider;public class UserDefinedSSLServerSocket {public UserDefinedSSLServerSocket() throws NoSuchAlgorithmException,KeyStoreException, CertificateException, FileNotFoundException,IOException, UnrecoverableKeyException, KeyManagementException {System.setProperty("Self.alias", "xiuye");System.setProperty("Self.keypass", "123456");Security.addProvider(new UserDefinedSSLKeyManagerFactoryProvider());SSLContext sc = SSLContext.getInstance("SSL");KeyStore ks = KeyStore.getInstance("JKS");char password[] = "123456".toCharArray();ks.load(new FileInputStream("xiuye.keystore"), password);KeyManagerFactory factory = KeyManagerFactory.getInstance("Self");factory.init(ks, password);sc.init(factory.getKeyManagers(), null, null);SSLServerSocketFactory ssf = sc.getServerSocketFactory();SSLServerSocket server = (SSLServerSocket) ssf.createServerSocket(8888);int i = 0;while (true) {System.out.println("[" + (++i) + "]: 等待来自客户端的连接......");Socket s = server.accept();PrintWriter pw = new PrintWriter(s.getOutputStream());InetAddress sa = s.getInetAddress();InetAddress ca = s.getLocalAddress();System.out.println("服务器端向客户端发送发送信息:");String str;str = "来自" + ca.getHostAddress() + "(" + s.getLocalPort() + ")向"+ sa.getHostAddress() + "(" + s.getPort() + ")发出问候.";System.out.println(str);pw.println(str);pw.flush();System.out.println("服务器端接收到客户端信息:");BufferedReader br = new BufferedReader(new InputStreamReader(s.getInputStream()));str = br.readLine();System.out.println(str);br.close();pw.close();s.close();}}}

package com.xiuye.socket;import java.io.BufferedReader;import java.io.IOException;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.InetAddress;import java.net.Socket;import java.net.UnknownHostException;import javax.net.ssl.SSLSocketFactory;public class UserDefinedClientSocket {public UserDefinedClientSocket() throws UnknownHostException, IOException {System.setProperty("javax.net.ssl.trustStore", "trust.keystore");SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();Socket s = factory.createSocket("localhost", 8888);InetAddress sa = s.getInetAddress();InetAddress ca = s.getLocalAddress();System.out.println("客户端收到服务器端消息:");BufferedReader br = new BufferedReader(new InputStreamReader(s.getInputStream()));String str = br.readLine();System.out.println(str);System.out.println("客户端向服务器端发送消息:");PrintWriter pw = new PrintWriter(s.getOutputStream());str = "客户端"+ca.getHostAddress()+ "("+s.getLocalPort()+")应答服务器"+sa.getHostAddress()+"("+s.getPort()+").";System.out.println(str);pw.println(str);pw.flush();pw.close();br.close();s.close();}}

package com.xiuye.test;import java.io.FileNotFoundException;import java.io.IOException;import java.security.KeyManagementException;import java.security.KeyStoreException;import java.security.NoSuchAlgorithmException;import java.security.UnrecoverableKeyException;import java.security.cert.CertificateException;import com.xiuye.socket.UserDefinedSSLServerSocket;public class SSLTestMain {public static void main(String[] args) {try {UserDefinedSSLServerSocket server = new UserDefinedSSLServerSocket();} catch (UnrecoverableKeyException e) {e.printStackTrace();} catch (KeyManagementException e) {e.printStackTrace();} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (KeyStoreException e) {e.printStackTrace();} catch (CertificateException e) {e.printStackTrace();} catch (FileNotFoundException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();}}}

package com.xiuye.test;import java.io.IOException;import java.net.UnknownHostException;import com.xiuye.socket.UserDefinedClientSocket;public class Client {public static void main(String[] args) {try {UserDefinedClientSocket client = new UserDefinedClientSocket();} catch (UnknownHostException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();}}}

m_type := DSAm_issuer := CN=xiuye,OU=xiuye,O=xiuye,L=xiuye,ST=xiuye,C=xiuye[1]: 等待来自客户端的连接......chain := 1服务器端向客户端发送发送信息:来自127.0.0.1(8888)向127.0.0.1(38899)发出问候.chain := 1服务器端接收到客户端信息:客户端127.0.0.1(38899)应答服务器127.0.0.1(8888).[2]: 等待来自客户端的连接......服务器端向客户端发送发送信息:来自127.0.0.1(8888)向127.0.0.1(38981)发出问候.chain := 1服务器端接收到客户端信息:客户端127.0.0.1(38981)应答服务器127.0.0.1(8888).[3]: 等待来自客户端的连接......服务器端向客户端发送发送信息:来自127.0.0.1(8888)向127.0.0.1(38993)发出问候.chain := 1服务器端接收到客户端信息:客户端127.0.0.1(38993)应答服务器127.0.0.1(8888).[4]: 等待来自客户端的连接......服务器端向客户端发送发送信息:来自127.0.0.1(8888)向127.0.0.1(39001)发出问候.chain := 1服务器端接收到客户端信息:客户端127.0.0.1(39001)应答服务器127.0.0.1(8888).[5]: 等待来自客户端的连接......服务器端向客户端发送发送信息:来自127.0.0.1(8888)向127.0.0.1(39002)发出问候.chain := 1服务器端接收到客户端信息:客户端127.0.0.1(39002)应答服务器127.0.0.1(8888).[6]: 等待来自客户端的连接......

客户端收到服务器端消息:来自127.0.0.1(8888)向127.0.0.1(39002)发出问候.客户端向服务器端发送消息:客户端127.0.0.1(39002)应答服务器127.0.0.1(8888).