|
测试:
修改证书别名:
keytool -changealias -keystore server_first -alias ssl-server-a -destalias ssl-server-d
# 生成服务端证书
keytool -genkey -alias ssl-server-a -keyalg RSA -keysize 1024 -validity 365 -keystore ./server_first -dname "CN=server_first,OU=cn,O=cn,L=cn,ST=cn,C=cn" -storepass server -keypass 123456
keytool -genkey -alias ssl-server-b -keyalg RSA -keysize 1024 -validity 365 -keystore ./server_first -dname "CN=server_second,OU=cn,O=cn,L=cn,ST=cn,C=cn" -storepass server -keypass 123456
keytool -genkey -alias ssl-server-c -keyalg RSA -keysize 1024 -validity 365 -keystore ./server_first -dname "CN=server_third,OU=cn,O=cn,L=cn,ST=cn,C=cn" -storepass server -keypass 123456
keytool -genkey -alias ssl-server-second -keyalg RSA -keysize 1024 -validity 365 -keystore ./server_second -dname "CN=server_second,OU=cn,O=cn,L=cn,ST=cn,C=cn" -storepass server -keypass 123456
# 生成客户端证书
keytool -genkey -alias ssl-client-first -keyalg RSA -keysize 1024 -validity 365 -keystore ./client -dname "CN=client_first,OU=cn,O=cn,L=cn,ST=cn,C=cn" -storepass client -keypass 123456
# 导出服务端证书
keytool -export -alias ssl-server-a -keystore ./server_first -file server_a.cer
keytool -export -alias ssl-server-b -keystore ./server_first -file server_b.cer
keytool -export -alias ssl-server-c -keystore ./server_first -file server_c.cer
keytool -export -alias ssl-server-second -keystore ./server_second -file server_second.cer
# 将服务端的信任证书导入到客户端
keytool -import -trustcacerts -alias ssl-server-a -file ./server_a.cer -keystore client
keytool -import -trustcacerts -alias ssl-server-b -file ./server_b.cer -keystore client
keytool -import -trustcacerts -alias ssl-server-c -file ./server_c.cer -keystore client
keytool -import -trustcacerts -alias ssl-server-second -file ./server_second.cer -keystore client
keytool -import -trustcacerts -alias ssl-server-second -file ./server_second.cer -keystore client
# 导出客户端证书
keytool -export -alias ssl-demo-client -keystore ./client -file client.cer
# 将客户端证书导入到服务器端
keytool -import -trustcacerts -alias ssl-demo-client -file ./client.cer -keystore server
?
服务端:
import java.io.*;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import java.util.Scanner;
import javax.net.ServerSocketFactory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
public class SSLServer {
private static boolean isOver = false;
/**
* 服务器端证书位置
*/
private static String SERVER_KEY_STORE = "D:\\IntelliJ IDEA\\Projects\\SSLCert\\SslCert\\server_first";
/**
* 服务器端证书密码
*/
private static String SERVER_KEY_STORE_PASSWORD = "123456";
/**
* 套接字
*/
private static Socket socket;
public static void main(String[] args) throws Exception {
// System.out.println("是否用默认证书?");
// Scanner scanner = new Scanner(System.in);
// String isDefault = scanner.next();
// if(isDefault.equals("yes")) {
// System.out.println("证书为:" + SERVER_KEY_STORE);
// } else {
System.out.println("请输入证书:");
Scanner scanner = new Scanner(System.in);
SERVER_KEY_STORE = scanner.next();
System.out.println("证书为:" + SERVER_KEY_STORE);
// }
while (true) {
SSLServerSocket sslServerSocket = createSSLServerSocket();
/**
* 服务端获取连接
*/
socket = sslServerSocket.accept();
messageHandle();
if (isOver) {
socket.close();
sslServerSocket.close();
break;
}
socket.close();
sslServerSocket.close();
}
}
/**
* 客户端信息处理
*/
public static void messageHandle() {
/**
* 字节输入流
*/
InputStream inputStream = null;
/**
* 字符输入流
*/
InputStreamReader inputStreamReader = null;
/**
* 缓冲区
*/
BufferedReader bufferedReader = null;
/**
* 字节输出流
*/
OutputStream outputStream = null;
/**
* 文本输出流
*/
PrintWriter printWriter = null;
try {
/**
* 获取连接字节输入流
*/
inputStream = socket.getInputStream();
/**
* 将输字节输入流转换为字符输入流
*/
inputStreamReader = new InputStreamReader(inputStream);
/**
* 将字符输入流的数据写到缓冲区
*/
bufferedReader = new BufferedReader(inputStreamReader);
/**
* 获取连接字节输出流
*/
outputStream = socket.getOutputStream();
/**
* 将字节输出流转化为文本输出流
*/
printWriter = new PrintWriter(outputStream);
/**
* 读取客户端发送来的数据
*/
String data = bufferedReader.readLine();
System.out.println("客户端消息:" + data);
/**
* 向客户端返回消息
*/
printWriter.println("你好,客户端,我已经接收到你发送的消息!");
/**
* 刷新流
*/
printWriter.flush();
if (data.equals("exit")) {
isOver = true;
}
} catch (IOException e) {
e.printStackTrace();
}
}
/**
* 创建SSL协议服务端Socket
*
* @return
* @throws Exception
*/
public static SSLServerSocket createSSLServerSocket() throws Exception {
/**
* SSL请求信托证书仓库注册
*/
System.setProperty("javax.net.ssl.trustStore", SERVER_KEY_STORE);
/**
* 获取指定类型(jceks)的密钥存储库实例
*/
KeyStore keyStore = KeyStore.getInstance("jceks");
/**
* 读取服务端证书
*/
FileInputStream fileInputStream = new FileInputStream(SERVER_KEY_STORE);
/**
* 加载服务端证书到密钥存储库
*/
keyStore.load(fileInputStream, null);
/**
* 获取密钥管理仓库实例
*/
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
/**
* 初始化密钥管理仓库
*/
keyManagerFactory.init(keyStore, SERVER_KEY_STORE_PASSWORD.toCharArray());
/**
* 获取协议为“TLS”的SSL上下文实例
*/
SSLContext sslContext = SSLContext.getInstance("TLS");
/**
* 获取密钥管理仓库中所有的密钥管理器
*/
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
/**
* 初始化SSL上下文
*/
sslContext.init(keyManagers, null, null);
/**
* 通过SSL上下文获取ServerSocket工厂
*/
ServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
/**
* 创建一个服务端,端口为6789
*/
ServerSocket serverSocket = serverSocketFactory.createServerSocket(6789);
/**
* 服务端向下转换为SSL协议的服务端
*/
SSLServerSocket sslServerSocket = (SSLServerSocket) serverSocket;
/**
* 设置是否需要客户端验证
* true:需要验证客户端
* false:不需要验证客户端
*/
sslServerSocket.setNeedClientAuth(false);
/**
* 返回
*/
return sslServerSocket;
}
}
客户端:
import java.io.*;
import java.net.Socket;
import java.util.Scanner;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSocketFactory;
public class SSLClient {
/**
* 客户端证书地址
*/
private static String CLIENT_KEY_STORE = "D:\\IntelliJ IDEA\\Projects\\SSLCert\\SslCert\\client";
public static void main(String[] args) throws Exception {
while (true) {
System.out.println("请输入要传输的数据:");
Scanner scanner = new Scanner(System.in);
String sendData = scanner.next();
/**
* SSL请求信托证书仓库注册
*/
System.setProperty("javax.net.ssl.trustStore", CLIENT_KEY_STORE);
/**
* 获取Socket工厂
*/
SocketFactory socketFactory = SSLSocketFactory.getDefault();
/**
* 创建Socket
*/
Socket socket = socketFactory.createSocket("localhost", 6789);
/**
* 获取连接输出流
*/
OutputStream outputStream = socket.getOutputStream();
/**
* 将字节输出流转化为文本输出流
*/
PrintWriter writer = new PrintWriter(outputStream);
/**
* 获取连接字节输入流
*/
InputStream inputStream = socket.getInputStream();
/**
* 将输字节输入流转换为字符输入流
*/
InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
/**
* 将字符输入流的数据写到缓冲区
*/
BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
/**
* 向服务器发送信息
*/
writer.println(sendData);
/**
* 刷新流
*/
writer.flush();
/**
* 获取服务器返回的信息
*/
String data = bufferedReader.readLine();
System.out.println(data);
/**
* 关闭连接
*/
socket.close();
if (sendData.equals("exit")) {
return;
}
}
}
}
|