<分区>
我一直在寻找 Java 中相互认证 SSL 的示例,其中没有像 weblogic/glassfish/tomcat/等中的“服务器” - 有这样的东西吗?
也请不要使用外部库,我希望只用以下内容:
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
最佳答案
你可以使用这样的东西(注意这是我做的教程学校项目,它不完整)
客户端
//load client private key
KeyStore clientKeys = KeyStore.getInstance("JKS");
clientKeys.load(new FileInputStream("proxyKeystore"),"password".toCharArray());
KeyManagerFactory clientKeyManager = KeyManagerFactory.getInstance("SunX509");
clientKeyManager.init(clientKeys,"password".toCharArray());
//load server public key
KeyStore serverPub = KeyStore.getInstance("JKS");
serverPub.load(new FileInputStream("proxyTrustedStore"),"password".toCharArray());
TrustManagerFactory trustManager = TrustManagerFactory.getInstance("SunX509");
trustManager.init(serverPub);
//use keys to create SSLSoket
SSLContext ssl = SSLContext.getInstance("TLS");
ssl.init(clientKeyManager.getKeyManagers(), trustManager.getTrustManagers(), SecureRandom.getInstance("SHA1PRNG"));
socket = (SSLSocket)ssl.getSocketFactory().createSocket("localhost", 8889);
socket.startHandshake();
服务器:
KeyStore serverKeys = KeyStore.getInstance("JKS");
serverKeys.load(new FileInputStream("authKeystore"),"password".toCharArray());
KeyManagerFactory serverKeyManager = KeyManagerFactory.getInstance("SunX509");
serverKeyManager.init(serverKeys,"password".toCharArray());
KeyStore clientPub = KeyStore.getInstance("JKS");
clientPub.load(new FileInputStream("authTrustedStore"),"password".toCharArray());
TrustManagerFactory trustManager = TrustManagerFactory.getInstance("SunX509");
trustManager.init(clientPub);
//use keys to create SSLSoket
SSLContext ssl = SSLContext.getInstance("TLS");
ssl.init(serverKeyManager.getKeyManagers(), trustManager.getTrustManagers(), SecureRandom.getInstance("SHA1PRNG"));
serverSock = (SSLServerSocket)ssl.getServerSocketFactory().createServerSocket(8889);
serverSock.setNeedClientAuth(true);
socket = (SSLSocket)serverSock.accept();
在开始握手和/或接受 serverSocket 连接之前,您可以从服务器和/或客户端请求证书。
关于没有 "server"的 Java 双向 SSL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24785858/