java安全套接层SSL示例

1.建立密钥库：

keytool -genkey -v -keyalg RSA -alias test -keystore sslkeystore
其中；－keyalg RSA表示密钥算法RSA，-alias test 表示别名test，-keystore sslkeystore 表示密钥库名为sslkeystore

2. 制作 证书文件：制作证书是从密钥库输出特定别名的证书，保存到证书文件test.cer中。

keytool -export -alias test -file test.cer -keystore sslkeystore

3.将证书文件test.cer导入自己的密钥库test:

keytool -import -alias test -file test.cer -keystore test

4.SSL服务端程序：

SSLServerExample.java

package com.cjq.save;

import java.io.IOException;
import java.io.PrintWriter;
import java.net.ServerSocket;
import java.net.Socket;

import javax.net.ssl.SSLServerSocketFactory;

//SSL服务器端程序
public class SSLServerExample {

public static void main(String[] args) throws IOException{
System.setProperty("javax.net.ssl.keyStore","sslkeystore");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");
//创建SSLServerSocketFactory类对象。利用getDefault()方法建立一个强制转换成的SSLServerSocketFactory类对象
SSLServerSocketFactory sslsf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
//建立服务器套接口ServerSocket类对象，其端口8080
ServerSocket ss = sslsf.createServerSocket(8080);
System.out.println("Waiting for connection...");

while(true){
Socket  s= ss.accept();
System.out.println("Client connection made");
//
PrintWriter out = new PrintWriter(s.getOutputStream());
out.println("HI");
System.out.println("HI is sent to client");

out.close();
s.close();
}
}

}

5.SSL客户端程序：

SSLClientExample.java:

package com.cjq.save;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.Socket;

import javax.net.ssl.SSLSocketFactory;

//SSL客户端程序
public class SSLClientExample {

public static void main(String[] args) throws IOException{
//
System.setProperty("javax.net.ssl.trustStore", "test");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");
SSLSocketFactory sslsf = (SSLSocketFactory)SSLSocketFactory.getDefault();

Socket s = sslsf.createSocket("127.0.0.1",8080);
System.out.println("the connection is ok");

BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));

System.out.println(in.readLine());

in.close();
s.close();

System.out.println("the connection is close");
}

}

6.运行程序：

cmd窗口运行，且程序中System.setProperty(..,...)的代码是不存在的时候：

java -Djavax.net.ssl.keyStore=sslkeystore -Djava.net.ssl.keyStorePassword=123456 SSLClientExample

则会出现错误：

Exception in thread "main" java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at javax.net.ssl.DefaultSSLServerSocketFactory.throwException(Unknown Source)
at javax.net.ssl.DefaultSSLServerSocketFactory.createServerSocket(Unknown Source)
at com.cjq.save.SSLServerExample.main(SSLServerExample.java:16)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at javax.net.ssl.SSLContext.getInstance(Unknown Source)
at javax.net.ssl.SSLContext.getDefault(Unknown Source)
at javax.net.ssl.SSLServerSocketFactory.getDefault(Unknown Source)
at com.cjq.save.SSLServerExample.main(SSLServerExample.java:14)
Caused by: java.security.UnrecoverableKeyException: Password must not be null
at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(Unknown Source)
at java.security.KeyStore.getKey(Unknown Source)
at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(Unknown Source)
at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(Unknown Source)
at javax.net.ssl.KeyManagerFactory.init(Unknown Source)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(Unknown Source)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
... 7 more

原因是密码为空，但实际上参数中有“-Djava.net.ssl.keyStorePassword=123456”这个，密码不应该为空， 却报空， 目前不解。

但将java 之后两个参数写在程序中：

System.setProperty("javax.net.ssl.keyStore","sslkeystore");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");

则正常运行。