java SSLSocket使用
1. 什么是Https,SSL, TLS
Https全称是Hypertext Transfer Protocol over Secure Socket Layer即基于SSL(Secure Socket Layer)的Http协议,也就是http的安全版本。
SSL(Secure Socket Layer)即安全套接层
TLS(Transport Layer Security)即传输层安全协议
Https协议在http协议与TCP协议增加一层安全层,所有请求和响应数据在经过网络传之前,都会先进行加密,然后进行传输,防止数据在网络传输过程被拦截。
2.什么是SSLSocket
JDK文档指出,SSLSocket扩展Socket并提供使用SSL或TLS协议的安全套接字。
这种套接字是正常的流套接字,但是它们在基础网络传输协议(如TCP)上添加了安全保护层。
3.生成服务端、客户端以及信任证书
参考http://szlxh002.iteye.comhttp://blog.csdn.net/blog/2277307
4.SSLSocket相关类
(1)SSLContext: 此类的实例表示安全套接字协议的实现, 它是SSLSocketFactory、SSLServerSocketFactory和SSLEngine的工厂。
(2)SSLSocket: 扩展自Socket
(3)SSLServerSocket: 扩展自ServerSocket
(4)SSLSocketFactory: 抽象类,扩展自SocketFactory, SSLSocket的工厂
(5)SSLServerSocketFactory: 抽象类,扩展自ServerSocketFactory, SSLServerSocket的工厂
(6)KeyStore: 表示密钥和证书的存储设施
(7)KeyManager: 接口,JSSE密钥管理器
(8)TrustManager: 接口,信任管理器(?翻译得很拗口)
(9)X590TrustedManager: TrustManager的子接口,管理X509证书,验证远程安全套接字
5.Java例子
(1)SSLSocketClient
package com.ssl; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManagerFactory; import java.io.FileInputStream; import java.io.InputStream; import java.io.OutputStream; import java.security.KeyStore; /** * Created by xiaohong on 2016/2/19. */ public class SSLSocketClient { private SSLSocket sslSocket; //初始化 public void init() throws Exception { String host = "127.0.0.1"; int port = 1234; //包含客户端的私钥和服务端信任的证书 String keystorePath = "d:\\keystore\\client.p12"; String trustKeystorePath = "d:\\keystore\\ca-trust.p12"; String keystorePassword = "12345678"; SSLContext sslContext = SSLContext.getInstance("SSL"); //密钥库 KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509"); //信任库 TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509"); KeyStore keyStroe = KeyStore.getInstance("pkcs12"); KeyStore trustKeyStore = KeyStore.getInstance("jks"); FileInputStream keystoreFis = new FileInputStream(keystorePath); keyStroe.load(keystoreFis, keystorePassword.toCharArray()); FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath); trustKeyStore.load(trustKeystoreFis, keystorePassword.toCharArray()); kmf.init(keyStroe,keystorePassword.toCharArray()); tmf.init(trustKeyStore); //上下文初始化 sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null); sslSocket = (SSLSocket)sslContext.getSocketFactory().createSocket(host,port); } //通信 private void process() throws Exception{ String hello = "Hello lai"; OutputStream output = sslSocket.getOutputStream(); output.write(hello.getBytes(),0,hello.getBytes().length); output.flush(); byte[] inputBytes = new byte[20]; InputStream input = sslSocket.getInputStream(); input.read(inputBytes); System.out.println("From server:" + new String(inputBytes)); } public static void main(String[] args) throws Exception{ SSLSocketClient client = new SSLSocketClient(); client.init(); client.process(); } }
(2)SSLSocketServer
package com.ssl; import javax.net.ssl.*; import java.io.FileInputStream; import java.io.InputStream; import java.io.OutputStream; import java.net.Socket; import java.security.KeyStore; /** * Created by xiaohong on 2016/2/19. */ public class SSLSocketServer { private SSLServerSocket sslServerSocket; //初始化 public void init() throws Exception { int port = 1234; //包含客户端的私钥和服务端信任的证书 String keystorePath = "d:\\keystore\\server.p12"; String trustKeystorePath = "d:\\keystore\\ca-trust.p12"; String keystorePassword = "12345678"; SSLContext sslContext = SSLContext.getInstance("SSL"); //密钥库 KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509"); //信任库 TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509"); KeyStore keyStroe = KeyStore.getInstance("pkcs12"); KeyStore trustKeyStore = KeyStore.getInstance("jks"); FileInputStream keystoreFis = new FileInputStream(keystorePath); keyStroe.load(keystoreFis, keystorePassword.toCharArray()); FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath); trustKeyStore.load(trustKeystoreFis, keystorePassword.toCharArray()); kmf.init(keyStroe,keystorePassword.toCharArray()); tmf.init(trustKeyStore); //上下文初始化 sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null); sslServerSocket = (SSLServerSocket)sslContext.getServerSocketFactory().createServerSocket(port); sslServerSocket.setNeedClientAuth(true); } //通信 private void process() throws Exception{ String bye = "bye bye"; System.out.println("Listen...."); Socket socket = sslServerSocket.accept(); byte[] inputBytes = new byte[20]; InputStream input = socket.getInputStream(); input.read(inputBytes); System.out.println("From client:" + new String(inputBytes)); OutputStream output = socket.getOutputStream(); output.write(bye.getBytes(),0,bye.getBytes().length); output.flush(); } public static void main(String[] args) throws Exception{ SSLSocketServer server = new SSLSocketServer(); server.init(); server.process(); } }
阅读更多
- Java SSLSocket的使用
- Java SSLSocket的使用
- Java SSLSocket的使用
- Java SSLSocket的使用
- Java SSLSocket的使用
- Java SSLSocket的使用
- 使用Java与Flex建立Socket连接(已解决沙箱问题)
- Java 不用三方包, 并且使用socket, 访问ftp, 并且将文件上传
- Java网络编程(13):使用Socket类接收和发送数据
- C#客户端与Java程序使用socket连接并通信的兼容问题
- java中socket的使用
- 求助!! android 上使用mina 出现java.net.SocketException: Too many open files
- Java使用Socket实现发送http头并获取响应
- JAVA中使用Socket实现自定义协议、无服务器即时通讯(类似飞秋)
- Java网络编程从入门到精通(15):为什么要使用SocketAddress来管理网络地址
- 在java中,使用域名进行socket通讯
- Java中使用Socket完成简单的远程计算(含粗糙界面和正则表达式判断数字类型)
- Java Socket 测试本机使用的端口
- Java网络编程从入门到精通(13):使用Socket类接收和发送数据
- java.net.SocketException: Broken pipe /Mysql在经过8小时不使用后会自动关闭已打开的连接