生成ssl证书请参考如下:
http://blog.csdn.net/u014410763/article/details/50555902
参考文章:
https://yq.aliyun.com/articles/40408
客户端私钥与证书导出(java需要特定格式)
openssl pkcs12 -
export
-clcerts -name foobar
-inkey
client.key
-
in
client
.crt -out
client
.keystore
服务器端私钥与证书导出
openssl pkcs12 -
export
-clcerts -name foobar
-inkey
server.key
-
in
server
.crt -out
server
.keystore
keytool -importcert -trustcacerts -
alias foobar
-
file
ca
.crt
-keystore
ca-trust
.keystore
注意代码中的密码,可能你设置的各个证书的不同
服务器端代码
package online.geekgalaxy.test;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManagerFactory;
public class sslServer {
private SSLServerSocket sslServerSocket;
public static void main(String[] args) throws Exception {
sslServer server = new sslServer();
server.init();
System.out.println("SSLServer initialized.");
server.process();
}
//服务器端将要使用到server.keystore和ca-trust.keystore
private void init() throws Exception {
int port = 1234;
String keystorePath = "certs/server.keystore";
String trustKeystorePath = "certs/ca-trust.keystore";
String keystorePassword = "";
String caPassword = "111111";
SSLContext context = SSLContext.getInstance("SSL");
//客户端证书库
KeyStore keystore = KeyStore.getInstance("pkcs12");
FileInputStream keystoreFis = new FileInputStream(keystorePath);
keystore.load(keystoreFis, keystorePassword.toCharArray());
//信任证书库
KeyStore trustKeystore = KeyStore.getInstance("jks");
FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath);
trustKeystore.load(trustKeystoreFis, caPassword.toCharArray());
//密钥库
KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");
kmf.init(keystore, keystorePassword.toCharArray());
//信任库
TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509");
tmf.init(trustKeystore);
//初始化SSL上下文
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
//初始化SSLSocket
sslServerSocket = (SSLServerSocket)context.getServerSocketFactory().createServerSocket(port);
//设置这个SSLServerSocket需要授权的客户端访问
sslServerSocket.setNeedClientAuth(true);
}
private void process() throws Exception {
String bye = "Bye!";
byte[] buffer = new byte[50];
while(true) {
Socket socket = sslServerSocket.accept();
InputStream in = socket.getInputStream();
in.read(buffer);
System.out.println("Received: " + new String(buffer));
OutputStream out = socket.getOutputStream();
out.write(bye.getBytes());
out.flush();
}
}
}
客户端代码
package online.geekgalaxy.test;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
public class sslClient {
private SSLSocket sslSocket;
public static void main(String[] args) throws Exception {
sslClient client = new sslClient();
client.init();
System.out.println("SSLClient initialized.");
client.process();
}
//客户端将要使用到client.keystore和ca-trust.keystore
private void init() throws Exception {
String host = "127.0.0.1";
int port = 1234;
String keystorePath = "certs/client.keystore";
String trustKeystorePath = "certs/ca-trust.keystore";
String keystorePassword = "";
String caPassword = "111111";
SSLContext context = SSLContext.getInstance("SSL");
//客户端证书库
KeyStore clientKeystore = KeyStore.getInstance("pkcs12");
FileInputStream keystoreFis = new FileInputStream(keystorePath);
clientKeystore.load(keystoreFis, keystorePassword.toCharArray());
//信任证书库
KeyStore trustKeystore = KeyStore.getInstance("jks");
FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath);
trustKeystore.load(trustKeystoreFis, caPassword.toCharArray());
//密钥库
KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");
kmf.init(clientKeystore, keystorePassword.toCharArray());
//信任库
TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509");
tmf.init(trustKeystore);
//初始化SSL上下文
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
sslSocket = (SSLSocket)context.getSocketFactory().createSocket(host, port);
}
private void process() throws Exception {
//往SSLSocket中写入数据
String hello = "hello boy!";
OutputStream out = sslSocket.getOutputStream();
out.write(hello.getBytes(), 0, hello.getBytes().length);
out.flush();
//从SSLSocket中读取数据
InputStream in = sslSocket.getInputStream();
byte[] buffer = new byte[50];
in.read(buffer);
System.out.println(new String(buffer));
}
}
