系统要求
1. Windows系统、Linux系统、Mac系统
2. JDK7及以上
3. JDK使用无限制的安全策略文件
服务端核心代码
Security.addProvider(new DoubleCA());
Security.addProvider(dcsse);
// 密钥管理器
KeyStore sm2ServerKeyStore = KeyStore.getInstance("DCKS");// 证书库格式
sm2ServerKeyStore.load(new FileInputStream("resources/server.dcks"), "DoubleCA".toCharArray());// 加载密钥库
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509", DoubleCASSE.PROVIDER_NAME);// 证书格式
kmf.init(sm2ServerKeyStore, "DoubleCA".toCharArray());// 加载密钥储存器
// 信任管理器
KeyStore sm2TrustServerKeyStore = KeyStore.getInstance("DCKS");
sm2TrustServerKeyStore.load(new FileInputStream("resources/server.dcks"), "DoubleCA".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509", DoubleCASSE.PROVIDER_NAME);
tmf.init(sm2TrustServerKeyStore);
// SSL上下文设置
SSLContext sslContext = SSLContext.getInstance("GMSSLv1.1", DoubleCASSE.PROVIDER_NAME);
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
// SSLServerSocket
SSLServerSocketFactory serverFactory = sslContext.getServerSocketFactory();
// 端口号:34567
SSLServerSocket svrSocket = (SSLServerSocket) serverFactory.createServerSocket(34567);
svrSocket.setNeedClientAuth(true);//客户端模式,服务端需要验证客户端身份
String[] supported = svrSocket.getEnabledCipherSuites();// 加密套件
svrSocket.setEnabledCipherSuites(supported);
System.out.println("启用的加密套件: " + Arrays.asList(supported));
// 接收消息
System.out.println("端口已打开,准备接受信息");
SSLSocket cntSocket = (SSLSocket) svrSocket.accept();// 开始接收
Certificate[] clientCerts = cntSocket.getSession().getPeerCertificates();
System.out.println("客户端身份信息:");
for (int i = 0; i < clientCerts.length; i++)
{
System.out.println(((X509Certificate)clientCerts[i]).getSubjectDN().getName());
}
InputStream in = cntSocket.getInputStream();// 输入流
byte[] buffer = new byte[1024];
int a = in.read(buffer);
// 循环检查是否有消息到达
System.out.println("来自于客户端:");
while (a > 0)
{
System.out.print(new String(buffer).trim());
buffer = new byte[1024];
a = in.read(buffer);
}
svrSocket.close();
客户端核心代码
Security.addProvider(new DoubleCA());
Security.addProvider(dcsse);
// 密钥管理器
KeyStore sm2ClientKeyStore = KeyStore.getInstance("DCKS");
sm2ClientKeyStore.load(new FileInputStream("resources/client.dcks"), "DoubleCA".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509", DoubleCASSE.PROVIDER_NAME);
kmf.init(sm2ClientKeyStore, "DoubleCA".toCharArray());
// 信任管理器
KeyStore sm2TrustKeyStore = KeyStore.getInstance("DCKS");
sm2TrustKeyStore.load(new FileInputStream("resources/client.dcks"), "DoubleCA".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509", DoubleCASSE.PROVIDER_NAME);
tmf.init(sm2TrustKeyStore);
// SSL上下文
SSLContext sslContext = SSLContext.getInstance("GMSSLv1.1", DoubleCASSE.PROVIDER_NAME);
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLSocketFactory sslcntFactory = (SSLSocketFactory) sslContext.getSocketFactory();
// 端口号:34567
SSLSocket sslSocket = (SSLSocket) sslcntFactory.createSocket("127.0.0.1", 34567);
Certificate[] serverCerts = sslSocket.getSession().getPeerCertificates();
System.out.println("服务端身份信息:");
for (int i = 0; i < serverCerts.length; i++)
{
System.out.println(((X509Certificate)serverCerts[i]).getSubjectDN().getName());
}
String[] supported = sslSocket.getSupportedCipherSuites();
sslSocket.setEnabledCipherSuites(supported);
// 发送
OutputStream out = sslSocket.getOutputStream();
out.write("hello111111111111111111\r\n22".getBytes());
out.flush();
out.write("hello111111111111111112\r\n33".getBytes());
out.flush();
out.close();
sslSocket.close();
System.out.println("客户端发送完成:" + "hello");
先执行服务端main函数,后执行客户端main函数,完成服务端-客户端的国密SSL双向通信和身份认证
服务端运行结果:
授权有效期:2999-2-20 1:01:01
------ http://www.DoubleCA.com ---- 大宝CA ------
------- Watchdata & DoubleCA -------
启用的加密套件: [GMSSL_ECC_WITH_SM4_CBC_SM3, GMSSL_RSA_WITH_SM4_CBC_SM3, GMSSL_RSA_WITH_SM4_CBC_SHA]
端口已打开,准备接受信息
客户端身份信息:
C=CN,OU=测试,[email protected],CN=客户端国密SSL测试证书
C=CN,ST=BEIJING,O=www.DoubleCA.com,CN=DoubleCA.com TEST01 CA SM2
C=CN,ST=BEIJING,O=www.DoubleCA.com,CN=DoubleCA.com ROOT CA SM2
来自于客户端:
hello111111111111111111
22hello111111111111111112
33
客户端运行结果:
授权有效期:2999-2-20 1:01:01
------ http://www.DoubleCA.com ---- 大宝CA ------
------- Watchdata & DoubleCA -------
服务端身份信息:
C=CN,OU=测试,[email protected],CN=服务端国密SSL测试证书
C=CN,ST=BEIJING,O=www.DoubleCA.com,CN=DoubleCA.com TEST01 CA SM2
C=CN,ST=BEIJING,O=www.DoubleCA.com,CN=DoubleCA.com ROOT CA SM2
客户端发送完成:hello
DCKS国密SSL通信证书和密钥文件在 大宝CA 网站上免费申请
国密SSL的JAR包需要授权使用,generateLicRequest函数生成终端授权请求编码,获取到授权数据放在initLic函数中即可完成授权,申请授权数据的具体步骤:
1. 访问PP商业软件自主授权平台
2. 点击“应用方入口”
3. “软件1编号”填写:66-61F74672E9534ACEAF86EEFB8D8E75D0,免费授权码数量有限,获取请联系QQ:1337588982,将授权码写在“授权码”输入框内,“终端请求授权编码”框内复制generateLicRequest函数生成的终端授权请求编码
4. 提交授权请求后页面会生成授权数据,将授权数据复制到initLic函数中即可完成授权
最新版本大宝CA国密SSL的JAR包和示例代码下载地址:https://download.csdn.net/download/upset_ming/11751999
授权码保留好,如果授权数据丢失,可凭授权码在 PP商业软件自主授权平台 找回授权数据