java实现SSL双向认证

这里的代码主要是和mqtt一起连用,使用的证书是mqttserver.crt、client-cert.crt、client-key-pkc8.pem

public static final String CA_PATH = "mqttserver.crt"; 
public static final String CRT_PATH = "client-cert.crt";
public static final String KEY_PATH = "client-key-pkcs8.pem";

public SSLSocketFactory getSSLSocktetBidirectional() throws Exception {
	// CA certificate is used to authenticate server
	CertificateFactory cAf = CertificateFactory.getInstance("X.509");
	FileInputStream caIn = new FileInputStream(CA_PATH);
	X509Certificate ca = (X509Certificate) cAf.generateCertificate(caIn);
	KeyStore caKs = KeyStore.getInstance("JKS");
	caKs.load(null, null);
	caKs.setCertificateEntry("ca-certificate", ca);
	TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
	tmf.init(caKs);

	// client key and certificates are sent to server so it can authenticate us
	CertificateFactory cf = CertificateFactory.getInstance("X.509");
	FileInputStream crtIn = new FileInputStream(CRT_PATH);
	X509Certificate caCert = (X509Certificate) cf.generateCertificate(crtIn);
	crtIn.close();
		
	KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
	ks.load(null, null);
	ks.setCertificateEntry("certificate", caCert);
	ks.setKeyEntry("private-key", getPrivateKey( KEY_PATH), PASSWORD.toCharArray(), new java.security.cert.Certificate[] { caCert });
	KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
	kmf.init(ks, PASSWORD.toCharArray());

	// finally, create SSL socket factory
	SSLContext context = SSLContext.getInstance("TLSv1");
	context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());

	return context.getSocketFactory();
}
private PrivateKey getPrivateKey(String path) throws Exception {
	//byte[] buffer = Base64.getDecoder().decode(getPem(path));
	Base64 base64 = new Base64();
	byte[] buffer = base64.decode(getPem(path));

	PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
	KeyFactory keyFactory = KeyFactory.getInstance("RSA");
	return keyFactory.generatePrivate(keySpec);

}

private String getPem(String path) throws Exception {
	FileInputStream fin = new FileInputStream(path);
	BufferedReader br = new BufferedReader(new InputStreamReader(fin));
	String readLine = null;
	StringBuilder sb = new StringBuilder();
	while ((readLine = br.readLine()) != null) {
		if (readLine.charAt(0) == '-') {
			continue;
		} else {
			sb.append(readLine);
			sb.append('\r');
		}
	}
	fin.close();
	return sb.toString();
}

mqtt使用SSL认证代码:

public void mqttTest(){
        MqttConnectOptions conOpt = new MqttConnectOptions();
        //网址:https://www.ibm.com/support/knowledgecenter/SSFKSJ_7.5.0/com.ibm.mq.javadoc.doc/WMQMQxrClasses/org/eclipse/paho/client/mqttv3/MqttConnectOptions.html
        //是否自动重新连接
        conOpt.setAutomaticReconnect(false);
        //设置服务器是否应该在重新连接时记住客户端的状态。
        conOpt.setCleanSession(this.cleanSession);
        if (password != null) {
            //设置用于连接的账户
            conOpt.setPassword(this.password.toCharArray());
        }
        if (userName != null) {
            //设置用于连接的密码
            conOpt.setUserName(this.userName);
        }
        //设置保持活跃间隔(心跳时间,单位秒)
        conOpt.setKeepAliveInterval(60);
        //设置超时时间
        conOpt.setConnectionTimeout(30);
        //设置要使用的socketFactory;这允许应用程序围绕创建网路套接字应用自己的策略,如果使用SSL连接,则可以使用SSLSocketFactory提供特定于应用程序的安全策略。
        conOpt.setSocketFactory(getSSLSocket());
        
    }

接口MqttCallback解析网址:http://www.eclipse.org/paho/files/javadoc/org/eclipse/paho/client/mqttv3/MqttCallback.html

你可能感兴趣的:(java)