在Android上实现SSL握手（客户端需要密钥和证书），实现服务器和客户端之间Socket交互

Android的私钥和信任证书的格式必须是BKS格式的，通过配置本地JDK，让keytool可以生成BKS格式的私钥和信任证书,java本身没有BouncyCastle密库

服务端：

 publicclassSSLServer{

 privatestaticfinalintSERVER_PORT=50030;
 privatestaticfinalStringSERVER_KEY_PASSWORD="123456";
 privatestaticfinalStringSERVER_AGREEMENT="TLS";//使用协议
 privatestaticfinalStringSERVER_KEY_MANAGER="SunX509";//密钥管理器
 privatestaticfinalStringSERVER_KEY_KEYSTORE="JKS";//密库，这里用的是Java自带密库
 privatestaticfinalStringSERVER_KEYSTORE_PATH="src/data/kserver.keystore";//密库路径
 privateSSLServerSocketserverSocket;

 publicstaticvoidmain(String[]args){
 SSLServerserver=newSSLServer();
 server.init();
 server.start();
 }

 //由于该程序不是演示Socket监听，所以简单采用单线程形式，并且仅仅接受客户端的消息，并且返回客户端指定消息
 publicvoidstart(){
 if(serverSocket==null){
 System.out.println("ERROR");
 return;
 }
 while(true){
 try{
 System.out.println("ServerSide......");
 Sockets=serverSocket.accept();
 InputStreaminput=s.getInputStream();
 OutputStreamoutput=s.getOutputStream();

 BufferedInputStreambis=newBufferedInputStream(input);
 BufferedOutputStreambos=newBufferedOutputStream(output);

 byte[]buffer=newbyte[20];
 bis.read(buffer);
 System.out.println(newString(buffer));

 bos.write("ThisisServer".getBytes());
 bos.flush();

 s.close();
 }catch(Exceptione){
 System.out.println(e);
 }
 }
 }

 publicvoidinit(){
 try{
 //取得SSLContext
 SSLContextctx=SSLContext.getInstance(SERVER_AGREEMENT);
 //取得SunX509私钥管理器
 KeyManagerFactorykmf=KeyManagerFactory.getInstance(SERVER_KEY_MANAGER);
 //取得JKS密库实例
 KeyStoreks=KeyStore.getInstance(SERVER_KEY_KEYSTORE);
 //加载服务端私钥
 ks.load(newFileInputStream(SERVER_KEYSTORE_PATH),SERVER_KEY_PASSWORD.toCharArray());
 //初始化
 kmf.init(ks,SERVER_KEY_PASSWORD.toCharArray());
 //初始化SSLContext
 ctx.init(kmf.getKeyManagers(),null,null);
 //通过SSLContext取得ServerSocketFactory，创建ServerSocket
 serverSocket=(SSLServerSocket)ctx.getServerSocketFactory().createServerSocket(SERVER_PORT);
 }catch(Exceptione){
 System.out.println(e);
 }
 }
 }

客户端：

 publicclassMySSLSocketextendsActivity{
 privatestaticfinalintSERVER_PORT=50030;//端口号
 privatestaticfinalStringSERVER_IP="www.178zhe.com";//连接IP
 privatestaticfinalStringCLIENT_KET_PASSWORD="123456";//私钥密码
 privatestaticfinalStringCLIENT_TRUST_PASSWORD="123456";//信任证书密码
 privatestaticfinalStringCLIENT_AGREEMENT="TLS";//使用协议
 privatestaticfinalStringCLIENT_KEY_MANAGER="X509";//密钥管理器
 privatestaticfinalStringCLIENT_TRUST_MANAGER="X509";//
 privatestaticfinalStringCLIENT_KEY_KEYSTORE="BKS";//密库，这里用的是BouncyCastle密库
 privatestaticfinalStringCLIENT_TRUST_KEYSTORE="BKS";//
 privatestaticfinalStringENCONDING="utf-8";//字符集
 privateSSLSocketClient_sslSocket;
 privateLogtag;
 privateTextViewtv;
 privateButtonbtn;
 privateButtonbtn2;
 privateButtonbtn3;
 privateEditTextet;

 /**Calledwhentheactivityisfirstcreated.*/
 @Override
 publicvoidonCreate(BundlesavedInstanceState){
 super.onCreate(savedInstanceState);
 setContentView(R.layout.main);
 tv=(TextView)findViewById(R.id.TextView01);
 et=(EditText)findViewById(R.id.EditText01);
 btn=(Button)findViewById(R.id.Button01);
 btn2=(Button)findViewById(R.id.Button02);
 btn3=(Button)findViewById(R.id.Button03);

 btn.setOnClickListener(newButton.OnClickListener(){
 @Override
 publicvoidonClick(Viewarg0){
 if(null!=Client_sslSocket){
 getOut(Client_sslSocket,et.getText().toString());
 getIn(Client_sslSocket);
 et.setText("");
 }
 }
 });
 btn2.setOnClickListener(newButton.OnClickListener(){
 @Override
 publicvoidonClick(Viewarg0){
 try{
 Client_sslSocket.close();
 Client_sslSocket=null;
 }catch(IOExceptione){
 e.printStackTrace();
 }
 }
 });
 btn3.setOnClickListener(newView.OnClickListener(){
 @Override
 publicvoidonClick(Viewarg0){
 init();
 getIn(Client_sslSocket);
 }
 });
 }

 publicvoidinit(){
 try{
 //取得SSL的SSLContext实例
 SSLContextsslContext=SSLContext.getInstance(CLIENT_AGREEMENT);
 //取得KeyManagerFactory和TrustManagerFactory的X509密钥管理器实例
 KeyManagerFactorykeyManager=KeyManagerFactory.getInstance(CLIENT_KEY_MANAGER);
 TrustManagerFactorytrustManager=TrustManagerFactory.getInstance(CLIENT_TRUST_MANAGER);
 //取得BKS密库实例
 KeyStorekks=KeyStore.getInstance(CLIENT_KEY_KEYSTORE);
 KeyStoretks=KeyStore.getInstance(CLIENT_TRUST_KEYSTORE);
 //加客户端载证书和私钥,通过读取资源文件的方式读取密钥和信任证书
 kks.load(getBaseContext()
 .getResources()
 .openRawResource(R.drawable.kclient),CLIENT_KET_PASSWORD.toCharArray());
 tks.load(getBaseContext()
 .getResources()
 .openRawResource(R.drawable.lt_client),CLIENT_TRUST_PASSWORD.toCharArray());
 //初始化密钥管理器
 keyManager.init(kks,CLIENT_KET_PASSWORD.toCharArray());
 trustManager.init(tks);
 //初始化SSLContext
 sslContext.init(keyManager.getKeyManagers(),trustManager.getTrustManagers(),null);
 //生成SSLSocket
 Client_sslSocket=(SSLSocket)sslContext.getSocketFactory().createSocket(SERVER_IP,SERVER_PORT);
 }catch(Exceptione){
 tag.e("MySSLSocket",e.getMessage());
 }
 }

 publicvoidgetOut(SSLSocketsocket,Stringmessage){
 PrintWriterout;
 try{
 out=newPrintWriter(
 newBufferedWriter(
 newOutputStreamWriter(
 socket.getOutputStream()
 )
 ),true);
 out.println(message);
 }catch(IOExceptione){
 e.printStackTrace();
 }
 }

 publicvoidgetIn(SSLSocketsocket){
 BufferedReaderin=null;
 Stringstr=null;
 try{
 in=newBufferedReader(
 newInputStreamReader(
 socket.getInputStream()));
 str=newString(in.readLine().getBytes(),ENCONDING);
 }catch(UnsupportedEncodingExceptione){
 e.printStackTrace();
 }catch(IOExceptione){
 e.printStackTrace();
 }
 newAlertDialog
 .Builder(MySSLSocket.this)
 .setTitle("服务器消息")
 .setNegativeButton("确定",null)
 .setIcon(android.R.drawable.ic_menu_agenda)
 .setMessage(str)
 .show();
 }
 }