java实现 SSL双向认证
关键字: ssl 实现技术:
JSSE(Java Security Socket Extension)
是Sun为了解决在Internet上的实现安全信息传输的解决方案。它实现了SSL和TSL(传输层安全)协议。在JSSE中包含了数据加密,服务器验证,消息完整性和客户端验证等技术。通过使用JSSE,可以在Client和Server之间通过TCP/IP协议安全地传输数据。
为了实现消息认证。
Server需要:
1)KeyStore: 其中保存服务端的私钥
2)Trust KeyStore:其中保存客户端的授权证书
Client需要:
1)KeyStore:其中保存客户端的私钥
2)Trust KeyStore:其中保存服务端的授权证书
使用Java自带的keytool命令,去生成这样信息文件:
1)生成服务端私钥,并且导入到服务端KeyStore文件中
2)根据私钥,导出服务端证书
3)将服务端证书,导入到客户端的Trust KeyStore中
采用同样的方法,生成客户端的私钥,客户端的证书,并且导入到服务端的Trust KeyStore中
1)keytool -genkey -alias clientkey -keystore kclient.keystore
2)keytool -export -alias clientkey -keystore kclient.keystore -file client.crt
3)keytool -import -alias clientkey -file client.crt -keystore tserver.keystore
Server:
Java代码
1.package ssl;
2.
3.
4.import java.io.BufferedInputStream;
5.import java.io.BufferedOutputStream;
6.import java.io.FileInputStream;
7.import java.io.InputStream;
8.import java.io.OutputStream;
9.import java.net.Socket;
10.import java.security.KeyStore;
11.
12.import javax.net.ssl.KeyManagerFactory;
13.import javax.net.ssl.SSLContext;
14.import javax.net.ssl.SSLServerSocket;
15.import javax.net.ssl.TrustManagerFactory;
16.
17./**
18. *
19. * @author Leo
20. */
21.public class Server implements Runnable{
22.
23. private static final int DEFAULT_PORT = 7777;
24.
25. private static final String SERVER_KEY_STORE_PASSWORD = "123456";
26. private static final String SERVER_TRUST_KEY_STORE_PASSWORD = "123456";
27.
28. private SSLServerSocket serverSocket;
29.
30. /**
31. * 启动程序
32. *
33. * @param args
34. */
35. public static void main(String[] args) {
36. Server server = new Server();
37. server.init();
38. Thread thread = new Thread(server);
39. thread.start();
40. }
41.
42. public synchronized void start() {
43. if (serverSocket == null) {
44. System.out.println("ERROR");
45. return;
46. }
47. while (true) {
48. try {
49. Socket s = serverSocket.accept();
50. InputStream input = s.getInputStream();
51. OutputStream output = s.getOutputStream();
52.
53. BufferedInputStream bis = new BufferedInputStream(input);
54. BufferedOutputStream bos = new BufferedOutputStream(output);
55.
56. byte[] buffer = new byte[20];
57. bis.read(buffer);
58. System.out.println("------receive:--------"+new String(buffer).toString());
59.
60. bos.write("yes".getBytes());
61. bos.flush();
62.
63. s.close();
64. } catch (Exception e) {
65. System.out.println(e);
66. }
67. }
68. }
69. public void init() {
70. try {
71. SSLContext ctx = SSLContext.getInstance("SSL");
72.
73. KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
74. TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
75.
76. KeyStore ks = KeyStore.getInstance("JKS");
77. KeyStore tks = KeyStore.getInstance("JKS");
78.
79. ks.load(new FileInputStream("src/ssl/kserver.keystore"), SERVER_KEY_STORE_PASSWORD.toCharArray());
80. tks.load(new FileInputStream("src/ssl/tserver.keystore"), SERVER_TRUST_KEY_STORE_PASSWORD.toCharArray());
81.
82. kmf.init(ks, SERVER_KEY_STORE_PASSWORD.toCharArray());
83. tmf.init(tks);
84.
85. ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
86.
87. serverSocket = (SSLServerSocket) ctx.getServerSocketFactory().createServerSocket(DEFAULT_PORT);
88. serverSocket.setNeedClientAuth(true);
89. } catch (Exception e) {
90. System.out.println(e);
91. }
92. }
93.
94. public void run() {
95. // TODO Auto-generated method stub
96. start();
97. }
98.}
package ssl;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManagerFactory;
/**
*
* @author Leo
*/
public class Server implements Runnable{
private static final int DEFAULT_PORT = 7777;
private static final String SERVER_KEY_STORE_PASSWORD = "123456";
private static final String SERVER_TRUST_KEY_STORE_PASSWORD = "123456";
private SSLServerSocket serverSocket;
/**
* 启动程序
*
* @param args
*/
public static void main(String[] args) {
Server server = new Server();
server.init();
Thread thread = new Thread(server);
thread.start();
}
public synchronized void start() {
if (serverSocket == null) {
System.out.println("ERROR");
return;
}
while (true) {
try {
Socket s = serverSocket.accept();
InputStream input = s.getInputStream();
OutputStream output = s.getOutputStream();
BufferedInputStream bis = new BufferedInputStream(input);
BufferedOutputStream bos = new BufferedOutputStream(output);
byte[] buffer = new byte[20];
bis.read(buffer);
System.out.println("------receive:--------"+new String(buffer).toString());
bos.write("yes".getBytes());
bos.flush();
s.close();
} catch (Exception e) {
System.out.println(e);
}
}
}
public void init() {
try {
SSLContext ctx = SSLContext.getInstance("SSL");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore tks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("src/ssl/kserver.keystore"), SERVER_KEY_STORE_PASSWORD.toCharArray());
tks.load(new FileInputStream("src/ssl/tserver.keystore"), SERVER_TRUST_KEY_STORE_PASSWORD.toCharArray());
kmf.init(ks, SERVER_KEY_STORE_PASSWORD.toCharArray());
tmf.init(tks);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
serverSocket = (SSLServerSocket) ctx.getServerSocketFactory().createServerSocket(DEFAULT_PORT);
serverSocket.setNeedClientAuth(true);
} catch (Exception e) {
System.out.println(e);
}
}
public void run() {
// TODO Auto-generated method stub
start();
}
}
Client:
Java代码
1.package ssl;
2.
3.import java.io.BufferedInputStream;
4.import java.io.BufferedOutputStream;
5.import java.io.FileInputStream;
6.import java.io.IOException;
7.import java.io.InputStream;
8.import java.io.OutputStream;
9.import java.security.KeyStore;
10.
11.import javax.net.ssl.KeyManagerFactory;
12.import javax.net.ssl.SSLContext;
13.import javax.net.ssl.SSLSocket;
14.import javax.net.ssl.TrustManagerFactory;
15.
16./**
17. * SSL Client
18. *
19. * @author Leo
20. */
21.public class Client {
22.
23. private static final String DEFAULT_HOST = "127.0.0.1";
24. private static final int DEFAULT_PORT = 7777;
25.
26. private static final String CLIENT_KEY_STORE_PASSWORD = "123456";
27. private static final String CLIENT_TRUST_KEY_STORE_PASSWORD = "123456";
28.
29. private SSLSocket sslSocket;
30.
31. /**
32. * 启动客户端程序
33. *
34. * @param args
35. */
36. public static void main(String[] args) {
37. Client client = new Client();
38. client.init();
39. client.process();
40. }
41.
42.
43. public void process() {
44. if (sslSocket == null) {
45. System.out.println("ERROR");
46. return;
47. }
48. try {
49. InputStream input = sslSocket.getInputStream();
50. OutputStream output = sslSocket.getOutputStream();
51.
52. BufferedInputStream bis = new BufferedInputStream(input);
53. BufferedOutputStream bos = new BufferedOutputStream(output);
54.
55. bos.write("1234567890".getBytes());
56. bos.flush();
57.
58. byte[] buffer = new byte[20];
59. bis.read(buffer);
60. System.out.println(new String(buffer));
61.
62. sslSocket.close();
63. } catch (IOException e) {
64. System.out.println(e);
65. }
66. }
67.
68.
69. public void init() {
70. try {
71. SSLContext ctx = SSLContext.getInstance("SSL");
72.
73. KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
74. TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
75.
76. KeyStore ks = KeyStore.getInstance("JKS");
77. KeyStore tks = KeyStore.getInstance("JKS");
78.
79. ks.load(new FileInputStream("src/ssl/kclient.keystore"), CLIENT_KEY_STORE_PASSWORD.toCharArray());
80. tks.load(new FileInputStream("src/ssl/tclient.keystore"), CLIENT_TRUST_KEY_STORE_PASSWORD.toCharArray());
81.
82. kmf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray());
83. tmf.init(tks);
84.
85. ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
86.
87. sslSocket = (SSLSocket) ctx.getSocketFactory().createSocket(DEFAULT_HOST, DEFAULT_PORT);
88. } catch (Exception e) {
89. System.out.println(e);
90. }
91. }
92.
93.}
package ssl;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
/**
* SSL Client
*
* @author Leo
*/
public class Client {
private static final String DEFAULT_HOST = "127.0.0.1";
private static final int DEFAULT_PORT = 7777;
private static final String CLIENT_KEY_STORE_PASSWORD = "123456";
private static final String CLIENT_TRUST_KEY_STORE_PASSWORD = "123456";
private SSLSocket sslSocket;
/**
* 启动客户端程序
*
* @param args
*/
public static void main(String[] args) {
Client client = new Client();
client.init();
client.process();
}
public void process() {
if (sslSocket == null) {
System.out.println("ERROR");
return;
}
try {
InputStream input = sslSocket.getInputStream();
OutputStream output = sslSocket.getOutputStream();
BufferedInputStream bis = new BufferedInputStream(input);
BufferedOutputStream bos = new BufferedOutputStream(output);
bos.write("1234567890".getBytes());
bos.flush();
byte[] buffer = new byte[20];
bis.read(buffer);
System.out.println(new String(buffer));
sslSocket.close();
} catch (IOException e) {
System.out.println(e);
}
}
public void init() {
try {
SSLContext ctx = SSLContext.getInstance("SSL");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore tks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("src/ssl/kclient.keystore"), CLIENT_KEY_STORE_PASSWORD.toCharArray());
tks.load(new FileInputStream("src/ssl/tclient.keystore"), CLIENT_TRUST_KEY_STORE_PASSWORD.toCharArray());
kmf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray());
tmf.init(tks);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
sslSocket = (SSLSocket) ctx.getSocketFactory().createSocket(DEFAULT_HOST, DEFAULT_PORT);
} catch (Exception e) {
System.out.println(e);
}
}
}
启动Server
启动Client,发送信息。
Server接收如下:正确解密
返回Client信息,如下:
如此,就完成了服务端和客户端之间的基于身份认证的交互。
client采用kclient.keystore中的clientkey私钥进行数据加密,发送给server。
server采用tserver.keystore中的client.crt证书(包含了clientkey的公钥)对数据解密,如果解密成功,证明消息来自client,进行逻辑处理。
server采用kserver.keystore中的serverkey私钥进行数据加密,发送给client。
client采用tclient.keystore中的server.crt证书(包含了serverkey的公钥)对数据解密,如果解密成功,证明消息来自server,进行逻辑处理。
如果过程中,解密失败,那么证明消息来源错误。不进行逻辑处理。这样就完成了双向的身份认证。
JSSE(Java Security Socket Extension)
是Sun为了解决在Internet上的实现安全信息传输的解决方案。它实现了SSL和TSL(传输层安全)协议。在JSSE中包含了数据加密,服务器验证,消息完整性和客户端验证等技术。通过使用JSSE,可以在Client和Server之间通过TCP/IP协议安全地传输数据。
为了实现消息认证。
Server需要:
1)KeyStore: 其中保存服务端的私钥
2)Trust KeyStore:其中保存客户端的授权证书
Client需要:
1)KeyStore:其中保存客户端的私钥
2)Trust KeyStore:其中保存服务端的授权证书
使用Java自带的keytool命令,去生成这样信息文件:
1)生成服务端私钥,并且导入到服务端KeyStore文件中
2)根据私钥,导出服务端证书
3)将服务端证书,导入到客户端的Trust KeyStore中
采用同样的方法,生成客户端的私钥,客户端的证书,并且导入到服务端的Trust KeyStore中
1)keytool -genkey -alias clientkey -keystore kclient.keystore
2)keytool -export -alias clientkey -keystore kclient.keystore -file client.crt
3)keytool -import -alias clientkey -file client.crt -keystore tserver.keystore
Server:
Java代码
1.package ssl;
2.
3.
4.import java.io.BufferedInputStream;
5.import java.io.BufferedOutputStream;
6.import java.io.FileInputStream;
7.import java.io.InputStream;
8.import java.io.OutputStream;
9.import java.net.Socket;
10.import java.security.KeyStore;
11.
12.import javax.net.ssl.KeyManagerFactory;
13.import javax.net.ssl.SSLContext;
14.import javax.net.ssl.SSLServerSocket;
15.import javax.net.ssl.TrustManagerFactory;
16.
17./**
18. *
19. * @author Leo
20. */
21.public class Server implements Runnable{
22.
23. private static final int DEFAULT_PORT = 7777;
24.
25. private static final String SERVER_KEY_STORE_PASSWORD = "123456";
26. private static final String SERVER_TRUST_KEY_STORE_PASSWORD = "123456";
27.
28. private SSLServerSocket serverSocket;
29.
30. /**
31. * 启动程序
32. *
33. * @param args
34. */
35. public static void main(String[] args) {
36. Server server = new Server();
37. server.init();
38. Thread thread = new Thread(server);
39. thread.start();
40. }
41.
42. public synchronized void start() {
43. if (serverSocket == null) {
44. System.out.println("ERROR");
45. return;
46. }
47. while (true) {
48. try {
49. Socket s = serverSocket.accept();
50. InputStream input = s.getInputStream();
51. OutputStream output = s.getOutputStream();
52.
53. BufferedInputStream bis = new BufferedInputStream(input);
54. BufferedOutputStream bos = new BufferedOutputStream(output);
55.
56. byte[] buffer = new byte[20];
57. bis.read(buffer);
58. System.out.println("------receive:--------"+new String(buffer).toString());
59.
60. bos.write("yes".getBytes());
61. bos.flush();
62.
63. s.close();
64. } catch (Exception e) {
65. System.out.println(e);
66. }
67. }
68. }
69. public void init() {
70. try {
71. SSLContext ctx = SSLContext.getInstance("SSL");
72.
73. KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
74. TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
75.
76. KeyStore ks = KeyStore.getInstance("JKS");
77. KeyStore tks = KeyStore.getInstance("JKS");
78.
79. ks.load(new FileInputStream("src/ssl/kserver.keystore"), SERVER_KEY_STORE_PASSWORD.toCharArray());
80. tks.load(new FileInputStream("src/ssl/tserver.keystore"), SERVER_TRUST_KEY_STORE_PASSWORD.toCharArray());
81.
82. kmf.init(ks, SERVER_KEY_STORE_PASSWORD.toCharArray());
83. tmf.init(tks);
84.
85. ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
86.
87. serverSocket = (SSLServerSocket) ctx.getServerSocketFactory().createServerSocket(DEFAULT_PORT);
88. serverSocket.setNeedClientAuth(true);
89. } catch (Exception e) {
90. System.out.println(e);
91. }
92. }
93.
94. public void run() {
95. // TODO Auto-generated method stub
96. start();
97. }
98.}
package ssl;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManagerFactory;
/**
*
* @author Leo
*/
public class Server implements Runnable{
private static final int DEFAULT_PORT = 7777;
private static final String SERVER_KEY_STORE_PASSWORD = "123456";
private static final String SERVER_TRUST_KEY_STORE_PASSWORD = "123456";
private SSLServerSocket serverSocket;
/**
* 启动程序
*
* @param args
*/
public static void main(String[] args) {
Server server = new Server();
server.init();
Thread thread = new Thread(server);
thread.start();
}
public synchronized void start() {
if (serverSocket == null) {
System.out.println("ERROR");
return;
}
while (true) {
try {
Socket s = serverSocket.accept();
InputStream input = s.getInputStream();
OutputStream output = s.getOutputStream();
BufferedInputStream bis = new BufferedInputStream(input);
BufferedOutputStream bos = new BufferedOutputStream(output);
byte[] buffer = new byte[20];
bis.read(buffer);
System.out.println("------receive:--------"+new String(buffer).toString());
bos.write("yes".getBytes());
bos.flush();
s.close();
} catch (Exception e) {
System.out.println(e);
}
}
}
public void init() {
try {
SSLContext ctx = SSLContext.getInstance("SSL");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore tks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("src/ssl/kserver.keystore"), SERVER_KEY_STORE_PASSWORD.toCharArray());
tks.load(new FileInputStream("src/ssl/tserver.keystore"), SERVER_TRUST_KEY_STORE_PASSWORD.toCharArray());
kmf.init(ks, SERVER_KEY_STORE_PASSWORD.toCharArray());
tmf.init(tks);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
serverSocket = (SSLServerSocket) ctx.getServerSocketFactory().createServerSocket(DEFAULT_PORT);
serverSocket.setNeedClientAuth(true);
} catch (Exception e) {
System.out.println(e);
}
}
public void run() {
// TODO Auto-generated method stub
start();
}
}
Client:
Java代码
1.package ssl;
2.
3.import java.io.BufferedInputStream;
4.import java.io.BufferedOutputStream;
5.import java.io.FileInputStream;
6.import java.io.IOException;
7.import java.io.InputStream;
8.import java.io.OutputStream;
9.import java.security.KeyStore;
10.
11.import javax.net.ssl.KeyManagerFactory;
12.import javax.net.ssl.SSLContext;
13.import javax.net.ssl.SSLSocket;
14.import javax.net.ssl.TrustManagerFactory;
15.
16./**
17. * SSL Client
18. *
19. * @author Leo
20. */
21.public class Client {
22.
23. private static final String DEFAULT_HOST = "127.0.0.1";
24. private static final int DEFAULT_PORT = 7777;
25.
26. private static final String CLIENT_KEY_STORE_PASSWORD = "123456";
27. private static final String CLIENT_TRUST_KEY_STORE_PASSWORD = "123456";
28.
29. private SSLSocket sslSocket;
30.
31. /**
32. * 启动客户端程序
33. *
34. * @param args
35. */
36. public static void main(String[] args) {
37. Client client = new Client();
38. client.init();
39. client.process();
40. }
41.
42.
43. public void process() {
44. if (sslSocket == null) {
45. System.out.println("ERROR");
46. return;
47. }
48. try {
49. InputStream input = sslSocket.getInputStream();
50. OutputStream output = sslSocket.getOutputStream();
51.
52. BufferedInputStream bis = new BufferedInputStream(input);
53. BufferedOutputStream bos = new BufferedOutputStream(output);
54.
55. bos.write("1234567890".getBytes());
56. bos.flush();
57.
58. byte[] buffer = new byte[20];
59. bis.read(buffer);
60. System.out.println(new String(buffer));
61.
62. sslSocket.close();
63. } catch (IOException e) {
64. System.out.println(e);
65. }
66. }
67.
68.
69. public void init() {
70. try {
71. SSLContext ctx = SSLContext.getInstance("SSL");
72.
73. KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
74. TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
75.
76. KeyStore ks = KeyStore.getInstance("JKS");
77. KeyStore tks = KeyStore.getInstance("JKS");
78.
79. ks.load(new FileInputStream("src/ssl/kclient.keystore"), CLIENT_KEY_STORE_PASSWORD.toCharArray());
80. tks.load(new FileInputStream("src/ssl/tclient.keystore"), CLIENT_TRUST_KEY_STORE_PASSWORD.toCharArray());
81.
82. kmf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray());
83. tmf.init(tks);
84.
85. ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
86.
87. sslSocket = (SSLSocket) ctx.getSocketFactory().createSocket(DEFAULT_HOST, DEFAULT_PORT);
88. } catch (Exception e) {
89. System.out.println(e);
90. }
91. }
92.
93.}
package ssl;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
/**
* SSL Client
*
* @author Leo
*/
public class Client {
private static final String DEFAULT_HOST = "127.0.0.1";
private static final int DEFAULT_PORT = 7777;
private static final String CLIENT_KEY_STORE_PASSWORD = "123456";
private static final String CLIENT_TRUST_KEY_STORE_PASSWORD = "123456";
private SSLSocket sslSocket;
/**
* 启动客户端程序
*
* @param args
*/
public static void main(String[] args) {
Client client = new Client();
client.init();
client.process();
}
public void process() {
if (sslSocket == null) {
System.out.println("ERROR");
return;
}
try {
InputStream input = sslSocket.getInputStream();
OutputStream output = sslSocket.getOutputStream();
BufferedInputStream bis = new BufferedInputStream(input);
BufferedOutputStream bos = new BufferedOutputStream(output);
bos.write("1234567890".getBytes());
bos.flush();
byte[] buffer = new byte[20];
bis.read(buffer);
System.out.println(new String(buffer));
sslSocket.close();
} catch (IOException e) {
System.out.println(e);
}
}
public void init() {
try {
SSLContext ctx = SSLContext.getInstance("SSL");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore tks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("src/ssl/kclient.keystore"), CLIENT_KEY_STORE_PASSWORD.toCharArray());
tks.load(new FileInputStream("src/ssl/tclient.keystore"), CLIENT_TRUST_KEY_STORE_PASSWORD.toCharArray());
kmf.init(ks, CLIENT_KEY_STORE_PASSWORD.toCharArray());
tmf.init(tks);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
sslSocket = (SSLSocket) ctx.getSocketFactory().createSocket(DEFAULT_HOST, DEFAULT_PORT);
} catch (Exception e) {
System.out.println(e);
}
}
}
启动Server
启动Client,发送信息。
Server接收如下:正确解密
返回Client信息,如下:
如此,就完成了服务端和客户端之间的基于身份认证的交互。
client采用kclient.keystore中的clientkey私钥进行数据加密,发送给server。
server采用tserver.keystore中的client.crt证书(包含了clientkey的公钥)对数据解密,如果解密成功,证明消息来自client,进行逻辑处理。
server采用kserver.keystore中的serverkey私钥进行数据加密,发送给client。
client采用tclient.keystore中的server.crt证书(包含了serverkey的公钥)对数据解密,如果解密成功,证明消息来自server,进行逻辑处理。
如果过程中,解密失败,那么证明消息来源错误。不进行逻辑处理。这样就完成了双向的身份认证。