前一篇介绍了SSL/TLS双向认证的代码实例。
也可以选择使用单向认证,这种情况下client侧不需要提供证书。所以,
server侧只需要自己的keystore文件,不需要truststore文件
client侧不需要自己的keystore文件,只需要truststore文件(其中包含server的公钥)。
此外server侧需要在创建SSLServerSocket之后设定不需要客户端证书:setNeedClientAuth(false)
server代码
package learning.net.ssl; import java.io.BufferedReader; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStreamReader; import java.io.PrintWriter; import java.net.Socket; import java.security.KeyStore; import java.security.cert.X509Certificate; import javax.net.ssl.HandshakeCompletedEvent; import javax.net.ssl.HandshakeCompletedListener; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; import javax.net.ssl.SSLSocket; public class CatServerNoClientAuth implements Runnable, HandshakeCompletedListener { public static final int SERVER_PORT = 11123; private final Socket _s; public CatServerNoClientAuth(Socket s) { _s = s; } public static void main(String[] args) throws Exception { String serverKeyStoreFile = "c:\\_tmp\\catserver.keystore"; String serverKeyStorePwd = "catserverks"; String catServerKeyPwd = "catserver"; KeyStore serverKeyStore = KeyStore.getInstance("JKS"); serverKeyStore.load(new FileInputStream(serverKeyStoreFile), serverKeyStorePwd.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(serverKeyStore, catServerKeyPwd.toCharArray()); SSLContext sslContext = SSLContext.getInstance("TLSv1"); sslContext.init(kmf.getKeyManagers(), null, null); SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(SERVER_PORT); sslServerSocket.setNeedClientAuth(false); while (true) { SSLSocket s = (SSLSocket)sslServerSocket.accept(); CatServerNoClientAuth cs = new CatServerNoClientAuth(s); s.addHandshakeCompletedListener(cs); new Thread(cs).start(); } } @Override public void run() { try { BufferedReader reader = new BufferedReader(new InputStreamReader(_s.getInputStream())); PrintWriter writer = new PrintWriter(_s.getOutputStream(), true); writer.println("Welcome~, enter exit to leave."); String s; while ((s = reader.readLine()) != null && !s.trim().equalsIgnoreCase("exit")) { writer.println("Echo: " + s); } writer.println("Bye~"); } catch (Exception e) { e.printStackTrace(); } finally { try { _s.close(); } catch (IOException e) { e.printStackTrace(); } } } @Override public void handshakeCompleted(HandshakeCompletedEvent event) { try { X509Certificate cert = (X509Certificate) event.getPeerCertificates()[0]; } catch (SSLPeerUnverifiedException ex) { System.out.println("handshakeCompleted, SSLPeerUnverified."); } } }
client代码
package learning.net.ssl; import java.io.BufferedReader; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStreamReader; import java.io.PrintWriter; import java.net.Socket; import java.security.KeyStore; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; public class FoxClientNoClientAuth { public static void main(String[] args) throws Exception { String clientTrustKeyStoreFile = "c:\\_tmp\\foxclienttrust.keystore"; String clientTrustKeyStorePwd = "foxclienttrustks"; KeyStore clientTrustKeyStore = KeyStore.getInstance("JKS"); clientTrustKeyStore.load(new FileInputStream(clientTrustKeyStoreFile), clientTrustKeyStorePwd.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(clientTrustKeyStore); SSLContext sslContext = SSLContext.getInstance("TLSv1"); sslContext.init(null, tmf.getTrustManagers(), null); SSLSocketFactory socketFactory = sslContext.getSocketFactory(); Socket socket = socketFactory.createSocket("localhost", CatServer.SERVER_PORT); PrintWriter out = new PrintWriter(socket.getOutputStream(), true); BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream())); send("hello", out); send("exit", out); receive(in); socket.close(); } public static void send(String s, PrintWriter out) throws IOException { System.out.println("Sending: " + s); out.println(s); } public static void receive(BufferedReader in) throws IOException { String s; while ((s = in.readLine()) != null) { System.out.println("Reveived: " + s); } } }