java SSLSocket使用

1. 什么是Https,SSL, TLS

    Https全称是Hypertext Transfer Protocol over Secure Socket Layer即基于SSL(Secure Socket Layer)的Http协议,也就是http的安全版本。

    SSL(Secure Socket Layer)即安全套接层

    TLS(Transport Layer Security)即传输层安全协议

    Https协议在http协议与TCP协议增加一层安全层,所有请求和响应数据在经过网络传之前,都会先进行加密,然后进行传输,防止数据在网络传输过程被拦截。

 

2.什么是SSLSocket

    JDK文档指出,SSLSocket扩展Socket并提供使用SSL或TLS协议的安全套接字。
    这种套接字是正常的流套接字,但是它们在基础网络传输协议(如TCP)上添加了安全保护层。

 

3.生成服务端、客户端以及信任证书

参考http://szlxh002.iteye.com/blog/2277307

 

4.SSLSocket相关类


java SSLSocket使用_第1张图片
 (1)SSLContext: 此类的实例表示安全套接字协议的实现, 它是SSLSocketFactory、SSLServerSocketFactory和SSLEngine的工厂。
(2)SSLSocket: 扩展自Socket
(3)SSLServerSocket: 扩展自ServerSocket
(4)SSLSocketFactory: 抽象类,扩展自SocketFactory, SSLSocket的工厂
(5)SSLServerSocketFactory: 抽象类,扩展自ServerSocketFactory, SSLServerSocket的工厂
(6)KeyStore: 表示密钥和证书的存储设施
(7)KeyManager: 接口,JSSE密钥管理器
(8)TrustManager: 接口,信任管理器(?翻译得很拗口)
(9)X590TrustedManager: TrustManager的子接口,管理X509证书,验证远程安全套接字

 

5.Java例子

 

(1)SSLSocketClient

 

package com.ssl;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;

/**
 * Created by xiaohong on 2016/2/19.
 */
public class SSLSocketClient {
    private SSLSocket sslSocket;

    //初始化
    public void init() throws Exception {
        String host = "127.0.0.1";
        int port = 1234;
        //包含客户端的私钥和服务端信任的证书
        String keystorePath = "d:\\keystore\\client.p12";
        String trustKeystorePath = "d:\\keystore\\ca-trust.p12";
        String keystorePassword = "12345678";

        SSLContext sslContext = SSLContext.getInstance("SSL");
        //密钥库
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");

        //信任库

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509");

        KeyStore keyStroe = KeyStore.getInstance("pkcs12");

        KeyStore trustKeyStore = KeyStore.getInstance("jks");

        FileInputStream keystoreFis = new FileInputStream(keystorePath);
        keyStroe.load(keystoreFis, keystorePassword.toCharArray());

        FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath);
        trustKeyStore.load(trustKeystoreFis, keystorePassword.toCharArray());

        kmf.init(keyStroe,keystorePassword.toCharArray());

        tmf.init(trustKeyStore);

        //上下文初始化
        sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null);

        sslSocket = (SSLSocket)sslContext.getSocketFactory().createSocket(host,port);
    }

    //通信
    private void process() throws Exception{
        String hello = "Hello lai";
        OutputStream output = sslSocket.getOutputStream();
        output.write(hello.getBytes(),0,hello.getBytes().length);
        output.flush();

        byte[] inputBytes = new byte[20];
        InputStream input = sslSocket.getInputStream();
        input.read(inputBytes);
        System.out.println("From server:" + new String(inputBytes));
    }

    public static void main(String[] args) throws Exception{
        SSLSocketClient client = new SSLSocketClient();
        client.init();
        client.process();
    }
}

 

(2)SSLSocketServer

 

package com.ssl;

import javax.net.ssl.*;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyStore;

/**
 * Created by xiaohong on 2016/2/19.
 */
public class SSLSocketServer {
    private SSLServerSocket sslServerSocket;

    //初始化
    public void init() throws Exception {
        int port = 1234;
        //包含客户端的私钥和服务端信任的证书
        String keystorePath = "d:\\keystore\\server.p12";
        String trustKeystorePath = "d:\\keystore\\ca-trust.p12";
        String keystorePassword = "12345678";

        SSLContext sslContext = SSLContext.getInstance("SSL");
        //密钥库
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");

        //信任库

        TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509");

        KeyStore keyStroe = KeyStore.getInstance("pkcs12");

        KeyStore trustKeyStore = KeyStore.getInstance("jks");

        FileInputStream keystoreFis = new FileInputStream(keystorePath);
        keyStroe.load(keystoreFis, keystorePassword.toCharArray());

        FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath);
        trustKeyStore.load(trustKeystoreFis, keystorePassword.toCharArray());

        kmf.init(keyStroe,keystorePassword.toCharArray());

        tmf.init(trustKeyStore);

        //上下文初始化
        sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null);

        sslServerSocket = (SSLServerSocket)sslContext.getServerSocketFactory().createServerSocket(port);

        sslServerSocket.setNeedClientAuth(true);
    }

    //通信
    private void process() throws Exception{
        String bye = "bye bye";
        System.out.println("Listen....");
        Socket socket = sslServerSocket.accept();


        byte[] inputBytes = new byte[20];
        InputStream input = socket.getInputStream();
        input.read(inputBytes);
        System.out.println("From client:" + new String(inputBytes));

        OutputStream output = socket.getOutputStream();
        output.write(bye.getBytes(),0,bye.getBytes().length);
        output.flush();
    }

    public static void main(String[] args) throws Exception{
        SSLSocketServer server = new SSLSocketServer();
        server.init();
        server.process();
    }
}

 

 

 

你可能感兴趣的:(java SSLSocket使用)