Java ssl socket 双向认证
总体思路步骤是
1. 分别生成客户端何服务器端密钥库
keytool -genkey -keystore c:\client.jks -keyalg rsa -alias ssl1 -validity 700
keytool -genkey -keystore c:\serv.jks -keyalg rsa -alias ssl1 –validity 700
2. 客户端与服务器端各自导出证书
keytool -export -alias ssl1 -file c:\ssl1.cer -keystore c:\serv.jks
keytool -export -alias ssl1 -file c:\ssl2.cer -keystore c:\client.jks
3. 交换证书 导入到各自的密钥库
keytool -import -file c:\ssl1.cer -keystore c:\client.jks
keytool -import -file c:\ssl2.cer -keystore c:\serv.jks
当任意一端删除对方导入的证书 则连接不会成功,这里不再写出。
---------------------------------------server---------------------------------------------------------------------
public static void main(String[] args) throws Exception {
SSLContext ctx = SSLContext.getInstance("SSL");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore tks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("c:/serv.jks"),
"changeit".toCharArray());
tks.load(new FileInputStream("c:/serv.jks"),
"changeit".toCharArray());
kmf.init(ks, "changeit".toCharArray());
tmf.init(tks);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLServerSocket serverSocket = (SSLServerSocket) ctx.getServerSocketFactory().createServerSocket(26666);
serverSocket.setNeedClientAuth(true);
Socket ssls=serverSocket.accept();
// 以下代码同socket通讯实例中的代码
BufferedReader socketIn = new BufferedReader(new InputStreamReader(
ssls.getInputStream()));
BufferedReader userIn = new BufferedReader(new InputStreamReader(
System.in));
PrintStream socketOut = new PrintStream(ssls.getOutputStream());
String s;
while (true) {
System.out.println("Please wait client 's message..");
System.out.println("");
s = socketIn.readLine();
System.out.println("Client Message: " + s);
if (s.trim().equals("BYE"))
break;
System.out.print("Server Message: ");
s = userIn.readLine();
socketOut.println(s);
if (s.trim().equals("BYE"))
break;
}
socketIn.close();
socketOut.close();
userIn.close();
ssls.close();
}
---------------------------------------client----------------------------------------------------------------------
public static void main(String[] args) throws Exception {
SSLContext ctx = SSLContext.getInstance("SSL");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore tks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("c:/client.jks"), "changeit".toCharArray());
tks.load(new FileInputStream("c:/client.jks"),"changeit".toCharArray());
kmf.init(ks, "changeit".toCharArray());
tmf.init(tks);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLSocket csocket= (SSLSocket) ctx.getSocketFactory().createSocket("localhost", 26666);
System.out.println("Client OK~");
System.out.println("===============");
System.out.println("");
// 以下代码同socket通讯实例中的代码
BufferedReader socketIn = new BufferedReader(new InputStreamReader(
csocket.getInputStream()));// 接受到的信息
PrintStream socketOut = new PrintStream(csocket.getOutputStream());// 要发送的信息
BufferedReader userIn = new BufferedReader(new InputStreamReader(
System.in));// 用户输入信息
String s;
while (true) {
System.out.print("Client Message: ");
s = userIn.readLine();
socketOut.println(s);
if (s.trim().equals("BYE"))
break;
else {
System.out.println("Please wait Server Message..");
System.out.println("");
}
s = socketIn.readLine();
System.out.println("Server Message: " + s);
if (s.trim().equals("BYE"))
break;
}
socketIn.close();
socketOut.close();
userIn.close();
csocket.close();
}