-----------------------------------------------------server-------------------------------------------------
package com.test.http;
/*
*SSL Socket的服务器端
*@Author lixingang
*/
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
public class SSLServer {
public static void startSSLServer() throws IOException {
int port = 16666;// 监听端口
String keyFile = "c:\\test\\serverkey.jks";// 密钥库文件
String keyFilePass = "changeit";// 密钥库的密码
String keyPass = "changeit";// 密钥别名的密码
SSLServerSocket sslsocket = null;// 安全连接套接字
KeyStore ks;// 密钥库
KeyManagerFactory kmf;// 密钥管理工厂
SSLContext sslc = null;// 安全连接方式
// 初始化安全连接的密钥
try {
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keyFile), keyFilePass.toCharArray());
// 创建管理JKS密钥库的X.509密钥管理器
kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keyPass.toCharArray());
//构造SSL环境,指定SSL版本为3.0,也可以使用TLSv1,但是SSLv3更加常用
sslc = SSLContext.getInstance("SSLv3");
//初始化SSL环境。第二个参数是告诉JSSE使用的可信任证书的来源,
//设置为null是从javax.net.ssl.trustStore中获得证书。第三个参数是JSSE生成的随机数,
//这个参数将影响系统的安全性,设置为null是个好选择,可以保证JSSE的安全性。
sslc.init(kmf.getKeyManagers(), null, null);
} catch (KeyManagementException ex) {
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// 用安全连接的工厂来创建安全连接套接字
SSLServerSocketFactory sslssf = sslc.getServerSocketFactory();
sslsocket = (SSLServerSocket) sslssf.createServerSocket();// 创建并进入监听
SocketAddress sa=new InetSocketAddress("localhost",port);
sslsocket.bind(sa);
System.out.println("Listening...");
SSLSocket ssocket = (SSLSocket) sslsocket.accept();// 接受客户端的连接
System.out.println("Server Connection OK~");
System.out.println("========================");
System.out.println("");
// 以下代码同socket通讯实例中的代码
BufferedReader socketIn = new BufferedReader(new InputStreamReader(
ssocket.getInputStream()));
BufferedReader userIn = new BufferedReader(new InputStreamReader(
System.in));
PrintStream socketOut = new PrintStream(ssocket.getOutputStream());
String s;
while (true) {
System.out.println("Please wait client 's message..");
System.out.println("");
s = socketIn.readLine();
System.out.println("Client Message: " + s);
if (s.trim().equals("BYE"))
break;
System.out.print("Server Message: ");
s = userIn.readLine();
socketOut.println(s);
if (s.trim().equals("BYE"))
break;
}
socketIn.close();
socketOut.close();
userIn.close();
sslsocket.close();
}
public static void main(String[] args) {
try {
startSSLServer();
} catch (Exception e) {
System.out.println("Error: " + e);
}
}
}
-----------------------------------------------------client--------------------------------------------------
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.net.Socket;
import javax.net.ssl.SSLSocketFactory;
public class SSLClient {
static int port = 16666;
public static void startSSLClient() throws IOException {
int port = 16666;// 要连接的服务器端口
String serverAdd = "localhost";// 要连接的服务器地址192.168.1.39
try {
System.setProperty("javax.net.ssl.trustStore", "c:\\test\\serverkey.jks");// 设置可信任的密钥仓库
System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); // 设置可信任的密钥仓库的密码
SSLSocketFactory sslsf = (SSLSocketFactory) SSLSocketFactory
.getDefault();// 利用工厂来创建SSLSocket安全套接字
Socket csocket = sslsf.createSocket(serverAdd, port);// 创建并连接服务器
System.out.println("Client OK~");
System.out.println("===============");
System.out.println("");
// 以下代码同socket通讯实例中的代码
BufferedReader socketIn = new BufferedReader(new InputStreamReader(
csocket.getInputStream()));// 接受到的信息
PrintStream socketOut = new PrintStream(csocket.getOutputStream());// 要发送的信息
BufferedReader userIn = new BufferedReader(new InputStreamReader(
System.in));// 用户输入信息
String s;
while (true) {
System.out.print("Client Message: ");
s = userIn.readLine();
socketOut.println(s);
if (s.trim().equals("BYE"))
break;
else {
System.out.println("Please wait Server Message..");
System.out.println("");
}
s = socketIn.readLine();
System.out.println("Server Message: " + s);
if (s.trim().equals("BYE"))
break;
}
socketIn.close();
socketOut.close();
userIn.close();
csocket.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
try {
startSSLClient();
} catch (Exception e) {
System.out.println("Error: " + e);
}
}
}