java實現(xiàn)SSL雙向認證

1、實現(xiàn)技術(shù)：JSSE（JavaSecuritySocketExtension）是Sun為了解決在Internet上的實現(xiàn)安全信息傳輸?shù)慕鉀Q方案。它實現(xiàn)了SSL和TSL（傳輸層安全）協(xié)議。在JSSE中包含了數(shù)據(jù)加密，服務(wù)器驗證，消息完整性和客戶端驗證等技術(shù)。通過使用JSSE,可以在Client和Server之間通過TCP/IP協(xié)議安全地傳輸數(shù)據(jù)。為了實現(xiàn)消息認證。Server需要：1）KeyStore:其中保存服務(wù)端的私鑰2）TrustKeyStore:其中保存客戶端的授權(quán)證書Client需要：1）KeyStore:其中保存客戶端的私鑰2）TrustKeyStore:其中保存服務(wù)端的授權(quán)證書使用J

2、ava自帶的keytool命令，去生成這樣信息文件：1）生成服務(wù)端私鑰，并且導入到服務(wù)端KeyStore文件中C:SPiogranFilesJauajdkl.6-0_03binkeytool-genkey-aliasserueikey-keystoikseiuei.keystoret入kEyutoFE密碼:次輸入新密碼：您的曇字耳姓氏是什公？Unknoun:lee您的組織單笹名稱是什公了Unknoun:cib您的組織名稱是什么了Unknown:china您所在的城市或區(qū)域名稱是什公?Unknoun:peiking您所在的州或省份名稱是什么？Unknoun:xizhimen核單位的兩字母國家代碼

3、是什么Unknown-cnCN=lee,OU=crb,O=china,L=peiking,ST=xiziimen,C=cn正確嗎？否】：y輸入曲匹片1砂兩主密碼（如果和keystore密俏杠同，按回車）:2）根據(jù)私鑰，導出服務(wù)端證書C:XPiogpamFilesXJauaXjdkl.6.0_03binkeytool-export-aliasserueikey-keystorekseruer.kEyutoFE-fileseruep.cit密碼：録存在文件申的認證3）將服務(wù)端證書，導入到客戶端的TrustKeyStore中至gunFeb2215：34：S6CST20639L=peiking,L=p

4、eiking,ST=xizliimen,C=cnST=xizhinenxC=cn:ProgramFilesXJauaXjdkl.6.0_03Xbinkeytoo1-import-aliasseruerkeyer.crt-keystovetclient.keystore入kzyiitcny密碼:遲次輸入新密碼:CN=lee,OU=crb,0=01110&:CN=lee,OU=crb,O=chinaJ至gunFeb2215：34：S6CST20639L=peiking,L=peiking,ST=xizliimen,C=cnST=xizhinenxC=cn:ProgramFilesXJauaXjdk

5、l.6.0_03Xbinkeytoo1-import-aliasseruerkeyer.crt-keystovetclient.keystore入kzyiitcny密碼:遲次輸入新密碼:CN=lee,OU=crb,0=01110&:CN=lee,OU=crb,O=chinaJ,；492a58eeJMonNou241534：06CST書指紋廠-file1M5：E5：31：CCi34：2D：46：5F：71：AF：44：721C：F3：4C：48：4EseSHA1:11:2QiE&:C0：Bfi:D6：E5：Al：85：1263?1D：48：F2：88：D1：64：12iE0：18簽名算法名稱:S

6、HAluithDSA版本：3言任這個認證？否坯9證已添則至keystore甲采用同樣的方法，生成客戶端的私鑰，客戶端的證書，并且導入到服務(wù)端的TrustKeyStore中keytool-genkey-aliasclientkey-keystorekclient.keystorekeytool-export-aliasclientkey-keystorekclient.keystore-fileclient.crtkeytool-import-aliasclientkey-fileclient.crt-keystoretserver.keystore=可何口ient.js團雋-=可何口ient.

7、js團雋-篤p:V：=LLidatEsrc叮agent田com.stone,study,vida+eEl.5岀：回：由.CliEnt.javaServer,javakcliEnt.keystotEkserver.keystoirEteliETLt.keystoretserver.除yEtorEinqjortiavax口已匸呂丄.SSLCont.ext;inqjortiava:net呂;s丄SSLServerSocket;lnq)ortjavaxnet呂曰丄T匸口曰匸Manage匸Factory;1617=718*19*authorLeo20*/21pulilicclassServerinqil

8、ementsRunni5iljle滋privatestaticfinalintEEFAULf24ServerJava代碼packagessl;importjava.io.BufferedInputStream;importjava.io.BufferedOutputStream;importjava.io.FileInputStream;importjava.io.InputStream;importjava.io.OutputStream;.Socket;importjava.security.KeyStore;.ssl.KeyManagerFactory;.ssl.SSLContext;.

9、ssl.SSLServerSocket;.ssl.TrustManagerFactory;/*authorLeo*/publicclassServerimplementsRunnableprivatestaticfinalintDEFAULT_PORT=7777;privatestaticfinalStringSERVER_KEY_STORE_PASSWORD=123456;privatestaticfinalStringSERVER_TRUST_KEY_STORE_PASSWORD=123456;privateSSLServerSocketserverSocket;/*啟動程序*parama

10、rgs*/publicstaticvoidmain(Stringargs)Serverserver=newServer();server.init();Threadthread=newThread(server);thread.start();publicsynchronizedvoidstart()if(serverSocket=null)System.out.println(ERROR);return;while(true)trySockets=serverSocket.accept();InputStreaminput=s.getInputStream();OutputStreamout

11、put=s.getOutputStream();BufferedInputStreambis=newBufferedInputStream(input);BufferedOutputStreambos=newBufferedOutputStream(output);bytebuffer=newbyte20;bis.read(buffer);System.out.println(receive:+newString(buffer).toString();bos.write(yes.getBytes();bos.flush();s.close();catch(Exceptione)System.o

12、ut.println(e);publicvoidinit()trySSLContextctx=SSLContext.getInstance(SSL);KeyManagerFactorykmf=KeyManagerFactory.getInstance(SunX509);TrustManagerFactorytmf=TrustManagerFactory.getInstance(SunX509);KeyStoreks=KeyStore.getInstance(JKS);KeyStoretks=KeyStore.getInstance(JKS);ks.load(newFileInputStream

13、(src/ssl/kserver.keystore),SERVER_KEY_STORE_PASSWORD.toCharArray();tks.load(newFileInputStream(src/ssl/tserver.keystore),SERVER_TRUST_KEY_STORE_PASSWORD.toCharArray();kmf.init(ks,SERVER_KEY_STORE_PASSWORD.toCharArray();tmf.init(tks);ctx.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null);serverSo

14、cket=(SSLServerSocket)ctx.getServerSocketFactory().createServerSocket(DEFAULT_PORT);serverSocket.setNeedClientAuth(true);catch(Exceptione)System.out.println(e);publicvoidrun()/TODOAuto-generatedmethodstubstart();packagessl;importjava.io.BufferedInputStream;importjava.io.BufferedOutputStream;importja

15、va.io.FileInputStream;importjava.io.InputStream;importjava.io.OutputStream;.Socket;importjava.security.KeyStore;.ssl.KeyManagerFactory;.ssl.SSLContext;.ssl.SSLServerSocket;.ssl.TrustManagerFactory;/*authorLeo*/publicclassServerimplementsRunnableprivatestaticfinalintDEFAULT_PORT=7777;privatestaticfin

16、alStringSERVER_KEY_STORE_PASSWORD=123456;privatestaticfinalStringSERVER_TRUST_KEY_STORE_PASSWORD=123456;privateSSLServerSocketserverSocket;/*啟動程序*paramargs*/publicstaticvoidmain(Stringargs)Serverserver=newServer();server.init();Threadthread=newThread(server);thread.start();publicsynchronizedvoidstar

17、t()if(serverSocket=null)System.out.println(ERROR);return;while(true)trySockets=serverSocket.accept();InputStreaminput=s.getInputStream();OutputStreamoutput=s.getOutputStream();BufferedInputStreambis=newBufferedInputStream(input);BufferedOutputStreambos=newBufferedOutputStream(output);bytebuffer=newb

18、yte20;bis.read(buffer);System.out.println(receive:+newString(buffer).toString();bos.write(yes.getBytes();bos.flush();s.close();catch(Exceptione)System.out.println(e);publicvoidinit()trySSLContextctx=SSLContext.getInstance(SSL);KeyManagerFactorykmf=KeyManagerFactory.getInstance(SunX509);TrustManagerF

19、actorytmf=TrustManagerFactory.getInstance(SunX509);KeyStoreks=KeyStore.getInstance(JKS);KeyStoretks=KeyStore.getInstance(JKS);ks.load(newFileInputStream(src/ssl/kserver.keystore),SERVER_KEY_STORE_PASSWORD.toCharArray();tks.load(newFileInputStream(src/ssl/tserver.keystore),SERVER_TRUST_KEY_STORE_PASS

20、WORD.toCharArray();kmf.init(ks,SERVER_KEY_STORE_PASSWORD.toCharArray();tmf.init(tks);ctx.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null);serverSocket(SSLServerSocket)serverSocket(SSLServerSocket)ctx.getServerSocketFactory().createServerSocket(DEFAULT_PORT);serverSocket.setNeedClientAuth(true)

21、;catch(Exceptione)System.out.println(e);publicvoidrun()/TODOAuto-generatedmethodstubstart();Client：Java代碼packagessl;importjava.io.BufferedInputStream;importjava.io.BufferedOutputStream;importjava.io.FileInputStream;importjava.io.IOException;importjava.io.InputStream;importjava.io.OutputStream;import

22、java.security.KeyStore;.ssl.KeyManagerFactory;.ssl.SSLContext;.ssl.SSLSocket;.ssl.TrustManagerFactory;/*SSLClient*authorLeo*/publicclassClientprivatestaticfinalStringDEFAULT_HOST=;privatestaticfinalintDEFAULT_PORT=7777;privatestaticfinalStringCLIENT_KEY_STORE_PASSWORD=123456;privatestaticfinalString

23、CLIENT_TRUST_KEY_STORE_PASSWORD=123456;privateSSLSocketsslSocket;/*啟動客戶端程序*paramargs*/publicstaticvoidmain(Stringargs)Clientclient=newClient();client.init();cess();publicvoidprocess()if(sslSocket=null)System.out.println(ERROR);return;tryInputStreaminput=sslSocket.getInputStream();OutputStreamoutput=

24、sslSocket.getOutputStream();BufferedInputStreambis=newBufferedInputStream(input);BufferedOutputStreambos=newBufferedOutputStream(output);bos.write(1234567890.getBytes();bos.flush();bytebuffer=newbyte20;bis.read(buffer);System.out.println(newString(buffer);sslSocket.close();catch(IOExceptione)System.

25、out.println(e);publicvoidinit()trySSLContextctx=SSLContext.getInstance(SSL);KeyManagerFactorykmf=KeyManagerFactory.getInstance(SunX509);TrustManagerFactorytmf=TrustManagerFactory.getInstance(SunX509);KeyStoreks=KeyStore.getInstance(JKS);KeyStoretks=KeyStore.getInstance(JKS);ks.load(newFileInputStrea

26、m(src/ssl/kclient.keystore),CLIENT_KEY_STORE_PASSWORD.toCharArray();tks.load(newFileInputStream(src/ssl/tclient.keystore),CLIENT_TRUST_KEY_STORE_PASSWORD.toCharArray();kmf.init(ks,CLIENT_KEY_STORE_PASSWORD.toCharArray();tmf.init(tks);ctx.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null);sslSock

27、et=(SSLSocket)ctx.getSocketFactory().createSocket(DEFAULT_HOST,DEFAULT_PORT);catch(Exceptione)System.out.println(e);packagessl;importjava.io.BufferedInputStream;importjava.io.BufferedOutputStream;importjava.io.FileInputStream;importjava.io.IOException;importjava.io.InputStream;importjava.io.OutputSt

28、ream;importjava.security.KeyStore;.ssl.KeyManagerFactory;.ssl.SSLContext;.ssl.SSLSocket;.ssl.TrustManagerFactory;/*SSLClient*authorLeo*/publicclassClientprivatestaticfinalStringDEFAULT_HOST=;privatestaticfinalintDEFAULT_PORT=7777;privatestaticfinalStringCLIENT_KEY_STORE_PASSWORD=123456;privatestatic

29、finalStringCLIENT_TRUST_KEY_STORE_PASSWORD=123456;privateSSLSocketsslSocket;/*啟動客戶端程序*paramargs*/publicstaticvoidmain(Stringargs)Clientclient=newClient();client.init();cess();publicvoidprocess()if(sslSocket=null)System.out.println(ERROR);return;tryInputStreaminput=sslSocket.getInputStream();OutputSt

30、reamoutput=sslSocket.getOutputStream();BufferedInputStreambis=newBufferedInputStream(input);BufferedOutputStreambos=newBufferedOutputStream(output);bos.write(1234567890.getBytes();bos.flush();bytebuffer=newbyte20;bis.read(buffer);System.out.println(newString(buffer);sslSocket.close();catch(IOExceptione)System.out.println(e);publicvoidinit()trySSLContextctx=SSLContext.getInstance(SSL);KeyManagerFactorykmf=KeyManagerFactory.getInstance(SunX509);TrustManagerFactorytmf=TrustManagerFactory.getInstance(SunX509);KeyStoreks=KeyStore.getInstance(JKS);KeyStoretks=KeyStore.getInstance(JKS)