首页 > 代码库 > Java-JSSE-SSL/TLS编程代码实例-单向认证
Java-JSSE-SSL/TLS编程代码实例-单向认证
前一篇介绍了SSL/TLS双向认证的代码实例。
也可以选择使用单向认证,这种情况下client侧不需要提供证书。所以,
server侧只需要自己的keystore文件,不需要truststore文件
client侧不需要自己的keystore文件,只需要truststore文件(其中包含server的公钥)。
此外server侧需要在创建SSLServerSocket之后设定不需要客户端证书:setNeedClientAuth(false)
server代码
package learning.net.ssl;import java.io.BufferedReader;import java.io.FileInputStream;import java.io.IOException;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.Socket;import java.security.KeyStore;import java.security.cert.X509Certificate;import javax.net.ssl.HandshakeCompletedEvent;import javax.net.ssl.HandshakeCompletedListener;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLPeerUnverifiedException;import javax.net.ssl.SSLServerSocket;import javax.net.ssl.SSLServerSocketFactory;import javax.net.ssl.SSLSocket;public class CatServerNoClientAuth implements Runnable, HandshakeCompletedListener { public static final int SERVER_PORT = 11123; private final Socket _s; public CatServerNoClientAuth(Socket s) { _s = s; } public static void main(String[] args) throws Exception { String serverKeyStoreFile = "c:\\_tmp\\catserver.keystore"; String serverKeyStorePwd = "catserverks"; String catServerKeyPwd = "catserver"; KeyStore serverKeyStore = KeyStore.getInstance("JKS"); serverKeyStore.load(new FileInputStream(serverKeyStoreFile), serverKeyStorePwd.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(serverKeyStore, catServerKeyPwd.toCharArray()); SSLContext sslContext = SSLContext.getInstance("TLSv1"); sslContext.init(kmf.getKeyManagers(), null, null); SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(SERVER_PORT); sslServerSocket.setNeedClientAuth(false); while (true) { SSLSocket s = (SSLSocket)sslServerSocket.accept(); CatServerNoClientAuth cs = new CatServerNoClientAuth(s); s.addHandshakeCompletedListener(cs); new Thread(cs).start(); } } @Override public void run() { try { BufferedReader reader = new BufferedReader(new InputStreamReader(_s.getInputStream())); PrintWriter writer = new PrintWriter(_s.getOutputStream(), true); writer.println("Welcome~, enter exit to leave."); String s; while ((s = reader.readLine()) != null && !s.trim().equalsIgnoreCase("exit")) { writer.println("Echo: " + s); } writer.println("Bye~"); } catch (Exception e) { e.printStackTrace(); } finally { try { _s.close(); } catch (IOException e) { e.printStackTrace(); } } } @Override public void handshakeCompleted(HandshakeCompletedEvent event) { try { X509Certificate cert = (X509Certificate) event.getPeerCertificates()[0]; } catch (SSLPeerUnverifiedException ex) { System.out.println("handshakeCompleted, SSLPeerUnverified."); } }}
client代码
package learning.net.ssl;import java.io.BufferedReader;import java.io.FileInputStream;import java.io.IOException;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.Socket;import java.security.KeyStore;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLSocketFactory;import javax.net.ssl.TrustManagerFactory;public class FoxClientNoClientAuth { public static void main(String[] args) throws Exception { String clientTrustKeyStoreFile = "c:\\_tmp\\foxclienttrust.keystore"; String clientTrustKeyStorePwd = "foxclienttrustks"; KeyStore clientTrustKeyStore = KeyStore.getInstance("JKS"); clientTrustKeyStore.load(new FileInputStream(clientTrustKeyStoreFile), clientTrustKeyStorePwd.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(clientTrustKeyStore); SSLContext sslContext = SSLContext.getInstance("TLSv1"); sslContext.init(null, tmf.getTrustManagers(), null); SSLSocketFactory socketFactory = sslContext.getSocketFactory(); Socket socket = socketFactory.createSocket("localhost", CatServer.SERVER_PORT); PrintWriter out = new PrintWriter(socket.getOutputStream(), true); BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream())); send("hello", out); send("exit", out); receive(in); socket.close(); } public static void send(String s, PrintWriter out) throws IOException { System.out.println("Sending: " + s); out.println(s); } public static void receive(BufferedReader in) throws IOException { String s; while ((s = in.readLine()) != null) { System.out.println("Reveived: " + s); } }}
Java-JSSE-SSL/TLS编程代码实例-单向认证
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。