前一篇介绍了SSL/TLS双向认证的代码实例。

也可以选择使用单向认证，这种情况下client侧不需要提供证书。所以，
server侧只需要自己的keystore文件，不需要truststore文件
client侧不需要自己的keystore文件，只需要truststore文件（其中包含server的公钥）。
此外server侧需要在创建SSLServerSocket之后设定不需要客户端证书：setNeedClientAuth(false)

server代码

package learning.net.ssl;import java.io.BufferedReader;import java.io.FileInputStream;import java.io.IOException;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.Socket;import java.security.KeyStore;import java.security.cert.X509Certificate;import javax.net.ssl.HandshakeCompletedEvent;import javax.net.ssl.HandshakeCompletedListener;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLPeerUnverifiedException;import javax.net.ssl.SSLServerSocket;import javax.net.ssl.SSLServerSocketFactory;import javax.net.ssl.SSLSocket;public class CatServerNoClientAuth implements Runnable, HandshakeCompletedListener {    public static final int SERVER_PORT = 11123;    private final Socket _s;    public CatServerNoClientAuth(Socket s) {        _s = s;    }    public static void main(String[] args) throws Exception {        String serverKeyStoreFile = "c:\\_tmp\\catserver.keystore";        String serverKeyStorePwd = "catserverks";        String catServerKeyPwd = "catserver";        KeyStore serverKeyStore = KeyStore.getInstance("JKS");        serverKeyStore.load(new FileInputStream(serverKeyStoreFile), serverKeyStorePwd.toCharArray());        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());        kmf.init(serverKeyStore, catServerKeyPwd.toCharArray());        SSLContext sslContext = SSLContext.getInstance("TLSv1");        sslContext.init(kmf.getKeyManagers(), null, null);        SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory();        SSLServerSocket sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(SERVER_PORT);        sslServerSocket.setNeedClientAuth(false);        while (true) {            SSLSocket s = (SSLSocket)sslServerSocket.accept();            CatServerNoClientAuth cs = new CatServerNoClientAuth(s);            s.addHandshakeCompletedListener(cs);            new Thread(cs).start();        }    }    @Override    public void run() {        try {            BufferedReader reader = new BufferedReader(new InputStreamReader(_s.getInputStream()));            PrintWriter writer = new PrintWriter(_s.getOutputStream(), true);            writer.println("Welcome~, enter exit to leave.");            String s;            while ((s = reader.readLine()) != null && !s.trim().equalsIgnoreCase("exit")) {                writer.println("Echo: " + s);            }            writer.println("Bye~");        } catch (Exception e) {            e.printStackTrace();        } finally {            try {                _s.close();            } catch (IOException e) {                e.printStackTrace();            }        }    }    @Override    public void handshakeCompleted(HandshakeCompletedEvent event) {        try {            X509Certificate cert = (X509Certificate) event.getPeerCertificates()[0];        } catch (SSLPeerUnverifiedException ex) {            System.out.println("handshakeCompleted, SSLPeerUnverified.");        }    }}

client代码

package learning.net.ssl;import java.io.BufferedReader;import java.io.FileInputStream;import java.io.IOException;import java.io.InputStreamReader;import java.io.PrintWriter;import java.net.Socket;import java.security.KeyStore;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLSocketFactory;import javax.net.ssl.TrustManagerFactory;public class FoxClientNoClientAuth {    public static void main(String[] args) throws Exception {        String clientTrustKeyStoreFile = "c:\\_tmp\\foxclienttrust.keystore";        String clientTrustKeyStorePwd = "foxclienttrustks";        KeyStore clientTrustKeyStore = KeyStore.getInstance("JKS");        clientTrustKeyStore.load(new FileInputStream(clientTrustKeyStoreFile), clientTrustKeyStorePwd.toCharArray());        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());        tmf.init(clientTrustKeyStore);        SSLContext sslContext = SSLContext.getInstance("TLSv1");        sslContext.init(null, tmf.getTrustManagers(), null);                SSLSocketFactory socketFactory = sslContext.getSocketFactory();        Socket socket = socketFactory.createSocket("localhost", CatServer.SERVER_PORT);                PrintWriter out = new PrintWriter(socket.getOutputStream(), true);        BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));                send("hello", out);        send("exit", out);        receive(in);        socket.close();    }        public static void send(String s, PrintWriter out) throws IOException {        System.out.println("Sending: " + s);             out.println(s);    }    public static void receive(BufferedReader in) throws IOException {        String s;        while ((s = in.readLine()) != null) {            System.out.println("Reveived: " + s);        }    }}

Java-JSSE-SSL/TLS编程代码实例-单向认证