java实现 SSL双向认证.docx

java实现 SSL双向认证博客分类： JAVAJSocketSecuritythread实现技术：JSSE（Java Security Socket Extension）是Sun为了解决在Internet上的实现安全信息传输的解决方案。它实现了SSL和TSL（传输层安全）协议。在JSSE中包含了数据加密，服务器验证，消息完整性和客户端验证等技术。通过使用JSSE，可以在Client和Server之间通过TCP/IP协议安全地传输数据。为了实现消息认证。Server需要：1）KeyStore: 其中保存服务端的私钥2）Trust KeyStore:其中保存客户端的授权证书Client需要：1）KeyStore：其中保存客户端的私钥2）Trust KeyStore：其中保存服务端的授权证书使用Java自带的keytool命令，去生成这样信息文件：1）生成服务端私钥，并且导入到服务端KeyStore文件中2）根据私钥，导出服务端证书3）将服务端证书，导入到客户端的Trust KeyStore中采用同样的方法，生成客户端的私钥，客户端的证书，并且导入到服务端的Trust KeyStore中1）keytool -genkey -alias clientkey -keystore kclient.keystore2）keytool -export -alias clientkey -keystore kclient.keystore -file client.crt3）keytool -import -alias clientkey -file client.crt -keystore tserver.keystoreServer：Java代码1. packagessl;2. 3. 4. importjava.io.BufferedInputStream;5. importjava.io.BufferedOutputStream;6. importjava.io.FileInputStream;7. importjava.io.InputStream;8. importjava.io.OutputStream;9. .Socket;10. importjava.security.KeyStore;11. 12. .ssl.KeyManagerFactory;13. .ssl.SSLContext;14. .ssl.SSLServerSocket;15. .ssl.TrustManagerFactory;16. 17. /*18. *19. *authorLeo20. */21. publicclassServerimplementsRunnable22. 23. privatestaticfinalintDEFAULT_PORT=7777;24. 25. privatestaticfinalStringSERVER_KEY_STORE_PASSWORD=123456;26. privatestaticfinalStringSERVER_TRUST_KEY_STORE_PASSWORD=123456;27. 28. privateSSLServerSocketserverSocket;29. 30. /*31. *启动程序32. *33. *paramargs34. */35. publicstaticvoidmain(Stringargs)36. Serverserver=newServer();37. server.init();38. Threadthread=newThread(server);39. thread.start();40. 41. 42. publicsynchronizedvoidstart()43. if(serverSocket=null)44. System.out.println(ERROR);45. return;46. 47. while(true)48. try49. Sockets=serverSocket.accept();50. InputStreaminput=s.getInputStream();51. OutputStreamoutput=s.getOutputStream();52. 53. BufferedInputStreambis=newBufferedInputStream(input);54. BufferedOutputStreambos=newBufferedOutputStream(output);55. 56. bytebuffer=newbyte20;57. bis.read(buffer);58. System.out.println(-receive:-+newString(buffer).toString();59. 60. bos.write(yes.getBytes();61. bos.flush();62. 63. s.close();64. catch(Exceptione)65. System.out.println(e);66. 67. 68. 69. publicvoidinit()70. try71. SSLContextctx=SSLContext.getInstance(SSL);72. 73. KeyManagerFactorykmf=KeyManagerFactory.getInstance(SunX509);74. TrustManagerFactorytmf=TrustManagerFactory.getInstance(SunX509);75. 76. KeyStoreks=KeyStore.getInstance(JKS);77. KeyStoretks=KeyStore.getInstance(JKS);78. 79. ks.load(newFileInputStream(src/ssl/kserver.keystore),SERVER_KEY_STORE_PASSWORD.toCharArray();80. tks.load(newFileInputStream(src/ssl/tserver.keystore),SERVER_TRUST_KEY_STORE_PASSWORD.toCharArray();81. 82. kmf.init(ks,SERVER_KEY_STORE_PASSWORD.toCharArray();83. tmf.init(tks);84. 85. ctx.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null);86. 87. serverSocket=(SSLServerSocket)ctx.getServerSocketFactory().createServerSocket(DEFAULT_PORT);88. serverSocket.setNeedClientAuth(true);89. catch(Exceptione)90. System.out.println(e);91. 92. 93. 94. publicvoidrun()95. /TODOAuto-generatedmethodstub96. start();97. 98. Client：Java代码1. packagessl;2. 3. importjava.io.BufferedInputStream;4. importjava.io.BufferedOutputStream;5. importjava.io.FileInputStream;6. importjava.io.IOException;7. importjava.io.InputStream;8. importjava.io.OutputStream;9. importjava.security.KeyStore;10. 11. .ssl.KeyManagerFactory;12. .ssl.SSLContext;13. .ssl.SSLSocket;14. .ssl.TrustManagerFactory;15. 16. /*17. *SSLClient18. *19. *authorLeo20. */21. publicclassClient22. 23. privatestaticfinalStringDEFAULT_HOST=;24. privatestaticfinalintDEFAULT_PORT=7777;25. 26. privatestaticfinalStringCLIENT_KEY_STORE_PASSWORD=123456;27. privatestaticfinalStringCLIENT_TRUST_KEY_STORE_PASSWORD=123456;28. 29. privateSSLSocketsslSocket;30. 31. /*32. *启动客户端程序33. *34. *paramargs35. */36. publicstaticvoidmain(Stringargs)37. Clientclient=newClient();38. client.init();39. cess();40. 41. 42. 43. publicvoidprocess()44. if(sslSocket=null)45. System.out.println(ERROR);46. return;47. 48. try49. InputStreaminput=sslSocket.getInputStream();50. OutputStreamoutput=sslSocket.getOutputStream();51. 52. BufferedInputStreambis=newBufferedInputStream(input);53. BufferedOutputStreambos=newBufferedOutputStream(output);54. 55. bos.write(1234567890.getBytes();56. bos.flush();57. 58. bytebuffer=newbyte20;59. bis.read(buffer);60. System.out.println(newString(buffer);61. 62. sslSocket.close();63. catch(IOExceptione)64. System.out.println(e);65. 66. 67. 68. 69. publicvoidinit()70. try71. SSLContextctx=SSLContext.getInstance(SSL);72. 73. KeyManagerFactorykmf=KeyManagerFactory.getInstance(SunX509);74. TrustManagerFactorytmf=TrustManagerFactory.getInstance(SunX509);75. 76. KeyStoreks=KeyStore.getInstance(JKS);77. KeyStoretks=KeyStore.getInstance(JKS);78. 79. ks.load(newFileInputStream(src/ssl/kclient.keystore),CLIENT_KEY_STORE_PASSWORD.toCharArray();80. tks.load(newFileInputStream(src/ssl/tclient.keystore),CLIENT_TRUST_KEY_STORE_PASSWORD.toCharArray();81. 82. kmf.init(ks,CLIENT_KEY_STORE_PASSWORD.toCharArray();83. tmf.init(tks);84. 85. ctx.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null);86. 87. sslSocket=(SSLSocket)ctx.getSocketFactory().createSocket(DEFAULT_HOST,DEFAULT_PORT);88. catch(Exceptione)89. System.out.println(e);90. 91. 92. 93. 启动Server启动Client，发送信息。Server接收如下：正确解密返回Client信息，如下：如此，就完成了服务端和客户端之间的基于身份认证的交互。client采用kclient.keystore中的clientkey私钥