通信端无需向对方证明自己的身份,则称该端处于“客户模式”,否则称其处于“服务器模式”,无论是客户端还是服务器端,都可处于“客户模式”或者“服务器模式”

首先生成服务器端认证证书,使用java自带的keytool工具:

其中:

-genkey:生成一对非对称密钥

-keyalg:加密算法

-keystore:证书存放路径

-alias:密钥对别名,该别名是公开的

相同的方式,生成客户端认证证书,不过命名为client_rsa.key,别名为clientkey

使用jdk1.5,唯一需要引入的包为log4j-1.2.14.jar

客户端认证:

package com.test.client.auth;

import java.io.FileInputStream;

import java.security.KeyStore;

import java.util.Properties;

import javax.net.ssl.KeyManager;

import javax.net.ssl.KeyManagerFactory;

import javax.net.ssl.SSLContext;

import javax.net.ssl.TrustManager;

import javax.net.ssl.TrustManagerFactory;

import com.test.server.config.Configuration;

public class Auth {

	private static SSLContext sslContext;

	public static SSLContext getSSLContext() throws Exception{

		Properties p = Configuration.getConfig();

		String protocol = p.getProperty("protocol");

		String sCertificateFile = p.getProperty("serverCertificateFile");

		String sCertificatePwd = p.getProperty("serverCertificatePwd");

		String sMainPwd = p.getProperty("serverMainPwd");

		String cCertificateFile = p.getProperty("clientCertificateFile");

		String cCertificatePwd = p.getProperty("clientCertificatePwd");

		String cMainPwd = p.getProperty("clientMainPwd");

		//KeyStore class is used to save certificate.

		char[] c_pwd = sCertificatePwd.toCharArray();

		KeyStore keyStore = KeyStore.getInstance("JKS");

		keyStore.load(new FileInputStream(sCertificateFile), c_pwd);  

		//TrustManagerFactory class is used to create TrustManager class.

		TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");

		char[] m_pwd = sMainPwd.toCharArray();

		trustManagerFactory.init(keyStore);

		//TrustManager class is used to decide weather to trust the certificate

		//or not.

		TrustManager[] tms = trustManagerFactory.getTrustManagers();

		KeyManager[] kms = null;

		if(Configuration.getConfig().getProperty("authority").equals("2")){

			//KeyStore class is used to save certificate.

			c_pwd = cCertificatePwd.toCharArray();

			keyStore = KeyStore.getInstance("JKS");

			keyStore.load(new FileInputStream(cCertificateFile), c_pwd);  

			//KeyManagerFactory class is used to create KeyManager class.

			KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");

			m_pwd = cMainPwd.toCharArray();

			keyManagerFactory.init(keyStore, m_pwd);

			//KeyManager class is used to choose a certificate

			//to prove the identity of the client side.

			 kms = keyManagerFactory.getKeyManagers();

		}

		//SSLContext class is used to set all the properties about secure communication.

		//Such as protocol type and so on.

		sslContext = SSLContext.getInstance(protocol);

		sslContext.init(kms, tms, null);  

		return sslContext;

	}

}

客户端主程序:

package com.test.client;

import java.io.DataInputStream;

import java.io.DataOutputStream;

import java.io.IOException;

import java.net.InetSocketAddress;

import java.net.SocketAddress;

import java.util.Properties;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLSocket;

import javax.net.ssl.SSLSocketFactory;

import org.apache.log4j.Logger;

import com.test.client.auth.Auth;

import com.test.server.config.Configuration;

import com.test.tools.SocketIO;

public class Client {

	static Logger logger = Logger.getLogger(Client.class);

	private SSLContext sslContext;

	private int port = 10000;

	private String host = "127.0.0.1";

	private SSLSocket socket;

	private Properties p;

	public Client(){

		try {

			p = Configuration.getConfig();

			Integer authority = Integer.valueOf(p.getProperty("authority"));

			sslContext = Auth.getSSLContext();

			SSLSocketFactory factory = (SSLSocketFactory) sslContext.getSocketFactory();

			socket = (SSLSocket)factory.createSocket();

			String[] pwdsuits = socket.getSupportedCipherSuites();

			socket.setEnabledCipherSuites(pwdsuits);//socket可以使用所有支持的加密套件

			if(authority.intValue() == 2){

				socket.setUseClientMode(false);

				socket.setNeedClientAuth(true);

			}else{

				socket.setUseClientMode(true);

				socket.setWantClientAuth(true);

			}

			SocketAddress address = new InetSocketAddress(host, port);

			socket.connect(address, 0);

		} catch (Exception e) {

			e.printStackTrace();

			logger.error("socket establish failed!");

		}

	}

	public void request(){

		try{

			String encoding = p.getProperty("socketStreamEncoding");

			DataOutputStream output = SocketIO.getDataOutput(socket);

			String user = "name";

			byte[] bytes = user.getBytes(encoding);

			short length = (short)bytes.length;

			short pwd = (short)123;

			output.writeShort(length);

			output.write(bytes);

			output.writeShort(pwd);

			DataInputStream input = SocketIO.getDataInput(socket);

			length = input.readShort();

			bytes = new byte[length];

			input.read(bytes);

			logger.info("request result:"+new String(bytes,encoding));

		}catch(Exception e){

			e.printStackTrace();

			logger.error("request error");

		}finally{

			try {

				socket.close();

			} catch (IOException e) {

				e.printStackTrace();

			}

		}

	}

	public static void main(String[] args){

		Client client = new Client();

		client.request();

	}

}

服务器端认证:

package com.test.server.auth;

import java.io.FileInputStream;

import java.security.KeyStore;

import java.util.Properties;

import javax.net.ssl.KeyManager;

import javax.net.ssl.KeyManagerFactory;

import javax.net.ssl.SSLContext;

import javax.net.ssl.TrustManager;

import javax.net.ssl.TrustManagerFactory;

import com.test.server.config.Configuration;

public class Auth {

	private static SSLContext sslContext;

	public static SSLContext getSSLContext() throws Exception{

		Properties p = Configuration.getConfig();

		String protocol = p.getProperty("protocol");

		String sCertificateFile = p.getProperty("serverCertificateFile");

		String sCertificatePwd = p.getProperty("serverCertificatePwd");

		String sMainPwd = p.getProperty("serverMainPwd");

		String cCertificateFile = p.getProperty("clientCertificateFile");

		String cCertificatePwd = p.getProperty("clientCertificatePwd");

		String cMainPwd = p.getProperty("clientMainPwd");

		//KeyStore class is used to save certificate.

		char[] c_pwd = sCertificatePwd.toCharArray();

		KeyStore keyStore = KeyStore.getInstance("JKS");

		keyStore.load(new FileInputStream(sCertificateFile), c_pwd);  

		//KeyManagerFactory class is used to create KeyManager class.

		KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");

		char[] m_pwd = sMainPwd.toCharArray();

		keyManagerFactory.init(keyStore, m_pwd);

		//KeyManager class is used to choose a certificate

		//to prove the identity of the server side.

		KeyManager[] kms = keyManagerFactory.getKeyManagers();

		TrustManager[] tms = null;

		if(Configuration.getConfig().getProperty("authority").equals("2")){

			//KeyStore class is used to save certificate.

			c_pwd = cCertificatePwd.toCharArray();

			keyStore = KeyStore.getInstance("JKS");

			keyStore.load(new FileInputStream(cCertificateFile), c_pwd);  

			//TrustManagerFactory class is used to create TrustManager class.

			TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");

			m_pwd = cMainPwd.toCharArray();

			trustManagerFactory.init(keyStore);

			//TrustManager class is used to decide weather to trust the certificate

			//or not.

			tms = trustManagerFactory.getTrustManagers();

		}

		//SSLContext class is used to set all the properties about secure communication.

		//Such as protocol type and so on.

		sslContext = SSLContext.getInstance(protocol);

		sslContext.init(kms, tms, null);  

		return sslContext;

	}

}

服务器端主程序:

package com.test.server;

import java.io.IOException;

import java.net.InetSocketAddress;

import java.util.Properties;

import java.util.concurrent.Executor;

import java.util.concurrent.Executors;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLServerSocket;

import javax.net.ssl.SSLServerSocketFactory;

import javax.net.ssl.SSLSocket;

import org.apache.log4j.Logger;

import com.test.server.auth.Auth;

import com.test.server.business.Job;

import com.test.server.config.Configuration;

public class Server {

	static Logger logger = Logger.getLogger(Server.class);

	private SSLContext sslContext;

	private SSLServerSocketFactory sslServerSocketFactory;

	private SSLServerSocket sslServerSocket;

	private final Executor executor;

	public Server() throws Exception{

		Properties p = Configuration.getConfig();

		Integer serverListenPort = Integer.valueOf(p.getProperty("serverListenPort"));

		Integer serverThreadPoolSize = Integer.valueOf(p.getProperty("serverThreadPoolSize"));

		Integer serverRequestQueueSize = Integer.valueOf(p.getProperty("serverRequestQueueSize"));

		Integer authority = Integer.valueOf(p.getProperty("authority"));

		executor = Executors.newFixedThreadPool(serverThreadPoolSize);

		sslContext = Auth.getSSLContext();

		sslServerSocketFactory = sslContext.getServerSocketFactory();

		//Just create a TCP connection.SSL shake hand does not begin.

		//The first time either side(server or client) try to get a socket input stream

		//or output stream will case the SSL shake hand begin.

		sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket();

		String[] pwdsuits = sslServerSocket.getSupportedCipherSuites();

		sslServerSocket.setEnabledCipherSuites(pwdsuits);

		//Use client mode.Must prove its identity to the client side.

		//Client mode is the default mode.

		sslServerSocket.setUseClientMode(false);

		if(authority.intValue() == 2){

			//The communication will stop if the client side doesn't show its identity.

			sslServerSocket.setNeedClientAuth(true);

		}else{

			//The communication will go on although the client side doesn't show its identity.

			sslServerSocket.setWantClientAuth(true);

		}

		sslServerSocket.setReuseAddress(true);

		sslServerSocket.setReceiveBufferSize(128*1024);

		sslServerSocket.setPerformancePreferences(3, 2, 1);

		sslServerSocket.bind(new InetSocketAddress(serverListenPort),serverRequestQueueSize);

		logger.info("Server start up!");

		logger.info("server port is:"+serverListenPort);

	}

	private void service(){

		while(true){

			SSLSocket socket = null;

			try{

				logger.debug("Wait for client request!");

				socket = (SSLSocket)sslServerSocket.accept();

				logger.debug("Get client request!");

				Runnable job = new Job(socket);

				executor.execute(job);

			}catch(Exception e){

				logger.error("server run exception");

				try {

					socket.close();

				} catch (IOException e1) {

					e1.printStackTrace();

				}

			}

		}

	}

	public static void main(String[] args) {

		Server server;

		try{

			 server = new Server();

			 server.service();

		}catch(Exception e){

			e.printStackTrace();

			logger.error("server socket establish error!");

		}

	}

}

服务器业务执行线程:

package com.test.server.business;

import java.io.DataInputStream;

import java.io.DataOutputStream;

import java.io.IOException;

import java.net.Socket;

import java.util.Properties;

import org.apache.log4j.Logger;

import com.test.server.config.Configuration;

import com.test.tools.SocketIO;

public class Job implements Runnable {

	static Logger logger = Logger.getLogger(Job.class);

	private Socket socket;

	public Job(Socket socket){

		this.socket = socket;

	}

	public void run() {

		Properties p = Configuration.getConfig();

		String encoding = p.getProperty("socketStreamEncoding");

		DataInputStream input = null;

		DataOutputStream output = null;

		try{

			input = SocketIO.getDataInput(socket);

			short length = input.readShort();

			byte[] bytes = new byte[length];

			input.read(bytes);

			String user = new String(bytes,encoding);

			short pwd = input.readShort();

			String result = null;

			if(null != user && !user.equals("") && user.equals("name") && pwd == 123){

				result = "login success";

			}else{

				result = "login failed";

			}

			logger.info("request user:"+user);

			logger.info("request pwd:"+pwd);

			output = SocketIO.getDataOutput(socket);

			bytes = result.getBytes(encoding);

			length = (short)bytes.length;

			output.writeShort(length);

			output.write(bytes);

			logger.info("response info:"+result);

		}catch(Exception e){

			e.printStackTrace();

			logger.error("business thread run exception");

		}finally{

			try {

				socket.close();

			} catch (IOException e) {

				e.printStackTrace();

				logger.error("server socket close error");

			}

		}

	}

}

配置文件类:

package com.test.server.config;

import java.io.File;

import java.io.FileInputStream;

import java.io.InputStream;

import java.util.Properties;

import org.apache.log4j.Logger;

public class Configuration {

	private static Properties config;

	static Logger logger = Logger.getLogger(Configuration.class);

	public static Properties getConfig(){

		try{

			if(null == config){

				File configFile = new File("./conf/conf.properties");

				if(configFile.exists() && configFile.isFile()

						&& configFile.canRead()){

					InputStream input = new FileInputStream(configFile);

					config = new Properties();

					config.load(input);

				}

			}

		}catch(Exception e){

			//default set

			config = new Properties();

			config.setProperty("protocol", "TLSV1");

			config.setProperty("serverCertificateFile", "./certificate/server_rsa.key");

			config.setProperty("serverCertificatePwd", "123456");

			config.setProperty("serverMainPwd", "654321");

			config.setProperty("clientCertificateFile", "./certificate/client_rsa.key");

			config.setProperty("clientCertificatePwd", "123456");

			config.setProperty("clientMainPwd", "654321");

			config.setProperty("serverListenPort", "10000");

			config.setProperty("serverThreadPoolSize", "5");

			config.setProperty("serverRequestQueueSize", "10");

			config.setProperty("socketStreamEncoding", "UTF-8");

		}

		return config;

	}

}

接口工具类:

package com.test.tools;

import java.io.DataInputStream;

import java.io.DataOutputStream;

import java.io.IOException;

import java.net.Socket;

public class SocketIO{

	public static DataInputStream getDataInput(Socket socket) throws IOException{

		DataInputStream input = new DataInputStream(socket.getInputStream());

		return input;

	}

	public static DataOutputStream getDataOutput(Socket socket) throws IOException{

		DataOutputStream out = new DataOutputStream(socket.getOutputStream());

		return out;

	}

}

配置文件:

#1:单向认证,只有服务器端需证明其身份

#2:双向认证,服务器端和客户端都需证明其身份

authority=2

#通信协议

protocol=TLSV1

#服务器证书

serverCertificateFile=./certificate/server_rsa.key

#服务器证书密码

serverCertificatePwd=123456

#服务器证书主密码

serverMainPwd=654321

#客户端证书,如果为双向认证,则必须填写

clientCertificateFile=./certificate/client_rsa.key

#客户端证书密码

clientCertificatePwd=123456

#客户端证书主密码

clientMainPwd=654321

#服务器监听端口,注意root权限

serverListenPort=10000

#服务器线程池线程数(2*核数+1)

serverThreadPoolSize=5

#服务器Socket请求队列长度

serverRequestQueueSize=10

#字节流编码

socketStreamEncoding=GBK

日志文件:

log4j.rootLogger=debug,logOutput,fileLogOutput

log console out put

log4j.appender.logOutput=org.apache.log4j.ConsoleAppender

log4j.appender.logOutput.layout=org.apache.log4j.PatternLayout

log4j.appender.logOutput.layout.ConversionPattern=%p%d{[yy-MM-dd HH:mm:ss]}[%c] -> %m%n

#log file out put

log4j.appender.fileLogOutput=org.apache.log4j.RollingFileAppender

log4j.appender.fileLogOutput.File=./log/server.log

log4j.appender.fileLogOutput.MaxFileSize=1000KB

log4j.appender.fileLogOutput.MaxBackupIndex=3

log4j.appender.fileLogOutput.layout=org.apache.log4j.PatternLayout

log4j.appender.fileLogOutput.layout.ConversionPattern=%p%d{[yy-MM-dd HH:mm:ss]}[%c] -> %m%n

运行后的结果:

客户端:

INFO[13-10-08 09:33:39][com.test.client.Client] -> request result:login success

服务端:

INFO[13-10-08 09:33:34][com.test.server.Server] -> Server start up!

INFO[13-10-08 09:33:34][com.test.server.Server] -> server port is:10000

DEBUG[13-10-08 09:33:34][com.test.server.Server] -> Wait for client request!

DEBUG[13-10-08 09:33:39][com.test.server.Server] -> Get client request!

DEBUG[13-10-08 09:33:39][com.test.server.Server] -> Wait for client request!

INFO[13-10-08 09:33:39][com.test.server.business.Job] -> request user:name

INFO[13-10-08 09:33:39][com.test.server.business.Job] -> request pwd:123

INFO[13-10-08 09:33:39][com.test.server.business.Job] -> response info:login success

PS:

1,不能随意的使用close()方法关闭socket输入输出流,使用close()方法关闭socket输入输出流会导致socket本身被关闭

2,字符串必须按照指定的编码转换为字节数组,字节数组也必须通过相同的编码转换为字符串,否则将会出现乱码

String[] pwdsuits = socket.getSupportedCipherSuites();

socket.setEnabledCipherSuites(pwdsuits);

加密套件(ciphersuits)包括一组加密参数,这些参数指定了加密算法、密钥长度等加密等信息。

[SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, ...

Java SSL/TLS Socket实现的更多相关文章

  1. Android网络编程系列 一 JavaSecurity之JSSE(SSL/TLS)

    摘要:     Java Security在Java存在已久了而且它是一个非常重要且独立的版块,包含了很多的知识点,常见的有MD5,DigitalSignature等,而Android在Java Se ...

  2. SSL/TLS加密传输与数字证书解读

    什么是ssl? secure socket layer(ssl)协议最初由netscape企业发展,现已成为网络用来鉴别网站和网页浏览者身份,以及在浏览器使用者及网页服务器之间进行加密通讯的全球化标准 ...

  3. java ssl https 连接详解 生成证书

    我们先来了解一下什么理HTTPS 1. HTTPS概念 1)简介 HTTPS(全称:Hypertext Transfer Protocol over Secure Socket Layer),是以安全 ...

  4. MINA、Netty、Twisted一起学(十一):SSL/TLS

    什么是SSL/TLS 不使用SSL/TLS的网络通信,一般都是明文传输,网络传输内容在传输过程中很容易被窃听甚至篡改,非常不安全.SSL/TLS协议就是为了解决这些安全问题而设计的.SSL/TLS协议 ...

  5. https Java SSL Exception protocol_version

    在java代码中,使用HttpClient爬取https页面时,遇到了这个bug:javax.net.ssl.SSLException: Received fatal alert: protocol_ ...

  6. java ssl https 连接详解 生成证书 tomcat keystone

    java ssl https 连接详解 生成证书 我们先来了解一下什么理HTTPS 1. HTTPS概念 1)简介 HTTPS(全称:Hypertext Transfer Protocol over ...

  7. 六、Mosquitto 高级应用之SSL/TLS

    mosquitto提供SSL支持加密的网络连接和身份验证.本章节讲述次功能的实现. 在此之前需要一些准备工作. 准本工作: 一台 Linux 服务器. 安装好 openssl (不会明白怎么安装 op ...

  8. 开源项目SMSS发开指南(四)——SSL/TLS加密通信详解

    本文将详细介绍如何在Java端.C++端和NodeJs端实现基于SSL/TLS的加密通信,重点分析Java端利用SocketChannel和SSLEngine从握手到数据发送/接收的完整过程.本文也涵 ...

  9. 开源项目SMSS发开指南(五)——SSL/TLS加密通信详解(下)

    继上一篇介绍如何在多种语言之间使用SSL加密通信,今天我们关注Java端的证书创建以及支持SSL的NioSocket服务端开发.完整源码 一.创建keystore文件 网上大多数是通过jdk命令创建秘 ...

随机推荐

  1. BZOJ_2194_快速傅立叶之二_(FFT+卷积)

    描述 http://www.lydsy.com/JudgeOnline/problem.php?id=2194 给出序列\(a[0],a[1],...,a[n-1]\)和\(b[0],b[1],... ...

  2. Win32下 Qt与Lua交互使用(一):配置Qt下Lua运行环境

    偶然间看到Lua这种脚本语言,有点兴趣,简单学习了一下. 发现Lua与C++之间可以实现非常强的交互性.Lua中可以使用C++中的函数,C++中也可以使用Lua中的函数.由此可以引发出很多奇思妙想了. ...

  3. 【转】为Xcode添加删除行、复制行快捷键

    原文网址:http://www.jianshu.com/p/cc6e13365b7e 在使用eclipse过程中,特喜欢删除一行和复制一行的的快捷键.而恰巧Xcode不支持这两个快捷键,再一次的恰巧让 ...

  4. 【转】JNI学习积累之一 ---- 常用函数大全

    原文网址:http://blog.csdn.net/qinjuning/article/details/7595104 本文原创,转载请注明出处:http://blog.csdn.net/qinjun ...

  5. JAX-WS(JWS)发布WebService

    WebService历来都很受重视,特别是Java阵营,WebService框架和技术层出不穷.知名的XFile(新的如CXF).Axis1.Axis2等. 而Sun公司也不甘落后,从早期的JAX-R ...

  6. ubuntu usb权限问题解决

    在/etc/udev/rules.d/ 创建51-android.rules SUBSYSTEM==" SUBSYSTEM=="

  7. Dynamices CRM JS 类库 神器 XrmServiceToolkit - A Microsoft Dynamics CRM 2011 & CRM 2013 JavaScript Library

    XrmServiceToolkit - A Microsoft Dynamics CRM 2011 & CRM 2013 JavaScript Library http://xrmservic ...

  8. 教程-delphi的开源json库:superobject,用法简介

    困惑一天的问题 一个语句搞定了... 回头细说. superobject中的{$DEFINE UNICODE} 就是它,这是json官方推荐的Delphi处理json的包,地址: http://www ...

  9. javascript闭包详解

    以前写过一篇关于javascript闭包的随笔,javascript闭包,但是写的不够详细,也没有体现出闭包的强大之处.故作此篇. 众所周知,javascript没有块级作用域,只有函数作用域.那就意 ...

  10. HTML几类标签的应用总结

    打开DREAMWEAVER,新建HTML,如下图: body的属性: bgcolor 页面背景色 background  背景壁纸.图片 text  文字颜色 topmargin  上边距 leftm ...