SSLSocket Demo
服务端代码
public class SSLServer {
public static void main(String[] args) throws Exception {
//自己的证书,公钥和私钥,PKCS12是证书密码学标准
KeyStore keyStore=KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("E:\\自制证书\\server-ks.jks"), "123456".toCharArray());
//SunX509为公钥证书的格式标准,行业标准为X509
KeyManagerFactory keyManagerFactory=KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, "123456".toCharArray());
//添加信任客户端公钥(双向验证需要配置)
KeyStore clientKs=KeyStore.getInstance("JKS");
clientKs.load(new FileInputStream("E:\\自制证书\\client-public-ks.jks"),"123456".toCharArray());
TrustManagerFactory tsm=TrustManagerFactory.getInstance("SunX509");
tsm.init(clientKs);
//初始化SSLSocket
SSLContext sslContext=SSLContext.getInstance("SSL");
//双向验证配置
sslContext.init(keyManagerFactory.getKeyManagers(),tsm.getTrustManagers(),null);
//单向验证配置如下
//sslContext.init(keyManagerFactory.getKeyManagers(),null,null);
SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
SSLServerSocket serverSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(10086);
//开启双向验证
serverSocket.setNeedClientAuth(true);
while (true){
System.out.println("等待连接...");
Socket socket = serverSocket.accept();
InputStream inputStream = socket.getInputStream();
OutputStream outputStream = socket.getOutputStream();
byte[] buf=new byte[512];
int read=0;
StringBuilder msg=new StringBuilder();
read=inputStream.read(buf);
msg.append(new String(buf,0,read));
System.out.println("服务器接收到消息:"+msg.toString());
outputStream.write("i'am server!".getBytes());
outputStream.flush();
socket.close();
}
}
}
客户端代码
public class SSLClient {
public static void main(String[] args) throws Exception {
//自己的证书(公钥和私钥,双向验证需要此配置)
KeyStore keyStore=KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("E:\\自制证书\\client-ks.jks"),"123456".toCharArray());
KeyManagerFactory kmf=KeyManagerFactory.getInstance("SunX509");
kmf.init(keyStore, "123456".toCharArray());
//信任服务器公钥证书
KeyStore keyStore2=KeyStore.getInstance("JKS");
keyStore2.load(new FileInputStream("E:\\自制证书\\server-public-ks.jks"),"123456".toCharArray());
TrustManagerFactory trustManagerFactory2=TrustManagerFactory.getInstance("SunX509");
trustManagerFactory2.init(keyStore2);
//初始化SSLSocket
SSLContext sslContext=SSLContext.getInstance("SSL");
//双向验证配置如下
sslContext.init(kmf.getKeyManagers(),trustManagerFactory2.getTrustManagers(),null);
//单向验证配置如下
//sslContext.init(null,trustManagerFactory2.getTrustManagers(),null);
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
SSLSocket socket = (SSLSocket) socketFactory.createSocket("localhost", 10086);
InputStream inputStream = socket.getInputStream();
OutputStream outputStream = socket.getOutputStream();
outputStream.write("i'm client!".getBytes());
outputStream.flush();
byte[] buf=new byte[512];
int read=0;
StringBuilder msg=new StringBuilder();
read=inputStream.read(buf);
msg.append(new String(buf,0,read));
System.out.println("客户端收到消息:"+msg);
socket.close();
}
}
注意:涉及证书,请参考本人证书制作博客