資訊專欄INFORMATION COLUMN
摘要:定義擴(kuò)展并提供使用或協(xié)議的安全套接字。它也是基于正常的流套接字,但是在網(wǎng)絡(luò)傳輸協(xié)議如上添加了安全保護(hù)層。
SSLSocket定義
SSLSocket擴(kuò)展Socket并提供使用SSL或TLS協(xié)議的安全套接字。它也是基于正常的流套接字,但是在網(wǎng)絡(luò)傳輸協(xié)議(如TCP)上添加了安全保護(hù)層。
SSLSocket相關(guān)類| 類 | 功能描述 |
|---|---|
| SSLContext | 該類的實(shí)例表示安全套接字協(xié)議的實(shí)現(xiàn),是SSLSocketFactory、SSLServerSocketFactory和SSLEngine的工廠 |
| SSLSocket | 擴(kuò)展自Socket |
| SSLServerSocket | 擴(kuò)展自ServerSocket |
| SSLSocketFactory | 抽象類,擴(kuò)展自SocketFactory,是SSLSocket的工廠 |
| SSLServerSocketFactory | 抽象類,擴(kuò)展自ServerSocketFactory,是SSLServerSocket的工廠 |
| KeysStore | 密鑰和證書的存儲(chǔ)設(shè)施 |
| KeyManager | 接口,Java Secure Socket Extension密鑰管理器 |
| TrustManger | 接口,信任管理器 |
| X509TrustedManager | TrustManger的子接口,管理X509證書,驗(yàn)證遠(yuǎn)程安全套接字 |
SSLServerSocket需要證書進(jìn)行安全全驗(yàn)證
使用keytool工具生成一個(gè)名稱為seckey證書$ keytool -genkey -keystore seckey -keyalg rsa -alias SSL服務(wù)端編碼
package cn.sh.sslsocket.server;
import javax.net.ssl.*;
import java.io.*;
import java.net.Socket;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* @author sh
*/
public class SSLSocketServer {
public static void main(String[] args) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
//準(zhǔn)備KeyStore相關(guān)信息
String keyName = "SSL";
String keyStoreName = "/Users/sh/workspace/netty-demo/src/cn/sh/sslsocket/seckey";
char[] keyStorePwd = "123456".toCharArray();
char[] keyPwd = "1234567890".toCharArray();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
//裝載生成的seckey
try(InputStream in = new FileInputStream(new File(keyStoreName))) {
keyStore.load(in, keyStorePwd);
}
//初始化KeyManagerFactory
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, keyPwd);
//初始化SSLContext
SSLContext context = SSLContext.getInstance(keyName);
context.init(kmf.getKeyManagers(), new TrustManager[]{getX509TrustManger()}, new SecureRandom());
//監(jiān)聽和接受客戶端連接
SSLServerSocketFactory factory = context.getServerSocketFactory();
SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(10002);
System.out.println("服務(wù)器端已啟動(dòng)!!!");
//等待客戶端連接
Socket client = serverSocket.accept();
System.out.println("客戶端地址:" + client.getRemoteSocketAddress());
//準(zhǔn)備輸出流,用于向客戶端發(fā)送信息
OutputStream output = client.getOutputStream();
//獲取輸入流,用于讀取客戶端發(fā)送的信息
InputStream in = client.getInputStream();
byte[] buf = new byte[1024];
int len;
if ((len = in.read(buf)) != -1) {
output.write(buf, 0, len);
}
//沖刷數(shù)據(jù)
output.flush();
//關(guān)閉輸入輸出流
output.close();
in.close();
serverSocket.close();
}
public static X509TrustManager getX509TrustManger() {
return new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};
}
}
客戶端實(shí)現(xiàn)
普通Socket連接服務(wù)器
實(shí)現(xiàn)
package cn.sh.sslsocket.client;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
/**
* @author sh
*/
public class SocketClient {
public static void main(String[] args) throws IOException {
Socket socket = new Socket("localhost", 10002);
OutputStream output = socket.getOutputStream();
InputStream input = socket.getInputStream();
output.write("I am SocketClient".getBytes());
output.flush();
byte[] buf = new byte[1024];
int len;
StringBuilder builder = new StringBuilder();
while ((len = input.read(buf)) != -1) {
builder.append(new String(buf, 0, len));
}
System.out.println("client received:" + builder.toString());
}
}
運(yùn)行結(jié)果
服務(wù)器結(jié)果如下圖
服務(wù)端會(huì)拋出異常javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
客戶端結(jié)果如下圖
客戶端接收到亂碼
使用SSLSocket,不使用證書 編碼實(shí)現(xiàn)package cn.sh.sslsocket.client;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
/**
* @author sh
*/
public class NoUseKeySSLSocketClient {
public static void main(String[] args) throws IOException {
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket) factory.createSocket("localhost", 10002);
OutputStream output = sslSocket.getOutputStream();
InputStream input = sslSocket.getInputStream();
output.write("I am NoUseKeySSLSocketClient".getBytes());
output.flush();
byte[] buf = new byte[1024];
int len;
StringBuilder builder = new StringBuilder();
while ((len = input.read(buf)) != -1) {
builder.append(new String(buf, 0, len));
}
System.out.println("client received:" + builder.toString());
}
}
運(yùn)行結(jié)果
服務(wù)器結(jié)果如下圖
服務(wù)端會(huì)拋出異常javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
客戶端結(jié)果如下圖
客戶端會(huì)拋出異常sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
使用SSLSocket,并且使用證書 編碼實(shí)現(xiàn)package cn.sh.sslsocket.client;
import cn.sh.sslsocket.server.SSLSocketServer;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
/**
* @author sh
*/
public class SSLSocketClient {
public static void main(String[] args) throws NoSuchAlgorithmException, KeyManagementException, IOException {
SSLContext context = SSLContext.getInstance("SSL");
context.init(null, new TrustManager[]{SSLSocketServer.getX509TrustManger()}, new SecureRandom());
SSLSocketFactory factory = context.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) factory.createSocket("localhost", 10002);
OutputStream output = sslSocket.getOutputStream();
InputStream input = sslSocket.getInputStream();
output.write("I am SSLSocketClient".getBytes());
output.flush();
byte[] buf = new byte[1024];
int len;
StringBuilder builder = new StringBuilder();
while ((len = input.read(buf)) != -1) {
builder.append(new String(buf, 0, len));
}
output.close();
System.out.println("client received:" + builder.toString());
}
}
運(yùn)行結(jié)果
服務(wù)器結(jié)果如下圖
客戶端結(jié)果如下圖
代碼地址代碼地址
本文章的代碼在cn.sh.sslsocket包中!
文章版權(quán)歸作者所有,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。
轉(zhuǎn)載請(qǐng)注明本文地址:http://m.specialneedsforspecialkids.com/yun/71435.html
摘要:前言升級(jí)了后臺(tái)推送接口,使用協(xié)議,提高了的最大大小,本文介紹新版實(shí)現(xiàn)方法基于框架框架不要使用的類直接發(fā)送請(qǐng)求,因?yàn)榈讓与m然使用了,可以設(shè)置和,但是超過,鏈接還是會(huì)斷開,而官方建議保持長鏈接所以最好自建長鏈接,使用底層的類來直接發(fā)送請(qǐng)求,并通 前言 Apple 升級(jí)了后臺(tái)推送接口,使用 http2 協(xié)議,提高了 payload 的最大大小(4k),本文介紹新版 APNS 實(shí)現(xiàn)方法 基于 ...
摘要:上文講了如何使用生成的簽名證書進(jìn)行加密通信,結(jié)果客戶端告訴我他們用的版本沒有類,并且由于一些交易的原因還不能更新沒有你總有吧,來吧。 上文講了netty如何使用openssl生成的簽名證書進(jìn)行加密通信,結(jié)果客戶端告訴我他們用的netty版本沒有SslContextBuilder類,并且由于一些PY交易的原因還不能更新netty....showImg(https://segmentfau...
SSL,Secure Sockets Layer,安全Socket層TLS,Transport Layer Security,傳輸層安全協(xié)議 package network.secure; import java.io.*; import javax.net.ssl.*; public class HTTPSClient { public static void main(Strin...
摘要:解決的問題問題描述這兩天上測試服務(wù)器的時(shí)候突然報(bào)這樣的異常問題的根本訪問的時(shí)候缺少安全證書,導(dǎo)致的錯(cuò)誤解決措施將安全證書下載到本地。輸入等待程序執(zhí)行完成,當(dāng)前目錄下會(huì)生成一個(gè)的安全文件將證書拷貝到目錄下重新啟動(dòng)完成 解決PKIX:unable to find valid certification path to target 的問題 問題描述 這兩天上測試服務(wù)器的時(shí)候突然報(bào)這樣的異常...
閱讀 3727·2023-04-25 17:45
閱讀 3436·2021-09-04 16:40
閱讀 1003·2019-08-30 13:54
閱讀 2133·2019-08-29 12:59
閱讀 1403·2019-08-26 12:11
閱讀 3283·2019-08-23 15:17
閱讀 1525·2019-08-23 12:07
閱讀 3884·2019-08-22 18:00
