See More

------------------------ ssl | ------------------------ # SSL * netscape ¹«Ë¾Ìá³ö,Server Socket Layer # JavaµÄ°²È«Ì×½Ó×ÖÀ©Õ¹ JSSE(Java Secure Socket Extension) * Ϊ»ùÓÚSSLºÍTLSЭÒéµÄJavaÍøÂçÓ¦ÓÃÌṩÁËJava APIºÍ²Î¿¼ÊµÏÖ * Ö§³ÖÊý¾Ý¼ÓÃÜ,·þÎñ¶ËÉí·ÝÑÏÖØ,Êý¾ÝÍêÕûÐÔ,ÒÔ¼°¿ÉÑ¡µÄ¿Í»§¶ËÉí·ÝÑÏÖØ # TLS/SSL * Ä¿Ç°À´ËµTSL1.0ºÍSSL3.0²î±ð·Ç³£Ð¡ # Àà¿â javax.net javax.net.ssl java.security.cert KeyStore * ÃÜÔ¿Ö¤Êé´æ´¢ÉèÊ© * Õâ¸ö¶ÔÏóÓÃÓÚ´æ·Å°²È«Ö¤Êé,°²È«Ö¤ÊéÒ»°ãÒÔÎļþÐÎʽ´æ·Å * KeyStore ¸ºÔð½«Ö¤Êé¼ÓÔص½ÄÚ´æ KeyManagerFactory KeyManager * ÃÜÔ¿¹ÜÀíÆ÷ * ÔðÑ¡ÔñÓÃÓÚ֤ʵ×Ô¼ºÉí·ÝµÄ°²È«Ö¤Êé,·¢¸øͨÐÅÁíÒ»·½ TrustManagerFactory TrustManager * ÐÅÈιÜÀíÆ÷ * ¸ºÔðÅжϾö¶¨ÊÇ·ñÐÅÈζԷ½µÄ°²È«Ö¤Êé |-X509TrustManager |-X509Certificate SSLContext * ¶ÔÕû¸öSSL/TLSЭÒéµÄ·â×°,±íʾÁË°²È«Ì×½Ó×ÖЭÒéµÄʵÏÖ * Ö÷Òª¸ºÔðÉèÖð²È«Í¨ÐŹý³ÌÖеĸ÷ÖÖÐÅÏ¢,ÀýÈç¸úÖ¤ÊéÏà¹ØµÄÐÅÏ¢ * ²¢ÇÒ¸ºÔð¹¹½¨ SSLSocketFactory,SSLServerSocketFactory ºÍ SSLEngine µÈ¹¤³§Àà void init(KeyManager[] keyManagers, TrustManager[] trustManagers, SecureRandom secureRandom); keyManagers * ʹÓÃÖ¤Ã÷×ÔÉíÖ¤Êé,Èç¹ûΪnull,ϵͳ»á´´½¨Ä¬ÈϵÄKeyManager¶ÔÏó,ÒÔ¼°¹ØÁªµÄKeyStore¶ÔÏó * KeyStore¶ÔÏó´ÓϵͳÊôÐÔ:javax.net.ssl.keyStore ÖлñÈ¡°²È«Ö¤Êé,Èç¹û²»´æÔÚ¸ÃÊôÐÔ,ÄÇôKeyStore¶ÔÏóµÄÄÚÈÝΪ¿Õ trustManagers * ÐÅÈεÄÖ¤Êé,Èç¹ûΪnull,ϵͳ»á´´½¨Ä¬ÈϵÄTrustManager¶ÔÏó,ÒÔ¼°¹ØÁªµÄKeyStore¶ÔÏó * KeyStore¶ÔÏó»á´ÓÈçϲ½ÖèÈ¥»ñÈ¡°²È«Ö¤Êé,Èç¹ûÈçϲ½ÖèΪ¶¼Ê§°Ü,ÔòKeyStore¶ÔÏóµÄÄÚÈÝΪ¿Õ 1, ³¢ÊÔ´ÓϵͳÊôÐÔ: javax.net.ssl.trustStore ÊôÐÔÖлñÈ¡ 2, ³¢ÊÔ°Ñ ${JAVA_HOME}/jre/lib/security/jssecacerts Îļþ×÷Ϊ°²È«Ö¤Êé ... secureRandom * °²È«µÄËæ»úÊý,Èç¹ûÉèÖÃΪnull,ÔòʹÓÃĬÈ쵀 SSLServerSocketFactory SSLServerSocket(ServerSocket×ÓÀà) SSLSocketFactory SSLSocket(Socket×ÓÀà) SSLEngine * SSL·Ç×èÈûÒýÇæ * NIOͨÐÅ,ʹÓÃÕâ¸öÀà,ËüÈÃͨ¹ý¹ý³ÌÖ§³Ö·Ç×èÈûµÄ°²È«Í¨ÐÅ void setUseClientMode(true); * µ±Ç°ÊÇ¿Í»§¶Ëģʽ»¹ÊÇ·þÎñ¶Ëģʽ void setNeedClientAuth(false); * ÊÇ·ñҪУÑé¿Í»§¶ËµÄÖ¤Êé void setWantClientAuth(true); * Ï£Íû¶Ô·½¹©°²È«Ö¤Êé,Èç¹û¶Ô·½²»Ìṩ,Á¬½Ó²»»áÖжÏ,ͨÐżÌÐø½øÐÐ void setNeedClientAuth(false); * ÒªÇó¶Ô·½±ØÐëÌṩ°²È«Ö¤Êé,Èç¹û¶Ô·½²»Ìṩ,Á¬½ÓÖжÏ,ͨÐÅÎÞ·¨½øÐÐ SSLSession * SSL»á»° * °²È«Í¨ÐÅÎÕÊÖ¹ý³ÌÐèÒªÒ»¸ö»á»°,ΪÁËÌá¸ßͨÐŵÄЧÂÊ * SSLЭÒéÔÊÐí¶à¸öSSLSocket¹²Ïíͬһ¸öSSL»á»°,ÔÚͬһ¸ö»á»°ÖÐ,Ö»ÓеÚÒ»¸ö´ò¿ªµÄ SSLSocket ÐèÒª½øÐÐSSLÎÕÊÖ,¸ºÔðÉú³ÉÃÜÔ¿¼°½»»»ÃÜÔ¿,ÆäÓàSSLSocket¶¼¹²ÏíÃÜÔ¿ÐÅÏ¢ SecureRandom CertificateFactory ------------------------ ssl | ------------------------ // JKSµÄÖ¤ÊéÃÜÂë char[] password = "123456".toCharArray(); // ¼ÓÔØÖ¤ÊéÎļþ KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(Files.newInputStream(Paths.get("")),password); // KeyManager¡¡Ñ¡ÔñÓÃÓÚÖ¤Ã÷×ÔÉíÉí·ÝµÄÖ¤Êé,²¢Çë·¢Ë͸ø¶Ô·½ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keyStore,password); KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); // TrustManager ¾ö¶¨ÊÇ·ñÐÅÈζԷ½µÄÖ¤Êé TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); trustManagerFactory.init(keyStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); SSLContext sslContext = SSLContext.getInstance("TLS"); // ÉèÖõ±Ç°socketʹÓõÄÖ¤Êé,ÒÔ¼°ÐÅÈεÄÖ¤Êé,»¹ÓÐËæ»úÔ´ sslContext.init(keyManagers,trustManagers,null); // ÓÃÓÚnio SSLEngine sslEngine = sslContext.createSSLEngine(); // ÓÃÓÚbio SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory(); ------------------------ ssl | ------------------------ /** * * @param keyPath µ±Ç°SocketʹÓõÄÖ¤Êé * @param keyPassword ÃÜÂë * @param trustPath ÐÅÈÎÖ¤Êé * @param trustPassword ÃÜÂë * @return * @throws Exception */ public SSLContext sslContext(InputStream keyPath, String keyPassword, InputStream trustPath, String trustPassword) throws Exception { // ¼ÓÔØsocketÖ¤Êé KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(keyPath,keyPassword.toCharArray()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keyStore,keyPassword.toCharArray()); KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); // ¼ÓÔØTrustÐÅÈÎÖ¤Êé TrustManager[] trustManagers = null; if(trustPath != null && trustPassword != null){ KeyStore trustKeystore = KeyStore.getInstance("JKS"); trustKeystore.load(trustPath,trustPassword.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509"); trustManagerFactory.init(trustKeystore); trustManagers = trustManagerFactory.getTrustManagers(); } SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagers,trustManagers,new SecureRandom()); return sslContext; }