资讯专栏INFORMATION COLUMN

SSLSocket

ConardLi / 2160人阅读

摘要:定义扩展并提供使用或协议的安全套接字。它也是基于正常的流套接字,但是在网络传输协议如上添加了安全保护层。

SSLSocket定义

SSLSocket扩展Socket并提供使用SSL或TLS协议的安全套接字。它也是基于正常的流套接字,但是在网络传输协议(如TCP)上添加了安全保护层。

SSLSocket相关类
功能描述
SSLContext 该类的实例表示安全套接字协议的实现,是SSLSocketFactory、SSLServerSocketFactory和SSLEngine的工厂
SSLSocket 扩展自Socket
SSLServerSocket 扩展自ServerSocket
SSLSocketFactory 抽象类,扩展自SocketFactory,是SSLSocket的工厂
SSLServerSocketFactory 抽象类,扩展自ServerSocketFactory,是SSLServerSocket的工厂
KeysStore 密钥和证书的存储设施
KeyManager 接口,Java Secure Socket Extension密钥管理器
TrustManger 接口,信任管理器
X509TrustedManager TrustManger的子接口,管理X509证书,验证远程安全套接字
SSLServerSocket实现

SSLServerSocket需要证书进行安全全验证

使用keytool工具生成一个名称为seckey证书
$ keytool -genkey -keystore seckey -keyalg rsa -alias SSL
服务端编码
package cn.sh.sslsocket.server;

import javax.net.ssl.*;
import java.io.*;
import java.net.Socket;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * @author sh
 */
public class SSLSocketServer {

    public static void main(String[] args) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
        //准备KeyStore相关信息
        String keyName = "SSL";
        String keyStoreName = "/Users/sh/workspace/netty-demo/src/cn/sh/sslsocket/seckey";
        char[] keyStorePwd = "123456".toCharArray();
        char[] keyPwd = "1234567890".toCharArray();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());

        //装载生成的seckey
        try(InputStream in = new FileInputStream(new File(keyStoreName))) {
            keyStore.load(in, keyStorePwd);
        }

        //初始化KeyManagerFactory
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(keyStore, keyPwd);

        //初始化SSLContext
        SSLContext context = SSLContext.getInstance(keyName);
        context.init(kmf.getKeyManagers(), new TrustManager[]{getX509TrustManger()}, new SecureRandom());

        //监听和接受客户端连接
        SSLServerSocketFactory factory = context.getServerSocketFactory();
        SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(10002);
        System.out.println("服务器端已启动!!!");
        //等待客户端连接
        Socket client = serverSocket.accept();
        System.out.println("客户端地址:" + client.getRemoteSocketAddress());
        //准备输出流,用于向客户端发送信息
        OutputStream output = client.getOutputStream();
        //获取输入流,用于读取客户端发送的信息
        InputStream in = client.getInputStream();
        byte[] buf = new byte[1024];
        int len;
        if ((len = in.read(buf)) != -1) {
            output.write(buf, 0, len);
        }
        //冲刷数据
        output.flush();
        //关闭输入输出流
        output.close();
        in.close();
        serverSocket.close();
    }


    public static X509TrustManager getX509TrustManger() {
        return new X509TrustManager() {
            @Override
            public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {

            }

            @Override
            public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {

            }

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
    }

}
客户端实现 普通Socket连接服务器 实现
package cn.sh.sslsocket.client;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;

/**
 * @author sh
 */
public class SocketClient {

    public static void main(String[] args) throws IOException {
        Socket socket = new Socket("localhost", 10002);
        OutputStream output = socket.getOutputStream();
        InputStream input = socket.getInputStream();
        output.write("I am SocketClient".getBytes());
        output.flush();
        byte[] buf = new byte[1024];
        int len;
        StringBuilder builder = new StringBuilder();
        while ((len = input.read(buf)) != -1) {
            builder.append(new String(buf, 0, len));
        }
        System.out.println("client received:" + builder.toString());
    }
}
运行结果

服务器结果如下图

服务端会抛出异常javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

客户端结果如下图

客户端接收到乱码

使用SSLSocket,不使用证书 编码实现
package cn.sh.sslsocket.client;

import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;

/**
 * @author sh
 */
public class NoUseKeySSLSocketClient {

    public static void main(String[] args) throws IOException {
        SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        SSLSocket sslSocket = (SSLSocket) factory.createSocket("localhost", 10002);
        OutputStream output = sslSocket.getOutputStream();
        InputStream input = sslSocket.getInputStream();
        output.write("I am NoUseKeySSLSocketClient".getBytes());
        output.flush();
        byte[] buf = new byte[1024];
        int len;
        StringBuilder builder = new StringBuilder();
        while ((len = input.read(buf)) != -1) {
            builder.append(new String(buf, 0, len));
        }
        System.out.println("client received:" + builder.toString());
    }
}
运行结果

服务器结果如下图

服务端会抛出异常javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

客户端结果如下图

客户端会抛出异常sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

使用SSLSocket,并且使用证书 编码实现
package cn.sh.sslsocket.client;

import cn.sh.sslsocket.server.SSLSocketServer;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;

/**
 * @author sh
 */
public class SSLSocketClient {

    public static void main(String[] args) throws NoSuchAlgorithmException, KeyManagementException, IOException {
        SSLContext context = SSLContext.getInstance("SSL");
        context.init(null, new TrustManager[]{SSLSocketServer.getX509TrustManger()}, new SecureRandom());
        SSLSocketFactory factory = context.getSocketFactory();

        SSLSocket sslSocket = (SSLSocket) factory.createSocket("localhost", 10002);
        OutputStream output = sslSocket.getOutputStream();
        InputStream input = sslSocket.getInputStream();
        output.write("I am SSLSocketClient".getBytes());
        output.flush();
        byte[] buf = new byte[1024];
        int len;
        StringBuilder builder = new StringBuilder();
        while ((len = input.read(buf)) != -1) {
            builder.append(new String(buf, 0, len));
        }
        output.close();
        System.out.println("client received:" + builder.toString());
    }
}
运行结果

服务器结果如下图

客户端结果如下图

代码地址

代码地址

本文章的代码在cn.sh.sslsocket包中!

文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。

转载请注明本文地址:https://www.ucloud.cn/yun/71435.html

相关文章

  • Apple APNS http2 Provider 开发 使用 okHttp

    摘要:前言升级了后台推送接口,使用协议,提高了的最大大小,本文介绍新版实现方法基于框架框架不要使用的类直接发送请求,因为底层虽然使用了,可以设置和,但是超过,链接还是会断开,而官方建议保持长链接所以最好自建长链接,使用底层的类来直接发送请求,并通 前言 Apple 升级了后台推送接口,使用 http2 协议,提高了 payload 的最大大小(4k),本文介绍新版 APNS 实现方法 基于 ...

    widuu 评论0 收藏0
  • Netty使用JSSE实现SSLSocket通信

    摘要:上文讲了如何使用生成的签名证书进行加密通信,结果客户端告诉我他们用的版本没有类,并且由于一些交易的原因还不能更新没有你总有吧,来吧。 上文讲了netty如何使用openssl生成的签名证书进行加密通信,结果客户端告诉我他们用的netty版本没有SslContextBuilder类,并且由于一些PY交易的原因还不能更新netty....showImg(https://segmentfau...

    DTeam 评论0 收藏0
  • java必知必会之SecureSocket

    SSL,Secure Sockets Layer,安全Socket层TLS,Transport Layer Security,传输层安全协议 package network.secure; import java.io.*; import javax.net.ssl.*; public class HTTPSClient { public static void main(Strin...

    kidsamong 评论0 收藏0
  • 解决https安全证书缺少的问题

    摘要:解决的问题问题描述这两天上测试服务器的时候突然报这样的异常问题的根本访问的时候缺少安全证书,导致的错误解决措施将安全证书下载到本地。输入等待程序执行完成,当前目录下会生成一个的安全文件将证书拷贝到目录下重新启动完成 解决PKIX:unable to find valid certification path to target 的问题 问题描述 这两天上测试服务器的时候突然报这样的异常...

    TerryCai 评论0 收藏0

发表评论

0条评论

最新活动
阅读需要支付1元查看
<