【转】⽹络安全-JavaSSLSocketFactory创建⽅式
1、问题描述
  Java客服端使⽤证书连接到服务器,加密⽅式有了两种:⽅式⼀:CA、Client CRT、Client Key ⽂件  |  ⽅式⼆:KeyStore.jks、TrustStore.jks、Password。
2、操作⽅法
  1、通过 CA、Client CRT、Client Key,客户端⾃⼰创建 KeyStore、TrustStore,再创建SSLSocketFactory
1/**
2    * 创建 SSLSocketFactory ⼯⼚
3    *
4    * @param caCrtFile 服务端 CA 证书
5    * @param crtFile 客户端 CRT ⽂件
6    * @param keyFile 客户端 Key ⽂件
7    * @param password SSL 密码,随机
8    * @return {@link SSLSocketFactory}
9    * @throws Exception 异常
10*/
11public static SSLSocketFactory getSocketFactory(final String caCrtFile, final String crtFile, final String keyFile, final String password) throws Exception {
12        InputStream caInputStream = null;
13        InputStream crtInputStream = null;
14        InputStream keyInputStream = null;
15try {
16            Security.addProvider(new BouncyCastleProvider());
17            CertificateFactory cf = Instance("X.509");
18// load CA certificate
19            caInputStream = new ClassPathResource(caCrtFile).getInputStream();
20            X509Certificate caCert = null;
21while (caInputStream.available() > 0) {
22                caCert = (X509Certificate) cf.generateCertificate(caInputStream);
java加密方式有哪些
23            }
24// load client certificate
25            crtInputStream = new ClassPathResource(crtFile).getInputStream();
26            X509Certificate cert = null;
27while (crtInputStream.available() > 0) {
28                cert = (X509Certificate) cf.generateCertificate(crtInputStream);
29            }
30
31// load client private key
32            keyInputStream = new ClassPathResource(keyFile).getInputStream();
33            PEMParser pemParser = new PEMParser(new InputStreamReader(keyInputStream));
34            Object object = adObject();
35            PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().CharArray());
36            JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
37            KeyPair key;
38if (object instanceof PEMEncryptedKeyPair) {
39                System.out.println("Encrypted key - we will use provided password");
40                key = KeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
41            } else {
42                System.out.println("Unencrypted key - no password needed");
43                key = KeyPair((PEMKeyPair) object);
44            }
45            pemParser.close();
46
47// CA certificate is used to authenticate server
48            KeyStore caKs = DefaultType());
49            caKs.load(null, null);
50            caKs.setCertificateEntry("ca-certificate", caCert);
51            TrustManagerFactory tmf = Instance("X509");
52            tmf.init(caKs);
53
54// client key and certificates are sent to server so it can authenticate
55// us
56            KeyStore ks = DefaultType());
57            ks.load(null, null);
58            ks.setCertificateEntry("certificate", cert);
59            ks.setKeyEntry("private-key", Private(), CharArray(), new Certificate[]{cert});
60            KeyManagerFactory kmf = DefaultAlgorithm());
61            kmf.init(ks, CharArray());
62
63// finally, create SSL socket factory
64            SSLContext context = Instance("TLSv1.2");
65            context.KeyManagers(), TrustManagers(), null);
66
SocketFactory();
68
69        }
70finally {
71if (null != caInputStream) {
72                caInputStream.close();
73            }
74if (null != crtInputStream) {
75                crtInputStream.close();
76            }
77if (null != keyInputStream) {
78                keyInputStream.close();
79            }
80        }
81    }
  2、服务端提供 KeyStore.jks、TrustStore.jks,创建 SSLSocketFactory
1/**
2    * 创建 SSLSocketFactory ⼯⼚
3    *
4    * @param keyStoreJks 客户端 KeyStore
5    * @param trustStoreJks 客户端信任库 trust store
6    * @param password 密码
7    * @return {@link SSLSocketFactory}
8    * @throws Exception 异常
9*/
10public static SSLSocketFactory getSocketFactory(final String keyStoreJks, final String trustStoreJks, final String password) throws Exception {
11        InputStream keyStoreJksInputStream = null;
12        InputStream trustStoreJksInputStream = null;
13try {
14            ClassPathResource classPathResource = new ClassPathResource(keyStoreJks);
15            keyStoreJksInputStream = InputStream();
16            KeyStore ks = DefaultType());
17            ks.load(keyStoreJksInputStream, CharArray());
18            KeyManagerFactory kmf = DefaultAlgorithm());
19            kmf.init(ks, CharArray());
20
21            classPathResource = new ClassPathResource(trustStoreJks);
22            trustStoreJksInputStream = InputStream();
23            KeyStore trustStore = DefaultType());
24            trustStore.load(trustStoreJksInputStream, CharArray());
25            TrustManagerFactory trustManagerFactory = Instance("X509");
26            trustManagerFactory.init(trustStore);
27
28// finally, create SSL socket factory
29            SSLContext context = Instance("TLSv1.2");
30            context.KeyManagers(), TrustManagers(), null);
SocketFactory();
32        }
33finally {
34try {
35if (null != keyStoreJksInputStream) {
36                    keyStoreJksInputStream.close();
37                }
38            } catch (IOException e) {
39                System.out.Message());
40            }
41
42try {
43if (null != trustStoreJksInputStream) {
44                    trustStoreJksInputStream.close();
45                }
46            } catch (IOException e) {
47                System.out.Message());
48            }
49        }
50    }
3、参考⽹站

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。