摘要:定義擴(kuò)展并提供使用或協(xié)議的安全套接字。它也是基于正常的流套接字,但是在網(wǎng)絡(luò)傳輸協(xié)議如上添加了安全保護(hù)層。
SSLSocket定義
SSLSocket擴(kuò)展Socket并提供使用SSL或TLS協(xié)議的安全套接字。它也是基于正常的流套接字,但是在網(wǎng)絡(luò)傳輸協(xié)議(如TCP)上添加了安全保護(hù)層。
SSLSocket相關(guān)類類 | 功能描述 |
---|---|
SSLContext | 該類的實(shí)例表示安全套接字協(xié)議的實(shí)現(xiàn),是SSLSocketFactory、SSLServerSocketFactory和SSLEngine的工廠 |
SSLSocket | 擴(kuò)展自Socket |
SSLServerSocket | 擴(kuò)展自ServerSocket |
SSLSocketFactory | 抽象類,擴(kuò)展自SocketFactory,是SSLSocket的工廠 |
SSLServerSocketFactory | 抽象類,擴(kuò)展自ServerSocketFactory,是SSLServerSocket的工廠 |
KeysStore | 密鑰和證書的存儲(chǔ)設(shè)施 |
KeyManager | 接口,Java Secure Socket Extension密鑰管理器 |
TrustManger | 接口,信任管理器 |
X509TrustedManager | TrustManger的子接口,管理X509證書,驗(yàn)證遠(yuǎn)程安全套接字 |
SSLServerSocket需要證書進(jìn)行安全全驗(yàn)證
使用keytool工具生成一個(gè)名稱為seckey證書$ keytool -genkey -keystore seckey -keyalg rsa -alias SSL服務(wù)端編碼
package cn.sh.sslsocket.server; import javax.net.ssl.*; import java.io.*; import java.net.Socket; import java.security.*; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; /** * @author sh */ public class SSLSocketServer { public static void main(String[] args) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException { //準(zhǔn)備KeyStore相關(guān)信息 String keyName = "SSL"; String keyStoreName = "/Users/sh/workspace/netty-demo/src/cn/sh/sslsocket/seckey"; char[] keyStorePwd = "123456".toCharArray(); char[] keyPwd = "1234567890".toCharArray(); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); //裝載生成的seckey try(InputStream in = new FileInputStream(new File(keyStoreName))) { keyStore.load(in, keyStorePwd); } //初始化KeyManagerFactory KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, keyPwd); //初始化SSLContext SSLContext context = SSLContext.getInstance(keyName); context.init(kmf.getKeyManagers(), new TrustManager[]{getX509TrustManger()}, new SecureRandom()); //監(jiān)聽和接受客戶端連接 SSLServerSocketFactory factory = context.getServerSocketFactory(); SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(10002); System.out.println("服務(wù)器端已啟動(dòng)!!!"); //等待客戶端連接 Socket client = serverSocket.accept(); System.out.println("客戶端地址:" + client.getRemoteSocketAddress()); //準(zhǔn)備輸出流,用于向客戶端發(fā)送信息 OutputStream output = client.getOutputStream(); //獲取輸入流,用于讀取客戶端發(fā)送的信息 InputStream in = client.getInputStream(); byte[] buf = new byte[1024]; int len; if ((len = in.read(buf)) != -1) { output.write(buf, 0, len); } //沖刷數(shù)據(jù) output.flush(); //關(guān)閉輸入輸出流 output.close(); in.close(); serverSocket.close(); } public static X509TrustManager getX509TrustManger() { return new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }; } }客戶端實(shí)現(xiàn) 普通Socket連接服務(wù)器 實(shí)現(xiàn)
package cn.sh.sslsocket.client; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.Socket; /** * @author sh */ public class SocketClient { public static void main(String[] args) throws IOException { Socket socket = new Socket("localhost", 10002); OutputStream output = socket.getOutputStream(); InputStream input = socket.getInputStream(); output.write("I am SocketClient".getBytes()); output.flush(); byte[] buf = new byte[1024]; int len; StringBuilder builder = new StringBuilder(); while ((len = input.read(buf)) != -1) { builder.append(new String(buf, 0, len)); } System.out.println("client received:" + builder.toString()); } }運(yùn)行結(jié)果
服務(wù)器結(jié)果如下圖
服務(wù)端會(huì)拋出異常javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
客戶端結(jié)果如下圖
客戶端接收到亂碼
使用SSLSocket,不使用證書 編碼實(shí)現(xiàn)package cn.sh.sslsocket.client; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; /** * @author sh */ public class NoUseKeySSLSocketClient { public static void main(String[] args) throws IOException { SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket sslSocket = (SSLSocket) factory.createSocket("localhost", 10002); OutputStream output = sslSocket.getOutputStream(); InputStream input = sslSocket.getInputStream(); output.write("I am NoUseKeySSLSocketClient".getBytes()); output.flush(); byte[] buf = new byte[1024]; int len; StringBuilder builder = new StringBuilder(); while ((len = input.read(buf)) != -1) { builder.append(new String(buf, 0, len)); } System.out.println("client received:" + builder.toString()); } }運(yùn)行結(jié)果
服務(wù)器結(jié)果如下圖
服務(wù)端會(huì)拋出異常javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
客戶端結(jié)果如下圖
客戶端會(huì)拋出異常sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
使用SSLSocket,并且使用證書 編碼實(shí)現(xiàn)package cn.sh.sslsocket.client; import cn.sh.sslsocket.server.SSLSocketServer; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.Socket; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; /** * @author sh */ public class SSLSocketClient { public static void main(String[] args) throws NoSuchAlgorithmException, KeyManagementException, IOException { SSLContext context = SSLContext.getInstance("SSL"); context.init(null, new TrustManager[]{SSLSocketServer.getX509TrustManger()}, new SecureRandom()); SSLSocketFactory factory = context.getSocketFactory(); SSLSocket sslSocket = (SSLSocket) factory.createSocket("localhost", 10002); OutputStream output = sslSocket.getOutputStream(); InputStream input = sslSocket.getInputStream(); output.write("I am SSLSocketClient".getBytes()); output.flush(); byte[] buf = new byte[1024]; int len; StringBuilder builder = new StringBuilder(); while ((len = input.read(buf)) != -1) { builder.append(new String(buf, 0, len)); } output.close(); System.out.println("client received:" + builder.toString()); } }運(yùn)行結(jié)果
服務(wù)器結(jié)果如下圖
客戶端結(jié)果如下圖
代碼地址代碼地址
本文章的代碼在cn.sh.sslsocket包中!
文章版權(quán)歸作者所有,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。
轉(zhuǎn)載請注明本文地址:http://systransis.cn/yun/71435.html
摘要:前言升級(jí)了后臺(tái)推送接口,使用協(xié)議,提高了的最大大小,本文介紹新版實(shí)現(xiàn)方法基于框架框架不要使用的類直接發(fā)送請求,因?yàn)榈讓与m然使用了,可以設(shè)置和,但是超過,鏈接還是會(huì)斷開,而官方建議保持長鏈接所以最好自建長鏈接,使用底層的類來直接發(fā)送請求,并通 前言 Apple 升級(jí)了后臺(tái)推送接口,使用 http2 協(xié)議,提高了 payload 的最大大?。?k),本文介紹新版 APNS 實(shí)現(xiàn)方法 基于 ...
摘要:上文講了如何使用生成的簽名證書進(jìn)行加密通信,結(jié)果客戶端告訴我他們用的版本沒有類,并且由于一些交易的原因還不能更新沒有你總有吧,來吧。 上文講了netty如何使用openssl生成的簽名證書進(jìn)行加密通信,結(jié)果客戶端告訴我他們用的netty版本沒有SslContextBuilder類,并且由于一些PY交易的原因還不能更新netty....showImg(https://segmentfau...
SSL,Secure Sockets Layer,安全Socket層TLS,Transport Layer Security,傳輸層安全協(xié)議 package network.secure; import java.io.*; import javax.net.ssl.*; public class HTTPSClient { public static void main(Strin...
摘要:解決的問題問題描述這兩天上測試服務(wù)器的時(shí)候突然報(bào)這樣的異常問題的根本訪問的時(shí)候缺少安全證書,導(dǎo)致的錯(cuò)誤解決措施將安全證書下載到本地。輸入等待程序執(zhí)行完成,當(dāng)前目錄下會(huì)生成一個(gè)的安全文件將證書拷貝到目錄下重新啟動(dòng)完成 解決PKIX:unable to find valid certification path to target 的問題 問題描述 這兩天上測試服務(wù)器的時(shí)候突然報(bào)這樣的異常...
閱讀 3729·2023-04-25 17:45
閱讀 3438·2021-09-04 16:40
閱讀 1005·2019-08-30 13:54
閱讀 2137·2019-08-29 12:59
閱讀 1407·2019-08-26 12:11
閱讀 3284·2019-08-23 15:17
閱讀 1526·2019-08-23 12:07
閱讀 3888·2019-08-22 18:00