本站首页    管理页面    写新日志    退出


«August 2025»
12
3456789
10111213141516
17181920212223
24252627282930
31


公告

戒除浮躁,读好书,交益友


我的分类(专题)

日志更新

最新评论

留言板

链接

Blog信息
blog名称:邢红瑞的blog
日志总数:523
评论数量:1142
留言数量:0
访问次数:9695429
建立时间:2004年12月20日




[PKI]OPENSSL和java的证书验证
原创空间,  文章收藏,  软件技术

邢红瑞 发表于 2010/5/7 16:43:02

 以前经常做,OPENSSL打不开java的keystore,java无法读入p12证书,经常使用Bouncy Castle处理。现在发现jdk6是可以的openssl pkcs12 -export -in cert.pem -inkey key.pem > linai.pfx jdk6C:\jdk1.6.0_16\bin\keytool -importkeystore -srckeystore linai.pfx -destkeystore server.jks -srcstoretype pkcs12验证C:\jdk1.6.0_16\bin\keytool -list -v -keystore server.jks 其实java 可以查看ssl的输出信息 -Djavax.net.debug=ssl:record      enable per-record tracing                       handshake    print each handshake message -Djavax.net.debug=all     all            turn on all debugging                          ssl            turn on ssl debugging   网上的例子 import java.io.BufferedReader;import java.io.FileInputStream;import java.io.IOException;import java.io.InputStreamReader;import java.io.UnsupportedEncodingException;import java.security.KeyStore;import java.security.SecureRandom; import javax.net.ssl.KeyManager;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLServerSocket;import javax.net.ssl.SSLServerSocketFactory;import javax.net.ssl.SSLSocket;import javax.net.ssl.TrustManager;import javax.net.ssl.TrustManagerFactory; public class SSLServer {    private static final int port = 8266;    private static final String keyStore = "server.ks";    private static final String trustStore = "server.ks";    private static final String keyStoreType = "jks";    private static final String trustStoreType = "jks";    private static final String keyStorePassword = "123456";    private static final String trustStorePassword = "123456";    private static final String secureRandomAlgorithm = "SHA1PRNG";    private static final String protocol = "TLSv1";     private static KeyManager[] createKeyManagersAsArray() throws Exception {        KeyStore ks = KeyStore.getInstance(keyStoreType);        ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());         KeyManagerFactory tmf = KeyManagerFactory.getInstance(KeyManagerFactory            .getDefaultAlgorithm());        tmf.init(ks, keyStorePassword.toCharArray());        return tmf.getKeyManagers();    }     private static TrustManager[] createTrustManagersAsArray() throws Exception {        KeyStore ks = KeyStore.getInstance(trustStoreType);        ks.load(new FileInputStream(trustStore), trustStorePassword            .toCharArray());         TrustManagerFactory tmf = TrustManagerFactory            .getInstance(TrustManagerFactory.getDefaultAlgorithm());        tmf.init(ks);        return tmf.getTrustManagers();    }     private static SSLServerSocket getServerSocket(int thePort) {        SSLServerSocket socket = null;        try {            SSLContext sslContext = SSLContext.getInstance(protocol);            sslContext.init(createKeyManagersAsArray(),                createTrustManagersAsArray(), SecureRandom                    .getInstance(secureRandomAlgorithm));             SSLServerSocketFactory factory = sslContext                .getServerSocketFactory();            socket = (SSLServerSocket) factory.createServerSocket(thePort);            //socket.setNeedClientAuth(true);        } catch (Exception e) {            System.out.println(e);        }        return (socket);    }     public static void main(String args[]) throws IOException {        SSLServerSocket server = getServerSocket(port);        System.out.println("在" + port + "端口等待连接...");        while (true) {            final SSLSocket socket = (SSLSocket) server.accept();             new Thread(new Runnable() {                public void run() {                    BufferedReader in;                    try {                        in = new BufferedReader(new InputStreamReader(socket                            .getInputStream(), "gb2312"));                        String msg = in.readLine();                        System.out.println(msg);                        socket.close();                    } catch (UnsupportedEncodingException e) {                        e.printStackTrace();                    } catch (IOException e) {                        e.printStackTrace();                    }                 }            }).start();        }    }} 以及SSLClient.java:import java.io.PrintWriter;import java.net.Socket; import javax.net.ssl.SSLSocketFactory; public class SSLClient {    private static String addr = "192.168.80.86";     public static void main(String args[]) {        try {            System.setProperty("javax.net.ssl.keyStore", "client.ks");            System.setProperty("javax.net.ssl.keyStorePassword", "123456");            System.setProperty("javax.net.ssl.keyStoreType", "jks");            System.setProperty("javax.net.ssl.trustStore", "client.ks");            System.setProperty("javax.net.ssl.trustStorePassword", "123456");            System.setProperty("javax.net.ssl.trustStoreType", "jks");             SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory                .getDefault();            Socket socket = factory.createSocket(addr, 8266);            PrintWriter out = new PrintWriter(socket.getOutputStream(), true);            out.println("hello world!");            out.close();            socket.close();        } catch (Exception e) {            System.out.println(e);        }    }}


阅读全文(9167) | 回复(1) | 编辑 | 精华
 


回复:OPENSSL和java的证书验证
原创空间,  文章收藏,  软件技术

真不准发表评论于2010/5/7 21:15:09

哈哈,我也经常是用BC的。


个人主页 | 引用回复 | 主人回复 | 返回 | 编辑 | 删除
 


» 1 »

发表评论:
昵称:
密码:
主页:
标题:
验证码:  (不区分大小写,请仔细填写,输错需重写评论内容!)



站点首页 | 联系我们 | 博客注册 | 博客登陆

Sponsored By W3CHINA
W3CHINA Blog 0.8 Processed in 0.047 second(s), page refreshed 144776774 times.
《全国人大常委会关于维护互联网安全的决定》  《计算机信息网络国际联网安全保护管理办法》
苏ICP备05006046号