双向认证服务
1、准备工作
A、证书导入
导入ca.p12
导入client.p12
B、服务器配置
<Connectorport="443"SSLEnabled="true"clientAuth="true"maxThreads="150"protocol="HTTP/1.1"scheme="https"secure="true"sslProtocol="TLS"keystoreFile="conf/server.p12"keystorePass="123456"keystoreType="PKCS12"truststoreFile="conf/ca.p12"truststorePass="123456"truststoreType="PKCS12"/>2、服务验证
3、代码验证
/*** 2009-5-20*/
package org.zlex.chapter11_2;import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.SecureRandom;import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;/*** HTTPS组件* * @author 梁栋* @version 1.0*/
public abstract class HTTPSCoder {/*** 协议*/public static final String PROTOCOL = "TLS";/*** 获得KeyStore* * @param keyStorePath* 密钥库路径* @param password* 密码* @return KeyStore 密钥库* @throws Exception*/private static KeyStore getKeyStore(String keyStorePath, String password)throws Exception {// 实例化密钥库KeyStore ks = KeyStore.getInstance("PKCS12");// KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());// 获得密钥库文件流FileInputStream is = new FileInputStream(keyStorePath);// 加载密钥库ks.load(is, password.toCharArray());// 关闭密钥库文件流is.close();return ks;}/*** 获得SSLSocektFactory* * @param password* 密码* @param keyStorePath* 密钥库路径* @param trustStorePath* 信任库路径* @return SSLSocketFactory* @throws Exception*/private static SSLSocketFactory getSSLSocketFactory(String password,String keyStorePath, String trustStorePath) throws Exception {// 实例化密钥库KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());// 获得密钥库KeyStore keyStore = getKeyStore(keyStorePath, password);// 初始化密钥工厂keyManagerFactory.init(keyStore, password.toCharArray());// 实例化信任库TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());// 获得信任库KeyStore trustStore = getKeyStore(trustStorePath, password);// 初始化信任库trustManagerFactory.init(trustStore);// 实例化SSL上下文SSLContext ctx = SSLContext.getInstance(PROTOCOL);// 初始化SSL上下文ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());// 获得SSLSocketFactoryreturn ctx.getSocketFactory();}/*** 为HttpsURLConnection配置SSLSocketFactory* * @param conn* HttpsURLConnection* @param password* 密码* @param keyStorePath* 密钥库路径* @param trustKeyStorePath* 信任库路径* @throws Exception*/public static void configSSLSocketFactory(HttpsURLConnection conn,String password, String keyStorePath, String trustKeyStorePath)throws Exception {// 获得SSLSocketFactorySSLSocketFactory sslSocketFactory = getSSLSocketFactory(password,keyStorePath, trustKeyStorePath);// 设置SSLSocketFactoryconn.setSSLSocketFactory(sslSocketFactory);}
}
使用示例
/*** 2009-5-20*/
package org.zlex.chapter11_2;import static org.junit.Assert.*;import java.io.DataInputStream;
import java.net.URL;import javax.net.ssl.HttpsURLConnection;import org.junit.Test;/*** HTTPS测试* * @author 梁栋* @version 1.0*/
public class HTTPSCoderTest {/*** 密钥库/信任库密码*/private String password = "123456";/*** 密钥库文件路径*/private String keyStorePath = "d:/server.p12";/*** 信任库文件路径*/private String trustStorePath = "d:/ca.p12";/*** 访问地址*/private String httpsUrl = "https://www.zlex.org/ssl/";/*** HTTPS验证* * @throws Exception*/@Testpublic void test() throws Exception {// 建立HTTPS链接URL url = new URL(httpsUrl);HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();// conn.setRequestMethod(method);// 打开输入输出流conn.setDoInput(true);// conn.setDoOutput(true);// 为HttpsURLConnection配置SSLSocketFactoryHTTPSCoder.configSSLSocketFactory(conn, password, keyStorePath,trustStorePath);// 鉴别内容长度int length = conn.getContentLength();byte[] data = null;// 如果内容长度为-1,则放弃解析if (length != -1) {DataInputStream dis = new DataInputStream(conn.getInputStream());data = new byte[length];dis.readFully(data);dis.close();System.err.println(new String(data));}conn.disconnect();// 验证assertNotNull(data);}}
