模擬Java Https雙向驗證

原創 螃蟹变异了 2020-06-02 20:09

Https服務端代碼:

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/**
 * https服務端測試類
 * 生成服務端Jks文件的命令:
 * keytool -genkey -keyalg RSA -alias serverkeystore -keystore keystore.jks -storepass crab123456 -validity 360 -keysize 2048
 */
public class HttpsServerTest {
    //服務端的jks文件
    private static final String KEYSTORE_PATH = "/home/user/test/java/keystore.jks";
    //客戶端的jks文件
    private static final String KEYSTORE_PATH_CLIENT = "/home/user/test/java/clientkeystore.jks";
    //jks文件密碼
    private static final char[] password = "crab123456".toCharArray();

    /**
     * 當前時間精確到毫秒以字符串形式輸出
     *
     * @return 當前時間的字符串
     */
    public static String getCurrentTimeForMillis() {
        SimpleDateFormat formatter = new SimpleDateFormat("dd-MMM-yyyy HH:mm:ss:SSS");
        return formatter.format(new Date(System.currentTimeMillis()));
    }

    public static void main(String[] args) {
        SSLContext sslContext = null;
        //標記SSLContext是否初始化成功
        boolean sslContextSuccess = false;
        try {
            KeyStore ks = KeyStore.getInstance("JKS");
            ks.load(new FileInputStream(KEYSTORE_PATH), password);
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            kmf.init(ks, password);
            KeyManager[] km = kmf.getKeyManagers();

            ks = KeyStore.getInstance("JKS");
            ks.load(new FileInputStream(KEYSTORE_PATH_CLIENT), password);
            TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
            tmf.init(ks);
            TrustManager[] tm = tmf.getTrustManagers();
            sslContext = SSLContext.getInstance("TLS");
            sslContext.init(new KeyManager[]{new HttpsServerTest.MyKeyManger(km)}, new TrustManager[]{new MyTrustManger(tm)}, new SecureRandom());
            sslContextSuccess = true;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            sslContextSuccess = false;
        } catch (CertificateException e) {
            e.printStackTrace();
            sslContextSuccess = false;
        } catch (KeyStoreException e) {
            e.printStackTrace();
            sslContextSuccess = false;
        } catch (IOException e) {
            e.printStackTrace();
            sslContextSuccess = false;
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
            sslContextSuccess = false;
        } catch (KeyManagementException e) {
            e.printStackTrace();
            sslContextSuccess = false;
        }
        System.out.println("sslContextSuccess=" + sslContextSuccess);
        if (sslContextSuccess) {
            SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
            SSLServerSocket ss = null;
            try {
                ss = (SSLServerSocket) serverSocketFactory.createServerSocket(8000);
                //是否需要驗證客戶端,true開啓客戶端驗證,即https雙向驗證
                ss.setNeedClientAuth(true);
                Socket s = ss.accept();
                System.out.println("server receive a client connect " + getCurrentTimeForMillis());
                InputStream is = s.getInputStream();
                int clientMsg = is.read();
                System.out.println("serve receive the client message:" + (char)clientMsg + " " + getCurrentTimeForMillis());
                OutputStream os = s.getOutputStream();
                //write the char of 'C" to client
                os.write(67);
                os.flush();
                System.out.println("server send message to client " + getCurrentTimeForMillis());
                System.out.println("server ok");
            } catch (IOException e) {
                e.printStackTrace();
            } finally {
                if (ss != null) {
                    try {
                        ss.close();
                    } catch (IOException e) {
                        e.printStackTrace();
                    }
                }
            }
        }
    }

    public static class MyTrustManger implements X509TrustManager {
        private X509TrustManager mManger;

        public MyTrustManger(TrustManager[] trustManagers) {
            if (trustManagers[0] instanceof X509TrustManager) {
                mManger = (X509TrustManager) trustManagers[0];
            }
        }

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            System.out.println("server checkClientTrusted " + getCurrentTimeForMillis());
            mManger.checkClientTrusted(chain, authType);
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            System.out.println("server checkServerTrusted " + getCurrentTimeForMillis());
            mManger.checkServerTrusted(chain, authType);
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            System.out.println("server getAcceptedIssuers " + getCurrentTimeForMillis());
            X509Certificate[] certificates = mManger.getAcceptedIssuers();
//            if(certificates!=null){
//                for(X509Certificate certificate:certificates){
//                    System.out.println("server getAcceptedIssuers certificate="+certificate+" "+getCurrentTimeForMillis());
//                }
//            }
            return certificates;
        }
    }

    public static class MyKeyManger implements X509KeyManager {
        private X509KeyManager mKeyManager;

        public MyKeyManger(KeyManager[] keyManagers) {
            if (keyManagers[0] instanceof X509KeyManager) {
                mKeyManager = (X509KeyManager) keyManagers[0];
            }
        }

        @Override
        public String[] getClientAliases(String keyType, Principal[] issuers) {
            System.out.println("server getClientAliases keyType=" + keyType + " " + getCurrentTimeForMillis());
            return mKeyManager.getClientAliases(keyType, issuers);
        }

        @Override
        public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
            System.out.println("server chooseClientAlias keyType=" + Arrays.toString(keyType) + " " + getCurrentTimeForMillis());
            return mKeyManager.chooseClientAlias(keyType, issuers, socket);
        }

        @Override
        public String[] getServerAliases(String keyType, Principal[] issuers) {
            System.out.println("server getServerAliases keyType=" + keyType + " " + getCurrentTimeForMillis());
            return mKeyManager.getServerAliases(keyType, issuers);
        }

        @Override
        public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
            System.out.println("server chooseServerAlias keyType=" + keyType + " " + getCurrentTimeForMillis());
            return mKeyManager.chooseServerAlias(keyType, issuers, socket);
        }

        @Override
        public X509Certificate[] getCertificateChain(String alias) {
            System.out.println("server getCertificateChain alias=" + alias + " " + getCurrentTimeForMillis());
            return mKeyManager.getCertificateChain(alias);
        }

        @Override
        public PrivateKey getPrivateKey(String alias) {
            System.out.println("server getPrivateKey alias=" + alias + " " + getCurrentTimeForMillis());
            return mKeyManager.getPrivateKey(alias);
        }
    }
}

Https客戶端代碼:

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/**
 * https客戶端測試類
 * 生成客戶端Jks文件的命令:
 * keytool -genkey -keyalg RSA -alias clientkeystore -keystore clientkeystore.jks -storepass crab123456 -validity 360 -keysize 2048
 */
public class HttpsClientTest {
    public static final String KEYSTORE_PATH = "/home/user/test/java/keystore.jks";
    public static final String KEYSTORE_PATH_CLIENT = "/home/user/test/java/clientkeystore.jks";
    public static final char[] password = "crab123456".toCharArray();
    public static void main(String[] args){
        connectForSocket();
    }

    /**
     * 當前時間精確到毫秒以字符串形式輸出
     * @return 當前時間的字符串
     */
    public static String getCurrentTimeForMillis(){
        SimpleDateFormat formatter = new SimpleDateFormat("dd-MMM-yyyy HH:mm:ss:SSS");
        return formatter.format(new Date(System.currentTimeMillis()));
    }
    public static void connectForSocket(){
        SSLContext sslContext = null;
        //標記SSLContext是否初始化成功
        boolean sslContextSuccess = false;
        try {
            KeyStore ks = KeyStore.getInstance("JKS");
            ks.load(new FileInputStream(KEYSTORE_PATH_CLIENT), password);
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            kmf.init(ks, password);
            KeyManager[] km = kmf.getKeyManagers();

            ks = KeyStore.getInstance("JKS");
            ks.load(new FileInputStream(KEYSTORE_PATH), password);
            TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
            tmf.init(ks);
            TrustManager [] tm = tmf.getTrustManagers();

            sslContext = SSLContext.getInstance("TLS");
            sslContext.init(new KeyManager[]{new MyKeyManger(km)}, new TrustManager[]{new MyTrustManger(tm)}, new SecureRandom());
            sslContextSuccess = true;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            sslContextSuccess = false;
        } catch (CertificateException e) {
            e.printStackTrace();
            sslContextSuccess = false;
        } catch (KeyStoreException e) {
            e.printStackTrace();
            sslContextSuccess = false;
        } catch (IOException e) {
            e.printStackTrace();
            sslContextSuccess = false;
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
            sslContextSuccess = false;
        } catch (KeyManagementException e) {
            e.printStackTrace();
            sslContextSuccess = false;
        }
        System.out.println("sslContextSuccess=" + sslContextSuccess);
        if(sslContextSuccess){
            Socket socket = null;
            try {
                SSLSocketFactory factory = sslContext.getSocketFactory();
                //客戶端socket對象
                socket = new Socket();
                InetSocketAddress address = new InetSocketAddress("127.0.0.1",8000);
                socket.connect(address,10000);
                SSLSocket ss = (SSLSocket) factory.createSocket(socket,"127.0.0.1", 8000,true);
                System.out.println("client hand shake start"+" "+getCurrentTimeForMillis());
                ss.startHandshake();
                System.out.println("client hand shake End"+" "+getCurrentTimeForMillis());
                OutputStream os = ss.getOutputStream();
                //write the char of 'B' to server
                os.write(66);
                os.flush();
                InputStream is = ss.getInputStream();
                int serverMsg = is.read();
                System.out.println("client receive the server message:" + (char)serverMsg + " " + getCurrentTimeForMillis());
                System.out.println("client ok");
            } catch (IOException e1) {
                e1.printStackTrace();
            }finally {
                if(socket!=null){
                    try {
                        socket.close();
                    } catch (IOException e) {
                        e.printStackTrace();
                    }
                }
            }
        }
    }
    public static class MyTrustManger implements X509TrustManager{
        private X509TrustManager mManger;
        public MyTrustManger(TrustManager[] trustManagers){
            if(trustManagers[0] instanceof X509TrustManager){
                mManger = (X509TrustManager) trustManagers[0];
            }
        }
        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            System.out.println("client checkClientTrusted "+ getCurrentTimeForMillis());
            mManger.checkClientTrusted(chain,authType);
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            System.out.println("client checkServerTrusted "+ getCurrentTimeForMillis());
            mManger.checkServerTrusted(chain,authType);
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            System.out.println("client getAcceptedIssuers "+ getCurrentTimeForMillis());
            X509Certificate[] certificates = mManger.getAcceptedIssuers();
//            if(certificates!=null){
//                for(X509Certificate certificate:certificates){
//                    System.out.println("client getAcceptedIssuers certificate="+certificate+" "+getCurrentTimeForMillis());
//                }
//            }
            return certificates;
        }
    }
    public static class MyKeyManger implements X509KeyManager {
        private X509KeyManager mKeyManager;

        public MyKeyManger(KeyManager[] keyManagers) {
            if (keyManagers[0] instanceof X509KeyManager) {
                mKeyManager = (X509KeyManager) keyManagers[0];
            }
        }

        @Override
        public String[] getClientAliases(String keyType, Principal[] issuers) {
            System.out.println("client getClientAliases keyType=" + keyType+" "+ getCurrentTimeForMillis());
            return mKeyManager.getClientAliases(keyType, issuers);
        }

        @Override
        public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
            System.out.println("client chooseClientAlias keyType=" + Arrays.toString(keyType)+" "+ getCurrentTimeForMillis());
            return mKeyManager.chooseClientAlias(keyType, issuers, socket);
        }

        @Override
        public String[] getServerAliases(String keyType, Principal[] issuers) {
            System.out.println("client getServerAliases keyType=" + keyType+" "+ getCurrentTimeForMillis());
            return mKeyManager.getServerAliases(keyType, issuers);
        }

        @Override
        public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
            System.out.println("client chooseServerAlias keyType=" + keyType+" "+ getCurrentTimeForMillis());
            return mKeyManager.chooseServerAlias(keyType, issuers, socket);
        }

        @Override
        public X509Certificate[] getCertificateChain(String alias) {
            System.out.println("client getCertificateChain alias=" + alias+" "+ getCurrentTimeForMillis());
            return mKeyManager.getCertificateChain(alias);
        }

        @Override
        public PrivateKey getPrivateKey(String alias) {
            System.out.println("client getPrivateKey alias=" + alias+" "+ getCurrentTimeForMillis());
            return mKeyManager.getPrivateKey(alias);
        }
    }
}

運行結果如下:

sslContextSuccess=true
server receive a client connect 25-Jul-2019 09:30:30:036
sslContextSuccess=true
client hand shake start 25-Jul-2019 09:30:30:038
server chooseServerAlias keyType=EC 25-Jul-2019 09:30:30:062
server chooseServerAlias keyType=RSA 25-Jul-2019 09:30:30:062
server getPrivateKey alias=serverkeystore 25-Jul-2019 09:30:30:062
server getCertificateChain alias=serverkeystore 25-Jul-2019 09:30:30:063
server getAcceptedIssuers 25-Jul-2019 09:30:30:101
client checkServerTrusted 25-Jul-2019 09:30:30:107
client getAcceptedIssuers 25-Jul-2019 09:30:30:307
client chooseClientAlias keyType=[RSA, DSA, EC] 25-Jul-2019 09:30:30:314
client getCertificateChain alias=clientkeystore 25-Jul-2019 09:30:30:314
client getPrivateKey alias=clientkeystore 25-Jul-2019 09:30:30:315
server checkClientTrusted 25-Jul-2019 09:30:30:316
server getAcceptedIssuers 25-Jul-2019 09:30:30:410
client hand shake End 25-Jul-2019 09:30:30:434
serve receive the client message:B 25-Jul-2019 09:30:30:435
server send message to client 25-Jul-2019 09:30:30:435
client receive the server message:C 25-Jul-2019 09:30:30:436
client ok
server ok
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Android筆記02-真機調式

1、手機打開開發者,並且usb連接電腦 2、打開sdk manager,安裝google usb driver 3、打開設備管理器,更新驅動程序,驅動程序目錄E:\android_sdk\extras\google\usb_driver

原創 2023-10-31 09:11:15

完美解決 Android 滑動衝突!

處理自定義 View 中的滑動衝突 對於大多數 Android 開發來說,處理滑動衝突好像很難,但實戰一下又發現,好像也挺簡單,因爲這個實際上是有套路可循的。基本就兩種方案:外部攔截法 && 內部攔截法。 2.1 外部攔截法 所謂外部攔截法

原創 2023-10-10 02:19:38

mybatis開啓MapperScannerConfigurer導致properties不生效

背景 spring和mybatis集成過程中,我們可以通過MapperFactoryBean的方式配置Mapper接口。但是這樣需要在配置文件中,爲每個mapper配置相同的代碼塊,浪費時間。關鍵對於代碼潔癖的人來說,一點不能忍。 <bea

原創 2024-02-07 13:55:41

Java字符串的一些理解

爲什麼要研究字符串? 人機交互的過程中,文字、數字、字母、符號都是字符表現形式,這部分內容佔了人機信息交互的大部分內容,所以有必要明確一些基本問題。因此大部分數據類型都應該有字符串表達形式,我們在定義新類型的時候可以根據需要來定義新類型的

原創 2023-10-31 09:11:32

(二)java版spring boot 社交電子商務平臺-security簡單使用

security的簡單原理: 使用衆多的攔截器對url攔截,以此來管理權限。但是這麼多攔截器,不可能對其一一來講,主要講裏面核心流程的兩個。 首先,權限管理離不開登陸驗證的,所以登陸驗證攔截器AuthenticationProcessing

原創 2023-10-10 11:05:06

(三)java版spring cloud+spring boot+redis多租戶社交電子商務平臺-Spring Cloud實戰隨機端口

我們經常會需要啓動多個實例的情況來測試註冊中心、配置中心等基礎設施的高可用,也會用來測試客戶端負載均衡的調用等。但是,我們一個應用只能有一個端口號,這就使得在本機測試的時候,不得不爲同一個服務設置不同的端口來進行啓動。 在本地用不同端口啓動

原創 2023-10-10 11:05:04

如何使用 Java 反射?反射的用法及案例

簡介     Java Reflection,稱爲 Java 反射,是Java基礎部分的一個比較難的點。Reflection(反射)是被視爲動態語言的關鍵,通過反射機制,我們可以在運行時(runtime)獲取類的完整結構。例如,可以獲取到

原創 2023-10-10 02:23:57

最新美團面試集合(一面+二面+三面+重點技術面試題)附面試解析

一面 1. 簡短自我介紹 2. 事務的ACID,其中把事務的隔離性詳細解釋一遍 3. 髒讀、幻影讀、不可重複讀 4. 紅黑樹、二叉樹的算法 5. 平常用到哪些集合類?ArrayList和LinkedList區別?HashMap內部數據結構

原創 2023-10-10 01:43:49

Java程序員不想被裁員困擾,應該怎樣築基、發展才能越走越遠?

  當我們站在技術之路的原點,未來可能充滿了迷茫,也存在着很多不同的可能。在這個知識爆炸與終身學習/碎片化學習爲主的時代,我們面臨的問題之一就是如何進行有效學習,不僅能有效平衡廣度與深度,並且能真正的積澱下來,提升自己的研發效能。於筆者而

原創 2023-10-10 01:43:34

阿里巴巴Java開發手冊 梳理筆記 - finally 塊必須對資源對象、流對象進行關閉

阿里巴巴Java開發手冊 梳理筆記 - finally 塊必須對資源對象、流對象進行關閉 規約內容: 2.1 異常處理 6. 【強制】 finally 塊必須對資源對象、流對象進行關閉,有異常也要做 try - catch 。 說明:如果

原創 2023-08-02 10:29:06

java併發-CAS的理解

在Java方面,能夠實現多線程安全修改對象值得方法只有2個 1.原子操作 2.互斥方法 而在Java當中,或是其他語言中,基本上也都是使用CAS實現。CAS是比較並交換的意思,這個操作包含2個連續的操作,比較,還有賦值,因爲2個操作在cpu

原創 2023-05-29 01:40:21

java併發-Timer類的使用和原理

單線程輪詢並執行任務,有可能會導致飢餓。比較適合於一些具有一個任務的週期調度。 任務列表用數組存儲,元素最前面的元素是最先被執行的任務。 schedule方法是固定間隔執行,根據上一次執行的結束時間來定義間隔的開始時間 scheduleAt

原創 2023-03-28 01:52:22

java併發-ReadWriteLock代碼理解

創建的ReadWriteLock需要使用兩個方法來繼續創造2個對象,分別是ReadLock和WriteLock。 這兩個鎖對象的方法調用都會匯聚到ReadWriteLock的Sync類中。多個對象的方法調用匯聚到一個對象上面,這個設計模式是

原創 2023-03-28 01:52:20

java併發-synchronized關鍵字

synchronized關鍵字可以修飾普通方法,靜態方法,當修飾普通方法,鎖對象是當前對象,當修飾靜態方法,鎖對象是當前類的class synchroinzed關鍵字可以使用同步代碼塊實現同步,此時可以指定鎖對象。 同步方法的實現方式 同步

原創 2023-03-28 01:52:18

java併發-AQS總結-原理

AQS是Java多線程編程的重入鎖,管程,工具類的基礎類,是必須要掌握的。不掌握這個類,根本不能稱之爲合格的Java程序員。 即使是把這個類所有的代碼都背會,也是值得的。 如何標識已經有線程在執行呢? 有兩個變量,一個state變量,一個e

原創 2023-03-28 01:52:16