Java建立SSL雙向認證連接源碼

(作者：陳波，2011-11-11，轉載請註明 Form:http://blog.csdn.net/jinhill/article/details/6960406) 

package com.jinhill.net;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyStore;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

public class SSLClient {
 //受信任根證書庫
 private String mTrustStore = "C:/Documents and Settings/bo.chen/.keystore";
 private String mTrustStorePwd = "123456";
 
 //客戶端證書庫，這裏採用PFX格式
 private String mClientKeyStore = "C:/cb.pfx";
 private String mClientKeyStorePwd = "123456";
  
 public SSLClient(){
  //設置受任根證庫
  System.setProperty("javax.net.ssl.trustStore", mTrustStore);
  //System.setProperty("javax.net.ssl. trustStorePassword", mTrustStorePwd);
  //System.setProperty("javax.net.debug", "ssl,handshake");
 }

 public void setTrustStore(String trustStore, String trustStorePwd){
  mTrustStore = trustStore;
  mTrustStorePwd = trustStorePwd;
 }
 
 public void setClientStore(String clientKeyStore, String clientKeyStorePwd){
  mClientKeyStore = clientKeyStore;
  mClientKeyStorePwd = clientKeyStorePwd;
 }
 
 //SSL單向認證連接 
 private Socket ConnectWithoutCert(String host, int port) throws Exception {
  SocketFactory sf = SSLSocketFactory.getDefault();
  Socket s = sf.createSocket(host, port);
  return s;
 }
 //SSL雙向認證連接
 private Socket ConnectWithCert(String host, int port) throws Exception {
  SSLContext context = SSLContext.getInstance("TLS");
  
  KeyStore ks = KeyStore.getInstance("PKCS12");
  ks.load(new FileInputStream(mClientKeyStore), mClientKeyStorePwd.toCharArray());
  KeyManagerFactory kf = KeyManagerFactory.getInstance("SunX509");
  kf.init(ks, mClientKeyStorePwd.toCharArray());
  //如果不System.setProperty("javax.net.ssl.trustStore", mTrustStore);
  //也可以用下列方法動態進行受信任根證書設置
  /*
  TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
  KeyStore tks = KeyStore.getInstance("JKS");
  tks.load(new FileInputStream(mTrustStore), mTrustStorePwd.toCharArray());
  tmf.init(tks);
  context.init(kf.getKeyManagers(), tmf.getTrustManagers(), null);
   */
  context.init(kf.getKeyManagers(), null, null);
  
  SocketFactory factory = context.getSocketFactory();
  Socket s = factory.createSocket(host, port);
  return s;
 }
 
 public static void main(String[] args) throws Exception {
  //HTTP請求
  String request = "GET / HTTP/1.1\r\nHost: www.jinhill.com\r\nConnection: Keep-Alive\r\nUser-Agent: Java Client Tool\r\n\r\n";
  String receive = "RECV:";
  int len = 0;

  SSLClient client = new SSLClient();
  //連接SSL服務器
  Socket s = client.ConnectWithCert("www.jinhill.com", 443);
  //Socket s = client.ConnectWithoutCert("www.jinhill.com", 443);
  //設置輸入輸出流
  OutputStream os = s.getOutputStream();
  InputStream is = s.getInputStream();
  //發送HTTP請求
  os.write(request.getBytes());
  os.flush();
  //讀取HTTP響應數據
  while(true){
   byte[] buf = new byte[1024];
   len = is.read(buf);
   receive += (new String(buf));
   if(len < 1024)
   {
    break;
   }
  } 
  System.out.println(receive);
  //關閉連接
  s.close();
 }
}