知乎专栏 | 多维度架构 |
package netkiller; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; import java.net.MalformedURLException; import java.net.URL; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; public class HTTPS { public static void main(String[] args) { // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { } } }; // Install the all-trusting trust manager try { SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (Exception e) { } // Now you can access an https URL without having the certificate in the truststore try { //Create a URL for the desired page URL url = new URL("https://java.sun.com/"); // Read all the text returned by the server BufferedReader in = new BufferedReader(new InputStreamReader(url.openStream())); String html; while ((html = in.readLine()) != null) { // str is one line of text; readLine() strips the newline character(s) System.out.println(html); } in.close(); } catch (MalformedURLException mue) { } catch (IOException ioe) { } } }
package netkiller; import java.io.*; import java.net.*; import javax.net.SocketFactory; import javax.net.ssl.*; public class SSLClientSocket { public static void main(String[] args) { try { int port = 443; String hostname = "java.sun.com"; SocketFactory socketFactory = SSLSocketFactory.getDefault(); Socket socket = socketFactory.createSocket(hostname, port); // Create streams to securely send and receive data to the server InputStream in = socket.getInputStream(); OutputStream out = socket.getOutputStream(); BufferedReader socketReader = new BufferedReader(new InputStreamReader(in)); PrintWriter socketWriter = new PrintWriter(out); socketWriter.println("GET /"); socketWriter.flush(); String line=null; StringBuffer html = new StringBuffer(); while((line=socketReader.readLine())!=null){ html.append(line+"\n"); } // Read from in and write to out... System.out.println(html.toString()); // Close the socket socketReader.close(); socketWriter.close(); in.close(); out.close(); } catch(IOException e) { } } }
这里实现一个简单的SSL Echo服务器
创建证书
keytool -genkey -keyalg RSA -alias mycert -keystore mySrvKeystore
C:\workspace\test>keytool -genkey -keyalg RSA -alias mycert -keystore mySrvKeystore 输入keystore密码: 13721218 您的名字与姓氏是什么? [Unknown]: 陈景峰 您的组织单位名称是什么? [Unknown]: 中国无线电运动协会 您的组织名称是什么? [Unknown]: 无线电运动协会 您所在的城市或区域名称是什么? [Unknown]: 深圳 您所在的州或省份名称是什么? [Unknown]: 广东省 该单位的两字母国家代码是什么 [Unknown]: CN CN=陈景峰, OU=中国无线电运动协会, O=无线电运动协会, L=深圳, ST=广东省, C=CN 正确 吗? [否]: Y 输入<mycert>的主密码 (如果和 keystore 密码相同,按回车): 13721218
C:\workspace\neo>javac netkiller\SSLServerSocket.java
java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=13721218 netkiller.SSLServerSocket
Client
C:\workspace\neo>javac netkiller\SSLClientSocket.java
java -Djavax.net.ssl.trustStore=truststore -Djavax.net.ssl.trustStorePassword=13721218 netkiller.SSLClientSocket