| 知乎专栏 | 多维度架构 |
package netkiller;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class HTTPS {
public static void main(String[] args) {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
// Now you can access an https URL without having the certificate in the truststore
try {
//Create a URL for the desired page
URL url = new URL("https://java.sun.com/");
// Read all the text returned by the server
BufferedReader in = new BufferedReader(new InputStreamReader(url.openStream()));
String html;
while ((html = in.readLine()) != null) {
// str is one line of text; readLine() strips the newline character(s)
System.out.println(html);
}
in.close();
} catch (MalformedURLException mue) {
} catch (IOException ioe) {
}
}
}
package netkiller;
import java.io.*;
import java.net.*;
import javax.net.SocketFactory;
import javax.net.ssl.*;
public class SSLClientSocket {
public static void main(String[] args) {
try {
int port = 443;
String hostname = "java.sun.com";
SocketFactory socketFactory = SSLSocketFactory.getDefault();
Socket socket = socketFactory.createSocket(hostname, port);
// Create streams to securely send and receive data to the server
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
BufferedReader socketReader = new BufferedReader(new InputStreamReader(in));
PrintWriter socketWriter = new PrintWriter(out);
socketWriter.println("GET /");
socketWriter.flush();
String line=null;
StringBuffer html = new StringBuffer();
while((line=socketReader.readLine())!=null){
html.append(line+"\n");
}
// Read from in and write to out...
System.out.println(html.toString());
// Close the socket
socketReader.close();
socketWriter.close();
in.close();
out.close();
} catch(IOException e) {
}
}
}
这里实现一个简单的SSL Echo服务器
创建证书
keytool -genkey -keyalg RSA -alias mycert -keystore mySrvKeystore
C:\workspace\test>keytool -genkey -keyalg RSA -alias mycert -keystore mySrvKeystore
输入keystore密码: 13721218
您的名字与姓氏是什么?
[Unknown]: 陈景峰
您的组织单位名称是什么?
[Unknown]: 中国无线电运动协会
您的组织名称是什么?
[Unknown]: 无线电运动协会
您所在的城市或区域名称是什么?
[Unknown]: 深圳
您所在的州或省份名称是什么?
[Unknown]: 广东省
该单位的两字母国家代码是什么
[Unknown]: CN
CN=陈景峰, OU=中国无线电运动协会, O=无线电运动协会, L=深圳, ST=广东省, C=CN 正确
吗?
[否]: Y
输入<mycert>的主密码
(如果和 keystore 密码相同,按回车): 13721218
C:\workspace\neo>javac netkiller\SSLServerSocket.java
java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=13721218 netkiller.SSLServerSocket
Client
C:\workspace\neo>javac netkiller\SSLClientSocket.java
java -Djavax.net.ssl.trustStore=truststore -Djavax.net.ssl.trustStorePassword=13721218 netkiller.SSLClientSocket