Home | 简体中文 | 繁体中文 | 杂文 | 知乎专栏 | 51CTO学院 | CSDN程序员研修院 | Github | OSChina 博客 | 腾讯云社区 | 阿里云栖社区 | Facebook | Linkedin | Youtube | 打赏(Donations) | About
知乎专栏多维度架构

15.2. SSL Socket

15.2.1. Java Socket HTTPS

		
package netkiller;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class HTTPS {

	public static void main(String[] args) {
	    // Create a trust manager that does not validate certificate chains
	    TrustManager[] trustAllCerts = new TrustManager[]{
	        new X509TrustManager() {
	            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
	                return null;
	            }
	            public void checkClientTrusted(
	                java.security.cert.X509Certificate[] certs, String authType) {
	            }
	            public void checkServerTrusted(
	                java.security.cert.X509Certificate[] certs, String authType) {
	            }
	        }
	    };

	    // Install the all-trusting trust manager
	    try {
	        SSLContext sc = SSLContext.getInstance("SSL");
	        sc.init(null, trustAllCerts, new java.security.SecureRandom());
	        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
	    } catch (Exception e) {
	    }

	    // Now you can access an https URL without having the certificate in the truststore
	    try {
	    	//Create a URL for the desired page
	        URL url = new URL("https://java.sun.com/");

	        // Read all the text returned by the server
	        BufferedReader in = new BufferedReader(new InputStreamReader(url.openStream()));
	        String html;
	        while ((html = in.readLine()) != null) {
	            // str is one line of text; readLine() strips the newline character(s)
	        	System.out.println(html);
	        }
	        in.close();

	    } catch (MalformedURLException mue) {
	    } catch (IOException ioe) {
	    }

	}

}

		
		

15.2.2. Java SSL Socket Client

		
package netkiller;

import java.io.*;
import java.net.*;
import javax.net.SocketFactory;
import javax.net.ssl.*;

public class SSLClientSocket {

	public static void main(String[] args) {
	    try {
	        int port = 443;
	        String hostname = "java.sun.com";

	        SocketFactory socketFactory = SSLSocketFactory.getDefault();
	        Socket socket = socketFactory.createSocket(hostname, port);

	        // Create streams to securely send and receive data to the server
	        InputStream in = socket.getInputStream();
	        OutputStream out = socket.getOutputStream();

	        BufferedReader socketReader = new BufferedReader(new InputStreamReader(in));
	        PrintWriter socketWriter = new PrintWriter(out);

	        socketWriter.println("GET /");
	        socketWriter.flush();
	        String line=null;
	        StringBuffer html = new StringBuffer();
	        while((line=socketReader.readLine())!=null){
	        	html.append(line+"\n");
	        }
	        // Read from in and write to out...
	        System.out.println(html.toString());

	        // Close the socket
	        socketReader.close();
	        socketWriter.close();
	        in.close();
	        out.close();
	    } catch(IOException e) {
	    }

	}

}

		
		

15.2.3. Java SSL Socket Server

这里实现一个简单的SSL Echo服务器

创建证书


keytool -genkey -keyalg RSA -alias mycert -keystore mySrvKeystore

		
C:\workspace\test>keytool -genkey -keyalg RSA -alias mycert -keystore mySrvKeystore
输入keystore密码:  13721218
您的名字与姓氏是什么?
  [Unknown]:  陈景峰
您的组织单位名称是什么?
  [Unknown]:  中国无线电运动协会
您的组织名称是什么?
  [Unknown]:  无线电运动协会
您所在的城市或区域名称是什么?
  [Unknown]:  深圳
您所在的州或省份名称是什么?
  [Unknown]:  广东省
该单位的两字母国家代码是什么
  [Unknown]:  CN
CN=陈景峰, OU=中国无线电运动协会, O=无线电运动协会, L=深圳, ST=广东省, C=CN 正确
吗?
  [否]:  Y

输入<mycert>的主密码
        (如果和 keystore 密码相同,按回车):  13721218

		
		
C:\workspace\neo>javac netkiller\SSLServerSocket.java



java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=13721218 netkiller.SSLServerSocket

Client

C:\workspace\neo>javac netkiller\SSLClientSocket.java java -Djavax.net.ssl.trustStore=truststore -Djavax.net.ssl.trustStorePassword=13721218 netkiller.SSLClientSocket