1. 什么是Https,SSL, TLS
Https全称是Hypertext Transfer Protocol over Secure Socket Layer即基于SSL(Secure Socket Layer)的Http协议,也就是http的安全版本。
SSL(Secure Socket Layer)即安全套接层
TLS(Transport Layer Security)即传输层安全协议
Https协议在http协议与TCP协议增加一层安全层,所有请求和响应数据在经过网络传之前,都会先进行加密,然后进行传输,防止数据在网络传输过程被拦截。
2.什么是SSLSocket
JDK文档指出,SSLSocket扩展Socket并提供使用SSL或TLS协议的安全套接字。
这种套接字是正常的流套接字,但是它们在基础网络传输协议(如TCP)上添加了安全保护层。
3.生成服务端、客户端以及信任证书
参考http://szlxh002.iteye.com/blog/2277307
4.SSLSocket相关类
(1)SSLContext: 此类的实例表示安全套接字协议的实现, 它是SSLSocketFactory、SSLServerSocketFactory和SSLEngine的工厂。
(2)SSLSocket: 扩展自Socket
(3)SSLServerSocket: 扩展自ServerSocket
(4)SSLSocketFactory: 抽象类,扩展自SocketFactory, SSLSocket的工厂
(5)SSLServerSocketFactory: 抽象类,扩展自ServerSocketFactory, SSLServerSocket的工厂
(6)KeyStore: 表示密钥和证书的存储设施
(7)KeyManager: 接口,JSSE密钥管理器
(8)TrustManager: 接口,信任管理器(?翻译得很拗口)
(9)X590TrustedManager: TrustManager的子接口,管理X509证书,验证远程安全套接字
5.Java例子
(1)SSLSocketClient
package com.ssl;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
/**
* Created by xiaohong on 2016/2/19.
*/
public class SSLSocketClient {
private SSLSocket sslSocket;
//初始化
public void init() throws Exception {
String host = "127.0.0.1";
int port = 1234;
//包含客户端的私钥和服务端信任的证书
String keystorePath = "d:\\keystore\\client.p12";
String trustKeystorePath = "d:\\keystore\\ca-trust.p12";
String keystorePassword = "12345678";
SSLContext sslContext = SSLContext.getInstance("SSL");
//密钥库
KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");
//信任库
TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509");
KeyStore keyStroe = KeyStore.getInstance("pkcs12");
KeyStore trustKeyStore = KeyStore.getInstance("jks");
FileInputStream keystoreFis = new FileInputStream(keystorePath);
keyStroe.load(keystoreFis, keystorePassword.toCharArray());
FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath);
trustKeyStore.load(trustKeystoreFis, keystorePassword.toCharArray());
kmf.init(keyStroe,keystorePassword.toCharArray());
tmf.init(trustKeyStore);
//上下文初始化
sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null);
sslSocket = (SSLSocket)sslContext.getSocketFactory().createSocket(host,port);
}
//通信
private void process() throws Exception{
String hello = "Hello lai";
OutputStream output = sslSocket.getOutputStream();
output.write(hello.getBytes(),0,hello.getBytes().length);
output.flush();
byte[] inputBytes = new byte[20];
InputStream input = sslSocket.getInputStream();
input.read(inputBytes);
System.out.println("From server:" + new String(inputBytes));
}
public static void main(String[] args) throws Exception{
SSLSocketClient client = new SSLSocketClient();
client.init();
client.process();
}
}
(2)SSLSocketServer
package com.ssl;
import javax.net.ssl.*;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyStore;
/**
* Created by xiaohong on 2016/2/19.
*/
public class SSLSocketServer {
private SSLServerSocket sslServerSocket;
//初始化
public void init() throws Exception {
int port = 1234;
//包含客户端的私钥和服务端信任的证书
String keystorePath = "d:\\keystore\\server.p12";
String trustKeystorePath = "d:\\keystore\\ca-trust.p12";
String keystorePassword = "12345678";
SSLContext sslContext = SSLContext.getInstance("SSL");
//密钥库
KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");
//信任库
TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509");
KeyStore keyStroe = KeyStore.getInstance("pkcs12");
KeyStore trustKeyStore = KeyStore.getInstance("jks");
FileInputStream keystoreFis = new FileInputStream(keystorePath);
keyStroe.load(keystoreFis, keystorePassword.toCharArray());
FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath);
trustKeyStore.load(trustKeystoreFis, keystorePassword.toCharArray());
kmf.init(keyStroe,keystorePassword.toCharArray());
tmf.init(trustKeyStore);
//上下文初始化
sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null);
sslServerSocket = (SSLServerSocket)sslContext.getServerSocketFactory().createServerSocket(port);
sslServerSocket.setNeedClientAuth(true);
}
//通信
private void process() throws Exception{
String bye = "bye bye";
System.out.println("Listen....");
Socket socket = sslServerSocket.accept();
byte[] inputBytes = new byte[20];
InputStream input = socket.getInputStream();
input.read(inputBytes);
System.out.println("From client:" + new String(inputBytes));
OutputStream output = socket.getOutputStream();
output.write(bye.getBytes(),0,bye.getBytes().length);
output.flush();
}
public static void main(String[] args) throws Exception{
SSLSocketServer server = new SSLSocketServer();
server.init();
server.process();
}
}
相关推荐
NULL 博文链接:https://410063005.iteye.com/blog/1751243
NULL 博文链接:https://1002878825-qq-com.iteye.com/blog/1838805
java android 的ssl socket通讯,X509运行
Java中SSLSocket应用教程和代码
详细介绍了java如何使用SSL来进行socket通信了 最主要的是介绍了如何使用keytool来生成.keystore文件 ps:设置一分是希望那些刚入门或则对csdn访问不多的朋友 多花点时间 表面上市搞积分 事实上是有帮助的。 如果你...
javax.net.ssl.SSLSocket类的使用。 下载cer.zip文件后解压,得到cer文件夹,该目录下有运行脚本,其中Test文件夹为java项目源码,直接导出到Eclipse。 SSLServer主类在com.csii.ssl包下,其它pack下的内容都用不到...
具体事项请看根目录safejoin文件夹下的说明.txt文件
Java Socket 实现SMTP邮件发送,支持SSL/TSL
NULL 博文链接:https://410063005.iteye.com/blog/1751938
Secure Login based on SSL Server Socket.
android ssl socket java 整理了socket 中ssl安全通信
简单实现用java socket实现smtp邮件发送,支持SSL/TSL协议;
JAVA利用HttpClient进行HTTPS接口调用
SSLSocket双向认证通信示例(含证书库及证书),自己编写的可使用的代码按钮,此代码中含将服务端证书及CA证书自动下载并导入到客户端证书库的功能。
程序采用sslsocket联网技术实现,采用自己创建的数字证书,导入wtk中实现联网安全信息传输。 共同探讨:jack_sj@139.com
源码主要参考:http://blog.csdn.net/kongxx/article/details/7259837 证书的生成,主要参考:http://stilius.net/java/java_ssl.php
java socket发送SMTP邮件,支持SSL,支持发附件,抄送且发送的邮件标题内容都无乱码!
客户端与服务器SSL双向认证(客户端:java-服务端:java):详细的过程,注意事项,运行成功!
Secure Socket Layer (SSL) and Transport Layer Security (TLS) are the current standards for communicating information securely over the internet. With TLS, all data being transmitted from point A to ...