1. 什么是Https,SSL, TLS
Https全称是Hypertext Transfer Protocol over Secure Socket Layer即基于SSL(Secure Socket Layer)的Http协议,也就是http的安全版本。
SSL(Secure Socket Layer)即安全套接层
TLS(Transport Layer Security)即传输层安全协议
Https协议在http协议与TCP协议增加一层安全层,所有请求和响应数据在经过网络传之前,都会先进行加密,然后进行传输,防止数据在网络传输过程被拦截。
2.什么是SSLSocket
JDK文档指出,SSLSocket扩展Socket并提供使用SSL或TLS协议的安全套接字。
这种套接字是正常的流套接字,但是它们在基础网络传输协议(如TCP)上添加了安全保护层。
3.生成服务端、客户端以及信任证书
参考http://szlxh002.iteye.com/blog/2277307
4.SSLSocket相关类
(1)SSLContext: 此类的实例表示安全套接字协议的实现, 它是SSLSocketFactory、SSLServerSocketFactory和SSLEngine的工厂。
(2)SSLSocket: 扩展自Socket
(3)SSLServerSocket: 扩展自ServerSocket
(4)SSLSocketFactory: 抽象类,扩展自SocketFactory, SSLSocket的工厂
(5)SSLServerSocketFactory: 抽象类,扩展自ServerSocketFactory, SSLServerSocket的工厂
(6)KeyStore: 表示密钥和证书的存储设施
(7)KeyManager: 接口,JSSE密钥管理器
(8)TrustManager: 接口,信任管理器(?翻译得很拗口)
(9)X590TrustedManager: TrustManager的子接口,管理X509证书,验证远程安全套接字
5.Java例子
(1)SSLSocketClient
package com.ssl; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManagerFactory; import java.io.FileInputStream; import java.io.InputStream; import java.io.OutputStream; import java.security.KeyStore; /** * Created by xiaohong on 2016/2/19. */ public class SSLSocketClient { private SSLSocket sslSocket; //初始化 public void init() throws Exception { String host = "127.0.0.1"; int port = 1234; //包含客户端的私钥和服务端信任的证书 String keystorePath = "d:\\keystore\\client.p12"; String trustKeystorePath = "d:\\keystore\\ca-trust.p12"; String keystorePassword = "12345678"; SSLContext sslContext = SSLContext.getInstance("SSL"); //密钥库 KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509"); //信任库 TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509"); KeyStore keyStroe = KeyStore.getInstance("pkcs12"); KeyStore trustKeyStore = KeyStore.getInstance("jks"); FileInputStream keystoreFis = new FileInputStream(keystorePath); keyStroe.load(keystoreFis, keystorePassword.toCharArray()); FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath); trustKeyStore.load(trustKeystoreFis, keystorePassword.toCharArray()); kmf.init(keyStroe,keystorePassword.toCharArray()); tmf.init(trustKeyStore); //上下文初始化 sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null); sslSocket = (SSLSocket)sslContext.getSocketFactory().createSocket(host,port); } //通信 private void process() throws Exception{ String hello = "Hello lai"; OutputStream output = sslSocket.getOutputStream(); output.write(hello.getBytes(),0,hello.getBytes().length); output.flush(); byte[] inputBytes = new byte[20]; InputStream input = sslSocket.getInputStream(); input.read(inputBytes); System.out.println("From server:" + new String(inputBytes)); } public static void main(String[] args) throws Exception{ SSLSocketClient client = new SSLSocketClient(); client.init(); client.process(); } }
(2)SSLSocketServer
package com.ssl; import javax.net.ssl.*; import java.io.FileInputStream; import java.io.InputStream; import java.io.OutputStream; import java.net.Socket; import java.security.KeyStore; /** * Created by xiaohong on 2016/2/19. */ public class SSLSocketServer { private SSLServerSocket sslServerSocket; //初始化 public void init() throws Exception { int port = 1234; //包含客户端的私钥和服务端信任的证书 String keystorePath = "d:\\keystore\\server.p12"; String trustKeystorePath = "d:\\keystore\\ca-trust.p12"; String keystorePassword = "12345678"; SSLContext sslContext = SSLContext.getInstance("SSL"); //密钥库 KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509"); //信任库 TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509"); KeyStore keyStroe = KeyStore.getInstance("pkcs12"); KeyStore trustKeyStore = KeyStore.getInstance("jks"); FileInputStream keystoreFis = new FileInputStream(keystorePath); keyStroe.load(keystoreFis, keystorePassword.toCharArray()); FileInputStream trustKeystoreFis = new FileInputStream(trustKeystorePath); trustKeyStore.load(trustKeystoreFis, keystorePassword.toCharArray()); kmf.init(keyStroe,keystorePassword.toCharArray()); tmf.init(trustKeyStore); //上下文初始化 sslContext.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null); sslServerSocket = (SSLServerSocket)sslContext.getServerSocketFactory().createServerSocket(port); sslServerSocket.setNeedClientAuth(true); } //通信 private void process() throws Exception{ String bye = "bye bye"; System.out.println("Listen...."); Socket socket = sslServerSocket.accept(); byte[] inputBytes = new byte[20]; InputStream input = socket.getInputStream(); input.read(inputBytes); System.out.println("From client:" + new String(inputBytes)); OutputStream output = socket.getOutputStream(); output.write(bye.getBytes(),0,bye.getBytes().length); output.flush(); } public static void main(String[] args) throws Exception{ SSLSocketServer server = new SSLSocketServer(); server.init(); server.process(); } }
相关推荐
NULL 博文链接:https://410063005.iteye.com/blog/1751243
NULL 博文链接:https://1002878825-qq-com.iteye.com/blog/1838805
java android 的ssl socket通讯,X509运行
Java中SSLSocket应用教程和代码
详细介绍了java如何使用SSL来进行socket通信了 最主要的是介绍了如何使用keytool来生成.keystore文件 ps:设置一分是希望那些刚入门或则对csdn访问不多的朋友 多花点时间 表面上市搞积分 事实上是有帮助的。 如果你...
javax.net.ssl.SSLSocket类的使用。 下载cer.zip文件后解压,得到cer文件夹,该目录下有运行脚本,其中Test文件夹为java项目源码,直接导出到Eclipse。 SSLServer主类在com.csii.ssl包下,其它pack下的内容都用不到...
具体事项请看根目录safejoin文件夹下的说明.txt文件
Java Socket 实现SMTP邮件发送,支持SSL/TSL
NULL 博文链接:https://410063005.iteye.com/blog/1751938
Secure Login based on SSL Server Socket.
android ssl socket java 整理了socket 中ssl安全通信
简单实现用java socket实现smtp邮件发送,支持SSL/TSL协议;
JAVA利用HttpClient进行HTTPS接口调用
SSLSocket双向认证通信示例(含证书库及证书),自己编写的可使用的代码按钮,此代码中含将服务端证书及CA证书自动下载并导入到客户端证书库的功能。
程序采用sslsocket联网技术实现,采用自己创建的数字证书,导入wtk中实现联网安全信息传输。 共同探讨:jack_sj@139.com
源码主要参考:http://blog.csdn.net/kongxx/article/details/7259837 证书的生成,主要参考:http://stilius.net/java/java_ssl.php
java socket发送SMTP邮件,支持SSL,支持发附件,抄送且发送的邮件标题内容都无乱码!
客户端与服务器SSL双向认证(客户端:java-服务端:java):详细的过程,注意事项,运行成功!
Secure Socket Layer (SSL) and Transport Layer Security (TLS) are the current standards for communicating information securely over the internet. With TLS, all data being transmitted from point A to ...