https://www.cnblogs.com/sprinng/p/5757795.html
自己研究的步骤
keytool -genkey -alias tbb -keyalg RSA -validity 3650 -keystore D:\ssl\cert\tbb.keystore --服务端证书,放入tomcat中
keytool -export -alias tbb -keystore D:\ssl\cert\tbb.keystore -storepass 123456 -rfc -file D:\ssl\cert\tbb.cer
keytool -import -alias mycert -file D:\ssl\cert\tbb.cer -keystore D:\ssl\cert\tbb.jks --交给客户使用
keytool -validity 36500 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore D:\ssl\cert\client.p12 --交给客户使用
keytool -export -v -alias client -keystore D:\ssl\cert\client.p12 -storetype PKCS12 -storepass 123456 -rfc -file D:\ssl\cert\client.cer --服务端认证客户端证书
keytool -import -v -alias client -file D:\ssl\cert\client.cer -keystore D:\ssl\cert\tbb.keystore -storepass 123456 --服务端认证客户端证书
以下是转载
server: apache-tomcat-6.0.44 jdk1.7.0_79
client: jdk1.7.0_79
jks是JAVA的keytools证书工具支持的证书私钥格式。 pfx是微软支持的私钥格式。 cer是证书的公钥。
生成: keytool -genkey -alias tbb -keyalg RSA -keystore D:\cert\tbb.keystore 模板: keytool -genkey -alias yushan -keypass yushan -keyalg RSA -keysize 1024 -validity 365((默认为90天)) -keystore D:\cert\tbb.keystore -storepass 123456 -dname "CN=(名字与姓氏), OU=(组织单位名称), O=(组织名称), L=(城市或区域名称), ST=(州或省份名称), C=(单位的两字母国家代码)";(中英文即可) 验证: keytool -selfcert -alias tbb -keystore D:\cert\tbb.keystore 导出: keytool -export -alias tbb -keystore D:\cert\tbb.keystore -storepass 12345678 -rfc -file D:\cert\tbb.cer 转换 cer -> jks keytool -import -alias mycert -file D:\cert\tbb.cer -keystore D:\cert\tbb.jks keystore信息的查看: 打印证书的 MD5 指纹 keytool -list -v -keystore D:\cert\tbb.keystore -storepass 12345678 可打印的编码格式输出证书 keytool -list -rfc -keystore D:\cert\tbb.keystore -storepass 12345678
生成客户端证书库 keytool -validity 36500 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore D:\cert\client.p12 -dname "CN=spring,OU=jiajianfa,O=jiajianfa,L=Wuhan,ST=HuBei,c=cn" -storepass 12345678 -keypass 12345678 从客户端证书库中导出客户端证书 keytool -export -v -alias client -keystore D:\cert\client.p12 -storetype PKCS12 -storepass 12345678 -rfc -file D:\cert\client.cer 将客户端证书导入到服务器证书库(使得服务器信任客户端证书,服务器端用此验证客户端的合法性) keytool -import -v -alias client -file D:\cert\client.cer -keystore D:\cert\tbb.keystore -storepass 12345678 查看服务端证书中信任的客户端证书 keytool -list -keystore D:\cert\tbb.keystore -storepass 12345678
tomcat server.xml 配置:
<!-- clientAuth true:双向认证 false:单向认证--> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystorePass="12345678" keystoreFile="D:\cert\tbb.keystore" truststoreFile="D:\cert\tbb.keystore" truststorePass="12345678" />
<!-- 配置服务端项目web.xml 在<welcome-file-list>之后增加:-->
<!-- 强制SSL配置,即普通的请求也会重定向为SSL请求 --> <security-constraint> <web-resource-collection> <web-resource-name>SSL</web-resource-name> <url-pattern>/*</url-pattern><!-- 全站使用SSL <url-pattern>/*</url-pattern>--> </web-resource-collection> <user-data-constraint> <description>SSL required</description> <!-- CONFIDENTIAL: 要保证服务器和客户端之间传输的数据不能够被修改,且不能被第三方查看到 --> <!-- INTEGRAL: 要保证服务器和client之间传输的数据不能够被修改 --> <!-- NONE: 指示容器必须能够在任一的连接上提供数据。(即用HTTP或HTTPS,由客户端来决定)--> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
单向认证:
import java.io.BufferedReader; import java.io.InputStreamReader; import java.io.OutputStream; import java.net.Authenticator; import java.net.InetSocketAddress; import java.net.PasswordAuthentication; import java.net.Proxy; import java.net.URL; import java.util.Date; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLSession; /** * @Description https单向认证 * @author sprinng * */ public class ClientSendDataSingle { /** * * @param sendurl 请求地址 * @param res 返回结果 * @param sendData 参数 * @param timeOut 超时时间(min) * @param useProxy 是否使用代理 * @param trustStorePath 证书路径 * @param trustStorePwd 证书密码 * @return * @throws Exception */ public static String send(String sendurl, String res, String sendData, String timeOut, boolean useProxy, String trustStorePath, String trustStorePwd)throws Exception { System.setProperty("javax.net.ssl.trustStore", trustStorePath); System.setProperty("javax.net.ssl.trustStorePassword", trustStorePwd); URL url = new URL(sendurl); HttpsURLConnection connection = null; HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String urlHostName, SSLSession session) { return true; } }; System.setProperty("java.protocol.handler.pkgs","sun.net.www.protocol"); HttpsURLConnection.setDefaultHostnameVerifier(hv); Date current = new Date(System.currentTimeMillis()); System.out.println("begint to open connection at " + current); //使用代理 if(useProxy){ InetSocketAddress isa = new InetSocketAddress(PropertiesUtil.properties.getProperty("proxy_host"), Integer.parseInt(PropertiesUtil.properties.getProperty("proxy_port"))); Proxy proxy = new Proxy(Proxy.Type.HTTP, isa); Authenticator.setDefault(new MyAuthenticator(PropertiesUtil.properties.getProperty("proxy_user"), PropertiesUtil.properties.getProperty("proxy_password"))); connection = (HttpsURLConnection) url.openConnection(proxy); }else{ connection = (HttpsURLConnection) url.openConnection(); } Date end = new Date(System.currentTimeMillis()); System.out.println("open connection ok at " + end + ",cost:"+ (end.getTime() - current.getTime())); connection.setRequestProperty("Content-Type", "text/xml"); connection.setDoOutput(true); connection.setDoInput(true); connection.setRequestMethod("POST"); connection.setUseCaches(false); connection.setReadTimeout(60 * 1000 * Integer.parseInt(timeOut)); byte data[] = sendData.getBytes(); current = new Date(System.currentTimeMillis()); System.out.println("[SSLIX]notifyEai,begint to write data at " + current); OutputStream out = connection.getOutputStream(); out.write(data); end = new Date(System.currentTimeMillis()); System.out.println("write data ok at " + end + ",cost:" + (end.getTime() - current.getTime())); StringBuffer receivedData = new StringBuffer(); current = new Date(System.currentTimeMillis()); System.out.println("begint to read data at " + current); InputStreamReader inReader = new InputStreamReader(connection.getInputStream(), "UTF-8"); BufferedReader aReader = new BufferedReader(inReader); String aLine; while ((aLine = aReader.readLine()) != null) { receivedData.append(aLine); } end = new Date(System.currentTimeMillis()); System.out.println("read data ok at " + end + ",cost:" + (end.getTime() - current.getTime())); System.out.println("开始返回状态码"); Integer statusCode = connection.getResponseCode(); System.out.println("返回状态码:" + statusCode); aReader.close(); connection.disconnect(); res = receivedData.toString(); return res; } public static class MyAuthenticator extends Authenticator { private String user = ""; private String password = ""; public MyAuthenticator(String user, String password) { this.user = user; this.password = password; } protected PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication(user, password.toCharArray()); } } public static void main(String[] args) throws Exception { System.out.println(ClientSendDataSingle.send("https://localhost:8443/spdbSjptServer", "", "", "5", false, "D:/cert/tbb.jks", "12345678")); } }
双向认证:
import java.io.BufferedReader; import java.io.InputStreamReader; import java.io.OutputStream; import java.net.Authenticator; import java.net.InetSocketAddress; import java.net.Proxy; import java.net.URL; import java.util.Date; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLSession; import com.pf.util.ClientSendDataSingle.MyAuthenticator; /** * * @Description https双向认证 * @author sprinng * */ public class ClientSendDataDouble { /** * * @param sendurl 请求地址 * @param res 返回结果 * @param sendData 参数 * @param timeOut 超时时间(min) * @param useProxy 是否使用代理 * @param trustStorePath 服务器证书路径 * @param trustStorePwd 服务器证书密码 * @param keyStore 客户端证书路径 * @param keyStorePwd 客户端证书密码 * @param keyStoreType 客户端证书类型 如:JKS PKCS12等 * @return * @throws Exception */ public static String send(String sendurl, String res, String sendData, String timeOut, boolean useProxy, String trustStorePath, String trustStorePwd, String keyStore, String keyStorePwd, String keyStoreType) throws Exception { //设置客户端证书 System.setProperty("javax.net.ssl.keyStore", keyStore); System.setProperty("javax.net.ssl.keyStorePassword",keyStorePwd); System.setProperty("javax.net.ssl.keyStoreType", keyStoreType); //设置服务器证书 System.setProperty("javax.net.ssl.trustStore", trustStorePath); System.setProperty("javax.net.ssl.trustStorePassword", trustStorePwd); URL url = new URL(sendurl); HttpsURLConnection connection = null; HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String urlHostName, SSLSession session) { return true; } }; System.setProperty("java.protocol.handler.pkgs","sun.net.www.protocol"); HttpsURLConnection.setDefaultHostnameVerifier(hv); Date current = new Date(System.currentTimeMillis()); System.out.println("begint to open connection at " + current); if(useProxy){//使用代理 InetSocketAddress isa = new InetSocketAddress(PropertiesUtil.properties.getProperty("proxy_host"), Integer.parseInt(PropertiesUtil.properties.getProperty("proxy_port"))); Proxy proxy = new Proxy(Proxy.Type.HTTP, isa); Authenticator.setDefault(new MyAuthenticator(PropertiesUtil.properties.getProperty("proxy_user"), PropertiesUtil.properties.getProperty("proxy_password"))); connection = (HttpsURLConnection) url.openConnection(proxy); }else{ connection = (HttpsURLConnection) url.openConnection(); } Date end = new Date(System.currentTimeMillis()); System.out.println("open connection ok at " + end + ",cost:"+ (end.getTime() - current.getTime())); connection.setRequestProperty("Content-Type", "text/xml"); connection.setDoOutput(true); connection.setDoInput(true); connection.setRequestMethod("POST"); connection.setUseCaches(false); connection.setReadTimeout(30000); byte data[] = sendData.getBytes(); current = new Date(System.currentTimeMillis()); System.out.println("[SSLIX]notifyEai,begint to write data at " + current); OutputStream out = connection.getOutputStream(); out.write(data); end = new Date(System.currentTimeMillis()); System.out.println("write data ok at " + end + ",cost:" + (end.getTime() - current.getTime())); StringBuffer receivedData = new StringBuffer(); current = new Date(System.currentTimeMillis()); System.out.println("begint to read data at " + current); InputStreamReader inReader = new InputStreamReader(connection.getInputStream(), "UTF-8"); BufferedReader aReader = new BufferedReader(inReader); String aLine; while ((aLine = aReader.readLine()) != null) { receivedData.append(aLine); } end = new Date(System.currentTimeMillis()); System.out.println("read data ok at " + end + ",cost:" + (end.getTime() - current.getTime())); System.out.println("开始返回状态码"); Integer statusCode = connection.getResponseCode(); System.out.println("返回状态码:" + statusCode); aReader.close(); connection.disconnect(); return receivedData.toString(); } public static void main(String[] args) throws Exception { System.out.println(ClientSendDataDouble.send("https://localhost:8443/spdbSjptServer/", "", "", "5", false, "D:/cert/tbb.jks", "12345678", "D:/cert/client.p12", "12345678", "PKCS12")); } }
附:
import java.io.IOException; import java.util.Properties; public class PropertiesUtil { public static final Properties properties = new Properties(); static { try { properties.load(PropertiesUtil.class.getClassLoader().getResourceAsStream("config.properties")); } catch (IOException e) { ECommonUtil.getLog().error("初始config配置文件失败"); } } }
相关推荐
java入门项目
随机单双随机单双随机单双随机单双
从老师那里拿来的java语言程序设计(基础篇+进阶篇)课后答案 奇偶数的都有
java 单双链表,不是循环的,大概整理了下。。。。
用于区分文件尾号的单双拷贝的关键代码
随机单双.zip
线性表实现代码(内涵顺序表静态动态分配,循环,单双链表)
Java语言程序设计-原书第10版-编程题答案\复习题答案及源代码
单双精度浮点数与十六进制双向转换工具,单双精度浮点数与十六进制双向转换工具,单双精度浮点数与十六进制双向转换工具
单双(中边)预测单双(中边)预测单双(中单双(中边)预测边)预测单双(中边)预测
单双支节史密斯圆图的程序代码,有需要的可以参考一下
基于元胞自动机的Matlab单双道交通流仿真程序源代码及说明 自己在Matlab里写的 基于元胞自动机原理对单双道交通流进行仿真,有问题请私信,看到就会回复,不过已经好久了现在都不记得了吧LOL
Java网络拓扑图,控件自定义 (管理),控件属性显示,支持单双箭头。拓扑图编辑管理
易语言模块数字单双.rar
自己整理的c语言写的数据结构链表部分的代码,主要包括单双联编的生成,及其操作。
5.博客介绍:热爱科研的Matlab仿真开发者,修心和技术同步精进,matlab项目合作可si信 %% 开发者:Matlab科研助手 %% 更多咨询关注天天Matlab微信公众号 ### 团队长期从事下列领域算法的研究和改进: ### 1 智能...
1.版本:matlab2019a,内含运行结果,不会运行可私信 2.领域:【数字基带信号】 3.内容:基于matlab实现单双极归零码和功率谱仿真.zip 4.适合人群:本科,硕士等教研学习使用
TURN.JS 实现翻书效果(自适应单双页)
说明当在SQL语句中含有字符串时,如何使用单双引号的问题,以及介绍不同方式查询时的单双引号如何使用。
基于PLC 的步进电动机单双轴运动控制的实现doc,基于PLC 的步进电动机单双轴运动控制的实现