1、使用环境变量,最基本的SSLSocket Server
package com.ats.ssl.socket;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
public class Server {
static String delimiter = "=========================================================";
public static void startListen(String keyStorePath, String keyStorePwd, int port) throws IOException {
System.setProperty("javax.net.ssl.keyStore", keyStorePath);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePwd);
SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket sslserversocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(port);
while (true) {
SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
String protocols[] = { "TLSv1" };
// String protocols[] = {"SSLv2Hello","TLSv1","SSLv3"};
// String protocols[] = {"SSLv3"};
sslsocket.setEnabledProtocols(protocols);
DisplaySecurityLevel(sslsocket);
DisplayCertificateInformation(sslsocket);
try {
InputStream inputstream = sslsocket.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
System.out.println(delimiter);
String string = null;
while ((string = bufferedreader.readLine()) != null) {
System.out.println(string);
System.out.flush();
}
System.out.println(delimiter);
} catch (Exception ex) {
ex.printStackTrace();
} finally {
sslsocket.close();
}
}
}
static void DisplaySecurityLevel(SSLSocket sslsocket) {
System.out.println(delimiter);
SSLSession session = sslsocket.getSession();
System.out.println("通讯协议: " + session.getProtocol());
System.out.println("加密方式: "+session.getCipherSuite());
System.out.println(delimiter);
}
static void DisplayCertificateInformation(SSLSocket sslsocket) {
System.out.println(delimiter);
Certificate[] localCertificates = sslsocket.getSession().getLocalCertificates();
if (localCertificates == null || localCertificates.length == 0) {
System.out.println("本地证书为空");
} else {
Certificate cert = localCertificates[0];
System.out.println("本地证书类型: " + cert.getType());
if (cert.getType().equals("X.509")) {
X509Certificate x509 = (X509Certificate) cert;
System.out.println("本地证书签发者: " + x509.getIssuerDN());
System.out.println("本地证书有效期: " + x509.getNotBefore() + "至" + x509.getNotAfter());
}
}
try {
Certificate[] peerCertificates = sslsocket.getSession().getPeerCertificates();
if (peerCertificates == null || peerCertificates.length == 0) {
System.out.println("远程证书为空");
} else {
Certificate cert = peerCertificates[0];
System.out.println("远程证书类型: " + cert.getType());
if (cert.getType().equals("X.509")) {
X509Certificate x509 = (X509Certificate) cert;
System.out.println("远程证书签发者: " + x509.getIssuerDN());
System.out.println("远程证书有效期: " + x509.getNotBefore() + "至" + x509.getNotAfter());
}
}
} catch (SSLPeerUnverifiedException e) {
// e.printStackTrace();
System.out.println("远程证书为空");
}
System.out.println(delimiter);
}
public static void main(String[] arstring) {
try {
URL url = Server.class.getClassLoader().getResource("myKeyStore.jks");
String jks = url.getFile();
startListen(jks, "sslTestPwd", 9999);
} catch (Exception exception) {
exception.printStackTrace();
}
}
}
2、相应的,使用环境变量进行设置的,SSLSocket Client
package com.ats.ssl.socket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.*;
import java.net.URL;
public class Client {
public static void connectAndSend(String trustStorePath,
String trustStorePwd, String ip, int port, String msg)
throws IOException {
System.setProperty("javax.net.ssl.trustStore", trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePwd);
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory
.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(
"localhost", 9999);
//String protocols[] = {"TLSv1"};
String protocols[] = {"SSLv2Hello","TLSv1","SSLv3"};
//String protocols[] = {"SSLv3"};
sslsocket.setEnabledProtocols(protocols);
try {
OutputStream outputstream = sslsocket.getOutputStream();
OutputStreamWriter outputstreamwriter = new OutputStreamWriter(
outputstream);
BufferedWriter bufferedwriter = new BufferedWriter(
outputstreamwriter);
bufferedwriter.write(msg);
bufferedwriter.flush();
} catch (Exception ex) {
ex.printStackTrace();
} finally {
sslsocket.close();
}
}
public static void main(String[] arstring) {
try {
URL url = Server.class.getClassLoader().getResource(
"myTrustStore.jks");
String jks = url.getFile();
connectAndSend(jks, "sslTestPwd", "127.0.0.1", 9999,
"This msg is from Java SSL Client :)");
} catch (Exception exception) {
exception.printStackTrace();
}
}
}