1、首先准备一个p12格式的服务端证书
无论是购买,还是用openssl或java keytool生成自签名证书都可以
2、在IIS7的根目录,选中“安全性->根目录证书”,选择“导入”即可
3、如果显示证书链有问题,则在IE中导入CA证书就好了
4、在需要HTTPS的网站上,选择“绑定”,绑定类型为https,选择需要的证书
5、在客户端的IE中,导入CA证书就好了
Category Archives: Deployment
Java Https Soap Client(Axis2)
1、SoapClient
package com.neohope;
import java.net.URL;
import java.rmi.RemoteException;
public class SoapClientTest {
public static void HelloHttp(String url) throws RemoteException
{
HelloStub h = new HelloStub(url);
com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
hello.setName("Java http client");
com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
System.out.println(rsp.getHelloWorldResult());
}
public static void HelloHttps(String url,String trustStorePath,String trustStorePwd) throws RemoteException
{
URL jksurl = SoapClientTest.class.getClassLoader().getResource(
"myTrustStore.jks");
String jks = jksurl.getFile();
System.setProperty("javax.net.ssl.trustStore", jks);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePwd);
HelloStub h = new HelloStub(url);
com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
hello.setName("Java https client");
com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
System.out.println(rsp.getHelloWorldResult());
}
public static void main(String[] args) throws RemoteException
{
//HelloHttp("http://localhost:80/Hello.asmx");
HelloHttps("https://localhost:443/Hello.asmx","myTrustStore.jks","sslTestPwd");
}
}
2、SoapClientWithContextTest
package com.neohope;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.rmi.RemoteException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
public class SoapClientWithContextTest {
public static void HelloHttp(String url) throws RemoteException
{
HelloStub h = new HelloStub(url);
com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
hello.setName("Java http client");
com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
System.out.println(rsp.getHelloWorldResult());
}
public static void HelloHttps(String url,String trustStorePath,String trustStorePwd) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, FileNotFoundException, IOException
{
URL jksurl = SoapClientTest.class.getClassLoader().getResource(
"myTrustStore.jks");
String jks = jksurl.getFile();
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(jks), trustStorePwd.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
trustManagerFactory.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLSv1");
//SSLContext sslContext = SSLContext.getInstance("SSLv3");
sslContext.init(new KeyManager[0], trustManagerFactory.getTrustManagers(), null);
SSLContext.setDefault(sslContext);
HelloStub h = new HelloStub(url);
com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
hello.setName("Java https client");
com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
System.out.println(rsp.getHelloWorldResult());
}
public static void main(String[] args) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException
{
//HelloHttp("http://localhost:80/Hello.asmx");
HelloHttps("https://localhost:443/Hello.asmx","myTrustStore.jks","sslTestPwd");
}
}
3、SoapClientWithTrustManagerTest
可以绕过证书检查
package com.neohope;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.rmi.RemoteException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class SoapClientWithTrustManagerTest {
public static void HelloHttp(String url) throws RemoteException
{
HelloStub h = new HelloStub(url);
com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
hello.setName("Java http client");
com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
System.out.println(rsp.getHelloWorldResult());
}
public static void HelloHttps(String url,String trustStorePath,String trustStorePwd) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, FileNotFoundException, IOException
{
SSLContext sslContext = SSLContext.getInstance("TLSv1");
//SSLContext sslContext = SSLContext.getInstance("SSLv3");
sslContext.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager() }, new SecureRandom());
SSLContext.setDefault(sslContext);
HelloStub h = new HelloStub(url);
com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
hello.setName("Java https client");
com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
System.out.println(rsp.getHelloWorldResult());
}
private static class DefaultTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
public static void main(String[] args) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException
{
//HelloHttp("http://localhost:80/Hello.asmx");
HelloHttps("https://localhost:443/Hello.asmx","myTrustStore.jks","sslTestPwd");
}
}
SSLSocket Java Part4
1、证书生成
generateKey.bat
Set Path=%JAVA_HOME%\bin;%PATH% #生成私钥 keytool -validity 10000 -genkey -alias sslTestKey -keystore myKeyStore.jks -keypass sslTestPwd -storepass sslTestPwd -dname "CN=AtlasTiger, OU=AtlasTiger, O=AtlasTiger, L=ShangHai, ST=ShangHai, C=CN" pause
2、导出公钥证书Cert
exportCert.bat
Set Path=%JAVA_HOME%\bin;%PATH% #导出证书 keytool -export -keystore myKeyStore.jks -storepass sslTestPwd -keypass sslTestPwd -alias sslTestKey -file myKeyStore.crt pause
3、导出TurstStore
exportTrustSotre.bat
Set Path=%JAVA_HOME%\bin;%PATH% #导入证书生成TurstStore keytool -import -file myKeyStore.crt -alias sslTestKey -keystore myTrustStore.jks -keypass sslTestPwd -storepass sslTestPwd pause
4、导出私钥P12格式
exportP12.bat
Set Path=%JAVA_HOME%\bin;%PATH% keytool -importkeystore -srckeystore myKeyStore.jks -destkeystore myKeyStore.p12 -deststoretype PKCS12 -srcstorepass password -deststorepass password pause
SSLSocket C# Part1
1、SSLSocket Server
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Net;
using System.Net.Sockets;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
namespace SSLSocket
{
class SSLSocketServer
{
static X509Certificate serverCertificate = null;
static String delimiter = "=========================================================";
public static void RunServer(String ip,int port,String p12Path)
{
serverCertificate = new X509Certificate2(p12Path, "sslTestPwd");
TcpListener listener = new TcpListener(IPAddress.Parse(ip), port);
listener.Start();
while (true)
{
try
{
TcpClient client = listener.AcceptTcpClient();
ProcessClient(client);
}
catch(Exception ex)
{
Console.WriteLine(ex);
}
}
}
static void ProcessClient(TcpClient client)
{
SslStream sslStream = new SslStream(client.GetStream(), false);
try
{
//sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls | SslProtocols.Ssl2 | SslProtocols.Ssl3 | SslProtocols.None, true);
sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Ssl2 | SslProtocols.Ssl3, true);
DisplaySecurityLevel(sslStream);
DisplayCertificateInformation(sslStream);
sslStream.ReadTimeout = 5000;
sslStream.WriteTimeout = 5000;
string messageData = ReadMessage(sslStream);
Console.WriteLine(delimiter);
Console.WriteLine("收到信息: {0}", messageData);
Console.WriteLine(delimiter);
//byte[] message = Encoding.UTF8.GetBytes("Hello from the server.");
//Console.WriteLine("Sending hello message.");
//sslStream.Write(message);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine("Authentication failed - closing the connection.");
sslStream.Close();
client.Close();
return;
}
finally
{
sslStream.Close();
client.Close();
}
}
static string ReadMessage(SslStream sslStream)
{
byte[] buffer = new byte[2048];
StringBuilder messageData = new StringBuilder();
int bytes = -1;
do
{
bytes = sslStream.Read(buffer, 0, buffer.Length);
Decoder decoder = Encoding.UTF8.GetDecoder();
char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)];
decoder.GetChars(buffer, 0, bytes, chars, 0);
messageData.Append(chars);
if (messageData.ToString().IndexOf("") != -1)
{
break;
}
}
while (bytes != 0);
return messageData.ToString();
}
static void DisplaySecurityLevel(SslStream stream)
{
Console.WriteLine(delimiter);
Console.WriteLine("通讯协议: {0}", stream.SslProtocol);
Console.WriteLine("加密算法: {0} strength {1}", stream.CipherAlgorithm, stream.CipherStrength);
Console.WriteLine("哈希算法: {0} strength {1}", stream.HashAlgorithm, stream.HashStrength);
Console.WriteLine("密钥交换算法: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);
Console.WriteLine(delimiter);
}
static void DisplayCertificateInformation(SslStream stream)
{
Console.WriteLine(delimiter);
Console.WriteLine("证书吊销列表检查: {0}", stream.CheckCertRevocationStatus);
X509Certificate localCertificate = stream.LocalCertificate;
if (stream.LocalCertificate != null)
{
Console.WriteLine("本地证书签发者: {0}", localCertificate.Subject);
Console.WriteLine("本地证书有效期: {0}~{1}", localCertificate.GetEffectiveDateString(),
localCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("本地证书为空");
}
X509Certificate remoteCertificate = stream.RemoteCertificate;
if (stream.RemoteCertificate != null)
{
Console.WriteLine("远程证书签发者: {0}", remoteCertificate.Subject);
Console.WriteLine("远程证书有效期: {0}至{1}", remoteCertificate.GetEffectiveDateString(),
remoteCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("远程证书为空");
}
Console.WriteLine(delimiter);
}
}
}
2、SSLSocket Client
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Net;
using System.Net.Sockets;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
namespace SSLSocketClient
{
class SSLSocketClient
{
//回调函数验证证书
public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
return true;
}
if (sslPolicyErrors == SslPolicyErrors.RemoteCertificateNameMismatch || sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors)
{
return true;
}
return false;
}
public static void SendMessage(string ip, int port,String certPath, String msg)
{
TcpClient client = new TcpClient(ip, port);
SslStream sslStream = new SslStream(client.GetStream(),
false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
X509CertificateCollection certs = new X509CertificateCollection();
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);
certs.Add(cert);
try
{
sslStream.AuthenticateAsClient("AtlasTiger", certs, SslProtocols.Tls, false);
//sslStream.AuthenticateAsClient("AtlasTiger", certs, SslProtocols.Ssl3, false);
//sslStream.AuthenticateAsClient("AtlasTiger", certs, SslProtocols.Ssl2, false);
//sslStream.AuthenticateAsClient("AtlasTiger", certs, SslProtocols.None, false);
}
catch (AuthenticationException e)
{
Console.WriteLine("Authentication failed : " + e);
client.Close();
return;
}
byte[] messsage = Encoding.UTF8.GetBytes(msg);
sslStream.Write(messsage);
sslStream.Flush();
client.Close();
}
}
}
SSLSocket Java Part3
1、SSLSocket Client绕过证书检查
package com.ats.ssl.socket;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class ClientWithTrustManager {
public static void connectAndSend(String trustStorePath,
String trustStorePwd, String ip, int port, String msg) throws IOException, NoSuchAlgorithmException, KeyManagementException{
SSLContext sslContext = SSLContext.getInstance("TLS");
//SSLContext sslContext = SSLContext.getInstance("SSLv3");
sslContext.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager() }, new SecureRandom());
SSLContext.setDefault(sslContext);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
SSLSocket sslsocket = (SSLSocket) sslSocketFactory.createSocket(
"localhost", 9999);
try {
OutputStream outputstream = sslsocket.getOutputStream();
OutputStreamWriter outputstreamwriter = new OutputStreamWriter(
outputstream);
BufferedWriter bufferedwriter = new BufferedWriter(
outputstreamwriter);
bufferedwriter.write(msg);
bufferedwriter.flush();
} catch (Exception ex) {
ex.printStackTrace();
} finally {
sslsocket.close();
}
}
private static class DefaultTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
public static void main(String[] args) throws Exception {
try {
URL url = Server.class.getClassLoader().getResource(
"myTrustStore.jks");
String jks = url.getFile();
connectAndSend(jks, "sslTestPwd", "127.0.0.1", 9999,
"This msg is from Java SSL Client :)");
} catch (Exception exception) {
exception.printStackTrace();
}
}
}
SSLSocket Java Part2
1、SSLSocket Java Server使用SSLContext
package com.ats.ssl.socket;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public class ServerWithContext {
static String delimiter = "=========================================================";
public static void startListen(String keyStorePath, String keyStorePwd, int port) throws IOException, KeyStoreException, NoSuchAlgorithmException,
CertificateException, UnrecoverableKeyException, KeyManagementException {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(keyStorePath), keyStorePwd.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, keyStorePwd.toCharArray());
//SSLContext sslContext = SSLContext.getInstance("TLSv1");
SSLContext sslContext = SSLContext.getInstance("SSLv3");
sslContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[0], null);
SSLServerSocketFactory sslserversocketfactory = sslContext.getServerSocketFactory();
SSLServerSocket sslserversocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(port);
while (true) {
SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
DisplaySecurityLevel(sslsocket);
DisplayCertificateInformation(sslsocket);
try {
InputStream inputstream = sslsocket.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
System.out.println(delimiter);
String string = null;
while ((string = bufferedreader.readLine()) != null) {
System.out.println(string);
System.out.flush();
}
System.out.println(delimiter);
} catch (Exception ex) {
ex.printStackTrace();
} finally {
sslsocket.close();
}
}
}
static void DisplaySecurityLevel(SSLSocket sslsocket) {
System.out.println(delimiter);
SSLSession session = sslsocket.getSession();
System.out.println("通讯协议: " + session.getProtocol());
System.out.println("加密方式: " + session.getCipherSuite());
System.out.println(delimiter);
}
static void DisplayCertificateInformation(SSLSocket sslsocket) {
System.out.println(delimiter);
Certificate[] localCertificates = sslsocket.getSession().getLocalCertificates();
if (localCertificates == null || localCertificates.length == 0) {
System.out.println("本地证书为空");
} else {
Certificate cert = localCertificates[0];
System.out.println("本地证书类型: " + cert.getType());
if (cert.getType().equals("X.509")) {
X509Certificate x509 = (X509Certificate) cert;
System.out.println("本地证书签发者: " + x509.getIssuerDN());
System.out.println("本地证书有效期: " + x509.getNotBefore() + "至" + x509.getNotAfter());
}
}
try {
Certificate[] peerCertificates = sslsocket.getSession().getPeerCertificates();
if (peerCertificates == null || peerCertificates.length == 0) {
System.out.println("远程证书为空");
} else {
Certificate cert = peerCertificates[0];
System.out.println("远程证书类型: " + cert.getType());
if (cert.getType().equals("X.509")) {
X509Certificate x509 = (X509Certificate) cert;
System.out.println("远程证书签发者: " + x509.getIssuerDN());
System.out.println("远程证书有效期: " + x509.getNotBefore() + "至" + x509.getNotAfter());
}
}
} catch (SSLPeerUnverifiedException e) {
// e.printStackTrace();
System.out.println("远程证书为空");
}
System.out.println(delimiter);
}
public static void main(String[] arstring) {
try {
URL url = ServerWithContext.class.getClassLoader().getResource("myKeyStore.jks");
String jks = url.getFile();
startListen(jks, "sslTestPwd", 9999);
} catch (Exception exception) {
exception.printStackTrace();
}
}
}
2、SSLSocket Java Client使用SSLContext
package com.ats.ssl.socket;
import java.io.BufferedWriter;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
public class ClientWithContext {
public static void connectAndSend(String trustStorePath,
String trustStorePwd, String ip, int port, String msg) throws IOException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, UnrecoverableKeyException{
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(trustStorePath), trustStorePwd.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
trustManagerFactory.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLSv1");
//SSLContext sslContext = SSLContext.getInstance("SSLv3");
sslContext.init(new KeyManager[0], trustManagerFactory.getTrustManagers(), null);
SSLContext.setDefault(sslContext);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
SSLSocket sslsocket = (SSLSocket) sslSocketFactory.createSocket(
"localhost", 9999);
try {
OutputStream outputstream = sslsocket.getOutputStream();
OutputStreamWriter outputstreamwriter = new OutputStreamWriter(
outputstream);
BufferedWriter bufferedwriter = new BufferedWriter(
outputstreamwriter);
bufferedwriter.write(msg);
bufferedwriter.flush();
} catch (Exception ex) {
ex.printStackTrace();
} finally {
sslsocket.close();
}
}
public static void main(String[] args) throws Exception {
try {
URL url = Server.class.getClassLoader().getResource(
"myTrustStore.jks");
String jks = url.getFile();
connectAndSend(jks, "sslTestPwd", "127.0.0.1", 9999,
"This msg is from Java SSL Client :)");
} catch (Exception exception) {
exception.printStackTrace();
}
}
}
SSLSocket Java Part1
1、使用环境变量,最基本的SSLSocket Server
package com.ats.ssl.socket;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
public class Server {
static String delimiter = "=========================================================";
public static void startListen(String keyStorePath, String keyStorePwd, int port) throws IOException {
System.setProperty("javax.net.ssl.keyStore", keyStorePath);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePwd);
SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket sslserversocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(port);
while (true) {
SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
String protocols[] = { "TLSv1" };
// String protocols[] = {"SSLv2Hello","TLSv1","SSLv3"};
// String protocols[] = {"SSLv3"};
sslsocket.setEnabledProtocols(protocols);
DisplaySecurityLevel(sslsocket);
DisplayCertificateInformation(sslsocket);
try {
InputStream inputstream = sslsocket.getInputStream();
InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
BufferedReader bufferedreader = new BufferedReader(inputstreamreader);
System.out.println(delimiter);
String string = null;
while ((string = bufferedreader.readLine()) != null) {
System.out.println(string);
System.out.flush();
}
System.out.println(delimiter);
} catch (Exception ex) {
ex.printStackTrace();
} finally {
sslsocket.close();
}
}
}
static void DisplaySecurityLevel(SSLSocket sslsocket) {
System.out.println(delimiter);
SSLSession session = sslsocket.getSession();
System.out.println("通讯协议: " + session.getProtocol());
System.out.println("加密方式: "+session.getCipherSuite());
System.out.println(delimiter);
}
static void DisplayCertificateInformation(SSLSocket sslsocket) {
System.out.println(delimiter);
Certificate[] localCertificates = sslsocket.getSession().getLocalCertificates();
if (localCertificates == null || localCertificates.length == 0) {
System.out.println("本地证书为空");
} else {
Certificate cert = localCertificates[0];
System.out.println("本地证书类型: " + cert.getType());
if (cert.getType().equals("X.509")) {
X509Certificate x509 = (X509Certificate) cert;
System.out.println("本地证书签发者: " + x509.getIssuerDN());
System.out.println("本地证书有效期: " + x509.getNotBefore() + "至" + x509.getNotAfter());
}
}
try {
Certificate[] peerCertificates = sslsocket.getSession().getPeerCertificates();
if (peerCertificates == null || peerCertificates.length == 0) {
System.out.println("远程证书为空");
} else {
Certificate cert = peerCertificates[0];
System.out.println("远程证书类型: " + cert.getType());
if (cert.getType().equals("X.509")) {
X509Certificate x509 = (X509Certificate) cert;
System.out.println("远程证书签发者: " + x509.getIssuerDN());
System.out.println("远程证书有效期: " + x509.getNotBefore() + "至" + x509.getNotAfter());
}
}
} catch (SSLPeerUnverifiedException e) {
// e.printStackTrace();
System.out.println("远程证书为空");
}
System.out.println(delimiter);
}
public static void main(String[] arstring) {
try {
URL url = Server.class.getClassLoader().getResource("myKeyStore.jks");
String jks = url.getFile();
startListen(jks, "sslTestPwd", 9999);
} catch (Exception exception) {
exception.printStackTrace();
}
}
}
2、相应的,使用环境变量进行设置的,SSLSocket Client
package com.ats.ssl.socket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.*;
import java.net.URL;
public class Client {
public static void connectAndSend(String trustStorePath,
String trustStorePwd, String ip, int port, String msg)
throws IOException {
System.setProperty("javax.net.ssl.trustStore", trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePwd);
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory
.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(
"localhost", 9999);
//String protocols[] = {"TLSv1"};
String protocols[] = {"SSLv2Hello","TLSv1","SSLv3"};
//String protocols[] = {"SSLv3"};
sslsocket.setEnabledProtocols(protocols);
try {
OutputStream outputstream = sslsocket.getOutputStream();
OutputStreamWriter outputstreamwriter = new OutputStreamWriter(
outputstream);
BufferedWriter bufferedwriter = new BufferedWriter(
outputstreamwriter);
bufferedwriter.write(msg);
bufferedwriter.flush();
} catch (Exception ex) {
ex.printStackTrace();
} finally {
sslsocket.close();
}
}
public static void main(String[] arstring) {
try {
URL url = Server.class.getClassLoader().getResource(
"myTrustStore.jks");
String jks = url.getFile();
connectAndSend(jks, "sslTestPwd", "127.0.0.1", 9999,
"This msg is from Java SSL Client :)");
} catch (Exception exception) {
exception.printStackTrace();
}
}
}
CMD常用命令13卸载VirtualBox扩展包
1、产看扩展包
VBoxManage list extpacks
2、卸载扩展包
VBoxManage extpack uninstall "Oracle VM VirtualBox Extension Pack"
3、安装扩展包
VBoxManage extpack install "PATH_TO_EXTENSION_PACK"
Tomcat如何编译JSP
以Tomcat为例,说明一下容器如何编译JSP
1.1 命令行方式
java -classpath %CLASS_PATH% org.apache.jasper.JspC -uriroot PATH_TO_WEB\website\ -d PATH_TO_WEB\website\WEB-INF\jspclasses -p com.neohope.pages -c hello -javaEncoding UTF-8 -compile PATH_TO_WEB\website\jsp\hello.jsp
上面的命令行是,将website项目中jsp\hello.jsp文件,生成对应的java文件,文件输出路径为WEB-INF\jspclasses,类包名为com.neohope.pages,类名hello,编码为UTF-8
1.2 Java代码方式
package com.neohope.jsp.complier;
import org.apache.jasper.JspC;
public class MyComplier {
public static void main(String args[]) {
try {
JspC jspc = new JspC();
jspc.setUriroot("PATH_TO_WEB\\JSP\\JSPComplier\\website");
jspc.setJspFiles("PATH_TO_WEB\\JSP\\JSPComplier\\website\\jsp\\hello.jsp");
jspc.setOutputDir("PATH_TO_WEB\\JSP\\JSPComplier\\website\\WEB-INF\\jspclasses");
jspc.setPackage("com.neohope.pages");
jspc.setClassName("hello");
jspc.setJavaEncoding("UTF-8");
jspc.setCompile(true);
jspc.execute();
System.out.println("job done!");
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
代码地址:
JSPComplierSample
修复GPT分区表
说起gpt来,就一把鼻涕一把泪的,因为工作原因,需要在windows进行开发,
没办法在mac book pro里安了个win7,后来为了方便,在mac下安了ntfs的读写驱动,
悲剧发生了,某天开机进入mac,很久没反应,强制重启后,windows分区已经挂掉了。
于是重装,用win7的光盘进行的分区,后来用第三方分区工具调整了下,ntfs不负众望,又挂了
好吧~~,又重装了一次
一波三折,终于稳定了。
但mac下,却认不到ntfs分区,一直认为是mac下ntfs驱动的问题,尝试过一些解决方案,都不行。
今天发现,mac下分区大小和win7下分区大小不一样,mac下的分区大小,仍是我在win7下调整前的状态
懂了,明显是gpt分区表错了啊。
网上找了一堆工具,还差点用gpt把hybrid MBR给覆盖了,晕。
最后,用gdisk终于搞定了,修改gpt的神器啊。
http://sourceforge.net/projects/gptfdisk/files/gptfdisk/0.8.5/
http://www.rodsbooks.com/gdisk/walkthrough.html
sudo进入gdisk后,选用/dev/disk0,然后用v命令进行校验,
gdisk发警告,mbr里有两个分区在gpt中不存在,
进入expert模式,用p和o命令打印gpt和mbr分区信息,发现真的对不上,
把分区表记录好,gpt备份好。
然后将gpt中错误的两个分区删掉,再根据mbr里的数据,重新建立两个分区,
再用v命令校验,没有问题,
保持修改,重启,终于搞定了。
注意:
我的情况是,在mac分区表错误,而win7下分区表正确,这说明是gpt错了,而hybrid MBR是对的。
而如果是相反的情况,就要根据gpt重新编辑mbr,这样的工具很多,貌似在mac,win,linux共存的时候发生的几率会比较高。
对硬盘分区表的修改,是很危险的工作,一定要备份数据,备份分区表,将风险尽量降低。