Category Archives: Java

JNI简单例子2

Posted on by No Comments ↓

最近又用jni写了一个编码工具,从中抽出了最简单的代码,如下:

1、Compress4j.java

package com.neohope.test.compress.jni;

/**
 *
 * @author Hansen
 */
public class Compress4j {
    private native int encodeR(String inFilePath,String outFilePaht);
    private native int decodeR(String inFilePath,String outFilePaht);
    
    static{
        try{
            System.loadLibrary("compress4j");
        }catch(UnsatisfiedLinkError e){
            //nothing to do
            System.out.println("Error: Couldn't load compress4j");
            System.out.println(e.getMessage());
            e.printStackTrace();
        }
    }
    
    public String encode(String inFilePath,String outFilePath)
    {
        encodeR(inFilePath, outFilePath);
        return "xxxxx";
    }
    
    public String decode(String inFilePath,String outFilePath)
    {
        decodeR(inFilePath, outFilePath);
        return "xxxxx";
    }
}

2、找到生成的classes文件夹,运行命令行:

javah -classpath . -jni com.neohope.test.compress.jni.Compress4j

3、生成的.h文件如下

/* DO NOT EDIT THIS FILE - it is machine generated */
#include <jni.h>
/* Header for class com_neohoe_test_compress_jni_Compress4j */

#ifndef _Included_com_neohoe_test_compress_jni_Compress4j
#define _Included_com_neohoe_test_compress_jni_Compress4j
#ifdef __cplusplus
extern "C" {
#endif
/*
 * Class:     com_neohoe_test_compress_jni_Compress4j
 * Method:    encodeR
 * Signature: (Ljava/lang/String;Ljava/lang/String;)I
 */
JNIEXPORT jint JNICALL Java_com_neohoe_test_compress_jni_Compress4j_encodeR
  (JNIEnv *, jobject, jstring, jstring);

/*
 * Class:     com_neohoe_test_compress_jni_Compress4j
 * Method:    decodeR
 * Signature: (Ljava/lang/String;Ljava/lang/String;)I
 */
JNIEXPORT jint JNICALL Java_com_neohoe_test_compress_jni_Compress4j_decodeR
  (JNIEnv *, jobject, jstring, jstring);

#ifdef __cplusplus
}
#endif
#endif

3、编写成的.cc文件如下

#include "com_neohoe_test_compress_jni_Compress4j.h"

JNIEXPORT jint JNICALL Java_com_neohoe_test_compress_jni_Compress4j_encodeR
  (JNIEnv *env, jobject, jstring inpathjs, jstring outpathjs)
{
    //first convert jstring to const char*
    const char* inpath = env->GetStringUTFChars( inpathjs, false);
    const char* outpath = env->GetStringUTFChars( outpathjs, false);

    //...

    return 0;
}

JNIEXPORT jint JNICALL Java_com_neohoe_test_compress_jni_Compress4j_decodeR
  (JNIEnv *env, jobject, jstring inpathjs, jstring outpathjs)
{
    //first convert jstring to const char*
    const char* inpath = env->GetStringUTFChars( inpathjs, false);
    const char* outpath = env->GetStringUTFChars( outpathjs, false);

    //...

    return 0;
}

4、在VS工程中,新增头文件目录
%JAVA_HOME%/include
%JAVA_HOME%/include/win32

5、编译为dll即可使用啦

6、关于mt和md的问题
编译为MT和MTd的话,用JNI是没有任何问题的
编译为MD的话,需要安装VC2010sp1可再发行包
编译为MDd的话,就比较麻烦了,手动复制依赖的dll后,我用c++调用dll可以成功,但用jni就一直提示:缺少依赖的dll

Java摘要算法

Posted on by No Comments ↓ 
package com.neohope.utils;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

public class NDigest
{
	/**
	 * Bytes to Hex String
	 * 
	 * @param hexBytes
	 * 
	 * @return hex string
	 */
	private static String bytesToHexString(byte[] hexBytes)
	{
		StringBuffer buf = new StringBuffer();

		for (int i = 0; i < hexBytes.length; i++)
		{
			if ((hexBytes[i] & 0xff) < 0x10)
			{
				buf.append("0");
			}

			buf.append(Long.toString(hexBytes[i] & 0xff, 16));
		}

		return buf.toString();
	}

	/**
	 * calc MD5 for string
	 * 
	 * @param textIn
	 * 
	 * @return md5 digest string
	 * @throws NoSuchAlgorithmException
	 */
	public static String MD5Digest(String textIn)
			throws NoSuchAlgorithmException
	{
		byte[] textData = textIn.getBytes();

		MessageDigest md = null;
		md = MessageDigest.getInstance("MD5");
		md.reset();
		md.update(textData);

		byte[] encodedData = md.digest();
		return bytesToHexString(encodedData);
	}

	/**
	 * calc SHA1 for string
	 * 
	 * @param textIn
	 * 
	 * @return sha1 digest string
	 * @throws NoSuchAlgorithmException
	 */
	public static String SHA1Digest(String textIn)
			throws NoSuchAlgorithmException
	{
		byte[] textData = textIn.getBytes();

		MessageDigest md = null;
		md = MessageDigest.getInstance("SHA1");
		md.reset();
		md.update(textData);

		byte[] encodedData = md.digest();
		return bytesToHexString(encodedData);
	}

	/**
	 * Encode a string using Base64 encoding.
	 * 
	 * @param textIn
	 * @return String
	 */
	public static String base64Encode(String textIn)
	{
		sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder();
		return encoder.encodeBuffer(textIn.getBytes()).trim();
	}

	/**
	 * Decode a string using Base64 encoding.
	 * 
	 * @param textIn
	 * @return String
	 * @throws IOException
	 */
	public static String decodeString(String textIn) throws IOException
	{
		sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
		return new String(dec.decodeBuffer(textIn));
	}

	/**
	 * 使用 HMAC-SHA-1 签名方法对对textIn进行摘要
	 * 
	 * @param textIn
	 * @param keyIn
	 * @return
	 * @throws Exception
	 */
	public static String HmacSHA1Digest(String textIn, String keyIn)
			throws Exception
	{
		final String MAC_NAME = "HmacSHA1";
		final String ENCODING = "UTF-8";

		byte[] keyData = keyIn.getBytes(ENCODING);
		SecretKey secretKey = new SecretKeySpec(keyData, MAC_NAME);
		Mac mac = Mac.getInstance(MAC_NAME);
		mac.init(secretKey);

		byte[] textData = textIn.getBytes(ENCODING);
		byte[] encodedData = mac.doFinal(textData);

		return bytesToHexString(encodedData);
	}

	// 我就是那个测试函数。。。
	public static void main(String args[]) throws Exception
	{
		String key = "Y9zTQxRvxwrHOi45OoKNnIoxboerNqt3";
		String text = "Good good study, day day up.";
		String hmacSHA1 = HmacSHA1Digest(text, key );
		String base64 = base64Encode(hmacSHA1);
		System.out.println(hmacSHA1 );
		System.out.println(cbase64);
	}
}

Java Https Soap Server(Tomcat-Axis2)

Posted on by No Comments ↓

1、%Tomcat%/server/server.xml
找到下面一段:

<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
-->

替换为:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"  
	    maxThreads="150" scheme="https"  secure="true"
	    clientAuth="false" sslProtocol="TLS"
	    disableUploadTimeout="true" enableLookups="false"
	    keystoreFile="D:/JavaContainer/apache-tomcat-6.0.35-x86/myKeyStore.jks"
	    keystorePass="sslTestPwd"
/>

这样,就可以用https://127.0.0.1:8443访问Tomcat了。

2、在需要使用https项目的axis2.xml文件中,增加下面内容

        <!--修改-->
	<transportReceiver name="http"
		class="org.apache.axis2.transport.http.AxisServletListener">
		<parameter name="port">8080</parameter>
	</transportReceiver>
        <!--新增-->
	<transportReceiver name="https"
		class="org.apache.axis2.transport.http.AxisServletListener">
		<parameter name="port">8443</parameter>
	</transportReceiver>

这样,该WebService就可以使用https进行访问了:)

Java Https Soap Client(Axis2)

Posted on by No Comments ↓

1、SoapClient

package com.neohope;

import java.net.URL;
import java.rmi.RemoteException;

public class SoapClientTest {
	
	public static void HelloHttp(String url) throws RemoteException
	{
		HelloStub h = new HelloStub(url);
		com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
		hello.setName("Java http client");
		com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
		System.out.println(rsp.getHelloWorldResult());
	}
	
	public static void HelloHttps(String url,String trustStorePath,String trustStorePwd) throws RemoteException
	{
		URL jksurl = SoapClientTest.class.getClassLoader().getResource(
				"myTrustStore.jks");
		String jks = jksurl.getFile();
		System.setProperty("javax.net.ssl.trustStore", jks);
		System.setProperty("javax.net.ssl.trustStorePassword", trustStorePwd);
		
		HelloStub h = new HelloStub(url);
		com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
		hello.setName("Java https client");
		com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
		System.out.println(rsp.getHelloWorldResult());
	}
	
	
	public static void main(String[] args) throws RemoteException
	{
		//HelloHttp("http://localhost:80/Hello.asmx");
		HelloHttps("https://localhost:443/Hello.asmx","myTrustStore.jks","sslTestPwd");
	}
}

2、SoapClientWithContextTest

package com.neohope;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.rmi.RemoteException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;

import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

public class SoapClientWithContextTest {
	
	public static void HelloHttp(String url) throws RemoteException
	{
		HelloStub h = new HelloStub(url);
		com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
		hello.setName("Java http client");
		com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
		System.out.println(rsp.getHelloWorldResult());
	}
	
	public static void HelloHttps(String url,String trustStorePath,String trustStorePwd) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, FileNotFoundException, IOException
	{
		URL jksurl = SoapClientTest.class.getClassLoader().getResource(
				"myTrustStore.jks");
		String jks = jksurl.getFile();
		
		KeyStore trustStore = KeyStore.getInstance("JKS");
		trustStore.load(new FileInputStream(jks), trustStorePwd.toCharArray());
		TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
		trustManagerFactory.init(trustStore);
        
		SSLContext sslContext = SSLContext.getInstance("TLSv1");
		//SSLContext sslContext = SSLContext.getInstance("SSLv3");
		
		sslContext.init(new KeyManager[0], trustManagerFactory.getTrustManagers(), null);
		SSLContext.setDefault(sslContext);
		
		HelloStub h = new HelloStub(url);
		com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
		hello.setName("Java https client");
		com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
		System.out.println(rsp.getHelloWorldResult());
	}
	
	
	public static void main(String[] args) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException
	{
		//HelloHttp("http://localhost:80/Hello.asmx");
		HelloHttps("https://localhost:443/Hello.asmx","myTrustStore.jks","sslTestPwd");
	}
}

3、SoapClientWithTrustManagerTest
可以绕过证书检查

package com.neohope;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.rmi.RemoteException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class SoapClientWithTrustManagerTest {
	
	public static void HelloHttp(String url) throws RemoteException
	{
		HelloStub h = new HelloStub(url);
		com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
		hello.setName("Java http client");
		com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
		System.out.println(rsp.getHelloWorldResult());
	}
	
	public static void HelloHttps(String url,String trustStorePath,String trustStorePwd) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, FileNotFoundException, IOException
	{        
		SSLContext sslContext = SSLContext.getInstance("TLSv1");
		//SSLContext sslContext = SSLContext.getInstance("SSLv3");
		
		sslContext.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager() }, new SecureRandom());
		SSLContext.setDefault(sslContext);
		
		HelloStub h = new HelloStub(url);
		com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
		hello.setName("Java https client");
		com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
		System.out.println(rsp.getHelloWorldResult());
	}
	
	private static class DefaultTrustManager implements X509TrustManager {

		@Override
		public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
		}

		@Override
		public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
		}

		@Override
		public X509Certificate[] getAcceptedIssuers() {
			return null;
		}
	}
	
	
	public static void main(String[] args) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException
	{
		//HelloHttp("http://localhost:80/Hello.asmx");
		HelloHttps("https://localhost:443/Hello.asmx","myTrustStore.jks","sslTestPwd");
	}
}

SSLSocket Java Part4

Posted on by No Comments ↓

1、证书生成
generateKey.bat

Set Path=%JAVA_HOME%\bin;%PATH%
#生成私钥
keytool -validity 10000 -genkey -alias sslTestKey -keystore myKeyStore.jks -keypass sslTestPwd -storepass sslTestPwd -dname "CN=AtlasTiger, OU=AtlasTiger, O=AtlasTiger, L=ShangHai, ST=ShangHai, C=CN"

pause

2、导出公钥证书Cert
exportCert.bat

Set Path=%JAVA_HOME%\bin;%PATH%
#导出证书
keytool -export -keystore myKeyStore.jks -storepass sslTestPwd -keypass sslTestPwd -alias sslTestKey -file myKeyStore.crt

pause

3、导出TurstStore
exportTrustSotre.bat

Set Path=%JAVA_HOME%\bin;%PATH%
#导入证书生成TurstStore
keytool -import -file myKeyStore.crt -alias sslTestKey -keystore myTrustStore.jks -keypass sslTestPwd -storepass sslTestPwd

pause

4、导出私钥P12格式
exportP12.bat

Set Path=%JAVA_HOME%\bin;%PATH%

keytool -importkeystore -srckeystore myKeyStore.jks -destkeystore myKeyStore.p12 -deststoretype PKCS12 -srcstorepass password -deststorepass password

pause

SSLSocket Java Part3

Posted on by No Comments ↓

1、SSLSocket Client绕过证书检查

package com.ats.ssl.socket;

import java.io.BufferedWriter;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class ClientWithTrustManager {
	
	public static void connectAndSend(String trustStorePath,
			String trustStorePwd, String ip, int port, String msg) throws IOException, NoSuchAlgorithmException, KeyManagementException{
        
		SSLContext sslContext = SSLContext.getInstance("TLS");
		//SSLContext sslContext = SSLContext.getInstance("SSLv3");
		sslContext.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager() }, new SecureRandom());
		SSLContext.setDefault(sslContext);
		
		SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();  
		SSLSocket sslsocket = (SSLSocket) sslSocketFactory.createSocket(
				"localhost", 9999);

		try {
			OutputStream outputstream = sslsocket.getOutputStream();
			OutputStreamWriter outputstreamwriter = new OutputStreamWriter(
					outputstream);
			BufferedWriter bufferedwriter = new BufferedWriter(
					outputstreamwriter);

			bufferedwriter.write(msg);
			bufferedwriter.flush();
		} catch (Exception ex) {
			ex.printStackTrace();
		} finally {
			sslsocket.close();
		}
	}

	private static class DefaultTrustManager implements X509TrustManager {

		@Override
		public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
		}

		@Override
		public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
		}

		@Override
		public X509Certificate[] getAcceptedIssuers() {
			return null;
		}
	}
	
	public static void main(String[] args) throws Exception {
		try {
			URL url = Server.class.getClassLoader().getResource(
					"myTrustStore.jks");
			String jks = url.getFile();

			connectAndSend(jks, "sslTestPwd", "127.0.0.1", 9999,
					"This msg is from Java SSL Client :)");

		} catch (Exception exception) {
			exception.printStackTrace();
		}
	}
}

SSLSocket Java Part2

Posted on by No Comments ↓

1、SSLSocket Java Server使用SSLContext

package com.ats.ssl.socket;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

public class ServerWithContext {

	static String delimiter = "=========================================================";

	public static void startListen(String keyStorePath, String keyStorePwd, int port) throws IOException, KeyStoreException, NoSuchAlgorithmException,
			CertificateException, UnrecoverableKeyException, KeyManagementException {

		KeyStore keyStore = KeyStore.getInstance("JKS");
		keyStore.load(new FileInputStream(keyStorePath), keyStorePwd.toCharArray());
		KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
		keyManagerFactory.init(keyStore, keyStorePwd.toCharArray());

		//SSLContext sslContext = SSLContext.getInstance("TLSv1");
		SSLContext sslContext = SSLContext.getInstance("SSLv3");
		sslContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[0], null);

		SSLServerSocketFactory sslserversocketfactory = sslContext.getServerSocketFactory();
		SSLServerSocket sslserversocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(port);

		while (true) {
			SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();

			DisplaySecurityLevel(sslsocket);
			DisplayCertificateInformation(sslsocket);

			try {
				InputStream inputstream = sslsocket.getInputStream();
				InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
				BufferedReader bufferedreader = new BufferedReader(inputstreamreader);

				System.out.println(delimiter);
				String string = null;
				while ((string = bufferedreader.readLine()) != null) {
					System.out.println(string);
					System.out.flush();
				}
				System.out.println(delimiter);
			} catch (Exception ex) {
				ex.printStackTrace();
			} finally {
				sslsocket.close();
			}
		}
	}

	static void DisplaySecurityLevel(SSLSocket sslsocket) {
		System.out.println(delimiter);
		SSLSession session = sslsocket.getSession();
		System.out.println("通讯协议: " + session.getProtocol());
		System.out.println("加密方式: " + session.getCipherSuite());
		System.out.println(delimiter);
	}

	static void DisplayCertificateInformation(SSLSocket sslsocket) {
		System.out.println(delimiter);
		Certificate[] localCertificates = sslsocket.getSession().getLocalCertificates();
		if (localCertificates == null || localCertificates.length == 0) {
			System.out.println("本地证书为空");
		} else {
			Certificate cert = localCertificates[0];
			System.out.println("本地证书类型: " + cert.getType());
			if (cert.getType().equals("X.509")) {
				X509Certificate x509 = (X509Certificate) cert;
				System.out.println("本地证书签发者: " + x509.getIssuerDN());
				System.out.println("本地证书有效期: " + x509.getNotBefore() + "至" + x509.getNotAfter());
			}
		}

		try {
			Certificate[] peerCertificates = sslsocket.getSession().getPeerCertificates();

			if (peerCertificates == null || peerCertificates.length == 0) {
				System.out.println("远程证书为空");
			} else {
				Certificate cert = peerCertificates[0];
				System.out.println("远程证书类型: " + cert.getType());
				if (cert.getType().equals("X.509")) {
					X509Certificate x509 = (X509Certificate) cert;
					System.out.println("远程证书签发者: " + x509.getIssuerDN());
					System.out.println("远程证书有效期: " + x509.getNotBefore() + "至" + x509.getNotAfter());
				}
			}
		} catch (SSLPeerUnverifiedException e) {
			// e.printStackTrace();
			System.out.println("远程证书为空");
		}

		System.out.println(delimiter);
	}

	public static void main(String[] arstring) {
		try {
			URL url = ServerWithContext.class.getClassLoader().getResource("myKeyStore.jks");
			String jks = url.getFile();
			startListen(jks, "sslTestPwd", 9999);

		} catch (Exception exception) {
			exception.printStackTrace();
		}
	}
}

2、SSLSocket Java Client使用SSLContext

package com.ats.ssl.socket;

import java.io.BufferedWriter;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;

import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

public class ClientWithContext {
	
	public static void connectAndSend(String trustStorePath,
			String trustStorePwd, String ip, int port, String msg) throws IOException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, UnrecoverableKeyException{
	
		KeyStore trustStore = KeyStore.getInstance("JKS");
		trustStore.load(new FileInputStream(trustStorePath), trustStorePwd.toCharArray());
		TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
		trustManagerFactory.init(trustStore);
        
		SSLContext sslContext = SSLContext.getInstance("TLSv1");
		//SSLContext sslContext = SSLContext.getInstance("SSLv3");
		
		sslContext.init(new KeyManager[0], trustManagerFactory.getTrustManagers(), null);
		SSLContext.setDefault(sslContext);
		
		SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();  
		SSLSocket sslsocket = (SSLSocket) sslSocketFactory.createSocket(
				"localhost", 9999);

		try {
			OutputStream outputstream = sslsocket.getOutputStream();
			OutputStreamWriter outputstreamwriter = new OutputStreamWriter(
					outputstream);
			BufferedWriter bufferedwriter = new BufferedWriter(
					outputstreamwriter);

			bufferedwriter.write(msg);
			bufferedwriter.flush();
		} catch (Exception ex) {
			ex.printStackTrace();
		} finally {
			sslsocket.close();
		}
	}

	public static void main(String[] args) throws Exception {
		try {
			URL url = Server.class.getClassLoader().getResource(
					"myTrustStore.jks");
			String jks = url.getFile();

			connectAndSend(jks, "sslTestPwd", "127.0.0.1", 9999,
					"This msg is from Java SSL Client :)");

		} catch (Exception exception) {
			exception.printStackTrace();
		}
	}
}

SSLSocket Java Part1

Posted on by No Comments ↓

1、使用环境变量,最基本的SSLSocket Server

package com.ats.ssl.socket;

import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

public class Server {

	static String delimiter = "=========================================================";

	public static void startListen(String keyStorePath, String keyStorePwd, int port) throws IOException {
		System.setProperty("javax.net.ssl.keyStore", keyStorePath);
		System.setProperty("javax.net.ssl.keyStorePassword", keyStorePwd);

		SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
		SSLServerSocket sslserversocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(port);

		while (true) {
			SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();

			String protocols[] = { "TLSv1" };
			// String protocols[] = {"SSLv2Hello","TLSv1","SSLv3"};
			// String protocols[] = {"SSLv3"};
			sslsocket.setEnabledProtocols(protocols);

			DisplaySecurityLevel(sslsocket);
			DisplayCertificateInformation(sslsocket);

			try {
				InputStream inputstream = sslsocket.getInputStream();
				InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
				BufferedReader bufferedreader = new BufferedReader(inputstreamreader);

				System.out.println(delimiter);
				String string = null;
				while ((string = bufferedreader.readLine()) != null) {
					System.out.println(string);
					System.out.flush();
				}
				System.out.println(delimiter);
			} catch (Exception ex) {
				ex.printStackTrace();
			} finally {
				sslsocket.close();
			}
		}
	}

	static void DisplaySecurityLevel(SSLSocket sslsocket) {
		System.out.println(delimiter);
		SSLSession session = sslsocket.getSession();
		System.out.println("通讯协议: " + session.getProtocol());
		System.out.println("加密方式: "+session.getCipherSuite());
		System.out.println(delimiter);
	}

	static void DisplayCertificateInformation(SSLSocket sslsocket) {
		System.out.println(delimiter);
		Certificate[] localCertificates = sslsocket.getSession().getLocalCertificates();
		if (localCertificates == null || localCertificates.length == 0) {
			System.out.println("本地证书为空");
		} else {
			Certificate cert = localCertificates[0];
			System.out.println("本地证书类型: " + cert.getType());
			if (cert.getType().equals("X.509")) {
				X509Certificate x509 = (X509Certificate) cert;
				System.out.println("本地证书签发者: " + x509.getIssuerDN());
				System.out.println("本地证书有效期: " + x509.getNotBefore() + "至" + x509.getNotAfter());
			}
		}

		try {
			Certificate[] peerCertificates = sslsocket.getSession().getPeerCertificates();

			if (peerCertificates == null || peerCertificates.length == 0) {
				System.out.println("远程证书为空");
			} else {
				Certificate cert = peerCertificates[0];
				System.out.println("远程证书类型: " + cert.getType());
				if (cert.getType().equals("X.509")) {
					X509Certificate x509 = (X509Certificate) cert;
					System.out.println("远程证书签发者: " + x509.getIssuerDN());
					System.out.println("远程证书有效期: " + x509.getNotBefore() + "至" + x509.getNotAfter());
				}
			}
		} catch (SSLPeerUnverifiedException e) {
			// e.printStackTrace();
			System.out.println("远程证书为空");
		}

		System.out.println(delimiter);
	}

	public static void main(String[] arstring) {
		try {
			URL url = Server.class.getClassLoader().getResource("myKeyStore.jks");
			String jks = url.getFile();
			startListen(jks, "sslTestPwd", 9999);

		} catch (Exception exception) {
			exception.printStackTrace();
		}
	}
}

2、相应的,使用环境变量进行设置的,SSLSocket Client

package com.ats.ssl.socket;

import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.*;
import java.net.URL;

public class Client {
	public static void connectAndSend(String trustStorePath,
			String trustStorePwd, String ip, int port, String msg)
			throws IOException {
		System.setProperty("javax.net.ssl.trustStore", trustStorePath);
		System.setProperty("javax.net.ssl.trustStorePassword", trustStorePwd);

		SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory
				.getDefault();
		SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(
				"localhost", 9999);

		//String protocols[] = {"TLSv1"};
		String protocols[] = {"SSLv2Hello","TLSv1","SSLv3"};
		//String protocols[] = {"SSLv3"};
		sslsocket.setEnabledProtocols(protocols);

		try {
			OutputStream outputstream = sslsocket.getOutputStream();
			OutputStreamWriter outputstreamwriter = new OutputStreamWriter(
					outputstream);
			BufferedWriter bufferedwriter = new BufferedWriter(
					outputstreamwriter);

			bufferedwriter.write(msg);
			bufferedwriter.flush();
		} catch (Exception ex) {
			ex.printStackTrace();
		} finally {
			sslsocket.close();
		}
	}

	public static void main(String[] arstring) {
		try {
			URL url = Server.class.getClassLoader().getResource(
					"myTrustStore.jks");
			String jks = url.getFile();

			connectAndSend(jks, "sslTestPwd", "127.0.0.1", 9999,
					"This msg is from Java SSL Client :)");

		} catch (Exception exception) {
			exception.printStackTrace();
		}
	}
}

JS调用签名Applet访问本地文件导致权限不足

Posted on by No Comments ↓

Applet访问本地文件,只需要用私有签名即可搞定。但用JS去调用相同的方法,却返回下面错误:

Exception in thread "Thread-14" java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\TEMP" "read")
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkRead(Unknown Source)
	at java.io.File.exists(Unknown Source)
        ......

主要是JS本身不被允许调用本地文件,从而JS调用的Applet方法也就没有权限去做访问本地文件这样的方法了。

为了解决这个问题:
首先,要用Manifest进行权限设置:

Manifest-Version: 1.0
Application-Name: AppletTest
Implementation-version: 1.0
Permissions: all-permissions
Caller-Allowable-Codebase: * localhost 127.0.0.1
Application-Library-Allowable-Codebase: *

然后,一般来说有两个方案来解决这个问题:

1、通过JS解决:
A、不要直接调用Applet的方法
B、而是用JS操作DOM,生成新的Applet的Tag
C、这样Applet可以在此从init进入,从而获得新的权限,儿不是JS的权限

2、通过AccessController.doPrivileged获取权限来解决:

    public String readFile() {
        final TestContent content = new TestContent();
        AccessController.doPrivileged(new PrivilegedAction() {
            public Object run() {
                content.text = readFileByLines("test.txt");
                return null;
            }
        });
        return content.text;
    }