1、準備工作

A、域名綁定
在hosts文件末尾追加
127.0.0.1 ?www.zlex.org

B、證書導入
瀏覽器導入自簽名證書文件zlex.cer

C、服務器配置
配置SSL/TLS 單向認證

<Connectorport="443"SSLEnabled="true"clientAuth="false"maxThreads="150"protocol="HTTP/1.1"scheme="https"sslProtocol="TLS"keystoreFile="conf/zlex.keystore"keystorePass="123456"/>

????????為使得HTTPS協(xié)議配置生效，我們需要將密鑰庫文件參數keystoreFile指向密鑰庫文件，并設定密鑰庫密鑰參數keystorePass，密鑰庫類型參數keystoreType默認值"JKS"。

????????如果不顯示配置信任庫參數，信任庫文件參數truststoreFile默認指向密鑰庫文件，信任庫密碼
參數truststorePass默認指向密鑰庫密碼，信任庫類型參數truststoreType默認值"JKS"。

????????客戶端驗證參數clientAuth，默認值"false"。構建雙向認證服務時需要設置為"true"，并修改密鑰庫參數和信任庫參數。

2、服務驗證

<%@ page languange="java" contentType="text/html;charset=UTF-8"%> <%@ page import="java.util.Enumeration" %> <html><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"><title>zlex.org</title></head><body><p>request屬性信息</p><pre><%for(Enumeration en = request.getAttributeNames();en.hasMoreElements();) {String name = (String) en.nextElement();out.println(name);out.println(" = " + request.getAttribute(name));out.println();}%></pre></body> </html>

javax.servlet.request.ssl_session：當前SSL/TLS協(xié)議的會話ID。 javax.servlet.request.key_size：當前加密算法所使用的密鑰長度。 javax.servlet.request.cipher_suite：當前SSL/TLS協(xié)議所使用的加密套件。

?

3、代碼驗證

單向認證https

/*** 2009-5-20*/ package org.zlex.chapter11_1;import java.io.FileInputStream; import java.security.KeyStore; import java.security.SecureRandom;import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory;/*** HTTPS組件* * @author 梁棟* @version 1.0*/ public abstract class HTTPSCoder {/*** 協(xié)議*/public static final String PROTOCOL = "TLS";/*** 獲得KeyStore* * @param keyStorePath* 密鑰庫路徑* @param password* 密碼* @return KeyStore 密鑰庫* @throws Exception*/private static KeyStore getKeyStore(String keyStorePath, String password)throws Exception {// 實例化密鑰庫KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());// 獲得密鑰庫文件流FileInputStream is = new FileInputStream(keyStorePath);// 加載密鑰庫ks.load(is, password.toCharArray());// 關閉密鑰庫文件流is.close();return ks;}/*** 獲得SSLSocektFactory* * @param password* 密碼* @param keyStorePath* 密鑰庫路徑* @param trustStorePath* 信任庫路徑* @return SSLSocketFactory* @throws Exception*/private static SSLSocketFactory getSSLSocketFactory(String password,String keyStorePath, String trustStorePath) throws Exception {// 實例化密鑰庫KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());// 獲得密鑰庫KeyStore keyStore = getKeyStore(keyStorePath, password);// 初始化密鑰工廠keyManagerFactory.init(keyStore, password.toCharArray());// 實例化信任庫TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());// 獲得信任庫KeyStore trustStore = getKeyStore(trustStorePath, password);// 初始化信任庫trustManagerFactory.init(trustStore);// 實例化SSL上下文SSLContext ctx = SSLContext.getInstance(PROTOCOL);// 初始化SSL上下文ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());// 獲得SSLSocketFactoryreturn ctx.getSocketFactory();}/*** 為HttpsURLConnection配置SSLSocketFactory* * @param conn* HttpsURLConnection* @param password* 密碼* @param keyStorePath* 密鑰庫路徑* @param trustKeyStorePath* 信任庫路徑* @throws Exception*/public static void configSSLSocketFactory(HttpsURLConnection conn,String password, String keyStorePath, String trustKeyStorePath)throws Exception {// 獲得SSLSocketFactorySSLSocketFactory sslSocketFactory = getSSLSocketFactory(password,keyStorePath, trustKeyStorePath);// 設置SSLSocketFactoryconn.setSSLSocketFactory(sslSocketFactory);} }

單向認證示例

/*** 2009-5-20*/ package org.zlex.chapter11_1;import static org.junit.Assert.*;import java.io.DataInputStream; import java.net.URL;import javax.net.ssl.HttpsURLConnection;import org.junit.Test;/*** HTTPS測試* * @author 梁棟* @version 1.0*/ public class HTTPSCoderTest {/*** 密鑰庫/信任庫密碼*/private String password = "123456";/*** 密鑰庫文件路徑*/private String keyStorePath = "d:/zlex.keystore";/*** 信任庫文件路徑*/private String trustStorePath = "d:/zlex.keystore";/*** 訪問地址*/private String httpsUrl = "https://www.zlex.org/ssl/";/*** HTTPS驗證* * @throws Exception*/@Testpublic void test() throws Exception {// 建立HTTPS鏈接URL url = new URL(httpsUrl);HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();// conn.setRequestMethod(method);// 打開輸入輸出流conn.setDoInput(true);// conn.setDoOutput(true);// 為HttpsURLConnection配置SSLSocketFactoryHTTPSCoder.configSSLSocketFactory(conn, password, keyStorePath,trustStorePath);// 鑒別內容長度int length = conn.getContentLength();byte[] data = null;// 如果內容長度為-1，則放棄解析if (length != -1) {DataInputStream dis = new DataInputStream(conn.getInputStream());data = new byte[length];dis.readFully(data);dis.close();System.err.println(new String(data));}conn.disconnect();// 驗證assertNotNull(data);}}

創(chuàng)作挑戰(zhàn)賽新人創(chuàng)作獎勵來咯，堅持創(chuàng)作打卡瓜分現金大獎

總結

以上是生活随笔為你收集整理的Java加密与解密的艺术~安全协议~单向认证服务的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。