SSL套接字连接 [英] SSL Socket connection
问题描述
如何创建一个SSL套接字连接?
我真的需要创建一个密钥库?该密钥库应该用我所有的客户端应用程序可以共享?
我创建具有以下code服务器:
的SSLServerSocketFactory的SSLServerSocketFactory =(的SSLServerSocketFactory)的SSLServerSocketFactory
.getDefault();
SSLServerSocket sslserversocket =(SSLServerSocket)的SSLServerSocketFactory
.createServerSocket(ServerProperties.getInstance()
.getVSSPAuthenticationPort());
我对机器人有以下code创建一个客户端:
SSLSocketFactory的SSLSocketFactory的=(的SSLSocketFactory)的SSLSocketFactory
.getDefault();
SSLSocket sslsocket =(SSLSocket)sslsocketfactory.createSocket(
主机,authPort);
sslsocket.startHandshake();
BufferedWriter将作家=新的BufferedWriter(新OutputStreamWriter(
sslsocket.getOutputStream()));
的BufferedReader读卡器=新的BufferedReader(新的InputStreamReader(
sslsocket.getInputStream()));
但是,当我尝试连接时,出现以下错误是扔:
javax.net.ssl.SSLHandshakeException:没有密码套件中常见的
在sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
在sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
在sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
在sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266)
在sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:894)
在sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:622)
在sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167)
在sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
在sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
在sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
在sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
在sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
在sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
您需要一个证书来建立一个SSL连接,您可以加载密钥库里面的证书,也可以加载证书本身。我将展示一些示例,密钥存储选项。
您code需要一些参数来运行:
的Java -Djavax.net.ssl.keyStore = keyStoreFile -Djavax.net.ssl.keyStorePassword = keystorePassword服务器
您CAL还装载了Java code中的密钥库,这样做的最简单的解决方案是:
System.setProperty(javax.net.ssl.keyStore,keystoreFile');
System.setProperty(javax.net.ssl.keyStorePassword,'keystorePassword');
你也可以加载密钥库具有不同的方式,它更复杂,但你必须做更复杂的事情的能力:
密钥库KS = KeyStore.getInstance(JKS);
ks.load(新的FileInputStream(keystoreFile),keystorePassword.toCharArray());
的KeyManagerFactory KMF = KeyManagerFactory.getInstance(X509);
kmf.init(KS,keystorePassword.toCharArray());
的TrustManagerFactory TMF = TrustManagerFactory.getInstance(X509);
tmf.init(KS);
的SSLContext SC = SSLContext.getInstance(TLS);
的TrustManager [] trustManagers = tmf.getTrustManagers();
sc.init(kmf.getKeyManagers(),trustManagers,NULL);
的SSLServerSocketFactory SSF = sc.getServerSocketFactory();
SSLServerSocket S =(SSLServerSocket)ssf.createServerSocket(serverport);
SSLSocket C =(SSLSocket)s.accept();
有关客户有最后几行,最后3线将被替换这些在code有一些变化:
的SSLServerSocketFactory SSF = sc.getSocketFactory();
SSLSocket S =(SSLSocket)ssf.createSocket(SERVERIP,serverport);
s.startHandshake();
如果要加载密钥库为Android的类型将是BKS,而不是JKS
。你可以很容易地找到资源用于创建密钥存储。
How can I create a SSL Socket connection?
I realy need to create a keystore? This keystore should be shared with all my client applications?
I have create a server with the following code:
SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory
.getDefault();
SSLServerSocket sslserversocket = (SSLServerSocket) sslserversocketfactory
.createServerSocket(ServerProperties.getInstance()
.getVSSPAuthenticationPort());
I have create a client on android with the following code:
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory
.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(
host, authPort);
sslsocket.startHandshake();
BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(
sslsocket.getOutputStream()));
BufferedReader reader = new BufferedReader(new InputStreamReader(
sslsocket.getInputStream()));
But when I try to connect, the following error is throwed:
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:266)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:894)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:622)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:167)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
You need a certificate to establish an ssl connection, you can load the certificate inside a keystore or you can load the certificate itself. I will show some examples for the keystore option.
Your code needs some parameters to run :
java -Djavax.net.ssl.keyStore=keyStoreFile -Djavax.net.ssl.keyStorePassword=keystorePassword Server
You cal also load the keystore with java code , the simplest solution for this is the:
System.setProperty("javax.net.ssl.keyStore", 'keystoreFile');
System.setProperty("javax.net.ssl.keyStorePassword", 'keystorePassword ');
Also you can load the keystore with a different way, its more complicated but you have the ability to do more complex things :
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("keystoreFile"), "keystorePassword".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(ks, "keystorePassword".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(ks);
SSLContext sc = SSLContext.getInstance("TLS");
TrustManager[] trustManagers = tmf.getTrustManagers();
sc.init(kmf.getKeyManagers(), trustManagers, null);
SSLServerSocketFactory ssf = sc.getServerSocketFactory();
SSLServerSocket s = (SSLServerSocket) ssf.createServerSocket(serverport);
SSLSocket c = (SSLSocket) s.accept();
For the clients there are a few changes in the code last lines, the 3 last lines will be replaced with these :
SSLServerSocketFactory ssf = sc.getSocketFactory();
SSLSocket s = (SSLSocket) ssf.createSocket(serverip, serverport);
s.startHandshake();
If you want to load a keystore for android the type will have to be "BKS" and not "JKS". You can find easily resources for creating a keystore.
这篇关于SSL套接字连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!