Java SSL HTTPS进行双重认证开发实践
2024-04-17 20:31:44
1、我们先将.cer 和.jks文件导出然后发给服务端进行证书认证才好进行接下来的开发1.1、至于如何导出:命令1.keytool -genkeypair -dname "cn=clientAuth_PhevBattery, ou=IS, o=SGM, c=CN" -alias clientAuthCert -keypass Pass1234 -keystore d:\clientAuth_PhevBattery.jks -storepass Pass1234 -validity 3600 -keyalg RSA -keysize 2048 -sigalg SHA256WithRSA命令2:keytool -export -file d:\clientAuth_PhevBattery.cer -keystore d:\clientAuth_PhevBattery.jks -storepass Pass1234 -alias clientAuthCertPS:.cer是我们的证书保存了公钥,.jks保存的公钥和秘钥的算法 个人理解,如果错了希望大家可以提供改正,谢谢
2、开发过程中遇到两个问题1.1、没搞明白JDK的security/cacerts库的是什么意思经查询资料显示cacerts是一个秘钥库,我们在执行SSL认证的时候会使用到1.2、客户没有将我们导出的.cer证书成功的加入到秘钥库进行受信任,所以在测试的过程中程序报错javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate foundimport java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.List;
import java.util.Map;import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;public class ClientCertAuthSample {// JKS文件public static String KEY_STORE_FILE = "/Users/lkj/Desktop/clientAuth_PhevBattery.jks";// JKS文件密码public static String KEY_STORE_PASS = "Pass1234";// jre安全库文件// 一般默认位置 jdk1.8.0_161.jdk/jre/lib/security/cacertspublic static String TRUST_STORE_FILE = "/Users/lkj/Desktop/cacerts";// 密匙库默认密码public static String TRUST_STORE_PASS = "changeit";final static String param = "{\"System_Type\": \"TDS3P\",\"data\": [{\"ModuleId\": \"268435912\",\"ICCID\": \"89860617020017346325\",\"PhoneNumber\": \"\",\"IMSI\": \"\",\"GM_Defined_Part_Number\": \"26245447\",\"GM_Defined_VPPS\": \"0000000075204X\",\"DUNSID_of_Production_Site\": \"545245003\",\"GM_Defined_Tracebility_Code\": \"1117136A00000069\",\"ModuleType\": \"\",\"Manufacturer\": \"\",\"GM_Program \": \"\"},{\"ModuleId\": \"268435913\",\"ICCID\": \"89860617020017346317\",\"PhoneNumber\": \"\",\"IMSI\": \"\",\"GM_Defined_Part_Number\": \"26245447\",\"GM_Defined_VPPS\": \"0000000075204X\",\"DUNSID_of_Production_Site\": \"545245003\",\"GM_Defined_Tracebility_Code\": \"1117136A00000078\",\"ModuleType\": \"\",\"Manufacturer\": \"\",\"GM_Program \": \"\"}] }";private static SSLContext sslContext;/*** 向指定URL发送GET方法的请求** @param url* 发送请求的URL* @param param* 请求参数,请求参数应该是 name1=value1&name2=value2 的形式。* @return URL 所代表远程资源的响应结果**/public static String sendGet(String url, String param) {String result = "";BufferedReader in = null;try {String urlNameString = url;if (param != null) {urlNameString = url + "?" + param;}URL realUrl = new URL(urlNameString);// 打开和URL之间的连接HttpsURLConnection connection = (HttpsURLConnection) realUrl.openConnection();HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {public boolean verify(String hostname, SSLSession session) {return true;}});// 打开和URL之间的连接connection.setSSLSocketFactory(getSSLContext().getSocketFactory());// 设置通用的请求属性connection.setRequestProperty("accept", "*/*");connection.setRequestProperty("connection", "Keep-Alive");// connection.setRequestProperty("content-type",// "application/json");connection.setRequestProperty("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)");// 建立实际的连接connection.connect();// 获取所有响应头字段Map<String, List<String>> map = connection.getHeaderFields();// 遍历所有的响应头字段for (String key : map.keySet()) {System.out.println(key + "--->" + map.get(key));}// 定义 BufferedReader输入流来读取URL的响应if (connection.getResponseCode() == 200) {in = new BufferedReader(new InputStreamReader(connection.getInputStream()));} else {in = new BufferedReader(new InputStreamReader(connection.getErrorStream()));}String line;while ((line = in.readLine()) != null) {result += line;}} catch (Exception e) {System.out.println("发送GET请求出现异常!" + e);e.printStackTrace();}// 使用finally块来关闭输入流finally {try {if (in != null) {in.close();}} catch (Exception e2) {e2.printStackTrace();}}return result;}/*** 向指定 URL 发送POST方法的请求** @param url* 发送请求的 URL* @param param* 请求参数,请求参数应该是 name1=value1&name2=value2 的形式。* @return 所代表远程资源的响应结果*/public static String sendPost(String url, String param) {PrintWriter out = null;BufferedReader in = null;String result = "";try {URL realUrl = new URL(url);System.out.println("host=" + realUrl.getHost() + "\n;port=" + realUrl.getPort() + "\n;path=" + realUrl.getPath());// 打开和URL之间的连接HttpsURLConnection conn = (HttpsURLConnection) realUrl.openConnection();// 打开和URL之间的连接conn.setSSLSocketFactory(getSSLContext().getSocketFactory());// 设置通用的请求属性// 发送POST请求必须设置如下两行conn.setDoOutput(true);conn.setDoInput(true);conn.setRequestProperty("accept", "application/json");conn.setRequestMethod("POST");conn.setRequestProperty("Content-Type", "application/json");conn.setRequestProperty("connection", "Keep-Alive");conn.setRequestProperty("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)");conn.connect();// 获取URLConnection对象对应的输出流OutputStream os = conn.getOutputStream();out = new PrintWriter(os);// 发送请求参数out.print(param);// flush输出流的缓冲out.flush();// 定义BufferedReader输入流来读取URL的响应System.out.println(conn.getResponseCode());if (conn.getResponseCode() == 200) {in = new BufferedReader(new InputStreamReader(conn.getInputStream()));} else {in = new BufferedReader(new InputStreamReader(conn.getErrorStream()));}String line = "";while ((line = in.readLine()) != null) {result += line;}} catch (Exception e) {System.out.println("发送 POST 请求出现异常!" + e);e.printStackTrace();}// 使用finally块来关闭输出流、输入流finally {try {if (out != null) {out.close();}if (in != null) {in.close();}} catch (IOException ex) {ex.printStackTrace();}}return result;}public static SSLContext getSSLContext() {long time1 = System.currentTimeMillis();if (sslContext == null) {try {KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");kmf.init(getkeyStore(), KEY_STORE_PASS.toCharArray());KeyManager[] keyManagers = kmf.getKeyManagers();TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");trustManagerFactory.init(getTrustStore());TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();sslContext = SSLContext.getInstance("TLSv1");sslContext.init(keyManagers, trustManagers, new SecureRandom());System.out.println(sslContext.getProtocol() + "NNNNN:" + sslContext.getProvider().toString());} catch (FileNotFoundException e) {e.printStackTrace();} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();} catch (UnrecoverableKeyException e) {e.printStackTrace();} catch (KeyStoreException e) {e.printStackTrace();} catch (KeyManagementException e) {e.printStackTrace();}}long time2 = System.currentTimeMillis();System.out.println("SSLContext 初始化时间:" + (time2 - time1));return sslContext;}public static KeyStore getkeyStore() {KeyStore keySotre = null;try {// keySotre = KeyStore.getInstance("PKCS12");keySotre = KeyStore.getInstance("JKS");FileInputStream fis = new FileInputStream(new File(KEY_STORE_FILE));keySotre.load(fis, KEY_STORE_PASS.toCharArray());fis.close();} catch (KeyStoreException e) {e.printStackTrace();} catch (FileNotFoundException e) {e.printStackTrace();} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (CertificateException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();}return keySotre;}public static KeyStore getTrustStore() throws IOException {KeyStore trustKeyStore = null;FileInputStream fis = null;try {trustKeyStore = KeyStore.getInstance("JKS");fis = new FileInputStream(new File(TRUST_STORE_FILE));trustKeyStore.load(fis, TRUST_STORE_PASS.toCharArray());} catch (FileNotFoundException e) {e.printStackTrace();} catch (KeyStoreException e) {e.printStackTrace();} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (CertificateException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();} finally {fis.close();}return trustKeyStore;}public static void main(String[] args) throws Exception {// add();System.setProperty("javax.net.debug", "ssl,handshake,record");Long time1 = System.currentTimeMillis();int k = 0;String result = sendPost("www.baidu.com", param);//PS:www.baidu.com是URL请求路径并非是测试路径,请更换自己的System.out.println("result+" + result);Long time2 = System.currentTimeMillis();System.out.println("平均耗费时间:" + (time2 - time1) / ++k);}}
Java SSL HTTPS进行双重认证开发实践相关推荐
- java实现https免证书认证
java实现https免证书认证 解决方法: 1.下载两个包,httpclient-4.2.jar和httpcore-4.2.jar,复制以下代码就可使用. 2.调用类代码: String httpO ...
- https 双向认证开发实践
https双向认证 证书如何使用 一.概念介绍 1.https协议介绍 与http协议的区别 https协议简单来说就是http协议的基础上增加了SSL协议 ,从而来保证数据传输的安全性. SSL协议 ...
- java ssl https 连接详解 生成证书
我们在关于Java EE安全的系列文章中,有一篇也详细介绍了如何在Java EE应用中创建SSL连接和证书.正如前面文章提到的,SSL(Secure Sockets Layer,安全套接层)/TLS( ...
- oracle java认证_如何通过Oracle的Java认证-开发人员实用指南
oracle java认证 by javinpaul 由javinpaul 如何通过Oracle的Java认证-开发人员实用指南 (How to Pass Oracle's Java Certific ...
- 20165205 2017-2018-2 《Java程序设计》实验三 敏捷开发与XP实践
20165205 2017-2018-2 <Java程序设计>实验三 敏捷开发与XP实践 20165205 2017-2018-2 <Java程序设计>实验三 敏捷开发与XP实 ...
- 20155314 2016-2017-2 《Java程序设计》实验三 敏捷开发与XP实践
20155314 2016-2017-2 <Java程序设计>实验三 敏捷开发与XP实践 实验内容 XP基础 XP核心实践 相关工具 实验知识点总结 (一)敏捷开发与XP 软件工程:把系统 ...
- OTP动态口令之Java实现双重认证
前言 双重认证(英语:Two-factor authentication,缩写为2FA),又译为双重验证.双因素认证.二元认证,又称两步骤验证(2-Step Verification,又译两步验证), ...
- java https 验证客户端证书_Java HTTPS客户端证书认证
小编典典 终于设法解决了所有问题,所以我会回答我自己的问题.这些是我用来解决特定问题的设置/文件: 该客户端的密钥库是一个PKCS#12格式文件包含 客户端的公共证书(在这种情况下,由自签名CA签名) ...
- Tomcat SSL/HTTPS 单向认证
前言 jdk 1.8 tomcat 7 jks证书库 准备 1.已经生成名为localhost.jks的证书库,证书库的密码为localhost. 2.证书库中有别名为localhost的证书,证书的 ...
- jodd忽略ssl证书_关于java访问https资源时,忽略证书信任问题
java程序在访问https资源时,出现报错 sun.security.validator.ValidatorException: PKIX path building failed: sun.sec ...
最新文章
- GreenDao 3.x 注解中ToOne和ToMany的个人理解
- 优胜队伍跑多快?优胜秘笈是什么?直播告诉你
- WindowsPowerShell常用命令
- C语言设计新思维分享
- C++函数的用法:erase函数
- [SSH] 为 GitLab 帐号添加 SSH keys
- linux文件自动改名,C#如何在生成文件夹或者文件时候自动重命名
- 对于HTTP过程中POST内容加密的解决方案
- 有哪些开源C ++静态分析工具? [关闭]
- Android 图片剪切框架 uCrop 简单集成
- 利用LSTM自动生成中文文本
- zblog php 分类页,zblog怎样实现不同分类页调用不同页面模板和样式
- 苹果手游代充灰色产业深度揭秘
- 乐理小课堂——自然/和声/旋律大调的调式音阶
- C语言abs函数与fabs函数,函数abs 和fabs
- 1.4 Kronecker积
- 用Python分析下王小波与李银河写情书最爱用哪些词
- 文本文件转excel文件
- [VB程序设计创新实验教程]Chap1---VB中游戏基本要素的实现方式[1]
- 贪心算法基础(一)——数列极差