码迷,mamicode.com
首页 > 编程语言 > 详细

java https tomcat 单双认证(含证书生成和代码实现) 原创转载请备注,谢谢O(∩_∩)O

时间:2016-08-10 18:50:27      阅读:290      评论:0      收藏:0      [点我收藏+]

标签:

server: apache-tomcat-6.0.44 jdk1.7.0_79
client: jdk1.7.0_79

jks是JAVA的keytools证书工具支持的证书私钥格式。 pfx是微软支持的私钥格式。 cer是证书的公钥。

生成:
    keytool -genkey -alias tbb -keyalg RSA -keystore D:\cert\tbb.keystore
    模板:
     keytool -genkey -alias yushan -keypass yushan -keyalg RSA -keysize 1024 -validity 365((默认为90天)) -keystore D:\cert\tbb.keystore -storepass 123456 -dname "CN=(名字与姓氏), OU=(组织单位名称), O=(组织名称), L=(城市或区域名称), ST=(州或省份名称), C=(单位的两字母国家代码)";(中英文即可)
验证:
    keytool -selfcert -alias tbb -keystore D:\cert\tbb.keystore
导出:    
    keytool -export -alias tbb -keystore D:\cert\tbb.keystore -storepass 12345678 -rfc -file D:\cert\tbb.cer
转换    cer -> jks
    keytool -import -alias mycert -file D:\cert\tbb.cer -keystore D:\cert\tbb.jks  

keystore信息的查看:
     打印证书的 MD5 指纹
    keytool -list  -v -keystore D:\cert\tbb.keystore -storepass 12345678
    可打印的编码格式输出证书
    keytool -list  -rfc -keystore D:\cert\tbb.keystore -storepass 12345678

 

生成客户端证书库
keytool -validity 36500 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore D:\cert\client.p12 -dname "CN=spring,OU=jiajianfa,O=jiajianfa,L=Wuhan,ST=HuBei,c=cn" -storepass 12345678 -keypass 12345678
从客户端证书库中导出客户端证书
keytool -export -v -alias client -keystore D:\cert\client.p12 -storetype PKCS12 -storepass 12345678 -rfc -file D:\cert\client.cer

将客户端证书导入到服务器证书库(使得服务器信任客户端证书,服务器端用此验证客户端的合法性)
keytool -import -v -alias client -file D:\cert\client.cer -keystore D:\cert\tbb.keystore -storepass 12345678

查看服务端证书中信任的客户端证书
keytool -list -keystore D:\cert\tbb.keystore  -storepass 12345678

 

tomcat server.xml 配置:

<!-- clientAuth  true:双向认证   false:单向认证-->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="true" sslProtocol="TLS"  keystorePass="12345678" keystoreFile="D:\cert\tbb.keystore"
               truststoreFile="D:\cert\tbb.keystore" truststorePass="12345678"  />

 

单向认证:

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.PasswordAuthentication;
import java.net.Proxy;
import java.net.URL;
import java.util.Date;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;

/**
 * @Description https单向认证
 * @author sprinng
 *
 */
public class ClientSendDataSingle {
    /**
     * 
     * @param sendurl 请求地址
     * @param res  返回结果
     * @param sendData 参数
     * @param timeOut  超时时间(min)
     * @param useProxy  是否使用代理
     * @param trustStorePath 证书路径
     * @param trustStorePwd 证书密码
     * @return
     * @throws Exception
     */
    public static String send(String sendurl, String res, String sendData, String timeOut, boolean useProxy, String trustStorePath, String trustStorePwd)throws Exception {
        System.setProperty("javax.net.ssl.trustStore", trustStorePath);
        System.setProperty("javax.net.ssl.trustStorePassword", trustStorePwd);
        URL url = new URL(sendurl);
        HttpsURLConnection connection = null;
        HostnameVerifier hv = new HostnameVerifier() {
            public boolean verify(String urlHostName, SSLSession session) {
                return true;
            }
        };
        System.setProperty("java.protocol.handler.pkgs","sun.net.www.protocol");
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
        Date current = new Date(System.currentTimeMillis());
        System.out.println("begint to open connection at " + current);
        //使用代理
        if(useProxy){
            InetSocketAddress isa = new InetSocketAddress(PropertiesUtil.properties.getProperty("proxy_host"), Integer.parseInt(PropertiesUtil.properties.getProperty("proxy_port")));
            Proxy proxy = new Proxy(Proxy.Type.HTTP, isa);
            Authenticator.setDefault(new MyAuthenticator(PropertiesUtil.properties.getProperty("proxy_user"), PropertiesUtil.properties.getProperty("proxy_password")));
            connection = (HttpsURLConnection) url.openConnection(proxy);
        }else{
            connection = (HttpsURLConnection) url.openConnection();
        }
        Date end = new Date(System.currentTimeMillis());
        System.out.println("open connection ok at " + end + ",cost:"+ (end.getTime() - current.getTime()));
        connection.setRequestProperty("Content-Type", "text/xml");
        connection.setDoOutput(true);
        connection.setDoInput(true);
        connection.setRequestMethod("POST");
        connection.setUseCaches(false);
        connection.setReadTimeout(60 * 1000 * Integer.parseInt(timeOut));
        byte data[] = sendData.getBytes();
        current = new Date(System.currentTimeMillis());
        System.out.println("[SSLIX]notifyEai,begint to write data at " + current);
        OutputStream out = connection.getOutputStream();
        out.write(data);
        end = new Date(System.currentTimeMillis());
        System.out.println("write data ok at " + end + ",cost:"  + (end.getTime() - current.getTime()));
        StringBuffer receivedData = new StringBuffer();
        current = new Date(System.currentTimeMillis());
        System.out.println("begint to read data at " + current);
        InputStreamReader inReader = new InputStreamReader(connection.getInputStream(), "UTF-8");
        BufferedReader aReader = new BufferedReader(inReader);
        String aLine;
        while ((aLine = aReader.readLine()) != null) {
            receivedData.append(aLine);
        }
        end = new Date(System.currentTimeMillis());
        System.out.println("read data ok at " + end + ",cost:" + (end.getTime() - current.getTime()));
        System.out.println("开始返回状态码");
        Integer statusCode = connection.getResponseCode();
        System.out.println("返回状态码:" + statusCode);
        aReader.close();
        connection.disconnect();
        res = receivedData.toString();
        return res;
    }

    public static class MyAuthenticator extends Authenticator {
        private String user = "";
        private String password = "";

        public MyAuthenticator(String user, String password) {
            this.user = user;
            this.password = password;
        }

        protected PasswordAuthentication getPasswordAuthentication() {
            return new PasswordAuthentication(user, password.toCharArray());
        }
    }
    
    public static void main(String[] args) throws Exception {
        System.out.println(ClientSendDataSingle.send("https://localhost:8443/spdbSjptServer", "", "", "5", false, "D:/cert/tbb.jks", "12345678"));
    }
}

 

双向认证:

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.util.Date;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;

import com.pf.util.ClientSendDataSingle.MyAuthenticator;

/**
 * 
 * @Description https双向认证
 * @author sprinng
 *
 */
public class ClientSendDataDouble {
    /**
     * 
     * @param sendurl 请求地址
     * @param res  返回结果
     * @param sendData 参数
     * @param timeOut  超时时间(min)
     * @param useProxy  是否使用代理
     * @param trustStorePath 服务器证书路径
     * @param trustStorePwd 服务器证书密码
     * @param keyStore 客户端证书路径
     * @param keyStorePwd 客户端证书密码
     * @param keyStoreType 客户端证书类型      如:JKS PKCS12等
     * @return
     * @throws Exception
     */
    public static String send(String sendurl, String res, String sendData, String timeOut, boolean useProxy, String trustStorePath, String trustStorePwd, String keyStore, String keyStorePwd, String keyStoreType) throws Exception {
        //设置客户端证书
        System.setProperty("javax.net.ssl.keyStore", keyStore);
        System.setProperty("javax.net.ssl.keyStorePassword",keyStorePwd);
        System.setProperty("javax.net.ssl.keyStoreType", keyStoreType);
         
        //设置服务器证书
        System.setProperty("javax.net.ssl.trustStore", trustStorePath);
        System.setProperty("javax.net.ssl.trustStorePassword",  trustStorePwd);
        URL url = new URL(sendurl);
        HttpsURLConnection connection = null;
        HostnameVerifier hv = new HostnameVerifier() {
            public boolean verify(String urlHostName, SSLSession session) {
                return true;
            }
        };
        System.setProperty("java.protocol.handler.pkgs","sun.net.www.protocol");
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
        Date current = new Date(System.currentTimeMillis());
        System.out.println("begint to open connection at " + current);
        if(useProxy){//使用代理
            InetSocketAddress isa = new InetSocketAddress(PropertiesUtil.properties.getProperty("proxy_host"), Integer.parseInt(PropertiesUtil.properties.getProperty("proxy_port")));
            Proxy proxy = new Proxy(Proxy.Type.HTTP, isa);
            Authenticator.setDefault(new MyAuthenticator(PropertiesUtil.properties.getProperty("proxy_user"), PropertiesUtil.properties.getProperty("proxy_password")));
            connection = (HttpsURLConnection) url.openConnection(proxy);
        }else{
            connection = (HttpsURLConnection) url.openConnection();
        }
        Date end = new Date(System.currentTimeMillis());
        System.out.println("open connection ok at " + end + ",cost:"+ (end.getTime() - current.getTime()));
        connection.setRequestProperty("Content-Type", "text/xml");
        connection.setDoOutput(true);
        connection.setDoInput(true);
        connection.setRequestMethod("POST");
        connection.setUseCaches(false);
        connection.setReadTimeout(30000);
        byte data[] = sendData.getBytes();
        current = new Date(System.currentTimeMillis());
        System.out.println("[SSLIX]notifyEai,begint to write data at " + current);
        OutputStream out = connection.getOutputStream();
        out.write(data);
        end = new Date(System.currentTimeMillis());
        System.out.println("write data ok at " + end + ",cost:" + (end.getTime() - current.getTime()));
        StringBuffer receivedData = new StringBuffer();
        current = new Date(System.currentTimeMillis());
        System.out.println("begint to read data at " + current);
        InputStreamReader inReader = new InputStreamReader(connection.getInputStream(), "UTF-8");
        BufferedReader aReader = new BufferedReader(inReader);
        String aLine;
        while ((aLine = aReader.readLine()) != null) {
            receivedData.append(aLine);
        }
        end = new Date(System.currentTimeMillis());
        System.out.println("read data ok at " + end + ",cost:" + (end.getTime() - current.getTime()));
        System.out.println("开始返回状态码");
        Integer statusCode = connection.getResponseCode();
        System.out.println("返回状态码:" + statusCode);
        aReader.close();
        connection.disconnect();
        return receivedData.toString();
    }

    public static void main(String[] args) throws Exception {
        System.out.println(ClientSendDataDouble.send("https://localhost:8443/spdbSjptServer/", "", "", "5", false, "D:/cert/tbb.jks", "12345678", "D:/cert/client.p12", "12345678", "PKCS12"));
    }
}

 

附:

import java.io.IOException;
import java.util.Properties;


public class PropertiesUtil {
    public static final Properties properties = new Properties();
    static {
         try {
          properties.load(PropertiesUtil.class.getClassLoader().getResourceAsStream("config.properties"));
         } catch (IOException e) { 
             ECommonUtil.getLog().error("初始config配置文件失败");
        }
    }
}

 

java https tomcat 单双认证(含证书生成和代码实现) 原创转载请备注,谢谢O(∩_∩)O

标签:

原文地址:http://www.cnblogs.com/sprinng/p/5757795.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!