1. 生成bks与jks密钥证书
1.1 jks证书生成
1.1.1 生成服务端JKS秘钥与证书指令
keytool -genkeypair -alias myserver -keystore myserver.jks
1.1.2 服务器导出证书server.cer
keytool -exportcert -alias myserver -keystore myserver.jks -file trust.cer
1.1.3从证书导出信任客户端
keytool -importcert -file trust.cer -keystore trust.jks
1.2bks证书生成
1.2.1 安装所需环境以及配置
1.2.1.1 下载依赖包
点我下载(csdn下载)快速
点我下载(maven下载)
1.2.1.2 将下载好的jar包放到java环境中去 具体路径如下 %JAVAHOME%/jre/lib/ext
1.2.1.3 添加安全加密环境配置
s e c u r i t y . p r o v i d e r . X = o r g . b o u n c y c a s t l e . j c e . p r o v i d e r . B o u n c y C a s t l e P r o v i d e r / / 数 字 x 为 上 一 个 p r o v i d e r 的 y + 1 security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider //数字x为上一个provider的y+1 security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider//数字x为上一个provider的y+1
1.2.1.4 重启
1.2.2 生成客户端bks密钥与证书指令
keytool -genkey -keystore client.bks -storepass 密码 -keyalg RSA -keypass 密码 -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider
1.2.3 导出客户端证书client.cer
keytool -exportcert -keystore client.bks -storepass 密码 -storetype BKS -file client.cer -provider org.bouncycastle.jce.provider.BouncyCastleProvider
1.2.4 把证书导入信任库
keytool -import -keystore tserver.bks -storetype BKS -storepass 密码 -file client.cer
1.3 总结
我们得到了一下几个文件以及文件密码
myserver.jks : 服务器端的jks密钥(KeyManager) client.bks: 客户端的bks密钥(KeyManager)
trust.cer :服务器端信任证书 client.cer: 客户端信任证书。
trust.jks:服务器端信任的客户端 tserver.bks :客户端信任的服务器端
2. 代码
2.1 服务器端代码
package Service;import org.bouncycastle.jce.provider.BouncyCastleProvider;import javax.net.ssl.*;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;
import java.util.Properties;public class Service {private static final int port = 9999;public static SSLServerSocket createServerSocket() throws Exception {KeyStore ks = KeyStore.getInstance("jks");KeyStore bks = KeyStore.getInstance("bks", new BouncyCastleProvider());ClassLoader cl = Service.class.getClassLoader();InputStream tis = cl.getResourceAsStream("tserver.bks");InputStream input = cl.getResourceAsStream("myserver.jks");Properties properties = new Properties();properties.load(cl.getResourceAsStream("server.properties"));String server_jsk = properties.getProperty("server_jsk");String cer_trust = properties.getProperty("cer_trust");String client_trust = properties.getProperty("client_trust");bks.load(tis, client_trust.toCharArray());ks.load(input, server_jsk.toCharArray());KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");TrustManagerFactory tks = TrustManagerFactory.getInstance("SunX509");tks.init(bks);kmf.init(ks, cer_trust.toCharArray());SSLContext context = SSLContext.getInstance("TLSv1.2");context.init(kmf.getKeyManagers(), tks.getTrustManagers(), null);input.close();SSLServerSocketFactory ssf = context.getServerSocketFactory();return (SSLServerSocket) ssf.createServerSocket(port);}public static void main(String[] args) throws Exception {final ServerSocket ss = createServerSocket();System.out.println("ssl server startup at port " + port);while (true) {final Socket s = ss.accept();new Thread(() -> {InputStream inputStream = null;try {inputStream = s.getInputStream();byte[] b = new byte[1024];inputStream.read(b);System.out.println(new String(b));} catch (Exception e) {e.printStackTrace();} finally {try {inputStream.close();s.close();} catch (IOException e) {e.printStackTrace();}}}).start();}}}2.2 客户端代码
package Service;import javax.net.SocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.util.Properties;import org.bouncycastle.jce.provider.*;public class Client {private static final int port = 9999;public static SSLSocket createSocket(String host) throws Exception {KeyStore ks = KeyStore.getInstance("jks");KeyStore bks = KeyStore.getInstance("bks", new BouncyCastleProvider());ClassLoader cl = Client.class.getClassLoader();Properties pt = new Properties();InputStream tinput = cl.getResourceAsStream("client.bks");InputStream input = cl.getResourceAsStream("trust.jks");KeyManagerFactory instance = KeyManagerFactory.getInstance("SunX509");TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");pt.load(cl.getResourceAsStream("client.properties"));bks.load(tinput,pt.getProperty("client_bks").toCharArray());ks.load(input, pt.getProperty("server_trust").toCharArray());instance.init(bks,pt.getProperty("crt_trust").toCharArray());tmf.init(ks);SSLContext context = SSLContext.getInstance("TLSv1.2");context.init(instance.getKeyManagers(), tmf.getTrustManagers(), null);input.close();SocketFactory sf = context.getSocketFactory();return (SSLSocket) sf.createSocket(host, port);}public static void main(String[] args) throws Exception {Socket s = createSocket("127.0.0.1");byte[] b = new byte[1024];System.out.println("创建连接!");OutputStream outputStream = s.getOutputStream();outputStream.write("hello world".getBytes());outputStream.close();s.close();}}2.3 软件结构
3.实验结果
Client端:
Service端:
