【发布时间】:2018-11-24 06:36:41
【问题描述】:
我的密钥库中有两个密钥:
D:\javasslstores2>keytool -list -keystore keystore.jks -storepass passwd123
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
ssl_key_2, Jun 14, 2018, PrivateKeyEntry,
Certificate fingerprint (SHA1): 36:A4:FB:E6:47:12:59:D6:C3:E1:06:21:4B:21:79:7E:33:86:48:52
ssl_key, Jun 13, 2018, PrivateKeyEntry,
Certificate fingerprint (SHA1): 03:08:2C:CA:A4:84:DD:61:20:05:F7:56:F5:44:4C:A4:35:2B:8C:6C
以及我的信任库中对应的两个证书:
D:\javasslstores2>keytool -list -keystore truststore.jks -storepass passwd123
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
ssl_key_2, Jun 14, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 36:A4:FB:E6:47:12:59:D6:C3:E1:06:21:4B:21:79:7E:33:86:48:52
ssl_key, Jun 14, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 03:08:2C:CA:A4:84:DD:61:20:05:F7:56:F5:44:4C:A4:35:2B:8C:6C
我已经编写了简单的 java ssl 客户端和服务器:
服务器
public class Server {
static KeyStore ks;
static KeyManagerFactory kmf;
static TrustManagerFactory tmf;
static SSLContext sc;
static TrustManager[] trustManagers;
static {
try {
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("D:\\javasslstores\\keystore.jks"), "passwd123".toCharArray());
kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "passwd123".toCharArray());
tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
} catch (Exception e) {
System.out.println(e.getMessage());
System.out.println(e.getStackTrace());
}
}
public static void main(String[] args) throws IOException {
System.out.println("SSL Server");
SSLServerSocketFactory ssf = sc.getServerSocketFactory();
SSLServerSocket s = (SSLServerSocket) ssf.createServerSocket(8089);
System.out.println("Listening on port 8089");
SSLSocket socket = (SSLSocket) s.accept();
PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
try (BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(socket.getInputStream()))) {
String line;
System.out.println("Data from client:");
while((line = bufferedReader.readLine()) != null){
System.out.println(line);
out.println(line);
}
}
System.out.println("Closed");
}
}
客户
public class Client {
static KeyStore ks;
static KeyManagerFactory kmf;
static TrustManagerFactory tmf;
static SSLContext sc;
static TrustManager[] trustManagers;
static
{
try
{
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("D:\\javasslstores\\keystore.jks"), "passwd123".toCharArray());
kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "passwd123".toCharArray());
tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
} catch (Exception e) {
System.out.println(e.getMessage());
System.out.println(e.getStackTrace());
}
}
public static void main(String[] args) throws IOException {
SSLSocketFactory ssf = sc.getSocketFactory();
SSLSocket socket = (SSLSocket) ssf.createSocket("localhost", 8089);
socket.startHandshake();
PrintWriter out = new PrintWriter
(new BufferedWriter
(new OutputStreamWriter
(socket.getOutputStream())));
System.out.println("SSL Client");
out.println("GET / HTTP/1.0");
out.println("From java ssl client");
out.println("written by me");
out.flush();
if (out.checkError())
System.out.println("SSLSocketClient: java.io.PrintWriter error");
BufferedReader in = new BufferedReader(
new InputStreamReader(
socket.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
out.close();
socket.close();
}
}
以上代码运行良好。
疑问:
- 有两个名称为
ssl_key和ssl_key_2的密钥和证书。他们使用哪一种? - 他们最终如何使用同一对密钥和证书?
【问题讨论】:
-
该服务器代码不请求客户端身份验证,因此即使您为客户端提供了密钥库,客户端也不应该为自己使用任何密钥(和证书);它应该只使用信任库验证服务器的证书。 PS:这不是一个有效的 HTTP 请求,但是你的服务器也不是 HTTP 服务器。