Spring,smppapi,apache mina, ssl快速实现安全的smpp(6)
接上一篇: http://618119.com/archives/2007/12/13/45.html使用 commons ssl生成 SSLContext :
view plaincopy to clipboardprint?
[*]package com.lizongbo.ssl;
[*]import javax.net.ssl.SSLContext;
[*]import java.security.GeneralSecurityException;
[*]import java.io.IOException;
[*]import javax.net.ssl.KeyManager;
[*]import org.apache.commons.ssl.KeyMaterial;
[*]public class SMPPSSLContextFactory {
[*]private static final String PROTOCOL = “TLS”;
[*]private static final String CA_FILE = “ca.crt.properties”;
[*]private static final String CERT_FILE = “server.crt.properties”;
[*]private static final String KEY_FILE = “server.key.properties”;
[*]private static final String CILENT_FILE = “client.crt.properties”;;//”client.p12.properties”;
[*]private static final String CILENT_KEY_FILE = “client.key.properties”;
[*]private static final char[] password =new char ;//”lizongbo”.toCharArray();
[*]private static SSLContext serverInstance = null;
[*]private static SSLContext clientInstance = null;
[*]/**
[*]* Get SSLContext singleton.
[*]*
[*]* @return SSLContext
[*]* @throws java.security.GeneralSecurityException
[*]*
[*]*/
[*]public static SSLContext getInstance(boolean server) throws
[*]GeneralSecurityException, IOException {
[*]SSLContext retInstance = null;
[*]if (server) {
[*]if (serverInstance == null) {
[*]synchronized (SMPPSSLContextFactory.class) {
[*]if (serverInstance == null) {
[*]try {
[*]serverInstance = createSMPPServerSSLContext();
[*]}
[*]catch (Exception ioe) {
[*]throw new GeneralSecurityException(
[*]“Can’t create Server SSLContext:” + ioe);
[*]}
[*]}
[*]}
[*]}
[*]retInstance = serverInstance;
[*]}
[*]else {
[*]if (clientInstance == null) {
[*]synchronized (SMPPSSLContextFactory.class) {
[*]if (clientInstance == null) {
[*]clientInstance = createSMPPClientSSLContext();
[*]}
[*]}
[*]}
[*]retInstance = clientInstance;
[*]}
[*]return retInstance;
[*]}
[*]private static SSLContext createSMPPServerSSLContext() throws
[*]GeneralSecurityException, IOException {
[*]// ssl.setCheckHostname(false); // default setting is “false” for SSLServer
[*]// ssl.setCheckExpiry(true); // default setting is “true” for SSLServer
[*]// ssl.setCheckCRL(true); // default setting is “true” for SSLServer
[*]// ssl.useStrongCiphers();
[*]// return ssl.getSSLContext();
[*]SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
[*]KeyMaterial km = new KeyMaterial(SMPPSSLContextFactory.class
[*].getResourceAsStream(CERT_FILE),
[*]SMPPSSLContextFactory.class
[*].getResourceAsStream(KEY_FILE),
[*]password);
[*]sslContext.init( (KeyManager[]) km.getKeyManagers(),
[*]SMPPTrustManagerFactory.X509_MANAGERS, null);
[*]// System.out.println(”getCipherSuites ==” +
[*]// java.util.Arrays.toString(sslContext.getServerSessionContext().
[*]// getSupportedSSLParameters().
[*]// getCipherSuites()));
[*]return sslContext;
[*]}
[*]private static SSLContext createSMPPClientSSLContext() throws
[*]GeneralSecurityException, IOException {
[*]{
[*]SSLContext context = SSLContext.getInstance(PROTOCOL);
[*]KeyMaterial km = new KeyMaterial(SMPPSSLContextFactory.class
[*].getResourceAsStream(CILENT_FILE),
[*]SMPPSSLContextFactory.class
[*].getResourceAsStream(CILENT_KEY_FILE),
[*]password);
[*]context.init( (KeyManager[]) km.getKeyManagers(),
[*]SMPPTrustManagerFactory.X509_MANAGERS, null);
[*]return context;
[*]}
[*]}
[*]}
package com.lizongbo.ssl;
import javax.net.ssl.SSLContext;
import java.security.GeneralSecurityException;
import java.io.IOException;
import javax.net.ssl.KeyManager;
import org.apache.commons.ssl.KeyMaterial;
public class SMPPSSLContextFactory {
private static final String PROTOCOL = “TLS”;
private static final String CA_FILE = “ca.crt.properties”;
private static final String CERT_FILE = “server.crt.properties”;
private static final String KEY_FILE = “server.key.properties”;
private static final String CILENT_FILE = “client.crt.properties”;;//”client.p12.properties”;
private static final String CILENT_KEY_FILE = “client.key.properties”;
private static final char[] password =new char ;//”lizongbo”.toCharArray();
private static SSLContext serverInstance = null;
private static SSLContext clientInstance = null;
/**
* Get SSLContext singleton.
*
* @return SSLContext
* @throws java.security.GeneralSecurityException
*
*/
public static SSLContext getInstance(boolean server) throws
GeneralSecurityException, IOException {
SSLContext retInstance = null;
if (server) {
if (serverInstance == null) {
synchronized (SMPPSSLContextFactory.class) {
if (serverInstance == null) {
try {
serverInstance = createSMPPServerSSLContext();
}
catch (Exception ioe) {
throw new GeneralSecurityException(
“Can’t create Server SSLContext:” + ioe);
}
}
}
}
retInstance = serverInstance;
}
else {
if (clientInstance == null) {
synchronized (SMPPSSLContextFactory.class) {
if (clientInstance == null) {
clientInstance = createSMPPClientSSLContext();
}
}
}
retInstance = clientInstance;
}
return retInstance;
}
private static SSLContext createSMPPServerSSLContext() throws
GeneralSecurityException, IOException {
// ssl.setCheckHostname(false); // default setting is “false” for SSLServer
// ssl.setCheckExpiry(true); // default setting is “true” for SSLServer
// ssl.setCheckCRL(true); // default setting is “true” for SSLServer
// ssl.useStrongCiphers();
// return ssl.getSSLContext();
SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
KeyMaterial km = new KeyMaterial(SMPPSSLContextFactory.class
.getResourceAsStream(CERT_FILE),
SMPPSSLContextFactory.class
.getResourceAsStream(KEY_FILE),
password);
sslContext.init( (KeyManager[]) km.getKeyManagers(),
SMPPTrustManagerFactory.X509_MANAGERS, null);
// System.out.println(”getCipherSuites ==” +
// java.util.Arrays.toString(sslContext.getServerSessionContext().
// getSupportedSSLParameters().
// getCipherSuites()));
return sslContext;
}
private static SSLContext createSMPPClientSSLContext() throws
GeneralSecurityException, IOException {
{
SSLContext context = SSLContext.getInstance(PROTOCOL);
KeyMaterial km = new KeyMaterial(SMPPSSLContextFactory.class
.getResourceAsStream(CILENT_FILE),
SMPPSSLContextFactory.class
.getResourceAsStream(CILENT_KEY_FILE),
password);
context.init( (KeyManager[]) km.getKeyManagers(),
SMPPTrustManagerFactory.X509_MANAGERS, null);
return context;
}
}
}
实现证书检查认证的代码:
view plaincopy to clipboardprint?
[*]package com.lizongbo.ssl;
[*]import java.security.InvalidAlgorithmParameterException;
[*]import java.security.KeyStore;
[*]import java.security.KeyStoreException;
[*]import java.security.cert.CertificateException;
[*]import java.security.cert.X509Certificate;
[*]import javax.net.ssl.ManagerFactoryParameters;
[*]import javax.net.ssl.TrustManager;
[*]import javax.net.ssl.TrustManagerFactorySpi;
[*]import javax.net.ssl.X509TrustManager;
[*]public class SMPPTrustManagerFactory
[*]extends TrustManagerFactorySpi {
[*]static final X509TrustManager X509 = new X509TrustManager() {
[*]public void checkClientTrusted(X509Certificate[] x509Certificates,
[*]String s) throws CertificateException {
[*]if (x509Certificates != null) {
[*]for (X509Certificate elem : x509Certificates) {
[*]elem.checkValidity();
[*]//System.out.println(”checkClientTrusted elem ==” + elem);
[*]}
[*]}
[*]// System.out.println(”checkClientTrusted s ==” + s);
[*]}
[*]public void checkServerTrusted(X509Certificate[] x509Certificates,
[*]String s) throws CertificateException {
[*]if (x509Certificates != null) {
[*]for (X509Certificate elem : x509Certificates) {
[*]// System.out.println(”checkServerTrusted elem ==” + elem);
[*]}
[*]}
[*]// System.out.println(”checkServerTrusted s ==” + s);
[*]}
[*]public X509Certificate[] getAcceptedIssuers() {
[*]return new X509Certificate;
[*]}
[*]};
[*]static final TrustManager[] X509_MANAGERS = new TrustManager[] {
[*]X509};
[*]public SMPPTrustManagerFactory() {
[*]}
[*]protected TrustManager[] engineGetTrustManagers() {
[*]return X509_MANAGERS;
[*]}
[*]protected void engineInit(KeyStore keystore) throws KeyStoreException {
[*]// noop
[*]}
[*]protected void engineInit(
[*]ManagerFactoryParameters managerFactoryParameters) throws
[*]InvalidAlgorithmParameterException {
[*]// noop
[*]}
[*]}
页:
[1]