论坛 › Tomcat › Java Tomcat SSL 服务端/客户端双向认证（一）

cy_88 发表于 2018-12-5 13:11:22

Java Tomcat SSL 服务端/客户端双向认证（一）

http://www.blogjava.net/Images/OutliningIndicators/None.gifpackage com.icesoft.servlet;http://www.blogjava.net/Images/OutliningIndicators/None.gif
http://www.blogjava.net/Images/OutliningIndicators/None.gifimport java.io.IOException;
http://www.blogjava.net/Images/OutliningIndicators/None.gifimport java.io.PrintWriter;
http://www.blogjava.net/Images/OutliningIndicators/None.gifimport java.security.cert.X509Certificate;
http://www.blogjava.net/Images/OutliningIndicators/None.gif
http://www.blogjava.net/Images/OutliningIndicators/None.gifimport javax.servlet.ServletException;
http://www.blogjava.net/Images/OutliningIndicators/None.gifimport javax.servlet.http.HttpServlet;
http://www.blogjava.net/Images/OutliningIndicators/None.gifimport javax.servlet.http.HttpServletRequest;
http://www.blogjava.net/Images/OutliningIndicators/None.gifimport javax.servlet.http.HttpServletResponse;
http://www.blogjava.net/Images/OutliningIndicators/None.gif
http://www.blogjava.net/Images/OutliningIndicators/ExpandedBlockStart.gif/**
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif *
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif * SSL Servlet
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif *
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif *
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif * @author IceWee
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif * @date 2012-6-4
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif * @version 1.0
http://www.blogjava.net/Images/OutliningIndicators/ExpandedBlockEnd.gif */
http://www.blogjava.net/Images/OutliningIndicators/ExpandedBlockStart.gifpublic class SSLServlet extends HttpServlet {
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif    private static final long serialVersionUID = 1601507150278487538L;
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif    private static final String ATTR_CER = "javax.servlet.request.X509Certificate";
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif    private static final String CONTENT_TYPE = "text/plain;";
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif    private static final String DEFAULT_ENCODING = "UTF-8";
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif    private static final String SCHEME_HTTPS = "https";
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif    public void doGet(HttpServletRequest request, HttpServletResponse response)
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockStart.gif            throws ServletException, IOException {
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif      response.setContentType(CONTENT_TYPE);
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif      response.setCharacterEncoding(DEFAULT_ENCODING);
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif      PrintWriter out = response.getWriter();
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif      X509Certificate[] certs = (X509Certificate[]) request.getAttribute(ATTR_CER);
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockStart.gif      if (certs != null) {
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif            int count = certs.length;
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif            out.println("共检测到[" + count + "]个客户端证书http://www.blogjava.net/Images/dot.gif");
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockStart.gif            for (int i = 0; i < count; i++) {
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif                out.println(&quot;客户端证书 [&quot; + (++i) + &quot;]： &quot;);
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif                out.println(&quot;校验结果：&quot; + verifyCertificate(certs[--i]));
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif                out.println(&quot;证书详细：\r&quot; + certs.toString());
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockEnd.gif            }
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockStart.gif      } else {
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockStart.gif            if (SCHEME_HTTPS.equalsIgnoreCase(request.getScheme())) {
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif                out.println(&quot;这是一个HTTPS请求，但是没有可用的客户端证书http://www.blogjava.net/Images/dot.gif&quot;);
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockStart.gif            } else {
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif                out.println(&quot;这不是一个HTTPS请求，因此无法获得客户端证书列表http://www.blogjava.net/Images/dot.gif &quot;);
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockEnd.gif            }
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockEnd.gif      }
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif      out.close();
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockEnd.gif    }
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif    public void doPost(HttpServletRequest request, HttpServletResponse response)
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockStart.gif            throws ServletException, IOException {
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif      doGet(request, response);
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockEnd.gif    }
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockStart.gif    /**
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif   *
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif   * 校验证书是否过期
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif   *
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif   *
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif   * @param certificate
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif   * @return
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockEnd.gif   */
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockStart.gif    private boolean verifyCertificate(X509Certificate certificate) {
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif      boolean valid = true;
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockStart.gif      try {
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif            certificate.checkValidity();
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockStart.gif      } catch (Exception e) {
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif            e.printStackTrace();
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif            valid = false;
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockEnd.gif      }
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif      return valid;
http://www.blogjava.net/Images/OutliningIndicators/ExpandedSubBlockEnd.gif    }
http://www.blogjava.net/Images/OutliningIndicators/InBlock.gif
http://www.blogjava.net/Images/OutliningIndicators/ExpandedBlockEnd.gif}
http://www.blogjava.net/Images/OutliningIndicators/None.gif

查看完整版本: Java Tomcat SSL 服务端/客户端双向认证（一）