|
接上一篇: http://618119.com/archives/2007/12/13/45.html
使用 commons ssl生成 SSLContext :
view plaincopy to clipboardprint?
- package com.lizongbo.ssl;
- import javax.net.ssl.SSLContext;
- import java.security.GeneralSecurityException;
- import java.io.IOException;
- import javax.net.ssl.KeyManager;
- import org.apache.commons.ssl.KeyMaterial;
- public class SMPPSSLContextFactory {
- private static final String PROTOCOL = “TLS”;
- private static final String CA_FILE = “ca.crt.properties”;
- private static final String CERT_FILE = “server.crt.properties”;
- private static final String KEY_FILE = “server.key.properties”;
- private static final String CILENT_FILE = “client.crt.properties”;;//”client.p12.properties”;
- private static final String CILENT_KEY_FILE = “client.key.properties”;
- private static final char[] password =new char[0] ;//”lizongbo”.toCharArray();
- private static SSLContext serverInstance = null;
- private static SSLContext clientInstance = null;
- /**
- * Get SSLContext singleton.
- *
- * @return SSLContext
- * @throws java.security.GeneralSecurityException
- *
- */
- public static SSLContext getInstance(boolean server) throws
- GeneralSecurityException, IOException {
- SSLContext retInstance = null;
- if (server) {
- if (serverInstance == null) {
- synchronized (SMPPSSLContextFactory.class) {
- if (serverInstance == null) {
- try {
- serverInstance = createSMPPServerSSLContext();
- }
- catch (Exception ioe) {
- throw new GeneralSecurityException(
- “Can’t create Server SSLContext:” + ioe);
- }
- }
- }
- }
- retInstance = serverInstance;
- }
- else {
- if (clientInstance == null) {
- synchronized (SMPPSSLContextFactory.class) {
- if (clientInstance == null) {
- clientInstance = createSMPPClientSSLContext();
- }
- }
- }
- retInstance = clientInstance;
- }
- return retInstance;
- }
- private static SSLContext createSMPPServerSSLContext() throws
- GeneralSecurityException, IOException {
- // ssl.setCheckHostname(false); // default setting is “false” for SSLServer
- // ssl.setCheckExpiry(true); // default setting is “true” for SSLServer
- // ssl.setCheckCRL(true); // default setting is “true” for SSLServer
- // ssl.useStrongCiphers();
- // return ssl.getSSLContext();
- SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
- KeyMaterial km = new KeyMaterial(SMPPSSLContextFactory.class
- .getResourceAsStream(CERT_FILE),
- SMPPSSLContextFactory.class
- .getResourceAsStream(KEY_FILE),
- password);
- sslContext.init( (KeyManager[]) km.getKeyManagers(),
- SMPPTrustManagerFactory.X509_MANAGERS, null);
- // System.out.println(”getCipherSuites ==” +
- // java.util.Arrays.toString(sslContext.getServerSessionContext().
- // getSupportedSSLParameters().
- // getCipherSuites()));
- return sslContext;
- }
- private static SSLContext createSMPPClientSSLContext() throws
- GeneralSecurityException, IOException {
- {
- SSLContext context = SSLContext.getInstance(PROTOCOL);
- KeyMaterial km = new KeyMaterial(SMPPSSLContextFactory.class
- .getResourceAsStream(CILENT_FILE),
- SMPPSSLContextFactory.class
- .getResourceAsStream(CILENT_KEY_FILE),
- password);
- context.init( (KeyManager[]) km.getKeyManagers(),
- SMPPTrustManagerFactory.X509_MANAGERS, null);
- return context;
- }
- }
- }
package com.lizongbo.ssl;
import javax.net.ssl.SSLContext;
import java.security.GeneralSecurityException;
import java.io.IOException;
import javax.net.ssl.KeyManager;
import org.apache.commons.ssl.KeyMaterial;
public class SMPPSSLContextFactory {
private static final String PROTOCOL = “TLS”;
private static final String CA_FILE = “ca.crt.properties”;
private static final String CERT_FILE = “server.crt.properties”;
private static final String KEY_FILE = “server.key.properties”;
private static final String CILENT_FILE = “client.crt.properties”;;//”client.p12.properties”;
private static final String CILENT_KEY_FILE = “client.key.properties”;
private static final char[] password =new char[0] ;//”lizongbo”.toCharArray();
private static SSLContext serverInstance = null;
private static SSLContext clientInstance = null;
/**
* Get SSLContext singleton.
*
* @return SSLContext
* @throws java.security.GeneralSecurityException
*
*/
public static SSLContext getInstance(boolean server) throws
GeneralSecurityException, IOException {
SSLContext retInstance = null;
if (server) {
if (serverInstance == null) {
synchronized (SMPPSSLContextFactory.class) {
if (serverInstance == null) {
try {
serverInstance = createSMPPServerSSLContext();
}
catch (Exception ioe) {
throw new GeneralSecurityException(
“Can’t create Server SSLContext:” + ioe);
}
}
}
}
retInstance = serverInstance;
}
else {
if (clientInstance == null) {
synchronized (SMPPSSLContextFactory.class) {
if (clientInstance == null) {
clientInstance = createSMPPClientSSLContext();
}
}
}
retInstance = clientInstance;
}
return retInstance;
}
private static SSLContext createSMPPServerSSLContext() throws
GeneralSecurityException, IOException {
// ssl.setCheckHostname(false); // default setting is “false” for SSLServer
// ssl.setCheckExpiry(true); // default setting is “true” for SSLServer
// ssl.setCheckCRL(true); // default setting is “true” for SSLServer
// ssl.useStrongCiphers();
// return ssl.getSSLContext();
SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
KeyMaterial km = new KeyMaterial(SMPPSSLContextFactory.class
.getResourceAsStream(CERT_FILE),
SMPPSSLContextFactory.class
.getResourceAsStream(KEY_FILE),
password);
sslContext.init( (KeyManager[]) km.getKeyManagers(),
SMPPTrustManagerFactory.X509_MANAGERS, null);
// System.out.println(”getCipherSuites ==” +
// java.util.Arrays.toString(sslContext.getServerSessionContext().
// getSupportedSSLParameters().
// getCipherSuites()));
return sslContext;
}
private static SSLContext createSMPPClientSSLContext() throws
GeneralSecurityException, IOException {
{
SSLContext context = SSLContext.getInstance(PROTOCOL);
KeyMaterial km = new KeyMaterial(SMPPSSLContextFactory.class
.getResourceAsStream(CILENT_FILE),
SMPPSSLContextFactory.class
.getResourceAsStream(CILENT_KEY_FILE),
password);
context.init( (KeyManager[]) km.getKeyManagers(),
SMPPTrustManagerFactory.X509_MANAGERS, null);
return context;
}
}
}
实现证书检查认证的代码:
view plaincopy to clipboardprint?
- package com.lizongbo.ssl;
- import java.security.InvalidAlgorithmParameterException;
- import java.security.KeyStore;
- import java.security.KeyStoreException;
- import java.security.cert.CertificateException;
- import java.security.cert.X509Certificate;
- import javax.net.ssl.ManagerFactoryParameters;
- import javax.net.ssl.TrustManager;
- import javax.net.ssl.TrustManagerFactorySpi;
- import javax.net.ssl.X509TrustManager;
- public class SMPPTrustManagerFactory
- extends TrustManagerFactorySpi {
- static final X509TrustManager X509 = new X509TrustManager() {
- public void checkClientTrusted(X509Certificate[] x509Certificates,
- String s) throws CertificateException {
- if (x509Certificates != null) {
- for (X509Certificate elem : x509Certificates) {
- elem.checkValidity();
- //System.out.println(”checkClientTrusted elem ==” + elem);
- }
- }
- // System.out.println(”checkClientTrusted s ==” + s);
- }
- public void checkServerTrusted(X509Certificate[] x509Certificates,
- String s) throws CertificateException {
- if (x509Certificates != null) {
- for (X509Certificate elem : x509Certificates) {
- // System.out.println(”checkServerTrusted elem ==” + elem);
- }
- }
- // System.out.println(”checkServerTrusted s ==” + s);
- }
- public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[0];
- }
- };
- static final TrustManager[] X509_MANAGERS = new TrustManager[] {
- X509};
- public SMPPTrustManagerFactory() {
- }
- protected TrustManager[] engineGetTrustManagers() {
- return X509_MANAGERS;
- }
- protected void engineInit(KeyStore keystore) throws KeyStoreException {
- // noop
- }
- protected void engineInit(
- ManagerFactoryParameters managerFactoryParameters) throws
- InvalidAlgorithmParameterException {
- // noop
- }
- }
|
|