博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
SSL通关之代码演示样例(四)
阅读量:6888 次
发布时间:2019-06-27

本文共 6953 字,大约阅读时间需要 23 分钟。

实际开发过程中,server端是不须要多加代码处理的,由于ssl验证过程是由server(tomcat、nginx等)完毕的。

这段代码也是參考了网上的:

新建一个web项目,项目结构和须要引入的jar例如以下:

web.xml配置:

     
       
      
       Secure Sockets Layer
        
          
       
        SSLServlet
           
       
        com.sengle.cloud.servlet.SSLServlet
         
        
          
       
        SSLServlet
           
       
        /sslServlet
         
        
          
       
        index.jsp
         
          
        
          
             
        
         SSL
              
        
         /*
            
           
             
        
         SSL required
              
        
         CONFIDENTIAL

server端,写了个servlet(注意配置到web.xml中)。代码例如以下:

import java.io.IOException;import java.io.PrintWriter;import java.security.cert.X509Certificate;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;public class SSLServlet extends HttpServlet {    private static final long serialVersionUID = 1601507150278487538L;    private static final String ATTR_CER = "javax.servlet.request.X509Certificate";    private static final String CONTENT_TYPE = "text/plain;charset=UTF-8";    private static final String DEFAULT_ENCODING = "UTF-8";    private static final String SCHEME_HTTPS = "https";    public void doGet(HttpServletRequest request, HttpServletResponse response)            throws ServletException, IOException {        response.setContentType(CONTENT_TYPE);        response.setCharacterEncoding(DEFAULT_ENCODING);        PrintWriter out = response.getWriter();        X509Certificate[] certs = (X509Certificate[]) request.getAttribute(ATTR_CER);        if (certs != null) {            int count = certs.length;            out.println("共检測到[" + count + "]个client证书");            for (int i = 0; i < count; i++) {                out.println("client证书 [" + (++i) + "]: ");                out.println("校验结果:" + verifyCertificate(certs[--i]));                out.println("证书具体:\r" + certs[i].toString());            }        } else {            if (SCHEME_HTTPS.equalsIgnoreCase(request.getScheme())) {                out.println("这是一个HTTPS请求。可是没有可用的client证书");                request.setAttribute("user", "username");                out.println(request.getAttribute("user"));            } else {                out.println("这不是一个HTTPS请求,因此无法获得client证书列表 ");                            }        }        out.close();    }    public void doPost(HttpServletRequest request, HttpServletResponse response)            throws ServletException, IOException {        doGet(request, response);    }        /**     * 
     * 校验证书是否过期     * 
     *      * @param certificate     * @return     */    private boolean verifyCertificate(X509Certificate certificate) {        boolean valid = true;        try {            certificate.checkValidity();        } catch (Exception e) {            e.printStackTrace();            valid = false;        }        return valid;    }

client代码: 

/** * Copyright (C) 2011-2014 sgcc Inc.  * All right reserved.  * modify info: */package com.sengle.cloud.client;import java.io.BufferedReader;import java.io.File;import java.io.FileInputStream;import java.io.InputStream;import java.io.InputStreamReader;import java.security.KeyStore;import org.apache.http.HttpEntity;import org.apache.http.HttpResponse;import org.apache.http.client.HttpClient;import org.apache.http.client.methods.HttpGet;import org.apache.http.conn.scheme.Scheme;import org.apache.http.conn.ssl.SSLSocketFactory;import org.apache.http.impl.client.DefaultHttpClient;import org.apache.http.util.EntityUtils;public class HttpsClient {    private static final String KEY_STORE_TYPE_TRUST = "jks"; //假设证书为bks格式,那么要改为bks,同一时候以下的KEY_STORE_TYPE_CLIENT也要改为bks//    private static final String KEY_STORE_TYPE_CLIENT = "PKCS12"; //假设KEY_STORE_TYPE_TRUST为jks,则KEY_STORE_TYPE_CLIENT为PKCS12    private static final String KEY_STORE_TYPE_CLIENT = "PKCS12"; //假设KEY_STORE_TYPE_TRUST为bks,则此处也应该为bks。    private static final String SCHEME_HTTPS = "https";    private static final int HTTPS_PORT = 8443; //此处为tomcat中的配置。默觉得8443    private static final String HTTPS_URL = "https://10.100.100.24:8443/SSL/sslServlet";        private static final String basePath = "D:/SSL/";    private static final String KEY_STORE_CLIENT_PATH = basePath + "/client-24.p12"; //假设为bks,那么此处应该为bks格式的证书    private static final String KEY_STORE_TRUST_PATH = basePath + "/client-24.truststore"; //假设为bks,那么此处应该为bks格式的证书    private static final String KEY_STORE_PASSWORD = "123456"; //password    private static final String KEY_STORE_TRUST_PASSWORD = "123456";  // password    public static void main(String[] args) throws Exception {        ssl();    }        private static void ssl() throws Exception {        HttpClient httpClient = new DefaultHttpClient();        try {            KeyStore keyStore  = KeyStore.getInstance(KEY_STORE_TYPE_CLIENT);            KeyStore trustStore  = KeyStore.getInstance(KEY_STORE_TYPE_TRUST);            InputStream ksIn = new FileInputStream(KEY_STORE_CLIENT_PATH);            InputStream tsIn = new FileInputStream(new File(KEY_STORE_TRUST_PATH));            try {                keyStore.load(ksIn, KEY_STORE_PASSWORD.toCharArray());                trustStore.load(tsIn, KEY_STORE_TRUST_PASSWORD.toCharArray());            } finally {                try { ksIn.close(); } catch (Exception ignore) {}                try { tsIn.close(); } catch (Exception ignore) {}            }            //双向验证载入keystore和truststore两个证书            SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, KEY_STORE_PASSWORD, trustStore);                     /*             * 单向验证,仅仅载入truststore            SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);            */                        Scheme sch = new Scheme(SCHEME_HTTPS, HTTPS_PORT, socketFactory);            httpClient.getConnectionManager().getSchemeRegistry().register(sch);            HttpGet httpget = new HttpGet(HTTPS_URL);            System.out.println("executing request" + httpget.getRequestLine());            HttpResponse response = httpClient.execute(httpget);            HttpEntity entity = response.getEntity();            System.out.println("----------------------------------------");            System.out.println(response.getStatusLine());            if (entity != null) {                System.out.println("Response content length: " + entity.getContentLength());                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(entity.getContent()));                String text;                while ((text = bufferedReader.readLine()) != null) {                    System.out.println(text);                }                bufferedReader.close();            }            EntityUtils.consume(entity);        } finally {            httpClient.getConnectionManager().shutdown();        }    }}
你可能感兴趣的文章
一位前辈的经验,给正在思考的自己
查看>>
分享一篇关于lucene原理的文章
查看>>
基于 HTML5 结合互联网+ 的 3D 隧道
查看>>
Win10下 80端口被system(pid=4)占用的解决方法
查看>>
使用SubVersion+TortoiseSVN多仓库方式进行版本控制
查看>>
Nginx虚拟目录alias和root目录
查看>>
MySQL(Extends)
查看>>
Android KeyboardView实现App内置键盘开发
查看>>
Python文件夹复制
查看>>
细谈 vue 核心- vdom 篇
查看>>
ajax+springmvc实现跨域请求
查看>>
SaltStack快速入门-配置管理
查看>>
批处理研究(QQ绿化和卸载)
查看>>
对比农行与建行网银业务办理流程
查看>>
Oracle 11G RAC 安装图示(一)
查看>>
【xpghost】xp系统启动后迟延问题如何解决
查看>>
浅谈ElasticSearch的嵌套存储模型
查看>>
离开外包又一段时间了
查看>>
aapt 解析android apk
查看>>
Layout Inflation不能这么用
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2025-02-02 12:44:43   当前IP: 3.149.231.125   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我