@yulongsun
2017-09-05T03:17:14.000000Z
字数 3845
阅读 1084
未分类
SSL:Secure Sockets Layer
1、keyStore类型
jks:
pkcs12:
jceks:
2、SSL协议类型:
SSL
SSLv2
SSLv3
TLS
TLSv1
TLSv1.1
TLSv1.2
3、X.509是什么?
数字证书.
X.509证书
基本结构:
版本号
序列号
签名
颁发者
有效期
主体:(非空)
主体公钥信息
颁发者唯一标识
主体唯一标识
扩展结构:
...
详解参照:http://www.cnblogs.com/chnking/archive/2007/08/28/872104.html
keytool -genkey -alias sylclient -keypass sylclientkeypwd -keyalg RSA -keysize 1024 -validity 3650 -keystore D:/sylclient.keystore -storepass sylclientstorepwd
keytool -export -alias sylclient -keystore D:/sylclient.keystore -storetype JKS -keypass sylclientcerpwd -file D:/sylclient.cer
keytool -genkey -alias sylserver -keypass sylserverkeypwd -keyalg RSA -keysize 1024 -validity 3650 -keystore D:/sylserver.keystore -storepass sylserverstorepwd
keytool -export -alias sylserver -keystore D:/sylserver.keystore -storetype JKS -keypass sylservercerpwd -file D:/sylserver.cer
keytool -import -alias sylserver -keystore D:/sylclienttrust.keystore -storepass sylclienttrustpwd -file D:/sylserver.cer
keytool -import -alias sylclient -keystore D:/sylservertrust.keystore -storepass sylservertrustpwd -file D:/sylclient.cer
public class SSLServer {private static final int PORT = 8888;public static void main(String[] args) throws Exception {// System.setProperty("sun.net.httpserver.maxReqTime", "1");// System.setProperty("sun.net.httpserver.maxRspTime", "1");//1.// 加载私钥keyStoreKeyStore keyStore = KeyStore.getInstance("JKS");keyStore.load(new FileInputStream(Config.Server.privateKeystorePath), Config.Server.privateKeystorePwd.toCharArray());// 秘钥初始化KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");keyManagerFactory.init(keyStore, Config.Server.privateKeyPwd.toCharArray());//2.// 加载证书keystorekeyStore = KeyStore.getInstance("JKS");keyStore.load(new FileInputStream(Config.Server.cerPath), Config.Server.cerPwd.toCharArray());// 证书初始化TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");trustManagerFactory.init(keyStore); ////3.// SSLContext初始化SSLContext sslContext = SSLContext.getInstance("TLS");sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());//秘钥管理器 证书管理器//HttpsConfigurator conf = new HttpsConfigurator(sslContext) {@Overridepublic void configure(HttpsParameters httpsParameters) {// super.configure(httpsParameters);SSLParameters defaultSSLParameters = this.getSSLContext().getDefaultSSLParameters();//设置认证client要求defaultSSLParameters.setNeedClientAuth(false);//httpsParameters.setSSLParameters(defaultSSLParameters);}};//HttpServerProvider serverProvider = HttpServerProvider.provider();HttpsServer httpServer = serverProvider.createHttpsServer(new InetSocketAddress(PORT), 20);//todohttpServer.setHttpsConfigurator(conf);httpServer.createContext("/test", new HttpServerHandler());httpServer.setExecutor(null);httpServer.start();System.out.println("server start");}static class HttpServerHandler implements HttpHandler {public void handle(HttpExchange httpExchange) throws IOException {InputStream requestBody = httpExchange.getRequestBody();BufferedReader reader = new BufferedReader(new InputStreamReader(requestBody));String line = "";StringBuffer buffer = new StringBuffer();while ((line = reader.readLine()) != null) {buffer.append(line);}String reqStr = buffer.toString();System.out.println("Received Client :" + reqStr);requestBody.close();//byte[] respByte = "Server has Received".getBytes();httpExchange.sendResponseHeaders(HttpsURLConnection.HTTP_OK, respByte.length);OutputStream responseBody = httpExchange.getResponseBody();responseBody.write(respByte);responseBody.flush();responseBody.close();}}}
1、OpenSSL和HTTPS的关系?
HTTPS和OpenSSL的关系就是:iphone和富士康的关系。
- 概念:
1. HTTPS是开源协议=HTTP+TLS(由于历史原因,SSL3.0之后就被TLS1.0替代了)
2. OpenSSL是一个开源工具集,主要两个特性:
① 实现了SSL2,SSL3,TLSv1,TLSv1.1,TLSv1.2协议。
② 实现了目前常用的加密算法。
2、私钥和证书的关系?
3、