/**
*
*/
package com.doubleca.security.gmssl.sample;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import doubleca.security.gmssl.provider.DoubleCASSE;
import doubleca.security.provider.DoubleCA;
/**
* @author Home
*
*/
public class GmSSLServerSample
{
/**
*
*/
private static DoubleCASSE dcsse = new DoubleCASSE();
/**
* 用终端授权请求编码去http://www.pplic.com申请授权数据
*/
private static void generateLicRequest()
{
StringBuffer licRequest = new StringBuffer();
int result = dcsse.generateLicRequest(licRequest);
if (result == 0x70000000)
{
System.out.println("终端授权请求编码:");
System.out.println(licRequest.toString());
}
else
{
System.out.println("终端授权请求编码出错,错误编号:0x" + Integer.toHexString(result));
}
}
/**
* 用授权数据初始化dcsse
*/
private static void initLic()
{
// 获得的本机授权数据,在http://www.pplic.com授权平台获取
String licData = "ASeraPDybn/wwAABTGQnuKT71OrK0gnV/OSwjRcgHXJAtseX+Tu2kqOJCnT4r4b9/FUYOKXfJ3nsjDarus6mo+WPax6Z4W8ONonjro7Ql0WxJgIM234bdV2xBvv8pUkD/dffwZfkQ/HfjXsz4QH2+TQ0eWcUr4f2hnfNDxczJ+g88pWVUuCbcxTLWdCWW547Bp2TJ5FQt28zWxSTXqoJxXavYMffp1PnvBL9DOjKLFhqRdLVVsoiIVTsikGEgHeKrUsjmft01PqSd9ErqWEXsGpslzVzuVBjGtyQh6Arz3Ksy1wyipor+7y4KrsTuD9qxvfEjKdHm58p0BacfOHXfLe8XUKDLADIddfDyMIgAXAiUG8Zh+oRw0qDIuIgVgaRGcQ0SEWpXQbl2wCXye2B9Oa2Pr+9+/OWS4LbxWIiDOEbTA4kQT/lklQ3sfBZZJkXPJtmMQx0HgNcsrX6tkoiZC1G0c4mSkbq6k8R5dIS6KcEycS2SekKCqmNmC1yd9QC2iAXIG/pcTaGWuTzPWbU+6lfu0MMm4zL9po1wBORzpVqxsTh6hhe0URpxqPdNQOWHRp7PxaCRhJrZAh7/DiwulJwu7I42zbXdkncmwHHj07DCyJiUJScXz4tVaC/BgRV93ySirRh9gTjV61DM97pS43adyOA2U4cGNO7nm5b7JLKInE4ukuislJZHDB/5hiDRE/H48KPZNB/EsEZVcEgIXaAaRwf1jOG6pvM9qS6Pg==";
dcsse.setLicData(licData);
System.out.println("授权有效期:" + dcsse.getLicEndTime().toLocaleString());
}
/**
*
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws CertificateException
* @throws FileNotFoundException
* @throws IOException
* @throws UnrecoverableKeyException
* @throws KeyManagementException
* @throws NoSuchProviderException
*/
private static void serverGmSSL() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException, KeyManagementException, NoSuchProviderException
{
Security.addProvider(new DoubleCA());
Security.addProvider(dcsse);
// 密钥管理器
KeyStore sm2ServerKeyStore = KeyStore.getInstance("DCKS");// 证书库格式
sm2ServerKeyStore.load(new FileInputStream("resources/server.dcks"), "DoubleCA".toCharArray());// 加载密钥库
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509", DoubleCASSE.PROVIDER_NAME);// 证书格式
kmf.init(sm2ServerKeyStore, "DoubleCA".toCharArray());// 加载密钥储存器
// 信任管理器
KeyStore sm2TrustServerKeyStore = KeyStore.getInstance("DCKS");
sm2TrustServerKeyStore.load(new FileInputStream("resources/server.dcks"), "DoubleCA".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509", DoubleCASSE.PROVIDER_NAME);
tmf.init(sm2TrustServerKeyStore);
// SSL上下文设置
SSLContext sslContext = SSLContext.getInstance("GMSSLv1.1", DoubleCASSE.PROVIDER_NAME);
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
// SSLServerSocket
SSLServerSocketFactory serverFactory = sslContext.getServerSocketFactory();
// 端口号:34567
SSLServerSocket svrSocket = (SSLServerSocket) serverFactory.createServerSocket(18567);
svrSocket.setNeedClientAuth(true);//客户端模式,服务端需要验证客户端身份
String[] supported = svrSocket.getEnabledCipherSuites();// 加密套件
svrSocket.setEnabledCipherSuites(supported);
System.out.println("启用的加密套件: " + Arrays.asList(supported));
// 接收消息
System.out.println("端口已打开,准备接受信息");
SSLSocket cntSocket = (SSLSocket) svrSocket.accept();// 开始接收
Certificate[] clientCerts = cntSocket.getSession().getPeerCertificates();
System.out.println("客户端身份信息:");
for (int i = 0; i < clientCerts.length; i++)
{
System.out.println(((X509Certificate)clientCerts[i]).getSubjectDN().getName());
}
InputStream in = cntSocket.getInputStream();// 输入流
byte[] buffer = new byte[1024];
int a = in.read(buffer);
// 循环检查是否有消息到达
System.out.println("来自于客户端:");
while (a > 0)
{
if (a == 1)
{
System.out.print((char)buffer[0]);
}
else
{
System.out.print(new String(buffer, "utf-8").trim());
}
buffer = new byte[1024];
a = in.read(buffer);
}
svrSocket.close();
}
/**
* @param args
* @throws IOException
* @throws NoSuchProviderException
* @throws FileNotFoundException
* @throws CertificateException
* @throws NoSuchAlgorithmException
* @throws KeyStoreException
* @throws KeyManagementException
* @throws UnrecoverableKeyException
*/
public static void main(String[] args) throws UnrecoverableKeyException, KeyManagementException, KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, NoSuchProviderException, IOException
{
// TODO Auto-generated method stub
// 生成终端授权请求数据
// generateLicRequest();
// 初始化授权数据
initLic();
// 测试国密SSL服务端
serverGmSSL();
}
}
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
使用方法见:https://blog.csdn.net/upset_ming/article/details/87872381 1. 修改了前一版本中证书验证的bug,支持JDK8的高版本 2. 适配了一些硬件设备和国密浏览器 3. 支持国密SSL双向认证 4. 将过期的国密证书替换为新证书
资源推荐
资源详情
资源评论
收起资源包目录
DoubleCA-GMSSL-Sample.PPLIC.2020.02.26.zip (10个子文件)
DoubleCA-GMSSL-Sample
bin
resources
CLIENT.dcks 3KB
SERVER.dcks 3KB
.settings
org.eclipse.jdt.core.prefs 598B
src
com
doubleca
security
gmssl
sample
GmSSLClientSample.java 6KB
GmSSLServerSample.java 6KB
.project 397B
.classpath 522B
libs
doubleca-jce-1.1.2-SNAPSHOT.jar 1.24MB
doubleca-sse-1.0.1-SNAPSHOT.jar 263KB
pp-auth-1.0.6-SNAPSHOT.jar 4.79MB
共 10 条
- 1
资源评论
- 八喜妈妈2020-06-14资源亲测可用,谢谢分享。
- angelyln2020-10-30这个需要授权码,提供者应该是个销售吧,需要自己购买授权码。
大宝CA国密SSL国密TOMCAT
- 粉丝: 65
- 资源: 16
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功