import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.net.ssl.*;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.Socket;
import java.security.*;
import java.security.cert.CertificateException;
public class SslUtil {
private static final String JKS = "JKS";
public static KeyManager[] createKeyManagers(String keyStorePath, String password) throws NoSuchAlgorithmException, KeyStoreException, IOException {
return createKeyManagers(keyStorePath, password, password);
}
public static KeyManager[] createKeyManagers(String keyStorePath, String storePassword, String keyPassword) throws NoSuchAlgorithmException, KeyStoreException, IOException {
String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmInstance = KeyManagerFactory.getInstance(defaultAlgorithm);
KeyStore ksInstance = KeyStore.getInstance(JKS);
FileInputStream fileInputStream = new FileInputStream(keyStorePath);
try {
ksInstance.load(fileInputStream, storePassword.toCharArray());
}
catch (IOException e) {
e.printStackTrace();
}
catch (CertificateException e) {
e.printStackTrace();
}
finally {
if(fileInputStream != null){
fileInputStream.close();
}
}
try {
kmInstance.init(ksInstance, keyPassword.toCharArray());
}
catch (UnrecoverableKeyException e) {
e.printStackTrace();
}
return kmInstance.getKeyManagers();
}
public static SSLContext createSSLContext(SslContextProvider provider) throws GeneralSecurityException, IOException {
SSLContext context = SSLContext.getInstance(provider.getProtocol());
context.init(provider.getKeyManagers(), provider.getTrustManagers(), new SecureRandom());
return context;
}
public static SSLServerSocket createSSLServerSocket(int port, SslContextProvider provider) throws GeneralSecurityException, IOException {
SSLContext context = createSSLContext(provider);
SSLServerSocketFactory serverSocketFactory = context.getServerSocketFactory();
SSLServerSocket sslServerSocket = (SSLServerSocket) serverSocketFactory.createServerSocket(port);
sslServerSocket.setEnabledProtocols(new String[]{provider.getProtocol()});
sslServerSocket.setNeedClientAuth(true);
return sslServerSocket;
}
public static SSLSocket createSSLSocket(String host, int port, SslContextProvider provider) throws GeneralSecurityException, IOException {
SSLContext sslContext = createSSLContext(provider);
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) socketFactory.createSocket(host, port);
sslSocket.setEnabledProtocols(new String[]{provider.getProtocol()});
return sslSocket;
}
public static TrustManager[] createTrustManagers(String keyStorePath, String password) throws NoSuchAlgorithmException, KeyStoreException, IOException {
String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmInstance = TrustManagerFactory.getInstance(defaultAlgorithm);
KeyStore ksInstance = KeyStore.getInstance(JKS);
FileInputStream fileInputStream = new FileInputStream(keyStorePath);
try{
ksInstance.load(fileInputStream, password.toCharArray());
}
catch(IOException e){
e.printStackTrace();
}
catch(CertificateException e){
e.printStackTrace();
}
finally {
if(fileInputStream != null){
fileInputStream.close();
}
}
tmInstance.init(ksInstance);
return tmInstance.getTrustManagers();
}
public static String getPeerIdentity(Socket socket){
if(!(socket instanceof SSLSocket)){
return null;
}
SSLSession session = ((SSLSocket) socket).getSession();
try {
Principal peerPrincipal = session.getPeerPrincipal();
return getCommonName(peerPrincipal);
}
catch(SSLPeerUnverifiedException e){
e.printStackTrace();
}
return "unknown client";
}
private static String getCommonName(Principal subject){
try{
LdapName ldapName = new LdapName(subject.getName());
for(Rdn rdn : ldapName.getRdns()){
if("cn".equalsIgnoreCase(rdn.getType())){
return (String)rdn.getValue();
}
}
}
catch (Exception e){
e.printStackTrace();
}
return null;
}
}
TLS加密Java实现
需积分: 0 131 浏览量
2023-02-26
13:27:24
上传
评论
收藏 8KB RAR 举报
Who_Am_I.
- 粉丝: 4848
- 资源: 24
最新资源
- ItemApplicationTest.java
- 个人发卡源码,发卡系统,二次元发卡系统,二次元发卡源码,发卡程序,动漫发卡,PHP发卡源码,异次元发卡
- 基于matlab 决策树分类器的应用研究-乳腺癌诊断源代码+详细教程
- 2008全国电子设计竞赛优秀作品报告doc文档.zip
- 课程智能组卷系统 JAVA+Spring+SpringMVC+MyBatis
- 基于matlab LVQ神经网络的预测-人脸朝向识别源代码+详细教程
- Controlnet敏神大佬IC-Light的AI智能打光 AI这次真的大地震了
- 医院电子病历管理系统 JAVA+Spring+SpringMVC+MyBatis
- 基于matlab LVQ神经网络的分类-乳腺肿瘤诊断源代码+详细教程
- 【C#/.NET/.NET Core学习、工作、面试指南】记录、收集和总结
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈