使用Openssl和Client Auth连接到Server的Java客户端
[英]Java Client to connect to Server with Openssl and Client Auth
问题描述
I have to write a Java Client to connect to an SSL server. 
我必须编写一个Java客户端来连接到SSL服务器。 The server uses openssl certificate, and is configured to do Client Auth. 服务器使用openssl证书,并配置为执行客户端身份验证。
I can't seem to locate any useful resources online that can help me (who doesn't know anything about openssl and much about SSL) to understand who to go about implementing my Client Side. 我似乎无法找到任何有用的资源,可以帮助我(谁不知道任何关于openssl和SSL的知识)了解谁将实施我的客户端。
Help! 救命!
3 个解决方案
解决方案1
4 2008-12-22 22:44:05
The twist here is that you are using client authentication, so you need a private key and a certificate to identify yourself. 这里的转折是你正在使用客户端身份验证,所以你需要一个私钥和一个证书来识别自己。 You provide this to JSSE by specifying KeyManagers when you initialize an SSLContext. 通过在初始化SSLContext时指定KeyManagers,可以将此提供给JSSE。
Customizable Setup 可自定义的设置
Following are the basic steps. 以下是基本步骤。 The JSSE API was significantly improved in Java 6, but I'll stick with Java 5, in case you're stuck on that version. JSSE API在Java 6中得到了显着改进,但是我会坚持使用Java 5,以防你遇到那个版本。
KeyStore tks = KeyStore.getInstance(KeyStore.getDefaultType());
tks.load(...); /* Load the trust key store with root CAs. */
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(tks);
KeyStore iks = KeyStore.getInstance(KeyStore.getDefaultType());
iks.load(...); /* Load the identity key store with your key/cert. */
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(iks, password);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SocketFactory factory = ctx.getSocketFactory();
Socket socket = factory.createSocket(host, port);
System Configuration 系统配置
An alternative "zero-config" scenario can be used when using the SunJSSE provider. 使用SunJSSE提供程序时,可以使用备用“零配置”方案。 I believe many other providers (like IBM) have followed the same pattern and will work as well. 我相信许多其他提供商(如IBM)都采用了相同的模式并且也可以运行。 The mechanism uses system properties, and is described in detail by the JSSE Reference Guide. 该机制使用系统属性,并由JSSE参考指南详细描述。
For client authentication, the important properties are javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword . 对于客户端身份验证, 重要的属性是javax.net.ssl.keyStore和javax.net.ssl.keyStorePassword 。 The values should be the path to the user's key store and the password for that key store's "key entries", respectively. 值应分别是用户密钥库的路径和密钥库的“密钥条目”的密码。
When using these properties, you can create a new SSLSocket that supports client authentication like this: 使用这些属性时,您可以创建一个支持客户端身份验证的新SSLSocket,如下所示:
SocketFactory factory = SSLSocketFactory.getDefault();
Socket socket = factory.createSocket(host, port);
Since you are using the "default" SSLSocketFactory , which depends on the system-wide properties, all sockets created in the JVM will authenticate with the same certificate. 由于您使用的是“默认” SSLSocketFactory (取决于系统范围的属性),因此在JVM中创建的所有套接字都将使用相同的证书进行身份验证。 If you need more control than that, you have to use the "Customizable Setup" above. 如果您需要更多控制,则必须使用上面的“可自定义设置”。
解决方案2
1 2008-12-22 12:44:57
Java includes SSL support in the standard API. Java在标准API中包含SSL支持。 Have a look at these classes in the 1.5.0 javadoc: 在1.5.0 javadoc中查看这些类:
SSLSocket if you're doing the comms logic yourself. SSLSocket如果你自己在做通信逻辑。
HttpsURLConnection if the server side speaks HTTP 如果服务器端说HTTP,则为HttpsURLConnection
解决方案3
0 2008-12-22 10:21:08
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.