I am having genuine certificate "salientrisk.crt" and "salientrisk.key" , Server is configured as SSL server with these certificate , now on client side if i have the same certificate then only it should be able to do handshake other wise it should fail , it should not allow client to connect with server .
How to make handshake between client and server by using public /private keys .
Problem is if i am passing here self signed certificate then also its working , which i don't want .
I am using the following piece of code in main class :
SSLContext sslContext = null;
try{
sslContext = SSLContext.getInstance("SSL");
ServerTrustManager serverTrustManager = new ServerTrustManager();
sslContext.init(null, new TrustManager[]{serverTrustManager}, null);
}catch(Exception e){
logger.error("Error while getting SSL context", e);
}
=================================================
package com.common.restclient;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
public class ServerTrustManager implements X509TrustManager{
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub
X509Certificate cert=null;
try (InputStream inStream = new FileInputStream("SSLCertificate/salientrisk.crt")) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cert = (X509Certificate)cf.generateCertificate(inStream);
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
cert.checkValidity();
cert.getIssuerUniqueID();
cert.getSubjectDN();
}
@Override
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
}
您服务器中的密钥对也可能是自签名的,并且您尝试使用的密钥对具有相同的父证书CA。
You are looking for certificate pinning
. Check out https://github.com/ikust/hello-pinnedcerts for test code.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.