建什么网站能百度收录,中国工业机械加工网,合肥软件开发网站建设,网站备案后更换主机“不积跬步#xff0c;无以至千里。” 说明
其实Netty使用SslHandler实现加密通信单向认证和双向认证在代码上区别不大#xff0c;下面是双向认证的代码示例
引入依赖
dependencygroupIdio.netty/groupIdartifactIdnetty-all/artifac… “不积跬步无以至千里。” 说明
其实Netty使用SslHandler实现加密通信单向认证和双向认证在代码上区别不大下面是双向认证的代码示例
引入依赖
dependencygroupIdio.netty/groupIdartifactIdnetty-all/artifactIdversion4.1.100.Final/version
/dependency生成keystore.jks文件
keytool -genkeypair -alias your_alias -keyalg RSA -keystore keystore.jks -keysize 2048Server端
import io.netty.bootstrap.ServerBootstrap;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.*;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.channel.socket.nio.NioServerSocketChannel;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.CharsetUtil;import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import java.io.FileInputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;public class NettySslServer {private static final int PORT 8888;public static void main(String[] args) throws Exception {// 加载SSL证书String serverKeyStorePath /home/admin/server/keystore.jks;String clientKeyStorePath /home/admin/client/keystore.jks;String serverKeyStorePassword happya;String clientKeyStorePassword happya;// 创建SSL上下文SSLContext sslContext SSLContext.getInstance(TLS);sslContext.getServerSessionContext().setSessionCacheSize(1);sslContext.getServerSessionContext().setSessionTimeout(60);// 配置密钥库KeyStore keyStore KeyStore.getInstance(JKS);keyStore.load(new FileInputStream(serverKeyStorePath), serverKeyStorePassword.toCharArray());KeyManagerFactory keyManagerFactory KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());keyManagerFactory.init(keyStore, serverKeyStorePassword.toCharArray());// 配置信任库KeyStore trustStore KeyStore.getInstance(JKS);trustStore.load(new FileInputStream(clientKeyStorePath), clientKeyStorePassword.toCharArray());TrustManagerFactory trustManagerFactory TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());trustManagerFactory.init(trustStore);// 初始化SSLContextsslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);// 创建EventLoopGroupEventLoopGroup bossGroup new NioEventLoopGroup();EventLoopGroup workerGroup new NioEventLoopGroup();try {// 创建服务器BootstrapServerBootstrap serverBootstrap new ServerBootstrap();serverBootstrap.group(bossGroup, workerGroup).channel(NioServerSocketChannel.class).childHandler(new ChannelInitializerSocketChannel() {Overrideprotected void initChannel(SocketChannel ch) throws Exception {ChannelPipeline pipeline ch.pipeline();// 在ChannelPipeline中添加SSL处理器SSLEngine sslEngine sslContext.createSSLEngine();sslEngine.setUseClientMode(false);pipeline.addLast(new SslHandler(sslEngine));// 添加加密通信处理器pipeline.addLast(new SecureChatServerHandler());}}).childOption(ChannelOption.SO_BACKLOG, 128).childOption(ChannelOption.SO_KEEPALIVE, true);// 启动服务器System.out.println(Begin to start ssl server);ChannelFuture future serverBootstrap.bind(PORT).sync();System.out.println(Ssl server started);future.channel().closeFuture().sync();} finally {workerGroup.shutdownGracefully();bossGroup.shutdownGracefully();}}public static class SecureChatServerHandler extends ChannelInboundHandlerAdapter {Overridepublic void channelActive(ChannelHandlerContext ctx) throws Exception {// 当连接建立时发送欢迎消息System.out.println(Server channel active : ctx.channel().toString());ctx.channel().writeAndFlush(Unpooled.wrappedBuffer(Welcome to the secure chat server!\n.getBytes(StandardCharsets.UTF_8)));ctx.channel().writeAndFlush(Unpooled.wrappedBuffer(Your connection is protected by SSL.\n.getBytes(StandardCharsets.UTF_8)));}Overridepublic void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {ByteBuf byteBuf (ByteBuf) msg;System.out.println(Server received message: byteBuf.toString(CharsetUtil.UTF_8));super.channelRead(ctx, msg);}Overridepublic void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {// 处理异常cause.printStackTrace();ctx.close();}}
}Client端
import io.netty.bootstrap.Bootstrap;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.*;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.channel.socket.nio.NioSocketChannel;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.CharsetUtil;import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;public class NettySslClient {private static final String HOST localhost;private static final int PORT 8888;public static void main(String[] args) throws Exception {// 加载SSL证书String serverKeyStorePath /home/admin/server/keystore.jks;String clientKeyStorePath /home/admin/client/keystore.jks;String serverKeyStorePassword happya;String clientKeyStorePassword happya;// 创建SSL上下文SSLContext sslContext SSLContext.getInstance(TLS);sslContext.getServerSessionContext().setSessionCacheSize(1);// session cache timeout (sessionTimeout) s default value is 86400s (24hr), and reduced to 60s to reduce IO block issue.sslContext.getServerSessionContext().setSessionTimeout(60);// 配置密钥库KeyStore keyStore KeyStore.getInstance(JKS);keyStore.load(new FileInputStream(clientKeyStorePath), clientKeyStorePassword.toCharArray());KeyManagerFactory keyManagerFactory KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());keyManagerFactory.init(keyStore, clientKeyStorePassword.toCharArray());// 配置信任库KeyStore trustStore KeyStore.getInstance(JKS);trustStore.load(new FileInputStream(serverKeyStorePath), serverKeyStorePassword.toCharArray());TrustManagerFactory trustManagerFactory TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());trustManagerFactory.init(trustStore);sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);// 创建EventLoopGroupEventLoopGroup group new NioEventLoopGroup();try {// 创建客户端BootstrapBootstrap bootstrap new Bootstrap();bootstrap.group(group).channel(NioSocketChannel.class).handler(new ChannelInitializerSocketChannel() {Overrideprotected void initChannel(SocketChannel ch) throws Exception {ChannelPipeline pipeline ch.pipeline();// 在ChannelPipeline中添加SSL处理器SSLEngine sslEngine sslContext.createSSLEngine();sslEngine.setUseClientMode(true);pipeline.addLast(new SslHandler(sslEngine));// 添加加密通信处理器pipeline.addLast(new SecureChatClientHandler());}});// 连接服务器System.out.println(Begin to start ssl client);ChannelFuture future bootstrap.connect(HOST, PORT).sync();System.out.println(Ssl client started);future.channel().closeFuture().sync();} finally {group.shutdownGracefully();}}public static class SecureChatClientHandler extends ChannelInboundHandlerAdapter {Overridepublic void channelActive(ChannelHandlerContext ctx) throws Exception {// 连接建立时发送一条消息给服务器System.out.println(Client channel active : ctx.channel().toString());ctx.channel().writeAndFlush(Unpooled.wrappedBuffer(Hello from client!\n.getBytes(StandardCharsets.UTF_8)));}Overridepublic void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {ByteBuf byteBuf (ByteBuf) msg;System.out.println(Client received message: \n byteBuf.toString(CharsetUtil.UTF_8));super.channelRead(ctx, msg);}Overridepublic void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {// 处理异常cause.printStackTrace();ctx.close();}}
}
