重庆建网站推广价格,深圳做网站电话,北京网站建设公司价格,专业的网络营销公司1、准备工作
A、域名绑定 在hosts文件末尾追加 127.0.0.1 www.zlex.org
B、证书导入 浏览器导入自签名证书文件zlex.cer
C、服务器配置 配置SSL/TLS 单向认证
Connectorport443SSLEnabledtrueclientAuthfalsemaxThreads150…1、准备工作
A、域名绑定 在hosts文件末尾追加 127.0.0.1 www.zlex.org
B、证书导入 浏览器导入自签名证书文件zlex.cer
C、服务器配置 配置SSL/TLS 单向认证
Connectorport443SSLEnabledtrueclientAuthfalsemaxThreads150protocolHTTP/1.1schemehttpssslProtocolTLSkeystoreFileconf/zlex.keystorekeystorePass123456/ 为使得HTTPS协议配置生效我们需要将密钥库文件参数keystoreFile指向密钥库文件并设定密钥库密钥参数keystorePass密钥库类型参数keystoreType默认值JKS。 如果不显示配置信任库参数信任库文件参数truststoreFile默认指向密钥库文件信任库密码 参数truststorePass默认指向密钥库密码信任库类型参数truststoreType默认值JKS。 客户端验证参数clientAuth默认值false。构建双向认证服务时需要设置为true并修改密钥库参数和信任库参数。 2、服务验证
% page languangejava contentTypetext/html;charsetUTF-8%
% page importjava.util.Enumeration %
htmlheadmeta http-equivContent-Type contenttext/html;charsetUTF-8titlezlex.org/title/headbodyprequest属性信息/ppre%for(Enumeration en request.getAttributeNames();en.hasMoreElements();) {String name (String) en.nextElement();out.println(name);out.println( request.getAttribute(name));out.println();}%/pre/body
/html javax.servlet.request.ssl_session当前SSL/TLS协议的会话ID。
javax.servlet.request.key_size当前加密算法所使用的密钥长度。
javax.servlet.request.cipher_suite当前SSL/TLS协议所使用的加密套件。 3、代码验证
单向认证https
/*** 2009-5-20*/
package org.zlex.chapter11_1;import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.SecureRandom;import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;/*** HTTPS组件* * author 梁栋* version 1.0*/
public abstract class HTTPSCoder {/*** 协议*/public static final String PROTOCOL TLS;/*** 获得KeyStore* * param keyStorePath* 密钥库路径* param password* 密码* return KeyStore 密钥库* throws Exception*/private static KeyStore getKeyStore(String keyStorePath, String password)throws Exception {// 实例化密钥库KeyStore ks KeyStore.getInstance(KeyStore.getDefaultType());// 获得密钥库文件流FileInputStream is new FileInputStream(keyStorePath);// 加载密钥库ks.load(is, password.toCharArray());// 关闭密钥库文件流is.close();return ks;}/*** 获得SSLSocektFactory* * param password* 密码* param keyStorePath* 密钥库路径* param trustStorePath* 信任库路径* return SSLSocketFactory* throws Exception*/private static SSLSocketFactory getSSLSocketFactory(String password,String keyStorePath, String trustStorePath) throws Exception {// 实例化密钥库KeyManagerFactory keyManagerFactory KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());// 获得密钥库KeyStore keyStore getKeyStore(keyStorePath, password);// 初始化密钥工厂keyManagerFactory.init(keyStore, password.toCharArray());// 实例化信任库TrustManagerFactory trustManagerFactory TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());// 获得信任库KeyStore trustStore getKeyStore(trustStorePath, password);// 初始化信任库trustManagerFactory.init(trustStore);// 实例化SSL上下文SSLContext ctx SSLContext.getInstance(PROTOCOL);// 初始化SSL上下文ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());// 获得SSLSocketFactoryreturn ctx.getSocketFactory();}/*** 为HttpsURLConnection配置SSLSocketFactory* * param conn* HttpsURLConnection* param password* 密码* param keyStorePath* 密钥库路径* param trustKeyStorePath* 信任库路径* throws Exception*/public static void configSSLSocketFactory(HttpsURLConnection conn,String password, String keyStorePath, String trustKeyStorePath)throws Exception {// 获得SSLSocketFactorySSLSocketFactory sslSocketFactory getSSLSocketFactory(password,keyStorePath, trustKeyStorePath);// 设置SSLSocketFactoryconn.setSSLSocketFactory(sslSocketFactory);}
}单向认证示例
/*** 2009-5-20*/
package org.zlex.chapter11_1;import static org.junit.Assert.*;import java.io.DataInputStream;
import java.net.URL;import javax.net.ssl.HttpsURLConnection;import org.junit.Test;/*** HTTPS测试* * author 梁栋* version 1.0*/
public class HTTPSCoderTest {/*** 密钥库/信任库密码*/private String password 123456;/*** 密钥库文件路径*/private String keyStorePath d:/zlex.keystore;/*** 信任库文件路径*/private String trustStorePath d:/zlex.keystore;/*** 访问地址*/private String httpsUrl https://www.zlex.org/ssl/;/*** HTTPS验证* * throws Exception*/Testpublic void test() throws Exception {// 建立HTTPS链接URL url new URL(httpsUrl);HttpsURLConnection conn (HttpsURLConnection) url.openConnection();// conn.setRequestMethod(method);// 打开输入输出流conn.setDoInput(true);// conn.setDoOutput(true);// 为HttpsURLConnection配置SSLSocketFactoryHTTPSCoder.configSSLSocketFactory(conn, password, keyStorePath,trustStorePath);// 鉴别内容长度int length conn.getContentLength();byte[] data null;// 如果内容长度为-1则放弃解析if (length ! -1) {DataInputStream dis new DataInputStream(conn.getInputStream());data new byte[length];dis.readFully(data);dis.close();System.err.println(new String(data));}conn.disconnect();// 验证assertNotNull(data);}}
