java客户端/服务器使用tls,CA签名证书

时间:2015-11-02 18:55:17

标签: java ssl x509certificate

我必须实现一个使用TLS协议的服务器 - 客户端程序。我使用了openssl,并按照此链接https://jamielinux.com/docs/openssl-certificate-authority/中的说明进行操作 因为这正是我想要做的(我不希望客户端或服务器的自签名证书)。然后我使用keytool创建密钥库,我正确地转换了文件,以便将它们保存到密钥库。 我试图在服务器部分使用此代码:

private void setupClientKeyStore() throws GeneralSecurityException, IOException 
    {
    clientKeyStore = KeyStore.getInstance( "JKS" );
    clientKeyStore.load( new FileInputStream( "C:/Users/Claire/Documents/NetBeansProjects/PrivaChatPUCR/src/privachatpucr/clientpub.jks" ),
                       "password".toCharArray() );
    }

    private void setupServerKeystore() throws GeneralSecurityException, IOException
    {
    InputStream keyStoreResource = new FileInputStream("C:/Users/Claire/Documents/NetBeansProjects/PrivaChatPUCR/src/privachatpucr/plainserver.jks");
    char[] keyStorePassphrase = "password".toCharArray();
    serverKeyStore = KeyStore.getInstance("JKS");
    serverKeyStore.load(keyStoreResource, keyStorePassphrase);

    }

    private void setupSSLContext() throws GeneralSecurityException, IOException 
    {
    TrustManagerFactory tmf = TrustManagerFactory.getInstance( "SunX509" );
    tmf.init( clientKeyStore );

    KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" );
    kmf.init( serverKeyStore, "password".toCharArray() );

    sslContext = SSLContext.getInstance( "TLS" );
    sslContext.init( kmf.getKeyManagers(),tmf.getTrustManagers(),secureRandom );
    }

and this code on the client side:

 private void setupServerKeystore() throws GeneralSecurityException, IOException {
    serverKeyStore = KeyStore.getInstance( "JKS" );
    serverKeyStore.load( new FileInputStream("C:/Users/Claire/Documents/NetBeansProjects/PrivaChatPUCR/src/privachatpucr/serverpub.jks"), 
                        "password".toCharArray() );
  } 
   private void setupClientKeyStore() throws GeneralSecurityException, IOException {
    clientKeyStore = KeyStore.getInstance( "JKS" );
    clientKeyStore.load( new FileInputStream( "C:/Users/Claire/Documents/NetBeansProjects/PrivaChatPUCR/src/privachatpucr/plainclient.jks" ),
                       "password".toCharArray() );
  }
   private void setupSSLContext() throws GeneralSecurityException, IOException {
    TrustManagerFactory tmf = TrustManagerFactory.getInstance( "SunX509" );
    tmf.init( serverKeyStore );

    KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" );
    kmf.init( clientKeyStore, "password".toCharArray() );

    sslContext = SSLContext.getInstance( "TLS" );
    sslContext.init( kmf.getKeyManagers(),
                     tmf.getTrustManagers(),
                     secureRandom );
  }

但是此代码到目前为止仅适用于自签名证书,而不适用于我的。我必须使用其他代码吗? 我也是用TLS完成的吗?邮件是否已加密? 我必须将此程序保存在jar文件中(一个用于服务器,一个用于客户端),但是当我这样做并在另一台PC上运行时,它无法正常运行,因为它在适当的路径中不再具有证书。有没有其他方法来存储文件,以便在任何电脑上工作?

抱歉,我是java和密码学的新手。我很感激任何答案

0 个答案:

没有答案
相关问题
最新问题