我正在研究TLS / SSL。我有两个代码片段:客户端和服务器。我有一个问题,即'单向认证'不起作用。事实上,如果我删除密钥库,他们会毫无错误地交换邮件。我在网上看到我必须设置认证检查,但我确实理解得很好。
也许我必须设置此行sslServerSocket.setNeedClientAuth(true);,但我遇到了密码问题。
以下是代码:
服务器
// Writing SSL Server in JAVA
public class SSLServerExample {
// Keystore information
final static String pathToStore = "C:\\Users\\Manuel\\Documents\\Eclipse_Workspace\\SSLServerExample\\keystore\\"; // Directory
final static String keyStoreFile = "server.jks"; // Filename
final static String password = "password"; // Password
// Port to list SSL Connections
final static int theServerPort = 12345;
// Turn on SSL Debugging
final static boolean debug = false;
// Server side
void doServerSide() throws Exception {
SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(theServerPort);
//JJ
sslServerSocket.setNeedClientAuth(false);
// Algoritmi di cifratura che il server accetta di scambiare
String[] cipherSuites = sslssf.getSupportedCipherSuites();
//System.out.println(Arrays.toString(cipherSuites));
final String[] enabledCipherSuites = cipherSuites;
sslServerSocket.setEnabledCipherSuites(enabledCipherSuites);
// Server is UP
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
InputStream sslIS = sslSocket.getInputStream();
// For writing back to the client
OutputStream sslOS = sslSocket.getOutputStream();
// Read from the Client
BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(sslIS));
String string = null;
while ((string = bufferedreader.readLine()) != null) {
System.out.println(string);
System.out.flush();
}
sslSocket.close();
}
public static void main(String[] args) throws Exception {
String keyFilename = pathToStore + keyStoreFile;
System.setProperty("javax.net.ssl.keytStore", keyFilename);
System.setProperty("javax.net.ssl.keyStorePassword", password);
System.out.println("Server connection...waiting client message \n ");
if (debug) {
System.setProperty("javax.net.degub", "all");
}
new SSLServerExample().doServerSide();
}
}
客户端
// Writing SSL Client in JAVA
public class SSLClientExample {
// Truststore information
final static String pathToStore = "C:\\Users\\Manuel\\Documents\\Eclipse_Workspace\\SSLClientExample\\truststore\\"; // Directory
final static String trustStoreFile = "truststore.jks"; // Filename
final static String password = "password"; // Password
// Where is the Server and the port
final static String theServerName = "localhost";
final static int theServerPort = 12345;
// Turn on SSL Debugging
final static boolean debug = false;
// Client side
void doClientSide() throws Exception {
SSLSocketFactory sslsf = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket) sslsf.createSocket(theServerName, theServerPort);
// Algoritmi di cifratura che il client decide si scambiare
String[] cipherSuites = sslsf.getSupportedCipherSuites();
final String[] enabledCipherSuites = cipherSuites;
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
OutputStream sslOS = sslSocket.getOutputStream();
sslOS.write("Hello SSL Server...I'm client".getBytes()); // Write to the Server
System.out.println("I sent a message to the server");
sslOS.flush();
sslSocket.close();
}
public static void main(String[] args) throws Exception {
String trustFilename = pathToStore + trustStoreFile;
System.setProperty("javax.net.ssl.trustStore", trustFilename);
System.setProperty("javax.net.ssl.trustStorePassword", password);
System.out.println("Client...");
if (debug) {
System.setProperty("javax.net.degub", "all");
}
new SSLClientExample().doClientSide();
}
}