java https tomcat 单双认证(含证书生成和代码实现) 原创转载请备注,谢谢O(∩_∩)O
server: apache-tomcat-6.0.44 jdk1.7.0_79
client: jdk1.7.0_79
jks是JAVA的keytools证书工具支持的证书私钥格式。 pfx是微软支持的私钥格式。 cer是证书的公钥。
生成:
keytool -genkey -alias tbb -keyalg RSA -keystore D:\cert\tbb.keystore
模板:
keytool -genkey -alias yushan -keypass yushan -keyalg RSA -keysize 1024 -validity 365((默认为90天)) -keystore D:\cert\tbb.keystore -storepass 123456 -dname "CN=(名字与姓氏), OU=(组织单位名称), O=(组织名称), L=(城市或区域名称), ST=(州或省份名称), C=(单位的两字母国家代码)";(中英文即可)
验证:
keytool -selfcert -alias tbb -keystore D:\cert\tbb.keystore
导出:
keytool -export -alias tbb -keystore D:\cert\tbb.keystore -storepass 12345678 -rfc -file D:\cert\tbb.cer
转换 cer -> jks
keytool -import -alias mycert -file D:\cert\tbb.cer -keystore D:\cert\tbb.jks keystore信息的查看:
打印证书的 MD5 指纹
keytool -list -v -keystore D:\cert\tbb.keystore -storepass 12345678
可打印的编码格式输出证书
keytool -list -rfc -keystore D:\cert\tbb.keystore -storepass 12345678
生成客户端证书库
keytool -validity 36500 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore D:\cert\client.p12 -dname "CN=spring,OU=jiajianfa,O=jiajianfa,L=Wuhan,ST=HuBei,c=cn" -storepass 12345678 -keypass 12345678
从客户端证书库中导出客户端证书
keytool -export -v -alias client -keystore D:\cert\client.p12 -storetype PKCS12 -storepass 12345678 -rfc -file D:\cert\client.cer 将客户端证书导入到服务器证书库(使得服务器信任客户端证书,服务器端用此验证客户端的合法性)
keytool -import -v -alias client -file D:\cert\client.cer -keystore D:\cert\tbb.keystore -storepass 12345678 查看服务端证书中信任的客户端证书
keytool -list -keystore D:\cert\tbb.keystore -storepass 12345678
tomcat server.xml 配置:
<!-- clientAuth true:双向认证 false:单向认证-->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS" keystorePass="12345678" keystoreFile="D:\cert\tbb.keystore"
truststoreFile="D:\cert\tbb.keystore" truststorePass="12345678" />
<!-- 配置服务端项目web.xml 在<welcome-file-list>之后增加:--> <!-- 强制SSL配置,即普通的请求也会重定向为SSL请求 -->
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern><!-- 全站使用SSL <url-pattern>/*</url-pattern>-->
</web-resource-collection>
<user-data-constraint>
<description>SSL required</description>
<!-- CONFIDENTIAL: 要保证服务器和客户端之间传输的数据不能够被修改,且不能被第三方查看到 -->
<!-- INTEGRAL: 要保证服务器和client之间传输的数据不能够被修改 -->
<!-- NONE: 指示容器必须能够在任一的连接上提供数据。(即用HTTP或HTTPS,由客户端来决定)-->
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
单向认证:
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.PasswordAuthentication;
import java.net.Proxy;
import java.net.URL;
import java.util.Date; import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession; /**
* @Description https单向认证
* @author sprinng
*
*/
public class ClientSendDataSingle {
/**
*
* @param sendurl 请求地址
* @param res 返回结果
* @param sendData 参数
* @param timeOut 超时时间(min)
* @param useProxy 是否使用代理
* @param trustStorePath 证书路径
* @param trustStorePwd 证书密码
* @return
* @throws Exception
*/
public static String send(String sendurl, String res, String sendData, String timeOut, boolean useProxy, String trustStorePath, String trustStorePwd)throws Exception {
System.setProperty("javax.net.ssl.trustStore", trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePwd);
URL url = new URL(sendurl);
HttpsURLConnection connection = null;
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
System.setProperty("java.protocol.handler.pkgs","sun.net.www.protocol");
HttpsURLConnection.setDefaultHostnameVerifier(hv);
Date current = new Date(System.currentTimeMillis());
System.out.println("begint to open connection at " + current);
//使用代理
if(useProxy){
InetSocketAddress isa = new InetSocketAddress(PropertiesUtil.properties.getProperty("proxy_host"), Integer.parseInt(PropertiesUtil.properties.getProperty("proxy_port")));
Proxy proxy = new Proxy(Proxy.Type.HTTP, isa);
Authenticator.setDefault(new MyAuthenticator(PropertiesUtil.properties.getProperty("proxy_user"), PropertiesUtil.properties.getProperty("proxy_password")));
connection = (HttpsURLConnection) url.openConnection(proxy);
}else{
connection = (HttpsURLConnection) url.openConnection();
}
Date end = new Date(System.currentTimeMillis());
System.out.println("open connection ok at " + end + ",cost:"+ (end.getTime() - current.getTime()));
connection.setRequestProperty("Content-Type", "text/xml");
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setRequestMethod("POST");
connection.setUseCaches(false);
connection.setReadTimeout(60 * 1000 * Integer.parseInt(timeOut));
byte data[] = sendData.getBytes();
current = new Date(System.currentTimeMillis());
System.out.println("[SSLIX]notifyEai,begint to write data at " + current);
OutputStream out = connection.getOutputStream();
out.write(data);
end = new Date(System.currentTimeMillis());
System.out.println("write data ok at " + end + ",cost:" + (end.getTime() - current.getTime()));
StringBuffer receivedData = new StringBuffer();
current = new Date(System.currentTimeMillis());
System.out.println("begint to read data at " + current);
InputStreamReader inReader = new InputStreamReader(connection.getInputStream(), "UTF-8");
BufferedReader aReader = new BufferedReader(inReader);
String aLine;
while ((aLine = aReader.readLine()) != null) {
receivedData.append(aLine);
}
end = new Date(System.currentTimeMillis());
System.out.println("read data ok at " + end + ",cost:" + (end.getTime() - current.getTime()));
System.out.println("开始返回状态码");
Integer statusCode = connection.getResponseCode();
System.out.println("返回状态码:" + statusCode);
aReader.close();
connection.disconnect();
res = receivedData.toString();
return res;
} public static class MyAuthenticator extends Authenticator {
private String user = "";
private String password = ""; public MyAuthenticator(String user, String password) {
this.user = user;
this.password = password;
} protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(user, password.toCharArray());
}
} public static void main(String[] args) throws Exception {
System.out.println(ClientSendDataSingle.send("https://localhost:8443/spdbSjptServer", "", "", "5", false, "D:/cert/tbb.jks", "12345678"));
}
}
双向认证:
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.util.Date; import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession; import com.pf.util.ClientSendDataSingle.MyAuthenticator; /**
*
* @Description https双向认证
* @author sprinng
*
*/
public class ClientSendDataDouble {
/**
*
* @param sendurl 请求地址
* @param res 返回结果
* @param sendData 参数
* @param timeOut 超时时间(min)
* @param useProxy 是否使用代理
* @param trustStorePath 服务器证书路径
* @param trustStorePwd 服务器证书密码
* @param keyStore 客户端证书路径
* @param keyStorePwd 客户端证书密码
* @param keyStoreType 客户端证书类型 如:JKS PKCS12等
* @return
* @throws Exception
*/
public static String send(String sendurl, String res, String sendData, String timeOut, boolean useProxy, String trustStorePath, String trustStorePwd, String keyStore, String keyStorePwd, String keyStoreType) throws Exception {
//设置客户端证书
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStorePassword",keyStorePwd);
System.setProperty("javax.net.ssl.keyStoreType", keyStoreType); //设置服务器证书
System.setProperty("javax.net.ssl.trustStore", trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePwd);
URL url = new URL(sendurl);
HttpsURLConnection connection = null;
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
System.setProperty("java.protocol.handler.pkgs","sun.net.www.protocol");
HttpsURLConnection.setDefaultHostnameVerifier(hv);
Date current = new Date(System.currentTimeMillis());
System.out.println("begint to open connection at " + current);
if(useProxy){//使用代理
InetSocketAddress isa = new InetSocketAddress(PropertiesUtil.properties.getProperty("proxy_host"), Integer.parseInt(PropertiesUtil.properties.getProperty("proxy_port")));
Proxy proxy = new Proxy(Proxy.Type.HTTP, isa);
Authenticator.setDefault(new MyAuthenticator(PropertiesUtil.properties.getProperty("proxy_user"), PropertiesUtil.properties.getProperty("proxy_password")));
connection = (HttpsURLConnection) url.openConnection(proxy);
}else{
connection = (HttpsURLConnection) url.openConnection();
}
Date end = new Date(System.currentTimeMillis());
System.out.println("open connection ok at " + end + ",cost:"+ (end.getTime() - current.getTime()));
connection.setRequestProperty("Content-Type", "text/xml");
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setRequestMethod("POST");
connection.setUseCaches(false);
connection.setReadTimeout(30000);
byte data[] = sendData.getBytes();
current = new Date(System.currentTimeMillis());
System.out.println("[SSLIX]notifyEai,begint to write data at " + current);
OutputStream out = connection.getOutputStream();
out.write(data);
end = new Date(System.currentTimeMillis());
System.out.println("write data ok at " + end + ",cost:" + (end.getTime() - current.getTime()));
StringBuffer receivedData = new StringBuffer();
current = new Date(System.currentTimeMillis());
System.out.println("begint to read data at " + current);
InputStreamReader inReader = new InputStreamReader(connection.getInputStream(), "UTF-8");
BufferedReader aReader = new BufferedReader(inReader);
String aLine;
while ((aLine = aReader.readLine()) != null) {
receivedData.append(aLine);
}
end = new Date(System.currentTimeMillis());
System.out.println("read data ok at " + end + ",cost:" + (end.getTime() - current.getTime()));
System.out.println("开始返回状态码");
Integer statusCode = connection.getResponseCode();
System.out.println("返回状态码:" + statusCode);
aReader.close();
connection.disconnect();
return receivedData.toString();
} public static void main(String[] args) throws Exception {
System.out.println(ClientSendDataDouble.send("https://localhost:8443/spdbSjptServer/", "", "", "5", false, "D:/cert/tbb.jks", "12345678", "D:/cert/client.p12", "12345678", "PKCS12"));
}
}
附:
import java.io.IOException;
import java.util.Properties; public class PropertiesUtil {
public static final Properties properties = new Properties();
static {
try {
properties.load(PropertiesUtil.class.getClassLoader().getResourceAsStream("config.properties"));
} catch (IOException e) {
ECommonUtil.getLog().error("初始config配置文件失败");
}
}
}
java https tomcat 单双认证(含证书生成和代码实现) 原创转载请备注,谢谢O(∩_∩)O的更多相关文章
- java实现ssl单/双向认证通信[推荐]
java实现ssl单/双向认证通信[推荐] 学习了:https://blog.csdn.net/zbuger/article/details/51695582 学习了:https://www.cnbl ...
- ionic + asp.net core webapi + keycloak实现前后端用户认证和自动生成客户端代码
概述 本文使用ionic/angular开发网页前台,asp.net core webapi开发restful service,使用keycloak保护前台页面和后台服务,并且利用open api自动 ...
- 一文读懂Https的安全性原理、数字证书、单项认证、双项认证等
本文引用了作者Smily(博客:blog.csdn.net/qq_20521573)的文章内容,感谢无私分享. 1.前言 目前苹果公司已经强制iOS应用必须使用HTTPS协议开发(详见<苹果即将 ...
- Https、OpenSSL自建CA证书及签发证书、nginx单向认证、双向认证及使用Java访问
0.环境 本文的相关源码位于 https://github.com/dreamingodd/CA-generation-demo 必须安装nginx,必须安装openssl,(用apt-get upd ...
- [转帖]nginx配置ssl加密(单/双向认证、部分https)
nginx配置ssl加密(单/双向认证.部分https) https://segmentfault.com/a/1190000002866627 nginx下配置ssl本来是很简单的,无论是去认证 ...
- linux下Tomcat+OpenSSL配置单向&双向认证(自制证书)
背景 由于ios将在2017年1月1日起强制实施ATS安全策略,所有通讯必须使用https传输,本文只针对自制证书,但目前尚不确定自制证书是否能通过appstore审核. 1.必须支持传输层安全(TL ...
- nginx配置ssl加密(单双向认证、部分https)
nginx配置ssl加密(单双向认证.部分https) nginx下配置ssl本来是很简单的,无论是去认证中心买SSL安全证书还是自签署证书,但最近公司OA的一个需求,得以有个机会实际折腾一番.一开始 ...
- Android : 关于HTTPS、TLS/SSL认证以及客户端证书导入方法
一.HTTPS 简介 HTTPS 全称 HTTP over TLS/SSL(TLS就是SSL的新版本3.1).TLS/SSL是在传输层上层的协议,应用层的下层,作为一个安全层而存在,翻译过来一般叫做传 ...
- [从零开始搭网站六]为域名申请免费SSL证书(https),并为Tomcat配置https域名所用的多SSL证书
点击下面连接查看从零开始搭网站全系列 从零开始搭网站 由于国内的网络环境比较恶劣,运营商流量劫持的情况比较严重,一般表现为别人打开你的网站的时候会弹一些莫名其妙的广告...更过分的会跳转至别的网站. ...
随机推荐
- 【C语言入门教程】2.9 小结
本章介绍 C 语言的基本组成部分,数据类型.运算符 和 表达式 构成了 C 语言的语法,熟悉和掌握这些信息是学习 C 语言的必经之路.C 语言具备严谨的语法结构,任何细微的差错可导致程序无法通过编译, ...
- mysql explain用法和结果的含义
重点是第二种用法,需要深入的了解. 先看一个例子: mysql> explain select * from t_order; +----+-------------+---------+--- ...
- 第12天 android studio
1. http://jingyan.baidu.com/article/215817f7888dc21eda14230d.html Gradle DSL method not found:‘andro ...
- Wdcp在安装memcached出现错误的解决办法
今天在安装memcached时出现了以下错误(tar: libevent-1.4.14b-stable.tar.gz: Cannot open: No such file or directory), ...
- python 编码 UnicodeDecodeError
将一个py脚本从Centos转到win运行,出错如下: UnicodeDecodeError: 'gbk' codec can't decode byte 0xff in position 0: il ...
- 6. 终端工具Xmanager使用技巧
1. 新建绘画使用终端连接服务器 2. 设置终端类型和编码 3. 设置终端外观,包括字体颜色等等 4. 设置默认上传路径和下载路径
- 19 BasicTaskScheduler0 基本任务调度类基类(一)——Live555源码阅读(一)任务调度相关类
这是Live555源码阅读的第二部分,包括了任务调度相关的三个类.任务调度是Live555源码中很重要的部分. 本文由乌合之众 lym瞎编,欢迎转载 http://www.cnblogs.com/ol ...
- javascript最容易混淆的作用域、提升、闭包
一.函数作用域 1.函数作用域 就是作用域在一个“Function”里,属于这个函数的全部变量都可以在整个函数的范围内使用及复用. function foo(a) { var b = 2; funct ...
- 9.3---魔术索引(CC150)
魔术索引1:此外下一次应该看看课本上的方法. public boolean findMagicIndex(int[] A, int n){ for(int i = 0; i < A.length ...
- midi格式
http://www.ccarh.org/courses/253/handout/smf/