package netkiller;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class HTTPS {
public static void main(String[] args) {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
// Now you can access an https URL without having the certificate in the truststore
try {
//Create a URL for the desired page
URL url = new URL("https://java.sun.com/");
// Read all the text returned by the server
BufferedReader in = new BufferedReader(new InputStreamReader(url.openStream()));
String html;
while ((html = in.readLine()) != null) {
// str is one line of text; readLine() strips the newline character(s)
System.out.println(html);
}
in.close();
} catch (MalformedURLException mue) {
} catch (IOException ioe) {
}
}
}
package netkiller;
import java.io.*;
import java.net.*;
import javax.net.SocketFactory;
import javax.net.ssl.*;
public class SSLClientSocket {
public static void main(String[] args) {
try {
int port = 443;
String hostname = "java.sun.com";
SocketFactory socketFactory = SSLSocketFactory.getDefault();
Socket socket = socketFactory.createSocket(hostname, port);
// Create streams to securely send and receive data to the server
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
BufferedReader socketReader = new BufferedReader(new InputStreamReader(in));
PrintWriter socketWriter = new PrintWriter(out);
socketWriter.println("GET /");
socketWriter.flush();
String line=null;
StringBuffer html = new StringBuffer();
while((line=socketReader.readLine())!=null){
html.append(line+"\n");
}
// Read from in and write to out...
System.out.println(html.toString());
// Close the socket
socketReader.close();
socketWriter.close();
in.close();
out.close();
} catch(IOException e) {
}
}
}
這裡實現一個簡單的SSL Echo伺服器
創建證書
keytool -genkey -keyalg RSA -alias mycert -keystore mySrvKeystore
C:\workspace\test>keytool -genkey -keyalg RSA -alias mycert -keystore mySrvKeystore
輸入keystore密碼: 13721218
您的名字與姓氏是什麼?
[Unknown]: 陳景峰
您的組織單位名稱是什麼?
[Unknown]: 中國無線電運動協會
您的組織名稱是什麼?
[Unknown]: 無線電運動協會
您所在的城市或區域名稱是什麼?
[Unknown]: 深圳
您所在的州或省份名稱是什麼?
[Unknown]: 廣東省
該單位的兩字母國家代碼是什麼
[Unknown]: CN
CN=陳景峰, OU=中國無線電運動協會, O=無線電運動協會, L=深圳, ST=廣東省, C=CN 正確
嗎?
[否]: Y
輸入<mycert>的主密碼
(如果和 keystore 密碼相同,按回車): 13721218
C:\workspace\neo>javac netkiller\SSLServerSocket.java
java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=13721218 netkiller.SSLServerSocket
Client
C:\workspace\neo>javac netkiller\SSLClientSocket.java
java -Djavax.net.ssl.trustStore=truststore -Djavax.net.ssl.trustStorePassword=13721218 netkiller.SSLClientSocket