Java Memorandum - Using SSL Socket
投稿者:Nobu 投稿日時:2010/06/23(水) 21:40
I wrote a pair of code (server/client) to see how SSL on Java can be implemented.
In this sample, only the server certificate is used. The client validates the server certificate, but the server doesn't care the client's authenticity. That is OK because the most web server behave like that.
Client side of the code - SSLClient.java
import java.io.*;
import java.security.KeyStore;
import javax.net.ssl.*;
public class SSLClient {
public static void main(String[] args) {
try {
// Read the TrustStore
KeyStore trust_store = KeyStore.getInstance("JKS");
// changit is the password for clientTrust
char[] trust_pass = "changeit".toCharArray();
trust_store.load(new FileInputStream("C:\\Temp\\clientTrust"),
trust_pass);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(
"SunX509");
tmf.init(trust_store);
// Generate the socket
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
SSLSocketFactory sf = context.getSocketFactory();
SSLSocket soc = (SSLSocket)sf.createSocket("192.168.1.100", 51004);
soc.startHandshake();
// Obtain input/output streams
ObjectOutputStream oos = new ObjectOutputStream(
soc.getOutputStream());
ObjectInputStream ois = new ObjectInputStream(
soc.getInputStream());
// Write an object to the output stream
oos.writeObject(args[0]);
// Get an object from the stream.
String str = (String)ois.readObject();
// Display the result from the server
System.out.println("string to uppercase : " + str);
// Close streams and socket
oos.close();
ois.close();
soc.close();
} catch(Exception e) {
e.printStackTrace();
}
}
}
Server side code:
Server.java
import java.io.FileInputStream;
import java.net.*;
import java.security.KeyStore;
import javax.net.ssl.*;
public class Server {
public static void main(String[] args) {
try {
// Read key store
KeyStore key_store = KeyStore.getInstance("JKS");
char[] key_pass = "changeit".toCharArray();
key_store.load(new FileInputStream("C:\\Temp\\keystore"),
key_pass);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
"SunX509");
kmf.init(key_store, key_pass);
// Generate server socket
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory ssf =
context.getServerSocketFactory();
SSLServerSocket ssoc = (SSLServerSocket)
ssf.createServerSocket(51004);
while(true) {
try {
System.out.println("waiting for connection from client");
// Wait for the client to connect
Socket soc = ssoc.accept();
System.out.println("receive client!");
// Let the Connect class handle.
new Connect(soc);
} catch(Exception e) {
e.printStackTrace();
}
}
} catch(Exception e) {
e.printStackTrace();
}
}
}
Connect.java
import java.io.*;
import java.net.*;
public class Connect extends Thread {
private Socket soc = null;
public Connect(Socket soc) {
this.soc = soc;
// Start the thread.
this.start();
}
public void run() {
try {
// Obtain input/output streams
ObjectInputStream ois = new ObjectInputStream(
soc.getInputStream());
ObjectOutputStream oos = new ObjectOutputStream(
soc.getOutputStream());
// Obtain an object from the input stream.
String str = (String)ois.readObject();
str = str.toUpperCase();
// Write the converted string to the stream
oos.writeObject(str);
// Close the streams and socket
ois.close();
oos.close();
soc.close();
} catch(Exception e) {
e.printStackTrace();
}
}
}
Refer keytool document for creating certificate, key store, etc.
新しいコメントの投稿