Creating an SSL Server Socket An SSL server socket requires certificates that it will send to clients for authentication. The certificates must be contained in a keystore whose location must be explicitly specified (there is no default). Following the example we describe how to create and specify a keystore for the SSL server socket to use. try { int port = 443; ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault(); ServerSocket ssocket = ssocketFactory.createServerSocket(port);
// Listen for connections Socket socket = ssocket.accept();
// Create streams to securely send and receive data to the client InputStream in = socket.getInputStream(); OutputStream out = socket.getOutputStream();
// Read from in and write to out...
// Close the socket in.close(); out.close(); } catch(IOException e) { }Specify the keystore of certificates using the javax.net.ssl.keyStore system property: > java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 MyServer For testing purposes, you can create a keystore with a self-signed certificate, using the keytool command:
Retrieving the Certification Path of an SSL Server This example implements a client that connects to an SSL server and retrieves the server's certificates. See also e211 Adding a Certificate to a Key Store. try { // Create the client socket int port = 443; String hostname = "hostname"; SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory(); SSLSocket socket = (SSLSocket)factory.createSocket(hostname, port);
// Connect to the server socket.startHandshake();
// Retrieve the server's certificate chain java.security.cert.Certificate[] serverCerts = socket.getSession().getPeerCertificates();
Adding a Certificate to a Key Store // This method adds a certificate with the specified alias to the specified keystore file. public static void addToKeyStore(File keystoreFile, char[] keystorePassword, String alias, java.security.cert.Certificate cert) { try { // Create an empty keystore object KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
// Load the keystore contents FileInputStream in = new FileInputStream(keystoreFile); keystore.load(in, keystorePassword); in.close();
// Add the certificate keystore.setCertificateEntry(alias, cert);
// Save the new keystore contents FileOutputStream out = new FileOutputStream(keystoreFile); keystore.store(out, keystorePassword); out.close(); } catch (java.security.cert.CertificateException e) { } catch (NoSuchAlgorithmException e) { } catch (FileNotFoundException e) { // Keystore does not exist } catch (KeyStoreException e) { } catch (IOException e) { } }
-_-! 8能给滴~~~
An SSL server socket requires certificates that it will send to clients for authentication. The certificates must be contained in a keystore whose location must be explicitly specified (there is no default). Following the example we describe how to create and specify a keystore for the SSL server socket to use.
try {
int port = 443;
ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault();
ServerSocket ssocket = ssocketFactory.createServerSocket(port);
// Listen for connections
Socket socket = ssocket.accept();
// Create streams to securely send and receive data to the client
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
// Read from in and write to out...
// Close the socket
in.close();
out.close();
} catch(IOException e) {
}Specify the keystore of certificates using the javax.net.ssl.keyStore system property:
> java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 MyServer
For testing purposes, you can create a keystore with a self-signed certificate, using the keytool command:
This example implements a client that connects to an SSL server and retrieves the server's certificates.
See also e211 Adding a Certificate to a Key Store. try {
// Create the client socket
int port = 443;
String hostname = "hostname";
SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket(hostname, port);
// Connect to the server
socket.startHandshake();
// Retrieve the server's certificate chain
java.security.cert.Certificate[] serverCerts =
socket.getSession().getPeerCertificates();
// Close the socket
socket.close();
} catch (SSLPeerUnverifiedException e) {
} catch (IOException e) {
} catch (java.security.cert.CertificateEncodingException e) {
}
// This method adds a certificate with the specified alias to the specified keystore file.
public static void addToKeyStore(File keystoreFile, char[] keystorePassword,
String alias, java.security.cert.Certificate cert) {
try {
// Create an empty keystore object
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
// Load the keystore contents
FileInputStream in = new FileInputStream(keystoreFile);
keystore.load(in, keystorePassword);
in.close();
// Add the certificate
keystore.setCertificateEntry(alias, cert);
// Save the new keystore contents
FileOutputStream out = new FileOutputStream(keystoreFile);
keystore.store(out, keystorePassword);
out.close();
} catch (java.security.cert.CertificateException e) {
} catch (NoSuchAlgorithmException e) {
} catch (FileNotFoundException e) {
// Keystore does not exist
} catch (KeyStoreException e) {
} catch (IOException e) {
}
}