newclass.java

验证ssl双向认证的代码

/*
* Copyrights (C) 2008 Bearice (Bearice@Gmail.com)
* Release under GNU/GPL Version 2.
*/
package cn.bearice.ipcontroller.ccserver;

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

/**
*
* @author Bearice
*/
public class NewClass extends Thread {

    @Override
    public void run() {
        try {
            sleep(100);
            SSLContext ctx = SSLContext.getInstance("SSL");

            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");

            KeyStore ks = KeyStore.getInstance("JKS");
            //KeyStore tks = KeyStore.getInstance("JKS");

            ks.load(new FileInputStream("e:/certs/client.keystore"), "clientks".toCharArray());
            //tks.load(new FileInputStream("e:/certs/tclient.keystore"), "clientks".toCharArray());

            kmf.init(ks, "clientkey".toCharArray());
            tmf.init(ks);

            ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
            SSLSocketFactory factory = ctx.getSocketFactory();

            SSLSocket socket = (SSLSocket) factory.createSocket("127.0.0.1", 4433);

            showCerts(socket.getSession());
            
            PrintWriter pw = new PrintWriter(socket.getOutputStream());
            pw.println("GET /index.html HTTP/1.0");
            pw.println("Server: mail.google.com");
            pw.println("Connection: close");
            pw.println();
            pw.flush();
            BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
            String ln;
            while ((ln = in.readLine()) != null) {
                System.err.println(ln);
            }
        } catch (Exception ex) {
            Logger.getLogger(NewClass.class.getName()).log(Level.SEVERE, null, ex);
        }
    }

    public static void showCerts(SSLSession session) {
        X509Certificate cert = null;
        try {
            cert = (X509Certificate) session.getPeerCertificates()[0];
        } catch (SSLPeerUnverifiedException e) {
            e.printStackTrace();
            System.err.println(session.getPeerHost() + " did not present a valid certificate");
            //System.exit(1);
            return;
        }
        System.out.println(session.getPeerHost() + " has presented a certificate belonging to" + "[" + cert.getSubjectDN() + "]\n" + "The certificate was issued by: \t" + "[" + cert.getIssuerDN() + "]");

    }

    public static void main(String[] args) throws Exception {
        SSLContext ctx = SSLContext.getInstance("SSL");

        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");

        KeyStore ks = KeyStore.getInstance("JKS");
        //KeyStore tks = KeyStore.getInstance("JKS");

        ks.load(new FileInputStream("e:/certs/server.keystore"), "serverks".toCharArray());
        //tks.load(new FileInputStream("e:/certs/tserver.keystore"), "serverks".toCharArray());

        kmf.init(ks, "serverkey".toCharArray());
        tmf.init(ks);

        ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

        SSLServerSocketFactory factory = ctx.getServerSocketFactory();
        SSLServerSocket serverSocket = (SSLServerSocket) factory.createServerSocket(4433);

        serverSocket.setNeedClientAuth(true);

        new NewClass().start();
        
        SSLSocket socket = (SSLSocket) serverSocket.accept();
        try {
            socket.startHandshake();
        } catch (Exception ex) {
            System.out.println("Handshake failed: " + ex);
        }
        
        showCerts(socket.getSession());
        socket.startHandshake();
        PrintWriter out = new PrintWriter(socket.getOutputStream());
        BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
        String ln;
        while ((ln = in.readLine()) != null) {
            System.out.println(ln);
            if (ln.equals("")) {
                break;
            }
        }
        out.println("HTTP/1.1 200 OK");
        out.println("Cache-Control: no-cache");
        out.println("Pragma: no-cache");
        out.println("Expires: Fri, 01 Jan 1990 00:00:00 GMT");
        out.println("Content-Type: text/html; charset=UTF-8");
        out.println("Date: Tue, 01 Jul 2008 11:56:42 GMT");
        out.println("Server: BWS");
        out.println("X-Powered-By: BWS");
        out.println();
        out.println("<html><h1>hello world</h1></html>");
        out.close();
        socket.close();
    }
}