android 实现SSL握手协商
16lz
2021-01-26
Android的私钥和信任证书的格式必须是BKS格式的,通过配置本地JDK,让keytool可以生成BKS格式的私钥和信任证书,java本身没有BouncyCastle密库 ssl通道建立前必须进行协商(形成安全的通道--隧道技术)。
服务端:
View Code1 public class SSLServer { 2 3 private static final int SERVER_PORT = 50030; 4 private static final String SERVER_KEY_PASSWORD = "123456"; 5 private static final String SERVER_AGREEMENT = "TLS";//使用协议 6 private static final String SERVER_KEY_MANAGER = "SunX509";//密钥管理器 7 private static final String SERVER_KEY_KEYSTORE = "JKS";//密库,这里用的是Java自带密库 8 private static final String SERVER_KEYSTORE_PATH = "src/data/kserver.keystore";//密库路径 9 private SSLServerSocket serverSocket;10 11 public static void main(String[] args) {12 SSLServer server = new SSLServer();13 server.init();14 server.start();15 }16 17 //由于该程序不是演示Socket监听,所以简单采用单线程形式,并且仅仅接受客户端的消息,并且返回客户端指定消息18 public void start() {19 if (serverSocket == null) {20 System.out.println("ERROR");21 return;22 }23 while (true) {24 try {25 System.out.println("Server Side......");26 Socket s = serverSocket.accept();27 InputStream input = s.getInputStream();28 OutputStream output = s.getOutputStream();29 30 BufferedInputStream bis = new BufferedInputStream(input);31 BufferedOutputStream bos = new BufferedOutputStream(output);32 33 byte[] buffer = new byte[20];34 bis.read(buffer);35 System.out.println(new String(buffer));36 37 bos.write("This is Server".getBytes());38 bos.flush();39 40 s.close();41 } catch (Exception e) {42 System.out.println(e);43 }44 }45 }46 47 public void init() {48 try {49 //取得SSLContext50 SSLContext ctx = SSLContext.getInstance(SERVER_AGREEMENT);51 //取得SunX509私钥管理器52 KeyManagerFactory kmf = KeyManagerFactory.getInstance(SERVER_KEY_MANAGER);53 //取得JKS密库实例54 KeyStore ks = KeyStore.getInstance(SERVER_KEY_KEYSTORE);55 //加载服务端私钥56 ks.load(new FileInputStream(SERVER_KEYSTORE_PATH), SERVER_KEY_PASSWORD.toCharArray());57 //初始化58 kmf.init(ks, SERVER_KEY_PASSWORD.toCharArray());59 //初始化SSLContext60 ctx.init(kmf.getKeyManagers(),null, null);61 //通过SSLContext取得ServerSocketFactory,创建ServerSocket62 serverSocket = (SSLServerSocket) ctx.getServerSocketFactory().createServerSocket(SERVER_PORT);63 } catch (Exception e) {64 System.out.println(e);65 }66 }67 }
客户端:
View Code1 public class MySSLSocket extends Activity { 2 private static final int SERVER_PORT = 50030;//端口号 3 private static final String SERVER_IP = "218.206.176.146";//连接IP 4 private static final String CLIENT_KET_PASSWORD = "123456";//私钥密码 5 private static final String CLIENT_TRUST_PASSWORD = "123456";//信任证书密码 6 private static final String CLIENT_AGREEMENT = "TLS";//使用协议 7 private static final String CLIENT_KEY_MANAGER = "X509";//密钥管理器 8 private static final String CLIENT_TRUST_MANAGER = "X509";// 9 private static final String CLIENT_KEY_KEYSTORE = "BKS";//密库,这里用的是BouncyCastle密库 10 private static final String CLIENT_TRUST_KEYSTORE = "BKS";// 11 private static final String ENCONDING = "utf-8";//字符集 12 private SSLSocket Client_sslSocket; 13 private Log tag; 14 private TextView tv; 15 private Button btn; 16 private Button btn2; 17 private Button btn3; 18 private EditText et; 19 20 /** Called when the activity is first created. */ 21 @Override 22 public void onCreate(Bundle savedInstanceState) { 23 super.onCreate(savedInstanceState); 24 setContentView(R.layout.main); 25 tv = (TextView) findViewById(R.id.TextView01); 26 et = (EditText) findViewById(R.id.EditText01); 27 btn = (Button) findViewById(R.id.Button01); 28 btn2 = (Button) findViewById(R.id.Button02); 29 btn3 = (Button) findViewById(R.id.Button03); 30 31 btn.setOnClickListener(new Button.OnClickListener(){ 32 @Override 33 public void onClick(View arg0) { 34 if(null != Client_sslSocket){ 35 getOut(Client_sslSocket, et.getText().toString()); 36 getIn(Client_sslSocket); 37 et.setText(""); 38 } 39 } 40 }); 41 btn2.setOnClickListener(new Button.OnClickListener(){ 42 @Override 43 public void onClick(View arg0) { 44 try { 45 Client_sslSocket.close(); 46 Client_sslSocket = null; 47 } catch (IOException e) { 48 e.printStackTrace(); 49 } 50 } 51 }); 52 btn3.setOnClickListener(new View.OnClickListener(){ 53 @Override 54 public void onClick(View arg0) { 55 init(); 56 getIn(Client_sslSocket); 57 } 58 }); 59 } 60 61 public void init() { 62 try { 63 //取得SSL的SSLContext实例 64 SSLContext sslContext = SSLContext.getInstance(CLIENT_AGREEMENT); 65 //取得KeyManagerFactory和TrustManagerFactory的X509密钥管理器实例 66 KeyManagerFactory keyManager = KeyManagerFactory.getInstance(CLIENT_KEY_MANAGER); 67 TrustManagerFactory trustManager = TrustManagerFactory.getInstance(CLIENT_TRUST_MANAGER); 68 //取得BKS密库实例 69 KeyStore kks= KeyStore.getInstance(CLIENT_KEY_KEYSTORE); 70 KeyStore tks = KeyStore.getInstance(CLIENT_TRUST_KEYSTORE); 71 //加客户端载证书和私钥,通过读取资源文件的方式读取密钥和信任证书 72 kks.load(getBaseContext() 73 .getResources() 74 .openRawResource(R.drawable.kclient),CLIENT_KET_PASSWORD.toCharArray()); 75 tks.load(getBaseContext() 76 .getResources() 77 .openRawResource(R.drawable.lt_client),CLIENT_TRUST_PASSWORD.toCharArray()); 78 //初始化密钥管理器 79 keyManager.init(kks,CLIENT_KET_PASSWORD.toCharArray()); 80 trustManager.init(tks); 81 //初始化SSLContext 82 sslContext.init(keyManager.getKeyManagers(),trustManager.getTrustManagers(),null); 83 //生成SSLSocket 84 Client_sslSocket = (SSLSocket) sslContext.getSocketFactory().createSocket(SERVER_IP,SERVER_PORT); 85 } catch (Exception e) { 86 tag.e("MySSLSocket",e.getMessage()); 87 } 88 } 89 90 public void getOut(SSLSocket socket,String message){ 91 PrintWriter out; 92 try { 93 out = new PrintWriter( 94 new BufferedWriter( 95 new OutputStreamWriter( 96 socket.getOutputStream() 97 ) 98 ),true); 99 out.println(message);100 } catch (IOException e) {101 e.printStackTrace();102 }103 }104 105 public void getIn(SSLSocket socket){106 BufferedReader in = null;107 String str = null;108 try {109 in = new BufferedReader(110 new InputStreamReader(111 socket.getInputStream()));112 str = new String(in.readLine().getBytes(),ENCONDING);113 } catch (UnsupportedEncodingException e) {114 e.printStackTrace();115 } catch (IOException e) {116 e.printStackTrace();117 }118 new AlertDialog119 .Builder(MySSLSocket.this)120 .setTitle("服务器消息")121 .setNegativeButton("确定", null)122 .setIcon(android.R.drawable.ic_menu_agenda)123 .setMessage(str)124 .show();125 }126 }
转载于:https://www.cnblogs.com/sunfb/archive/2013/02/27/2935525.html
更多相关文章
- webkit for android 4.0 by mogoweb base off Jelly
- 在Android下抓包
- Android(安卓)Map 申请Debug Key的方法
- [置顶] Android中的DI(依赖注入)框架--RoboGuice
- Fragment 的两种创建方式
- Android(安卓)创世纪 第一天
- Android(安卓)Camera CameraHal.cpp 初始化分析
- Android布局管理器介绍
- Android(安卓)Camera从App层到framework层到HAL层的初始化过程