The previous article describes a code instance of SSL/TLS bidirectional authentication.
You can also choose to use one-way authentication, in which case the client side does not need to provide a certificate. So
Server side only need to own the KeyStore file, do not need Truststore file
The client side does not need its own KeyStore file, only the Truststore file (which contains the server's public key).
Additionally, the server side needs to set the client certificate is not required after creating the Sslserversocket: Setneedclientauth (False)
Server code
Package Learning.net.ssl;import Java.io.bufferedreader;import Java.io.fileinputstream;import java.io.IOException; Import Java.io.inputstreamreader;import java.io.printwriter;import java.net.socket;import java.security.KeyStore; Import Java.security.cert.x509certificate;import Javax.net.ssl.handshakecompletedevent;import Javax.net.ssl.handshakecompletedlistener;import Javax.net.ssl.keymanagerfactory;import Javax.net.ssl.SSLContext; Import Javax.net.ssl.sslpeerunverifiedexception;import Javax.net.ssl.sslserversocket;import Javax.net.ssl.sslserversocketfactory;import Javax.net.ssl.sslsocket;public class Catservernoclientauth implements Runnable, Handshakecompletedlistener {public static final int server_port = 11123; Private final Socket _s; Public Catservernoclientauth (Socket s) {_s = s; public static void Main (string[] args) throws Exception {String serverkeystorefile = "C:\\_tmp\\catserver.key Store "; String serverkeystorepwd = "Catserverks"; String catserverkeypwd = "Catserver"; KeyStore Serverkeystore = keystore.getinstance ("JKS"); Serverkeystore.load (New FileInputStream (Serverkeystorefile), Serverkeystorepwd.tochararray ()); Keymanagerfactory KMF = keymanagerfactory.getinstance (Keymanagerfactory.getdefaultalgorithm ()); Kmf.init (Serverkeystore, Catserverkeypwd.tochararray ()); Sslcontext Sslcontext = sslcontext.getinstance ("TLSv1"); Sslcontext.init (kmf.getkeymanagers (), NULL, NULL); Sslserversocketfactory sslserversocketfactory = Sslcontext.getserversocketfactory (); Sslserversocket Sslserversocket = (sslserversocket) sslserversocketfactory.createserversocket (SERVER_PORT); Sslserversocket.setneedclientauth (FALSE); while (true) {Sslsocket s = (sslsocket) sslserversocket.accept (); Catservernoclientauth cs = new Catservernoclientauth (s); S.addhandshakecompletedlistener (CS); New Thread (CS). Start (); } }@Override public void Run () {try {BufferedReader reader = new BufferedReader (New InputStreamReader ( _s.getinputstream ())); PrintWriter writer = new PrintWriter (_s.getoutputstream (), true); Writer.println ("welcome~, enter exit to leave."); String s; while ((s = reader.readline ()) = null &&!s.trim (). Equalsignorecase ("Exit")) {writer.println ("Ech O: "+ S"); } writer.println ("bye~"); } catch (Exception e) {e.printstacktrace (); } finally {try {_s.close (); } catch (IOException e) {e.printstacktrace (); }}} @Override public void handshakecompleted (Handshakecompletedevent event) {try {X5 09Certificate cert = (x509certificate) event.getpeercertificates () [0]; } catch (Sslpeerunverifiedexception ex) {System.out.println ("handshakecompleted, SSlpeerunverified. ");}}
Client code
Package Learning.net.ssl;import Java.io.bufferedreader;import Java.io.fileinputstream;import java.io.IOException; Import Java.io.inputstreamreader;import java.io.printwriter;import java.net.socket;import java.security.KeyStore; Import Javax.net.ssl.sslcontext;import Javax.net.ssl.sslsocketfactory;import javax.net.ssl.TrustManagerFactory; public class Foxclientnoclientauth {public static void main (string[] args) throws Exception {String Clienttrus Tkeystorefile = "C:\\_tmp\\foxclienttrust.keystore"; String clienttrustkeystorepwd = "Foxclienttrustks"; KeyStore Clienttrustkeystore = keystore.getinstance ("JKS"); Clienttrustkeystore.load (New FileInputStream (Clienttrustkeystorefile), Clienttrustkeystorepwd.tochararray ()); Trustmanagerfactory TMF = trustmanagerfactory.getinstance (Trustmanagerfactory.getdefaultalgorithm ()); Tmf.init (Clienttrustkeystore); Sslcontext Sslcontext = sslcontext.getinstance ("TLSv1"); Sslcontext.init (NULL, TMF.GEttrustmanagers (), NULL); Sslsocketfactory socketfactory = Sslcontext.getsocketfactory (); Socket socket = Socketfactory.createsocket ("localhost", catserver.server_port); PrintWriter out = new PrintWriter (Socket.getoutputstream (), true); BufferedReader in = new BufferedReader (New InputStreamReader (Socket.getinputstream ())); Send ("Hello", out); Send ("Exit", out); Receive (in); Socket.close (); The public static void is send (String s, printwriter out) throws IOException {System.out.println ("sending:" + S ); Out.println (s); public static void Receive (BufferedReader in) throws IOException {String s; while ((s = in.readline ()) = null) {System.out.println ("reveived:" + s); } }}
JAVA-JSSE-SSL/TLS Programming code example-one-way authentication