In the previous "OpenSSL and keystore instruction small set," said the recent study of SSL encryption, will give a small example of Java. Copying a piece of code that can run to production is very irresponsible, but a small example can lead us to a quick glimpse of the nature of things. Rome was not built in a day.
This article will give a small example of a Java SSL socket, including the server and client. I hope that after you get started, we should study the relevant information and understand the basic concepts. Java is the advantage of more thorough encapsulation, need to intervene in a relatively small place, the disadvantage is that with the Java version of the upgrade and development, there will be a lot of new concepts and classes gush, it is necessary to figure out a lot of power, in addition to the code volume is also relatively large (production level of code).
Specific code
In the simplest case, Java only needs to configure several system properties, creating and invoking several SSL-related objects. These four properties are:
- Javax.net.ssl.keyStore
The party's password, certificate and other storage location (KeyStore file address).
- Javax.net.ssl.keyStorePassword
KeyStore's password. No password can be filled out.
- Javax.net.ssl.trustStore
Where the trusted certificate is stored (trustkeystore file address).
- Javax.net.ssl.trustStorePassword
Trustkeystore's password. No password can be filled out.
The KeyStore type is JKS type by default, and it is not necessary to set Javax.net.ssl.keyStoreType and Javax.net.ssl.trustStoreType.
Server-side code
Each time a new connection is received, a new thread reception is opened. Make use of the thread pool and other techniques in production. It is more recommended to use frames such as Netty or Mina.
public class Sslserver {public static void main (string[] args) throws Exception {System.setproperty ("Javax.net.debug", "s Sl,handshake "); System.setproperty ("Javax.net.ssl.keyStore", "./cfg/server.jks"); System.setproperty ("Javax.net.ssl.keyStorePassword", "123456"); System.setproperty ("Javax.net.ssl.trustStore", "./cfg/clienttrust.jks"); System.setproperty ("Javax.net.ssl.trustStorePassword", "123456"); Sslserversocketfactory serversocketfactory = (sslserversocketfactory) sslserversocketfactory.getdefault (); Sslserversocket ServerSocket = (sslserversocket) serversocketfactory.createserversocket (9100);// Requires client authentication Serversocket.setneedclientauth (TRUE), while (true) {sslsocket socket = (sslsocket) serversocket.accept (); Accepter accepter = new Accepter (socket); Accepter.service ();}} Static class Accepter implements Runnable {private Sslsocket socket;public Accepter (sslsocket socket) {This.socket = Socke t;} public void Service () {Thread thread = new Thread (this); Thread.Start ();} @Overridepublic void Run() {try {InputStream InputStream = Socket.getinputstream (); InputStreamReader inputstreamreader = new InputStreamReader ( InputStream); BufferedReader BufferedReader = new BufferedReader (InputStreamReader); String string = Null;while ((string = Bufferedreader.readline ()) = null) {System.out.println (string); System.out.flush ();}} catch (Exception e) {//Replace with other Codee.printstacktrace ();}}}
Client code
Establishes a connection and concurrently sends a message to the server. Very simple. Remember to break the line and call the Flush method.
public class Sslclient {public static void main (string[] args) throws Exception {System.setproperty ("Javax.net.debug", "s Sl,handshake "); System.setproperty ("Javax.net.ssl.keyStore", "./cfg/client.jks"); System.setproperty ("Javax.net.ssl.keyStorePassword", "123456"); System.setproperty ("Javax.net.ssl.trustStore", "./cfg/servertrust.jks"); System.setproperty ("Javax.net.ssl.trustStorePassword", "123456"); Sslsocketfactory sslsocketfactory = (sslsocketfactory) sslsocketfactory.getdefault (); Sslsocket Sslsocket = (sslsocket) sslsocketfactory.createsocket ("127.0.0.1", 9100); OutputStream outputstream = Sslsocket.getoutputstream (); BufferedWriter bufferedwriter = new BufferedWriter (new OutputStreamWriter (OutputStream)); Bufferedwriter.write (" Sleeping lion \ "); Bufferedwriter.flush (); TimeUnit.SECONDS.sleep (2000);}}
Conclusion
The JDK later added the Sslengine class, which has the ability to communicate asynchronously. But looking at official documents, the code given is very long. Or that sentence, a conditional recommendation with Netty or Mina to deal with the problem of communication, it should be better than the performance of their own writing.
Java Official SSL Socket document
Java SSL Socket Communication Example