为了在android上创建ssl服务器套接字,您需要提供两个密钥库。
密钥管理器密钥存储。
信任管理器密钥存储。
正在创建keymanager。
要创建keymanager,需要生成 PKCS12
与 .crt
以及 .key
文件。
openssl pkcs12 -export -in [cert_file]-inkey [key_file] -out store.p12
然后你必须创造 JKS
使用此命令创建文件。
keytool -importkeystore \-srckeystore store.p12 -srcstoretype PKCS12 \-destkeystore store.jks -deststoretype BKS \-providerclass org.bouncycastle.jce.provider.BouncyCastleProvider \-providerpath [bouncy file like :”bcprov-jdk15on-167.jar”]
提示:要创建此文件,您需要bouncycastleprovider。
现在您的文件密钥管理器准备就绪。你可以把它放在你的资源中,并将它与此代码一起使用。
java 语:
private KeyManager[] createKeyManagers(InputStream keyStoreIS, String keystorePassword, String keyPassword) throws Exception {
KeyStore keyStore = KeyStore.getInstance(CERTIFICATE_TYPE);
keyStore.load(keyStoreIS, keystorePassword.toCharArray());
keyStoreIS.close();
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, keyPassword.toCharArray());
return kmf.getKeyManagers();
}
Kotlin:
@Throws(java.lang.Exception::class)
fun createKeyManagers(keyStoreIS: InputStream, keystorePassword: String, keyPassword: String): Array<KeyManager> {
val keyStore = KeyStore.getInstance("BKS")
keyStore.load(keyStoreIS, keystorePassword.toCharArray())
keyStoreIS.close()
val algorithm = KeyManagerFactory.getDefaultAlgorithm()
val kmf = KeyManagerFactory.getInstance(algorithm)
kmf.init(keyStore, keyPassword.toCharArray())
return kmf.keyManagers
}
正在创建trustmanager。
你需要用这个命令创建一个bks文件。
keytool -importcert -v -trustcacerts -file [cer_file] -alias IntermediateCA -keystore [output.bks] -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath [bouncy file like :”bcprov-jdk15on-159.jar”] -storetype BKS -storepass mysecret
现在你的关键信任已经准备好了。你可以把它放在你的资源中,并将它与此代码一起使用。
java 语:
private TrustManager[] createTrustManagers(InputStream trustStoreIS, String keystorePassword) throws Exception {
KeyStore trustStore = KeyStore.getInstance("BKS");
trustStore.load(trustStoreIS, keystorePassword.toCharArray());
trustStoreIS.close();
String algorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(algorithm);
trustFactory.init(trustStore);
return trustFactory.getTrustManagers();
}
Kotlin:
@Throws(java.lang.Exception::class)
fun createTrustManagers(trustStoreIS: InputStream, keystorePassword: String): Array<TrustManager> {
val trustStore = KeyStore.getInstance("BKS")
trustStore.load(trustStoreIS, keystorePassword.toCharArray())
trustStoreIS.close()
val algorithm = TrustManagerFactory.getDefaultAlgorithm()
val trustFactory = TrustManagerFactory.getInstance(algorithm);
trustFactory.init(trustStore);
return trustFactory.trustManagers
}
创建sslserversocket。
然后可以使用此代码创建sslserversocket。
java 语:
public static SSLServerSocket getSSLServerSocket(InputStream server, InputStream cacerts, Integer port) throws Exception {
String keyPass = "mysecret";
String keyStorePass = "mysecret";
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(createKeyManagers(server, keyStorePass, keyPass), createTrustManagers(cacerts, keyPass), new SecureRandom());
SSLServerSocketFactory factory = context.getServerSocketFactory();
SSLServerSocket serverSocket = (SSLServerSocket)factory.createServerSocket(port);
serverSocket.setEnabledProtocols(serverSocket.getSupportedProtocols());
serverSocket.setEnabledCipherSuites(serverSocket.getSupportedCipherSuites());
serverSocket.setNeedClientAuth(false);
serverSocket.setWantClientAuth(false);
serverSocket.setUseClientMode(false);
return serverSocket;
}
Kotlin:
@Throws(Exception::class)
fun getSSLServerSocket(server: InputStream, cacerts: InputStream, port: Int): SSLServerSocket {
val keyPass = "mysecret"
val keyStorePass = "mysecret"
val context = SSLContext.getInstance("TLSv1.2")
context.init(
createKeyManagers(server, keyStorePass, keyPass),
createTrustManagers(cacerts, keyPass),
SecureRandom()
)
val factory = context.serverSocketFactory
val serverSocket = factory.createServerSocket(port) as SSLServerSocket
serverSocket.enabledProtocols = serverSocket.supportedProtocols
serverSocket.enabledCipherSuites = serverSocket.supportedCipherSuites
serverSocket.needClientAuth = false
serverSocket.wantClientAuth = false
serverSocket.useClientMode = false
return serverSocket
}
您的服务器套接字现在已准备就绪,可以开始侦听。因此,您需要在线程中运行socket,通过使用此代码,您可以等待新客户机连接并与客户机握手。
java 语:
SSLSocket socket = (SSLSocket) serverSocket.accept();
socket.addHandshakeCompletedListener(event -> {
//start to communicate
});
socket.startHandshake();
Kotlin:
val socket = serverSocket.accept() as SSLSocket
socket.addHandshakeCompletedListener { handShake ->
//start to communicate
}
socket.startHandshake()
暂无答案!
目前还没有任何答案,快来回答吧!