sslserversocketandroid一步一步

ljsrvy3e  于 2021-07-03  发布在  Java
关注(0)|答案(0)|浏览(240)

为了在android上创建ssl服务器套接字,您需要提供两个密钥库。
密钥管理器密钥存储。
信任管理器密钥存储。
正在创建keymanager。
要创建keymanager,需要生成 PKCS12.crt 以及 .key 文件。

openssl pkcs12 -export -in [cert_file]-inkey [key_file] -out store.p12

然后你必须创造 JKS 使用此命令创建文件。

keytool -importkeystore \-srckeystore store.p12 -srcstoretype PKCS12 \-destkeystore store.jks -deststoretype BKS \-providerclass org.bouncycastle.jce.provider.BouncyCastleProvider \-providerpath [bouncy file like :”bcprov-jdk15on-167.jar”]

提示:要创建此文件,您需要bouncycastleprovider。
现在您的文件密钥管理器准备就绪。你可以把它放在你的资源中,并将它与此代码一起使用。
java 语:

private KeyManager[] createKeyManagers(InputStream keyStoreIS, String keystorePassword, String keyPassword) throws Exception {
    KeyStore keyStore = KeyStore.getInstance(CERTIFICATE_TYPE);
    keyStore.load(keyStoreIS, keystorePassword.toCharArray());
    keyStoreIS.close();
    KeyManagerFactory kmf =    KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(keyStore, keyPassword.toCharArray());
    return kmf.getKeyManagers();
}

Kotlin:

@Throws(java.lang.Exception::class)
fun createKeyManagers(keyStoreIS: InputStream, keystorePassword: String, keyPassword: String): Array<KeyManager> {
    val keyStore = KeyStore.getInstance("BKS")
    keyStore.load(keyStoreIS, keystorePassword.toCharArray())
    keyStoreIS.close()
    val algorithm = KeyManagerFactory.getDefaultAlgorithm()
    val kmf = KeyManagerFactory.getInstance(algorithm)
    kmf.init(keyStore, keyPassword.toCharArray())
    return kmf.keyManagers
}

正在创建trustmanager。
你需要用这个命令创建一个bks文件。

keytool -importcert -v -trustcacerts -file [cer_file] -alias IntermediateCA -keystore [output.bks] -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath [bouncy file like :”bcprov-jdk15on-159.jar”] -storetype BKS -storepass mysecret

现在你的关键信任已经准备好了。你可以把它放在你的资源中,并将它与此代码一起使用。
java 语:

private TrustManager[] createTrustManagers(InputStream trustStoreIS, String keystorePassword) throws Exception {
    KeyStore trustStore = KeyStore.getInstance("BKS");
    trustStore.load(trustStoreIS, keystorePassword.toCharArray());
    trustStoreIS.close();
    String algorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(algorithm);
    trustFactory.init(trustStore);
    return trustFactory.getTrustManagers();
}

Kotlin:

@Throws(java.lang.Exception::class)
fun createTrustManagers(trustStoreIS: InputStream, keystorePassword: String): Array<TrustManager> {
    val trustStore = KeyStore.getInstance("BKS")
    trustStore.load(trustStoreIS, keystorePassword.toCharArray())
    trustStoreIS.close()
    val algorithm = TrustManagerFactory.getDefaultAlgorithm()
    val trustFactory = TrustManagerFactory.getInstance(algorithm);
    trustFactory.init(trustStore);
    return trustFactory.trustManagers
}

创建sslserversocket。
然后可以使用此代码创建sslserversocket。
java 语:

public static SSLServerSocket getSSLServerSocket(InputStream server, InputStream cacerts, Integer port) throws Exception {
    String keyPass = "mysecret";
    String keyStorePass = "mysecret";
    SSLContext context = SSLContext.getInstance("TLSv1.2");
    context.init(createKeyManagers(server, keyStorePass, keyPass), createTrustManagers(cacerts, keyPass), new SecureRandom());
    SSLServerSocketFactory factory = context.getServerSocketFactory();
    SSLServerSocket serverSocket = (SSLServerSocket)factory.createServerSocket(port);
    serverSocket.setEnabledProtocols(serverSocket.getSupportedProtocols());
    serverSocket.setEnabledCipherSuites(serverSocket.getSupportedCipherSuites());
    serverSocket.setNeedClientAuth(false);
    serverSocket.setWantClientAuth(false);
    serverSocket.setUseClientMode(false);
    return serverSocket;
}

Kotlin:

@Throws(Exception::class)
fun getSSLServerSocket(server: InputStream, cacerts: InputStream, port: Int): SSLServerSocket {
    val keyPass = "mysecret"
    val keyStorePass = "mysecret"
    val context = SSLContext.getInstance("TLSv1.2")
    context.init(
        createKeyManagers(server, keyStorePass, keyPass),
        createTrustManagers(cacerts, keyPass),
        SecureRandom()
    )
    val factory = context.serverSocketFactory
    val serverSocket = factory.createServerSocket(port) as SSLServerSocket
    serverSocket.enabledProtocols = serverSocket.supportedProtocols
    serverSocket.enabledCipherSuites = serverSocket.supportedCipherSuites
    serverSocket.needClientAuth = false
    serverSocket.wantClientAuth = false
    serverSocket.useClientMode = false
    return serverSocket
}

您的服务器套接字现在已准备就绪,可以开始侦听。因此,您需要在线程中运行socket,通过使用此代码,您可以等待新客户机连接并与客户机握手。
java 语:

SSLSocket socket = (SSLSocket) serverSocket.accept();
socket.addHandshakeCompletedListener(event -> {
        //start to communicate
});
socket.startHandshake();

Kotlin:

val socket = serverSocket.accept() as SSLSocket
socket.addHandshakeCompletedListener { handShake ->
  //start to communicate
}
socket.startHandshake()

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题