在Android上实现SSL握手
16lz
2021-01-23
Android的私钥和信任证书的格式必须是BKS格式的,通过配置本地JDK,让keytool可以生成BKS格式的私钥和信任证书,java本身没有BouncyCastle密库
服务端:
- publicclassSSLServer{
- privatestaticfinalintSERVER_PORT=50030;
- privatestaticfinalStringSERVER_KEY_PASSWORD="123456";
- privatestaticfinalStringSERVER_AGREEMENT="TLS";//使用协议
- privatestaticfinalStringSERVER_KEY_MANAGER="SunX509";//密钥管理器
- privatestaticfinalStringSERVER_KEY_KEYSTORE="JKS";//密库,这里用的是Java自带密库
- privatestaticfinalStringSERVER_KEYSTORE_PATH="src/data/kserver.keystore";//密库路径
- privateSSLServerSocketserverSocket;
- publicstaticvoidmain(String[]args){
- SSLServerserver=newSSLServer();
- server.init();
- server.start();
- }
- //由于该程序不是演示Socket监听,所以简单采用单线程形式,并且仅仅接受客户端的消息,并且返回客户端指定消息
- publicvoidstart(){
- if(serverSocket==null){
- System.out.println("ERROR");
- return;
- }
- while(true){
- try{
- System.out.println("ServerSide......");
- Sockets=serverSocket.accept();
- InputStreaminput=s.getInputStream();
- OutputStreamoutput=s.getOutputStream();
- BufferedInputStreambis=newBufferedInputStream(input);
- BufferedOutputStreambos=newBufferedOutputStream(output);
- byte[]buffer=newbyte[20];
- bis.read(buffer);
- System.out.println(newString(buffer));
- bos.write("ThisisServer".getBytes());
- bos.flush();
- s.close();
- }catch(Exceptione){
- System.out.println(e);
- }
- }
- }
- publicvoidinit(){
- try{
- //取得SSLContext
- SSLContextctx=SSLContext.getInstance(SERVER_AGREEMENT);
- //取得SunX509私钥管理器
- KeyManagerFactorykmf=KeyManagerFactory.getInstance(SERVER_KEY_MANAGER);
- //取得JKS密库实例
- KeyStoreks=KeyStore.getInstance(SERVER_KEY_KEYSTORE);
- //加载服务端私钥
- ks.load(newFileInputStream(SERVER_KEYSTORE_PATH),SERVER_KEY_PASSWORD.toCharArray());
- //初始化
- kmf.init(ks,SERVER_KEY_PASSWORD.toCharArray());
- //初始化SSLContext
- ctx.init(kmf.getKeyManagers(),null,null);
- //通过SSLContext取得ServerSocketFactory,创建ServerSocket
- serverSocket=(SSLServerSocket)ctx.getServerSocketFactory().createServerSocket(SERVER_PORT);
- }catch(Exceptione){
- System.out.println(e);
- }
- }
- }
客户端:
- publicclassMySSLSocketextendsActivity{
- privatestaticfinalintSERVER_PORT=50030;//端口号
- privatestaticfinalStringSERVER_IP="218.206.176.146";//连接IP
- privatestaticfinalStringCLIENT_KET_PASSWORD="123456";//私钥密码
- privatestaticfinalStringCLIENT_TRUST_PASSWORD="123456";//信任证书密码
- privatestaticfinalStringCLIENT_AGREEMENT="TLS";//使用协议
- privatestaticfinalStringCLIENT_KEY_MANAGER="X509";//密钥管理器
- privatestaticfinalStringCLIENT_TRUST_MANAGER="X509";//
- privatestaticfinalStringCLIENT_KEY_KEYSTORE="BKS";//密库,这里用的是BouncyCastle密库
- privatestaticfinalStringCLIENT_TRUST_KEYSTORE="BKS";//
- privatestaticfinalStringENCONDING="utf-8";//字符集
- privateSSLSocketClient_sslSocket;
- privateLogtag;
- privateTextViewtv;
- privateButtonbtn;
- privateButtonbtn2;
- privateButtonbtn3;
- privateEditTextet;
- /**Calledwhentheactivityisfirstcreated.*/
- @Override
- publicvoidonCreate(BundlesavedInstanceState){
- super.onCreate(savedInstanceState);
- setContentView(R.layout.main);
- tv=(TextView)findViewById(R.id.TextView01);
- et=(EditText)findViewById(R.id.EditText01);
- btn=(Button)findViewById(R.id.Button01);
- btn2=(Button)findViewById(R.id.Button02);
- btn3=(Button)findViewById(R.id.Button03);
- btn.setOnClickListener(newButton.OnClickListener(){
- @Override
- publicvoidonClick(Viewarg0){
- if(null!=Client_sslSocket){
- getOut(Client_sslSocket,et.getText().toString());
- getIn(Client_sslSocket);
- et.setText("");
- }
- }
- });
- btn2.setOnClickListener(newButton.OnClickListener(){
- @Override
- publicvoidonClick(Viewarg0){
- try{
- Client_sslSocket.close();
- Client_sslSocket=null;
- }catch(IOExceptione){
- e.printStackTrace();
- }
- }
- });
- btn3.setOnClickListener(newView.OnClickListener(){
- @Override
- publicvoidonClick(Viewarg0){
- init();
- getIn(Client_sslSocket);
- }
- });
- }
- publicvoidinit(){
- try{
- //取得SSL的SSLContext实例
- SSLContextsslContext=SSLContext.getInstance(CLIENT_AGREEMENT);
- //取得KeyManagerFactory和TrustManagerFactory的X509密钥管理器实例
- KeyManagerFactorykeyManager=KeyManagerFactory.getInstance(CLIENT_KEY_MANAGER);
- TrustManagerFactorytrustManager=TrustManagerFactory.getInstance(CLIENT_TRUST_MANAGER);
- //取得BKS密库实例
- KeyStorekks=KeyStore.getInstance(CLIENT_KEY_KEYSTORE);
- KeyStoretks=KeyStore.getInstance(CLIENT_TRUST_KEYSTORE);
- //加客户端载证书和私钥,通过读取资源文件的方式读取密钥和信任证书
- kks.load(getBaseContext()
- .getResources()
- .openRawResource(R.drawable.kclient),CLIENT_KET_PASSWORD.toCharArray());
- tks.load(getBaseContext()
- .getResources()
- .openRawResource(R.drawable.lt_client),CLIENT_TRUST_PASSWORD.toCharArray());
- //初始化密钥管理器
- keyManager.init(kks,CLIENT_KET_PASSWORD.toCharArray());
- trustManager.init(tks);
- //初始化SSLContext
- sslContext.init(keyManager.getKeyManagers(),trustManager.getTrustManagers(),null);
- //生成SSLSocket
- Client_sslSocket=(SSLSocket)sslContext.getSocketFactory().createSocket(SERVER_IP,SERVER_PORT);
- }catch(Exceptione){
- tag.e("MySSLSocket",e.getMessage());
- }
- }
- publicvoidgetOut(SSLSocketsocket,Stringmessage){
- PrintWriterout;
- try{
- out=newPrintWriter(
- newBufferedWriter(
- newOutputStreamWriter(
- socket.getOutputStream()
- )
- ),true);
- out.println(message);
- }catch(IOExceptione){
- e.printStackTrace();
- }
- }
- publicvoidgetIn(SSLSocketsocket){
- BufferedReaderin=null;
- Stringstr=null;
- try{
- in=newBufferedReader(
- newInputStreamReader(
- socket.getInputStream()));
- str=newString(in.readLine().getBytes(),ENCONDING);
- }catch(UnsupportedEncodingExceptione){
- e.printStackTrace();
- }catch(IOExceptione){
- e.printStackTrace();
- }
- newAlertDialog
- .Builder(MySSLSocket.this)
- .setTitle("服务器消息")
- .setNegativeButton("确定",null)
- .setIcon(android.R.drawable.ic_menu_agenda)
- .setMessage(str)
- .show();
- }
- }
更多相关文章
- android6.0源码分析之Runtime的初始化
- 【Android开发】布局管理器-帧布局
- android ClipboardManager(剪贴板管理器)
- 将retrofit2和rxjava的初始化配置到application
- Android启动管理器 - 开源
- Android调用系统自带的文件管理器,打开指定路径
- Android文件管理器开发对各类文件的打开以及处理
- Android初始化OpenGL ES,并且分析Renderer子线程原理
- android视图组件容器组件与布局管理器LinearLayout