生活随笔
收集整理的這篇文章主要介紹了
SSL和HTTPS
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
SSL說(shuō)明:
1)簡(jiǎn)介
SSL?(Secure?Socket?Layer)為Netscape所研發(fā),用以保障在Internet上數(shù)據(jù)傳輸之安全,利用數(shù)據(jù)加密(Encryption)技術(shù),可確保數(shù)據(jù)在網(wǎng)絡(luò)上之傳輸過(guò)程中不會(huì)被截取。它已被廣泛地用于Web瀏覽器與服務(wù)器之間的身份認(rèn)證和加密數(shù)據(jù)傳輸。SSL協(xié)議位于TCP/IP協(xié)議與各種應(yīng)用層協(xié)議之間,為數(shù)據(jù)通訊提供安全支持。
2)SSL提供的服務(wù)
a.認(rèn)證用戶和服務(wù)器,確保數(shù)據(jù)發(fā)送到正確的客戶機(jī)和服務(wù)器
b.加密數(shù)據(jù)以防止數(shù)據(jù)中途被竊取
c.維護(hù)數(shù)據(jù)的完整性,確保數(shù)據(jù)在傳輸過(guò)程中不被改變。
3)?SSL協(xié)議的握手過(guò)程
SSL?協(xié)議既用到了公鑰加密技術(shù)又用到了對(duì)稱加密技術(shù),對(duì)稱加密技術(shù)雖然比公鑰加密技術(shù)的速度快,可是公鑰加密技術(shù)提供了更好的身份認(rèn)證技術(shù)。SSL?的握手協(xié)議非常有效的讓客戶和服務(wù)器之間完成相互之間的身份認(rèn)證,其主要過(guò)程如下:
①客戶端的瀏覽器向服務(wù)器傳送客戶端SSL?協(xié)議的版本號(hào),加密算法的種類,產(chǎn)生的隨機(jī)數(shù),以及其他服務(wù)器和客戶端之間通訊所需要的各種信息。
②服務(wù)器向客戶端傳送SSL?協(xié)議的版本號(hào),加密算法的種類,隨機(jī)數(shù)以及其他相關(guān)信息,同時(shí)服務(wù)器還將向客戶端傳送自己的證書(shū)。
③客戶利用服務(wù)器傳過(guò)來(lái)的信息驗(yàn)證服務(wù)器的合法性,服務(wù)器的合法性包括:證書(shū)是否過(guò)期,發(fā)行服務(wù)器證書(shū)的CA?是否可靠,發(fā)行者證書(shū)的公鑰能否正確解開(kāi)服務(wù)器證書(shū)的“發(fā)行者的數(shù)字簽名”,服務(wù)器證書(shū)上的域名是否和服務(wù)器的實(shí)際域名相匹配。如果合法性驗(yàn)證沒(méi)有通過(guò),通訊將斷開(kāi);如果合法性驗(yàn)證通過(guò),將繼續(xù)進(jìn)行第四步。
④用戶端隨機(jī)產(chǎn)生一個(gè)用于后面通訊的“對(duì)稱密碼”,然后用服務(wù)器的公鑰(服務(wù)器的公鑰從步驟②中的服務(wù)器的證書(shū)中獲得)對(duì)其加密,然后傳給服務(wù)器。
⑤服務(wù)器用私鑰解密“對(duì)稱密碼”(此處的公鑰和私鑰是相互關(guān)聯(lián)的,公鑰加密的數(shù)據(jù)只能用私鑰解密,私鑰只在服務(wù)器端保留。詳細(xì)請(qǐng)參看:?http://zh.wikipedia.org/wiki/RSA%E7%AE%97%E6%B3%95),然后用其作為服務(wù)器和客戶端的“通話密碼”加解密通訊。同時(shí)在SSL?通訊過(guò)程中還要完成數(shù)據(jù)通訊的完整性,防止數(shù)據(jù)通訊中的任何變化。
⑥客戶端向服務(wù)器端發(fā)出信息,指明后面的數(shù)據(jù)通訊將使用的步驟⑤中的主密碼為對(duì)稱密鑰,同時(shí)通知服務(wù)器客戶端的握手過(guò)程結(jié)束。
⑦服務(wù)器向客戶端發(fā)出信息,指明后面的數(shù)據(jù)通訊將使用的步驟⑤中的主密碼為對(duì)稱密鑰,同時(shí)通知客戶端服務(wù)器端的握手過(guò)程結(jié)束。
⑧SSL?的握手部分結(jié)束,SSL?安全通道的數(shù)據(jù)通訊開(kāi)始,客戶和服務(wù)器開(kāi)始使用相同的對(duì)稱密鑰進(jìn)行數(shù)據(jù)通訊,同時(shí)進(jìn)行通訊完整性的檢驗(yàn)。
?
?1.?生成密鑰庫(kù),密鑰庫(kù)中必須存放私鑰和證書(shū),此外為私鑰設(shè)置的密碼應(yīng)該和密鑰庫(kù)的密碼相同。服務(wù)器程序?qū)⒆詣?dòng)從密鑰庫(kù)中提取證書(shū),向客戶程序表明自己是誰(shuí)。
keytool?-genkey?-alias?mytest?-keyalg?RSA?-keysize?1024?-keystore?mykeystore?-validity?4000
?
2.?客戶端欲和SSL服務(wù)器通信,則必須信任SSL服務(wù)器程序所使用的數(shù)字證書(shū)。因此客戶程序應(yīng)該將所信任的證書(shū)放在一個(gè)密鑰庫(kù)中,指定客戶信任哪些證書(shū),這樣當(dāng)其接收到服務(wù)器程序發(fā)來(lái)的證書(shū)后就可以判斷是否相信服務(wù)器。
keytool?-export?-alias?mytest?-file?mytest.cer?-keystore?mykeystore?-storepass?123456?-rfc
keytool??-import?-alias?mytest?-file??mytest.cer?-keystore?clienttrust
?
Server端的程序:
?
?
Java代碼??
import?java.io.PrintStream;?? import?java.net.ServerSocket;?? import?java.net.Socket;?? ?? import?javax.net.ssl.SSLServerSocketFactory;?? ?? ? ? ? ? ? ? ?? public?class?MySSLServer?{?? ????public?static?void?main(String?args[])?throws?Exception?{?? ????????System.setProperty("javax.net.ssl.keyStore",?"mykeystore");?? ????????System.setProperty("javax.net.ssl.keyStorePassword",?"123456");?? ????????SSLServerSocketFactory?ssf?=?(SSLServerSocketFactory)?SSLServerSocketFactory?? ????????????????.getDefault();?? ????????ServerSocket?ss?=?ssf.createServerSocket(5432);?? ????????System.out.println("Waiting?for?connection...");?? ????????while?(true)?{?? ????????????Socket?s?=?ss.accept();?? ????????????PrintStream?out?=?new?PrintStream(s.getOutputStream());?? ????????????out.println("Hi");?? ????????????out.close();?? ????????????s.close();?? ????????}?? ????}?? }??
?
?
?
?
?
Client的程序:
?
Java代碼??
import?java.net.*;?? import?java.io.*;?? import?javax.net.ssl.*;?? ?? ? ? ? ? ? ? ? ? ? ? ? ?? public?class?MySSLClient?{?? ????public?static?void?main(String?args[])?throws?Exception?{?? ????????System.setProperty("javax.net.ssl.trustStore",?"clienttrust");?? ?? ????????SSLSocketFactory?ssf?=?(SSLSocketFactory)?SSLSocketFactory.getDefault();?? ????????Socket?s?=?ssf.createSocket("127.0.0.1",?5432);?? ????????BufferedReader?in?=?new?BufferedReader(new?InputStreamReader(?? ????????????????s.getInputStream()));?? ????????String?x?=?in.readLine();?? ????????System.out.println(x);?? ????????in.close();?? ????}?? }?? ?? import?java.io.BufferedReader;?? import?java.io.InputStreamReader;?? import?java.net.Socket;?? import?java.security.SecureRandom;?? import?java.security.cert.CertificateException;?? import?java.security.cert.X509Certificate;?? ?? import?javax.net.ssl.SSLContext;?? import?javax.net.ssl.SSLSocketFactory;?? import?javax.net.ssl.TrustManager;?? import?javax.net.ssl.X509TrustManager;?? ?? ? ? ? ? ? ?? public?class?MyClientNoValidate?{?? ?? ????public?static?void?main(String[]?args)?{?? ?????????? ????????TrustManager[]?trustAllCerts?=?new?TrustManager[]?{?new?X509TrustManager()?{?? ????????????public?void?checkClientTrusted(?? ????????????????????java.security.cert.X509Certificate[]?arg0,?String?arg1)?? ????????????????????throws?CertificateException?{?? ????????????}?? ?? ????????????public?void?checkServerTrusted(?? ????????????????????java.security.cert.X509Certificate[]?arg0,?String?arg1)?? ????????????????????throws?CertificateException?{?? ????????????}?? ?? ????????????public?java.security.cert.X509Certificate[]?getAcceptedIssuers()?{?? ????????????????return?new?X509Certificate[0];?? ????????????}?? ????????}?};?? ?? ?????????? ????????try?{?? ????????????SSLContext?sc?=?SSLContext.getInstance("SSL");?? ????????????sc.init(null,?trustAllCerts,?new?SecureRandom());?? ????????????SSLSocketFactory?ssf?=?sc.getSocketFactory();?? ????????????Socket?s?=?ssf.createSocket("127.0.0.1",?5432);?? ????????????BufferedReader?in?=?new?BufferedReader(new?InputStreamReader(?? ????????????????????s.getInputStream()));?? ????????????String?x?=?in.readLine();?? ????????????System.out.println(x);?? ????????????in.close();?? ????????}?catch?(Exception?e)?{?? ????????}?? ????}?? }??
?
?
?
https:
Server端:
?
Java代碼??
import?java.net.*;?? import?java.io.*;?? ?? import?javax.net.ssl.*;?? ?? ? ? ? ? ? ?? ?? public?class?MyHttpsServer?{?? ????public?static?void?main(String?args[])?{?? ????????int?i?=?0;?? ????????try?{?? ????????????System.setProperty("javax.net.ssl.keyStore",?"mykeystore");?? ????????????System.setProperty("javax.net.ssl.keyStorePassword",?"123456");?? ????????????SSLServerSocketFactory?ssf?=?(SSLServerSocketFactory)?SSLServerSocketFactory?? ????????????????????.getDefault();?? ????????????ServerSocket?ss?=?ssf.createServerSocket(443);?? ????????????System.out.println("Web?Server?OK?");?? ?? ????????????while?(true)?{?? ????????????????Socket?s?=?ss.accept();??? ????????????????PrintStream?out?=?new?PrintStream(s.getOutputStream());?? ????????????????BufferedReader?in?=?new?BufferedReader(new?InputStreamReader(?? ????????????????????????s.getInputStream()));?? ????????????????String?info?=?null;?? ????????????????while?((info?=?in.readLine())?!=?null)?{?? ????????????????????System.out.println("now?got?"?+?info);?? ????????????????????if?(info.equals(""))?? ????????????????????????break;?? ????????????????}?? ?? ????????????????System.out.println("now?go");?? ????????????????out.println("HTTP/1.0?200?OK");?? ????????????????out.println("MIME_version:1.0");?? ????????????????out.println("Content_Type:text/html");?? ????????????????i++;?? ????????????????String?c?=?"<html>?<head></head><body>?<h1>?Hi,??this?is?"?+?i?? ????????????????????????+?"</h1></Body></html>";?? ????????????????out.println("Content_Length:"?+?c.length());?? ????????????????out.println("");?? ????????????????out.println(c);?? ????????????????out.close();?? ????????????????s.close();?? ????????????????in.close();?? ????????????}?? ????????}?catch?(IOException?e)?{?? ????????????System.out.println(e);?? ????????}?? ????}?? }??
?
?
client端:
?
Java代碼??
import?java.io.BufferedReader;?? import?java.io.InputStreamReader;?? import?java.net.URL;?? import?java.net.URLConnection;?? import?java.security.SecureRandom;?? import?java.security.cert.CertificateException;?? import?java.security.cert.X509Certificate;?? ?? import?javax.net.ssl.HostnameVerifier;?? import?javax.net.ssl.HttpsURLConnection;?? import?javax.net.ssl.SSLContext;?? import?javax.net.ssl.SSLSession;?? import?javax.net.ssl.TrustManager;?? import?javax.net.ssl.X509TrustManager;?? ?? ? ? ? ? ? ?? public?class?MyHttpsClientNoValidate?{?? ?? ????public?static?void?main(String[]?args)?{?? ?????????? ????????TrustManager[]?trustAllCerts?=?new?TrustManager[]?{?new?X509TrustManager()?{?? ????????????public?void?checkClientTrusted(?? ????????????????????java.security.cert.X509Certificate[]?arg0,?String?arg1)?? ????????????????????throws?CertificateException?{?? ????????????}?? ?? ????????????public?void?checkServerTrusted(?? ????????????????????java.security.cert.X509Certificate[]?arg0,?String?arg1)?? ????????????????????throws?CertificateException?{?? ????????????}?? ?? ????????????public?java.security.cert.X509Certificate[]?getAcceptedIssuers()?{?? ????????????????return?new?X509Certificate[0];?? ????????????}?? ????????}?};?? ?????????? ?????????? ????????HostnameVerifier?hv?=?new?HostnameVerifier()?{?? ????????????public?boolean?verify(String?hostname,?SSLSession?session)?{?? ????????????????return?true;?? ????????????}?? ????????};?? ?? ?????????? ????????try?{?? ????????????SSLContext?sc?=?SSLContext.getInstance("SSL");?? ????????????sc.init(null,?trustAllCerts,?new?SecureRandom());?? ????????????HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());?? ????????????HttpsURLConnection.setDefaultHostnameVerifier(hv);?? ?????????????? ????????????URL?url?=?new?URL("https://127.0.0.1");?? ????????????URLConnection?con?=?url.openConnection();?? ????????????BufferedReader?in?=?new?BufferedReader(new?InputStreamReader(?? ????????????????????con.getInputStream()));?? ????????????String?x?=?in.readLine();?? ????????????System.out.println(x);?? ????????????in.close();?? ????????}?catch?(Exception?e)?{?? ????????????e.printStackTrace();?? ????????}?? ????}?? } ? 轉(zhuǎn)載:http://jimmee.iteye.com/blog/2070990
總結(jié)
以上是生活随笔為你收集整理的SSL和HTTPS的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò),歡迎將生活随笔推薦給好友。
