生活随笔
收集整理的這篇文章主要介紹了
SSL和HTTPS
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
SSL說明:
1)簡介
SSL?(Secure?Socket?Layer)為Netscape所研發,用以保障在Internet上數據傳輸之安全,利用數據加密(Encryption)技術,可確保數據在網絡上之傳輸過程中不會被截取。它已被廣泛地用于Web瀏覽器與服務器之間的身份認證和加密數據傳輸。SSL協議位于TCP/IP協議與各種應用層協議之間,為數據通訊提供安全支持。
2)SSL提供的服務
a.認證用戶和服務器,確保數據發送到正確的客戶機和服務器
b.加密數據以防止數據中途被竊取
c.維護數據的完整性,確保數據在傳輸過程中不被改變。
3)?SSL協議的握手過程
SSL?協議既用到了公鑰加密技術又用到了對稱加密技術,對稱加密技術雖然比公鑰加密技術的速度快,可是公鑰加密技術提供了更好的身份認證技術。SSL?的握手協議非常有效的讓客戶和服務器之間完成相互之間的身份認證,其主要過程如下:
①客戶端的瀏覽器向服務器傳送客戶端SSL?協議的版本號,加密算法的種類,產生的隨機數,以及其他服務器和客戶端之間通訊所需要的各種信息。
②服務器向客戶端傳送SSL?協議的版本號,加密算法的種類,隨機數以及其他相關信息,同時服務器還將向客戶端傳送自己的證書。
③客戶利用服務器傳過來的信息驗證服務器的合法性,服務器的合法性包括:證書是否過期,發行服務器證書的CA?是否可靠,發行者證書的公鑰能否正確解開服務器證書的“發行者的數字簽名”,服務器證書上的域名是否和服務器的實際域名相匹配。如果合法性驗證沒有通過,通訊將斷開;如果合法性驗證通過,將繼續進行第四步。
④用戶端隨機產生一個用于后面通訊的“對稱密碼”,然后用服務器的公鑰(服務器的公鑰從步驟②中的服務器的證書中獲得)對其加密,然后傳給服務器。
⑤服務器用私鑰解密“對稱密碼”(此處的公鑰和私鑰是相互關聯的,公鑰加密的數據只能用私鑰解密,私鑰只在服務器端保留。詳細請參看:?http://zh.wikipedia.org/wiki/RSA%E7%AE%97%E6%B3%95),然后用其作為服務器和客戶端的“通話密碼”加解密通訊。同時在SSL?通訊過程中還要完成數據通訊的完整性,防止數據通訊中的任何變化。
⑥客戶端向服務器端發出信息,指明后面的數據通訊將使用的步驟⑤中的主密碼為對稱密鑰,同時通知服務器客戶端的握手過程結束。
⑦服務器向客戶端發出信息,指明后面的數據通訊將使用的步驟⑤中的主密碼為對稱密鑰,同時通知客戶端服務器端的握手過程結束。
⑧SSL?的握手部分結束,SSL?安全通道的數據通訊開始,客戶和服務器開始使用相同的對稱密鑰進行數據通訊,同時進行通訊完整性的檢驗。
?
?1.?生成密鑰庫,密鑰庫中必須存放私鑰和證書,此外為私鑰設置的密碼應該和密鑰庫的密碼相同。服務器程序將自動從密鑰庫中提取證書,向客戶程序表明自己是誰。
keytool?-genkey?-alias?mytest?-keyalg?RSA?-keysize?1024?-keystore?mykeystore?-validity?4000
?
2.?客戶端欲和SSL服務器通信,則必須信任SSL服務器程序所使用的數字證書。因此客戶程序應該將所信任的證書放在一個密鑰庫中,指定客戶信任哪些證書,這樣當其接收到服務器程序發來的證書后就可以判斷是否相信服務器。
keytool?-export?-alias?mytest?-file?mytest.cer?-keystore?mykeystore?-storepass?123456?-rfc
keytool??-import?-alias?mytest?-file??mytest.cer?-keystore?clienttrust
?
Server端的程序:
?
?
Java代碼??
import?java.io.PrintStream;?? import?java.net.ServerSocket;?? import?java.net.Socket;?? ?? import?javax.net.ssl.SSLServerSocketFactory;?? ?? ? ? ? ? ? ? ?? public?class?MySSLServer?{?? ????public?static?void?main(String?args[])?throws?Exception?{?? ????????System.setProperty("javax.net.ssl.keyStore",?"mykeystore");?? ????????System.setProperty("javax.net.ssl.keyStorePassword",?"123456");?? ????????SSLServerSocketFactory?ssf?=?(SSLServerSocketFactory)?SSLServerSocketFactory?? ????????????????.getDefault();?? ????????ServerSocket?ss?=?ssf.createServerSocket(5432);?? ????????System.out.println("Waiting?for?connection...");?? ????????while?(true)?{?? ????????????Socket?s?=?ss.accept();?? ????????????PrintStream?out?=?new?PrintStream(s.getOutputStream());?? ????????????out.println("Hi");?? ????????????out.close();?? ????????????s.close();?? ????????}?? ????}?? }??
?
?
?
?
?
Client的程序:
?
Java代碼??
import?java.net.*;?? import?java.io.*;?? import?javax.net.ssl.*;?? ?? ? ? ? ? ? ? ? ? ? ? ? ?? public?class?MySSLClient?{?? ????public?static?void?main(String?args[])?throws?Exception?{?? ????????System.setProperty("javax.net.ssl.trustStore",?"clienttrust");?? ?? ????????SSLSocketFactory?ssf?=?(SSLSocketFactory)?SSLSocketFactory.getDefault();?? ????????Socket?s?=?ssf.createSocket("127.0.0.1",?5432);?? ????????BufferedReader?in?=?new?BufferedReader(new?InputStreamReader(?? ????????????????s.getInputStream()));?? ????????String?x?=?in.readLine();?? ????????System.out.println(x);?? ????????in.close();?? ????}?? }?? ?? import?java.io.BufferedReader;?? import?java.io.InputStreamReader;?? import?java.net.Socket;?? import?java.security.SecureRandom;?? import?java.security.cert.CertificateException;?? import?java.security.cert.X509Certificate;?? ?? import?javax.net.ssl.SSLContext;?? import?javax.net.ssl.SSLSocketFactory;?? import?javax.net.ssl.TrustManager;?? import?javax.net.ssl.X509TrustManager;?? ?? ? ? ? ? ? ?? public?class?MyClientNoValidate?{?? ?? ????public?static?void?main(String[]?args)?{?? ?????????? ????????TrustManager[]?trustAllCerts?=?new?TrustManager[]?{?new?X509TrustManager()?{?? ????????????public?void?checkClientTrusted(?? ????????????????????java.security.cert.X509Certificate[]?arg0,?String?arg1)?? ????????????????????throws?CertificateException?{?? ????????????}?? ?? ????????????public?void?checkServerTrusted(?? ????????????????????java.security.cert.X509Certificate[]?arg0,?String?arg1)?? ????????????????????throws?CertificateException?{?? ????????????}?? ?? ????????????public?java.security.cert.X509Certificate[]?getAcceptedIssuers()?{?? ????????????????return?new?X509Certificate[0];?? ????????????}?? ????????}?};?? ?? ?????????? ????????try?{?? ????????????SSLContext?sc?=?SSLContext.getInstance("SSL");?? ????????????sc.init(null,?trustAllCerts,?new?SecureRandom());?? ????????????SSLSocketFactory?ssf?=?sc.getSocketFactory();?? ????????????Socket?s?=?ssf.createSocket("127.0.0.1",?5432);?? ????????????BufferedReader?in?=?new?BufferedReader(new?InputStreamReader(?? ????????????????????s.getInputStream()));?? ????????????String?x?=?in.readLine();?? ????????????System.out.println(x);?? ????????????in.close();?? ????????}?catch?(Exception?e)?{?? ????????}?? ????}?? }??
?
?
?
https:
Server端:
?
Java代碼??
import?java.net.*;?? import?java.io.*;?? ?? import?javax.net.ssl.*;?? ?? ? ? ? ? ? ?? ?? public?class?MyHttpsServer?{?? ????public?static?void?main(String?args[])?{?? ????????int?i?=?0;?? ????????try?{?? ????????????System.setProperty("javax.net.ssl.keyStore",?"mykeystore");?? ????????????System.setProperty("javax.net.ssl.keyStorePassword",?"123456");?? ????????????SSLServerSocketFactory?ssf?=?(SSLServerSocketFactory)?SSLServerSocketFactory?? ????????????????????.getDefault();?? ????????????ServerSocket?ss?=?ssf.createServerSocket(443);?? ????????????System.out.println("Web?Server?OK?");?? ?? ????????????while?(true)?{?? ????????????????Socket?s?=?ss.accept();??? ????????????????PrintStream?out?=?new?PrintStream(s.getOutputStream());?? ????????????????BufferedReader?in?=?new?BufferedReader(new?InputStreamReader(?? ????????????????????????s.getInputStream()));?? ????????????????String?info?=?null;?? ????????????????while?((info?=?in.readLine())?!=?null)?{?? ????????????????????System.out.println("now?got?"?+?info);?? ????????????????????if?(info.equals(""))?? ????????????????????????break;?? ????????????????}?? ?? ????????????????System.out.println("now?go");?? ????????????????out.println("HTTP/1.0?200?OK");?? ????????????????out.println("MIME_version:1.0");?? ????????????????out.println("Content_Type:text/html");?? ????????????????i++;?? ????????????????String?c?=?"<html>?<head></head><body>?<h1>?Hi,??this?is?"?+?i?? ????????????????????????+?"</h1></Body></html>";?? ????????????????out.println("Content_Length:"?+?c.length());?? ????????????????out.println("");?? ????????????????out.println(c);?? ????????????????out.close();?? ????????????????s.close();?? ????????????????in.close();?? ????????????}?? ????????}?catch?(IOException?e)?{?? ????????????System.out.println(e);?? ????????}?? ????}?? }??
?
?
client端:
?
Java代碼??
import?java.io.BufferedReader;?? import?java.io.InputStreamReader;?? import?java.net.URL;?? import?java.net.URLConnection;?? import?java.security.SecureRandom;?? import?java.security.cert.CertificateException;?? import?java.security.cert.X509Certificate;?? ?? import?javax.net.ssl.HostnameVerifier;?? import?javax.net.ssl.HttpsURLConnection;?? import?javax.net.ssl.SSLContext;?? import?javax.net.ssl.SSLSession;?? import?javax.net.ssl.TrustManager;?? import?javax.net.ssl.X509TrustManager;?? ?? ? ? ? ? ? ?? public?class?MyHttpsClientNoValidate?{?? ?? ????public?static?void?main(String[]?args)?{?? ?????????? ????????TrustManager[]?trustAllCerts?=?new?TrustManager[]?{?new?X509TrustManager()?{?? ????????????public?void?checkClientTrusted(?? ????????????????????java.security.cert.X509Certificate[]?arg0,?String?arg1)?? ????????????????????throws?CertificateException?{?? ????????????}?? ?? ????????????public?void?checkServerTrusted(?? ????????????????????java.security.cert.X509Certificate[]?arg0,?String?arg1)?? ????????????????????throws?CertificateException?{?? ????????????}?? ?? ????????????public?java.security.cert.X509Certificate[]?getAcceptedIssuers()?{?? ????????????????return?new?X509Certificate[0];?? ????????????}?? ????????}?};?? ?????????? ?????????? ????????HostnameVerifier?hv?=?new?HostnameVerifier()?{?? ????????????public?boolean?verify(String?hostname,?SSLSession?session)?{?? ????????????????return?true;?? ????????????}?? ????????};?? ?? ?????????? ????????try?{?? ????????????SSLContext?sc?=?SSLContext.getInstance("SSL");?? ????????????sc.init(null,?trustAllCerts,?new?SecureRandom());?? ????????????HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());?? ????????????HttpsURLConnection.setDefaultHostnameVerifier(hv);?? ?????????????? ????????????URL?url?=?new?URL("https://127.0.0.1");?? ????????????URLConnection?con?=?url.openConnection();?? ????????????BufferedReader?in?=?new?BufferedReader(new?InputStreamReader(?? ????????????????????con.getInputStream()));?? ????????????String?x?=?in.readLine();?? ????????????System.out.println(x);?? ????????????in.close();?? ????????}?catch?(Exception?e)?{?? ????????????e.printStackTrace();?? ????????}?? ????}?? } ? 轉載:http://jimmee.iteye.com/blog/2070990
總結
以上是生活随笔為你收集整理的SSL和HTTPS的全部內容,希望文章能夠幫你解決所遇到的問題。
如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。
