如何使 TLS 与 Java 一起工作?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24868820/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to make TLS work with java?
提问by Kaijiro
I developed an application working with TCP sockets.
我开发了一个使用 TCP 套接字的应用程序。
Now I would like it to work with a TLS connection.
现在我希望它使用 TLS 连接。
I searched some ressources for now 2 days but there is nothing that looks like a tutorial on how to implement TLS.
我现在搜索了一些资源 2 天,但没有什么看起来像关于如何实现 TLS 的教程。
Here is what I understood with what I have to do :
这是我对我必须做的事情的理解:
- I have to import my root CA in my keystore.
- I have to import some others certificates in my keystore/truststore.
- 我必须在我的密钥库中导入我的根 CA。
- 我必须在我的密钥库/信任库中导入一些其他证书。
I can't find a clear sample of code that explain really what to do.
我找不到一个清晰的代码示例来解释真正要做什么。
Can you please help me with some client/server example or other helpful tutorial ? (I already tried to search "TLS java", "TLS Java example", "TLS Java tutorial" .... But I could not find anything satisfying.)
你能帮我一些客户端/服务器示例或其他有用的教程吗?(我已经尝试搜索“TLS Java”、“TLS Java 示例”、“TLS Java 教程”......但我找不到任何令人满意的东西。)
Thank you in advance for your attention.
预先感谢您的关注。
采纳答案by Cerber
There is two way to achieve this.
有两种方法可以实现这一点。
The easyest lies in java protocol support and the URLobject.
最简单的在于java协议支持和URL对象。
But since I think you already figured out that new URL("https://www.google.com").openStream()gives you a clear text input stream while dealing with all the TLS/SSL stuff for you, I'll go for the "hard" way :)
但是,由于我认为您已经发现在new URL("https://www.google.com").openStream()为您处理所有 TLS/SSL 内容时为您提供了一个明文输入流,因此我将采用“硬”方式:)
Just before I'll answer your other question : importing a CA.
CA certificates are located in your java home at either of theses locations : $JAVA_HOME/lib/security/cacerts(JRE) or $JAVA_HOME/jre/lib/security/cacerts(JDK ; notice the 'jre' just after the java home)
for both the default password is "changeit"
就在我回答您的另一个问题之前:导入 CA。CA 证书位于您的 java home 中的以下任一位置:$JAVA_HOME/lib/security/cacerts(JRE) 或$JAVA_HOME/jre/lib/security/cacerts(JDK ;注意 java home 后面的“jre”),默认密码都是“changeit”
To list it's content you can use keytoolcommand :
要列出它的内容,您可以使用keytool命令:
$ keytool -list -keystore cacerts -storepass changeit
To add a new cert just use the -importsubcommand instead of -list
要添加新证书,只需使用-import子命令而不是-list
So now let's go for the "hard" way (client code) :
所以现在让我们采用“硬”方式(客户端代码):
import javax.net.SocketFactory;
import javax.net.ssl.SSLSocketFactory;
...
String host = "www.google.com";
int port = 443;
SocketFactory basicSocketFactory = SocketFactory.getDefault();
Socket s = basicSocketFactory.createSocket(host,port);
// s is a TCP socket
SSLSocketFactory tlsSocketFactory = SSLSocketFactory.getDefault();
s = tlsSocketFactory.createSocket(s, host, port, true);
// s is now a TLS socket over TCP
it's as simple as that.
就这么简单。
If you need a server socket the code is almost the same, you just have to exchange SocketFactoryfor ServerSocketFactoryand SSLSocketFactoryfor SSLServerSocketFactory
如果你需要一个服务器套接字的代码几乎是一样的,你只需要交换SocketFactory的ServerSocketFactory和SSLSocketFactory为SSLServerSocketFactory
hope this helps
希望这可以帮助
