zoukankan      html  css  js  c++  java
  • Step of creating a secure server socket

    1. Generate public keys and certificates using keytool.
    2. Pay money to have your certificates authenticated by a trusted third party such as Comodo.
    3. Create an SSLContext for the algorithm you’ll use.
    4. Create a TrustManagerFactory for the source of certificate material you’ll be using.
    5. Create a KeyManagerFactory for the type of key material you’ll be using.
    6. Create a KeyStore object for the key and certificate database. (Oracle’s default is JKS.)
    7. Fill the KeyStore object with keys and certificates; for instance, by loading them from the filesystem using the passphrase they’re encrypted with.
    8. Initialize the KeyManagerFactory with the KeyStore and its passphrase.
    9. Initialize the context with the necessary key managers from the KeyManagerFactory, trust managers from the TrustManagerFactory, and a source of randomness. (The last two can be null if you’re willing to accept the defaults.
    10. import java.io.*;
      import java.net.*;
      import java.security.*;
      import java.security.cert.CertificateException;
      import java.util.Arrays;
      
      import javax.net.ssl.*;
      
      public class SecureOrderTaker {
      
          public final static int PORT = 7000;
          public final static String algorithm = "SSL";
      
          public static void main(String[] args) {
              try {
                  SSLContext context = SSLContext.getInstance(algorithm);
      
                  // The reference implementation only supports X.509 keys
                  KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
      
                  // Oracle's default kind of key store
                  KeyStore ks = KeyStore.getInstance("JKS");
      
                  // For security, every key store is encrypted with a
                  // passphrase that must be provided before we can load
                  // it from disk. The passphrase is stored as a char[] array
                  // so it can be wiped from memory quickly rather than
                  // waiting for a garbage collector.
                  char[] password = System.console().readPassword();
                  ks.load(new FileInputStream("jnp4e.keys"), password);
                  kmf.init(ks, password);
                  context.init(kmf.getKeyManagers(), null, null);
      
                  // wipe the password
                  Arrays.fill(password, '0');
      
                  SSLServerSocketFactory factory = context.getServerSocketFactory();
      
                  SSLServerSocket server = (SSLServerSocket) factory.createServerSocket(PORT);
      
                  // add anonymous (non-authenticated) cipher suites
                  String[] supported = server.getSupportedCipherSuites();
                  String[] anonCipherSuitesSupported = new String[supported.length];
                  int numAnonCipherSuitesSupported = 0;
                  for (int i = 0; i < supported.length; i++) {
                      if (supported[i].indexOf("_anon_") > 0) {
                          anonCipherSuitesSupported[numAnonCipherSuitesSupported++] = supported[i];
                      }
                  }
      
                  String[] oldEnabled = server.getEnabledCipherSuites();
                  String[] newEnabled = new String[oldEnabled.length + numAnonCipherSuitesSupported];
                  System.arraycopy(oldEnabled, 0, newEnabled, 0, oldEnabled.length);
                  System.arraycopy(anonCipherSuitesSupported, 0, newEnabled, oldEnabled.length, numAnonCipherSuitesSupported);
      
                  server.setEnabledCipherSuites(newEnabled);
      
                  // Now all the set up is complete and we can focus
                  // on the actual communication.
                  while (true) {
                      // This socket will be secure,
                      // but there's no indication of that in the code!
                      try (Socket theConnection = server.accept()) {
                          InputStream in = theConnection.getInputStream();
                          int c;
                          while ((c = in.read()) != -1) {
                              System.out.write(c);
                          }
                      } catch (IOException ex) {
                          ex.printStackTrace();
                      }
                  }
              } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException
                      | CertificateException | UnrecoverableKeyException ex) {
                  ex.printStackTrace();
              }
          }
      }
  • 相关阅读:
    移动端如何强制页面横屏
    css实现内容渐变隐藏效果,手机网页版知乎内容隐藏效果的实现
    css3中样式计算属性calc()的使用和总结
    如何使用JS操纵伪元素
    HTML5全局属性汇总
    20 个 CSS高级样式技巧汇总
    网页开发中利用CSS以图换字的多中实现方法总汇
    html/css解决inline-block内联元素间隙的多种方法总汇
    [算法] 泊松分布、指数分布
    [算法] 递归
  • 原文地址:https://www.cnblogs.com/ordili/p/5923851.html
Copyright © 2011-2022 走看看