[计算机]【每日一步】Java加密技术五.doc

资源描述

《[计算机]【每日一步】Java加密技术五.doc》由会员分享，可在线阅读，更多相关《[计算机]【每日一步】Java加密技术五.doc（41页珍藏版）》请在三一办公上搜索。

1、在上一篇，我们模拟了一个基于RSA非对称加密网络的安全通信。现在我们深度了解一下现有的安全网络通信SSL。我们需要构建一个由CA机构签发的有效证书，这里我们使用上文中生成的自签名证书zlex.cer 这里，我们将证书导入到我们的密钥库。 Shell代码 1 keytool -import -alias www.zlex.org -file d:/zlex.cer -keystore d:/zlex.keystore 其中 -import表示导入 -alias指定别名，这里是www.zlex.org -file指定算法，这里是d:/zlex.cer -keystore指定存储位置，这里是d:/

2、zlex.keystore 在这里我使用的密码为654321 控制台输出： Console代码 2 输入keystore密码： 3 再次输入新密码: 4 所有者:CN=www.zlex.org, OU=zlex, O=zlex, L=BJ, ST=BJ, C=CN 5 签发人:CN=www.zlex.org, OU=zlex, O=zlex, L=BJ, ST=BJ, C=CN 6 序列号:4a1e48df 7 有效期: Thu May 28 16:18:39 CST 2009 至Wed Aug 26 16:18:39 CST 2009 8 证书指纹: 9 MD5:19:CA:E6:36:E2

3、:DF:AD:96:31:97:2F:A9:AD:FC:37:6A 10 SHA1:49:88:30:59:29:45:F1:69:CA:97:A9:6D:8A:CF:08:D2:C3:D5:C0:C4 11 签名算法名称:SHA1withRSA 12 版本: 3 13 信任这个认证？否： y 14 认证已添加至keystore中 OK，最复杂的准备工作已经完成。接下来我们将域名www.zlex.org定位到本机上。打开C:WindowsSystem32driversetchosts文件，将www.zlex.org绑定在本机上。在文件末尾追加127.0.0.1 www.zlex.org。现

4、在通过地址栏访问http:/www.zlex.org，或者通过ping命令，如果能够定位到本机，域名映射就搞定了。现在，配置tomcat。先将zlex.keystore拷贝到tomcat的conf目录下，然后配置server.xml。将如下内容加入配置文件Xml代码 15 注意clientAuth=false测试阶段，置为false，正式使用时建议使用true。现在启动tomcat，访问https:/www.zlex.org/。显然，证书未能通过认证，这个时候你可以选择安装证书（上文中的zlex.cer文件就是证书），作为受信任的根证书颁发机构导入，再次重启浏览器（IE，其他浏览器对于域名w

5、ww.zlex.org不支持本地方式访问），访问https:/www.zlex.org/，你会看到地址栏中会有个小锁，就说明安装成功。所有的浏览器联网操作已经在RSA加密解密系统的保护之下了。但似乎我们感受不到。这个时候很多人开始怀疑，如果我们要手工做一个这样的https的访问是不是需要把浏览器的这些个功能都实现呢？不需要！接着上篇内容，给出如下代码实现： Java代码 27 import java.io.FileInputStream; 28 import java.security.KeyStore; 29 import java.security.PrivateKey; 30 imp

6、ort java.security.PublicKey; 31 import java.security.Signature; 32 import java.security.cert.Certificate; 33 import java.security.cert.CertificateFactory; 34 import java.security.cert.X509Certificate; 35 import java.util.Date; 36 37 import javax.crypto.Cipher; 38 import .ssl.HttpsURLConnection; 39 i

7、mport .ssl.KeyManagerFactory; 40 import .ssl.SSLContext; 41 import .ssl.SSLSocketFactory; 42 import .ssl.TrustManagerFactory; 43 44 /* 45 * 证书组件 46 * 47 * author 梁栋 48 * version 1.0 49 * since 1.0 50 */ 51 public abstract class CertificateCoder extends Coder 52 53 /* 54 * Java密钥库(Java Key Store，JKS)

8、KEY_STORE 55 */ 56 public static final String KEY_STORE = JKS; 57 58 public static final String X509 = X.509; 59 public static final String SunX509 = SunX509; 60 public static final String SSL = SSL; 61 62 /* 63 * 由KeyStore获得私钥 64 * 65 * param keyStorePath 66 * param alias 67 * param password 68 * r

9、eturn 69 * throws Exception 70 */ 71 private static PrivateKey getPrivateKey(String keyStorePath, String alias, 72 String password) throws Exception 73 KeyStore ks = getKeyStore(keyStorePath, password); 74 PrivateKey key = (PrivateKey) ks.getKey(alias, password.toCharArray(); 75 return key; 76 77 78

10、 /* 79 * 由Certificate获得公钥 80 * 81 * param certificatePath 82 * return 83 * throws Exception 84 */ 85 private static PublicKey getPublicKey(String certificatePath) 86 throws Exception 87 Certificate certificate = getCertificate(certificatePath); 88 PublicKey key = certificate.getPublicKey(); 89 retur

11、n key; 90 91 92 /* 93 * 获得Certificate 94 * 95 * param certificatePath 96 * return 97 * throws Exception 98 */ 99 private static Certificate getCertificate(String certificatePath) 100 throws Exception 101 CertificateFactory certificateFactory = CertificateFactory 102 .getInstance(X509); 103 FileInput

12、Stream in = new FileInputStream(certificatePath); 104 105 Certificate certificate = certificateFactory.generateCertificate(in); 106 in.close(); 107 108 return certificate; 109 110 111 /* 112 * 获得Certificate 113 * 114 * param keyStorePath 115 * param alias 116 * param password 117 * return 118 * thro

13、ws Exception 119 */ 120 private static Certificate getCertificate(String keyStorePath, 121 String alias, String password) throws Exception 122 KeyStore ks = getKeyStore(keyStorePath, password); 123 Certificate certificate = ks.getCertificate(alias); 124 125 return certificate; 126 127 128 /* 129 * 获

14、得KeyStore 130 * 131 * param keyStorePath 132 * param password 133 * return 134 * throws Exception 135 */ 136 private static KeyStore getKeyStore(String keyStorePath, String password) 137 throws Exception 138 FileInputStream is = new FileInputStream(keyStorePath); 139 KeyStore ks = KeyStore.getInstan

15、ce(KEY_STORE); 140 ks.load(is, password.toCharArray(); 141 is.close(); 142 return ks; 143 144 145 /* 146 * 私钥加密 147 * 148 * param data 149 * param keyStorePath 150 * param alias 151 * param password 152 * return 153 * throws Exception 154 */ 155 public static byte encryptByPrivateKey(byte data, Stri

16、ng keyStorePath, 156 String alias, String password) throws Exception 157 / 取得私钥 158 PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password); 159 160 / 对数据加密 161 Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm(); 162 cipher.init(Cipher.ENCRYPT_MODE, privateKey); 163 164 return

17、 cipher.doFinal(data); 165 166 167 168 /* 169 * 私钥解密 170 * 171 * param data 172 * param keyStorePath 173 * param alias 174 * param password 175 * return 176 * throws Exception 177 */ 178 public static byte decryptByPrivateKey(byte data, String keyStorePath, 179 String alias, String password) throws

18、Exception 180 / 取得私钥 181 PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password); 182 183 / 对数据加密 184 Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm(); 185 cipher.init(Cipher.DECRYPT_MODE, privateKey); 186 187 return cipher.doFinal(data); 188 189 190 191 /* 192 * 公钥加密 193 *

19、194 * param data 195 * param certificatePath 196 * return 197 * throws Exception 198 */ 199 public static byte encryptByPublicKey(byte data, String certificatePath) 200 throws Exception 201 202 / 取得公钥 203 PublicKey publicKey = getPublicKey(certificatePath); 204 / 对数据加密 205 Cipher cipher = Cipher.get

20、Instance(publicKey.getAlgorithm(); 206 cipher.init(Cipher.ENCRYPT_MODE, publicKey); 207 208 return cipher.doFinal(data); 209 210 211 212 /* 213 * 公钥解密 214 * 215 * param data 216 * param certificatePath 217 * return 218 * throws Exception 219 */ 220 public static byte decryptByPublicKey(byte data, St

21、ring certificatePath) 221 throws Exception 222 / 取得公钥 223 PublicKey publicKey = getPublicKey(certificatePath); 224 225 / 对数据加密 226 Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm(); 227 cipher.init(Cipher.DECRYPT_MODE, publicKey); 228 229 return cipher.doFinal(data); 230 231 232 233 /* 234

22、 * 验证Certificate 235 * 236 * param certificatePath 237 * return 238 */ 239 public static boolean verifyCertificate(String certificatePath) 240 return verifyCertificate(new Date(), certificatePath); 241 242 243 /* 244 * 验证Certificate是否过期或无效 245 * 246 * param date 247 * param certificatePath 248 * ret

23、urn 249 */ 250 public static boolean verifyCertificate(Date date, String certificatePath) 251 boolean status = true; 252 try 253 / 取得证书 254 Certificate certificate = getCertificate(certificatePath); 255 / 验证证书是否过期或无效 256 status = verifyCertificate(date, certificate); 257 catch (Exception e) 258 stat

24、us = false; 259 260 return status; 261 262 263 /* 264 * 验证证书是否过期或无效 265 * 266 * param date 267 * param certificate 268 * return 269 */ 270 private static boolean verifyCertificate(Date date, Certificate certificate) 271 boolean status = true; 272 try 273 X509Certificate x509Certificate = (X509Certif

25、icate) certificate; 274 x509Certificate.checkValidity(date); 275 catch (Exception e) 276 status = false; 277 278 return status; 279 280 281 /* 282 * 签名 283 * 284 * param keyStorePath 285 * param alias 286 * param password 287 * 288 * return 289 * throws Exception 290 */ 291 public static String sign

26、(byte sign, String keyStorePath, String alias, 292 String password) throws Exception 293 / 获得证书 294 X509Certificate x509Certificate = (X509Certificate) getCertificate( 295 keyStorePath, alias, password); 296 / 获取私钥 297 KeyStore ks = getKeyStore(keyStorePath, password); 298 / 取得私钥 299 PrivateKey priv

27、ateKey = (PrivateKey) ks.getKey(alias, password 300 .toCharArray(); 301 302 / 构建签名 303 Signature signature = Signature.getInstance(x509Certificate 304 .getSigAlgName(); 305 signature.initSign(privateKey); 306 signature.update(sign); 307 return encryptBASE64(signature.sign(); 308 309 310 /* 311 * 验证签

28、名 312 * 313 * param data 314 * param sign 315 * param certificatePath 316 * return 317 * throws Exception 318 */ 319 public static boolean verify(byte data, String sign, 320 String certificatePath) throws Exception 321 / 获得证书 322 X509Certificate x509Certificate = (X509Certificate) getCertificate(cer

29、tificatePath); 323 / 获得公钥 324 PublicKey publicKey = x509Certificate.getPublicKey(); 325 / 构建签名 326 Signature signature = Signature.getInstance(x509Certificate 327 .getSigAlgName(); 328 signature.initVerify(publicKey); 329 signature.update(data); 330 331 return signature.verify(decryptBASE64(sign); 3

30、32 333 334 335 /* 336 * 验证Certificate 337 * 338 * param keyStorePath 339 * param alias 340 * param password 341 * return 342 */ 343 public static boolean verifyCertificate(Date date, String keyStorePath, 344 String alias, String password) 345 boolean status = true; 346 try 347 Certificate certificat

31、e = getCertificate(keyStorePath, alias, 348 password); 349 status = verifyCertificate(date, certificate); 350 catch (Exception e) 351 status = false; 352 353 return status; 354 355 356 /* 357 * 验证Certificate 358 * 359 * param keyStorePath 360 * param alias 361 * param password 362 * return 363 */ 36

32、4 public static boolean verifyCertificate(String keyStorePath, String alias, 365 String password) 366 return verifyCertificate(new Date(), keyStorePath, alias, password); 367 368 369 /* 370 * 获得SSLSocektFactory 371 * 372 * param password 373 * 密码 374 * param keyStorePath 375 * 密钥库路径 376 * 377 * para

33、m trustKeyStorePath 378 * 信任库路径 379 * return 380 * throws Exception 381 */ 382 private static SSLSocketFactory getSSLSocketFactory(String password, 383 String keyStorePath, String trustKeyStorePath) throws Exception 384 / 初始化密钥库 385 KeyManagerFactory keyManagerFactory = KeyManagerFactory 386 .getIns

34、tance(SunX509); 387 KeyStore keyStore = getKeyStore(keyStorePath, password); 388 keyManagerFactory.init(keyStore, password.toCharArray(); 389 390 / 初始化信任库 391 TrustManagerFactory trustManagerFactory = TrustManagerFactory 392 .getInstance(SunX509); 393 KeyStore trustkeyStore = getKeyStore(trustKeySto

35、rePath, password); 394 trustManagerFactory.init(trustkeyStore); 395 396 / 初始化SSL上下文 397 SSLContext ctx = SSLContext.getInstance(SSL); 398 ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory 399 .getTrustManagers(), null); 400 SSLSocketFactory sf = ctx.getSocketFactory(); 401 402 return

36、sf; 403 404 405 /* 406 * 为HttpsURLConnection配置SSLSocketFactory 407 * 408 * param conn 409 * HttpsURLConnection 410 * param password 411 * 密码 412 * param keyStorePath 413 * 密钥库路径 414 * 415 * param trustKeyStorePath 416 * 信任库路径 417 * throws Exception 418 */ 419 public static void configSSLSocketFactory(HttpsURLConnection conn, 420 String password, String keyStorePath,

展开阅读全文