问题
I am working on a java-project where I should implement the SSL-protokol on the server-side. Well, this is the first time I will use SSL in my application, so I read a lot about ssl/tls and now I want to implement something in java. I will implement this process using JSSE API:
1) client will connect to me
2) I will make authentification with my pubic key certificate. I means that I will send the client a public key and its corresponding certificate
3) the client encrypt the secret-key using my public key and RSA-algorithm and send it to me
I have already the private key and certificate saved on a keystore on my computer. So I am hesited how to access them from my java-application. I do not know, which are the steps to do to acess them, since it is the first time i am dealing with this kind of stuff
I will use an SSLEngine. So I should firstly initialize an SSLContext using this code:
// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
ksKeys.load(new FileInputStream("/.../myKey"), passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ksTrust.load(new FileInputStream("/../myCertificate"), passphrase);
sslContext = SSLContext.getInstance("TLS");
sslContext.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null);
// We're ready for the engine.
SSLEngine engine = sslContext.createSSLengine(hostname, port);
// Use as client
engine.setUseClientMode(true);
I am really new in the crypthography and this is the first time I programming this stuff. Any Idea?
回答1:
At the server, both the public key and its certificate go into the KeyStore, along with the original private key, all under the same alias.
If the certificate is self-signed, you'll need to export it from there into the client's truststore.
You don't need to write code for this. Just set the system properties:
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
javax.net.ssl.trustStore
as appropriate.
回答2:
After being confused, I did a lot of research and I could find the solution. First of all, I will describe the situation then I will give the steps to solve the problem. Like I said in my Post, I had the private key (.key-file) and the certificate (.cer file) and I need to use them in my java-application (server using ssl-protocol). So the first step to do is to create a keystore named.jks-file containing the certificate/key so that I can be able to use them for your java-based-server. To do this step I used the steps described in this link http://blog.jgc.org/2011/06/importing-existing-ssl-keycertificate.html
Now, how can I use my.jks-file in the above posted code?
Well this is a piece of code how to initialize your SSLEngine:
char [] keyphrase="xxx".toCharArray();
char [] passphrase= "yyy".toCharArray();
// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
InputStream readStream = new FileInputStream(new File("/.../file.jks"));
ks.load(readStream, passphrase );
// create an factory for key-managers
KeyManagerFactory =KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyphrase);
SSLContext sslContext = SSLContext.getInstance("TLS");
//initialize the ssl-context
sslContext.init(kmf.getKeyManagers(),null,null);
// We're ready for the engine.
SSLEngine engine = sslContext.createSSLEngine(host, port);
// Use as client
engine.setUseClientMode(true);
来源:https://stackoverflow.com/questions/32433832/configuring-sslcontext-using-existing-ssl-key-certificate-pair-in-java-jsse-api