I am working on a java-project where I should implement the SSL-protokol on the server-side. Well, this is the first time I will use SSL in my application, so I read a lot about ssl/tls and now I want to implement something in java. I will implement this process using JSSE API:
1) client will connect to me
2) I will make authentification with my pubic key certificate. I means that I will send the client a public key and its corresponding certificate
3) the client encrypt the secret-key using my public key and RSA-algorithm and send it to me
I have already the private key and certificate saved on a keystore on my computer. So I am hesited how to access them from my java-application. I do not know, which are the steps to do to acess them, since it is the first time i am dealing with this kind of stuff
I will use an SSLEngine. So I should firstly initialize an SSLContext using this code:
// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
ksKeys.load(new FileInputStream("/.../myKey"), passphrase);
KeyStore ksTrust = KeyStore.getInstance("JKS");
ksTrust.load(new FileInputStream("/../myCertificate"), passphrase);
sslContext = SSLContext.getInstance("TLS");
sslContext.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null);
// We're ready for the engine.
SSLEngine engine = sslContext.createSSLengine(hostname, port);
// Use as client
engine.setUseClientMode(true);
I am really new in the crypthography and this is the first time I programming this stuff. Any Idea?
At the server, both the public key and its certificate go into the KeyStore, along with the original private key, all under the same alias.
If the certificate is self-signed, you'll need to export it from there into the client's truststore.
You don't need to write code for this. Just set the system properties:
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
javax.net.ssl.trustStore
as appropriate.
After being confused, I did a lot of research and I could find the solution. First of all, I will describe the situation then I will give the steps to solve the problem. Like I said in my Post, I had the private key (.key-file) and the certificate (.cer file) and I need to use them in my java-application (server using ssl-protocol). So the first step to do is to create a keystore named.jks-file containing the certificate/key so that I can be able to use them for your java-based-server. To do this step I used the steps described in this link http://blog.jgc.org/2011/06/importing-existing-ssl-keycertificate.html
Now, how can I use my.jks-file in the above posted code?
Well this is a piece of code how to initialize your SSLEngine:
char [] keyphrase="xxx".toCharArray();
char [] passphrase= "yyy".toCharArray();
// First initialize the key and trust material.
KeyStore ksKeys = KeyStore.getInstance("JKS");
InputStream readStream = new FileInputStream(new File("/.../file.jks"));
ks.load(readStream, passphrase );
// create an factory for key-managers
KeyManagerFactory =KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, keyphrase);
SSLContext sslContext = SSLContext.getInstance("TLS");
//initialize the ssl-context
sslContext.init(kmf.getKeyManagers(),null,null);
// We're ready for the engine.
SSLEngine engine = sslContext.createSSLEngine(host, port);
// Use as client
engine.setUseClientMode(true);
来源:https://stackoverflow.com/questions/32433832/configuring-sslcontext-using-existing-ssl-key-certificate-pair-in-java-jsse-api